RE: Features of a vulnerability scanner

["Brass, Phil (ISS Atlanta)" <PBrass () iss net>]

Yeah, one of the things I love about web-scanners (esp. WebInspect) that
I would like to see more of in other scanners is the ability to click on
a vuln and see pretty clearly the http request and response that led to
the vulnerability being reported.  Makes it really easy for me to script
up a reproduction with curl or automate IE for a screenshot.  With a
lower-level network scanner, having access to something like an ethereal
packet trace view for each vuln on each host would be awesome for that
whole "Was it really vulnerable" thing.

Phil

> -----Original Message-----
> From: Kohlenberg, Toby [mailto:toby.kohlenberg () intel com] 
> Sent: Monday, December 01, 2003 3:58 PM
> To: Marc Ruef; pen-test () securityfocus com
> Subject: RE: Features of a vulnerability scanner
>
>
> (All opinions are my own and in no way reflect the views of 
> my employer)
>
> one key feature that I haven't ever seen is confidence in a 
> result. I'd like my VS to tell me why it believes and answer 
> is correct and how confident it is of that answer. Is 
> Sendmail not vulnerable because it isn't present, because the 
> banner clearly shows a non-vulnerable version, because the 
> banner doesn't give enough information to make a real 
> decision, because the banner doesn't say Sendmail? 
>
> Give me these details and a confidence value to go with them 
> so that I can help diagnose errors in the scanner.
>
> toby
>
> -----Original Message-----
> From: Patrick Boucher [mailto:pboucher () gardienvirtuel com] 
> Sent: Monday, December 01, 2003 11:07 AM
> To: Marc Ruef; pen-test () securityfocus com
> Subject: Re: Features of a vulnerability scanner
>
>
> Greetings,
>
> 1) One of the most important feature in a vulnerability 
> scanner is it's 
> ability to modify it's parameters, For exemple, something the 
> target will not 
> answer to Ping, traceroute or even TCP ping.  But will have 
> port 25 open.  
> The scanner should do it's work even in thoses conditions.
>
> 2) And SQL injection and analysis of the web page's content. 
> Like extracting 
> comments or error in HTML programming.
>
> That's one of the primary thing that, I think, is missing. 
>
> If any body know of a way to do thoses thing, please let me know! 
>
> Patrick
>
>  On Monday 01 December 2003 05:26, Marc Ruef wrote:
> > Dear List
> >
> > I would like to ask you pen-testers two generic questions about 
> > vulnerability scanners:
> >
> > 1. Which features for you are very important or is the most 
> important
> in a
> > vulnerability scanner software? 2. Which features are you missing in
> the
> > existing vulnerability scanner products?
> >
> > A vulnerability scanner in this context is a tool that looks
> automaticly
> > for potential security holes. There are for example Nessus, ISS
> Internet
> > Scanner, Symantec NetRecon, GFI LanGuard, SATAN, SAINT, Vigilante,
> Dante
> > Security Scanner, ... Port scanner and enumeration utilities like
> nmap,
> > N-Stealth, Whisker or Nikto are here not counted to vulnerability
> scanners.
> > Yours,
> >
> > Marc Ruef
>
>
> --------------------------------------------------------------
> ----------
> ---
> --------------------------------------------------------------
> ----------
> ----
>
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> --------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------