Penetration Testing mailing list archives
Re: nessus exceptions
From: Pete Herzog <pete () isecom org>
Date: Wed, 04 Aug 2004 16:37:37 +0200
Chris,Is the problem nessus or are you wondering if they are just running an automated scanner? I've actually seen this issue quite a bit where the client wants confirmation of the thoroughness of the verification process of test results. Running a scanner in and of itself is not a bad thing but the results should be properly verified before they go into the report.
If it's just about nessus, then look at the ports they list as open, closed, and filtered as well as the services they assigned to them. It's usually a dead giveaway if they list the default services for the responding service ports without actually having investigated what is really there. I have to laugh whenever I see "Blackjack" listed in the service list and I wonder how they have the audacity to sell that report. The other is the listing of ports as open, closed, and filtered instead of giving you the real information of verified services, responding ports, what the response was and from which IP, as well as which did not respond at all. Especially for UDP and ICMP types.
The safest thing you could do is run nessus yourself from the same perspective and compare the reports. The next safest option you have is is to place a text file in the cgi-bin of your webserver with the name of a "dangerous" cgi (no point in saying which one as your pen testers may be reading this too) and will report it as a vulnerability without having actually tried to verify it. Obviously there are some which are better than others.
If you just want to know if the report your receiving has value, I would be happy to take a look at it for you. It's something we get asked to do quite a bit these days. We can talk about that offline though.
Anyways, thanks for a great topic we can add to the OPSA certification training and exam ;)
-- Pete Herzog - Managing Director - pete () isecom org ISECOM - Institute for Security and Open Methodologies www.isecom.org - www.osstmm.org www.hackerhighschool.org - www.isestorm.org ------------------------------------------------------------------- ISECOM is the OSSTMM Professional Security Tester (OPST), OSSTMM Professional Security Analyst (OPSA), and Hacker Highschool Teacher certification authority. Chris Griffin wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi list, Im trying to find some good holes, that aren't major security issues, that i can create on a machine to see if our testing company really uses anything other than nessus. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBDo7EeFLbG0PZdVwRAmaSAJ9gHU7w6vbI9DGKWa7xmUQ31qKSBQCgpcpq cC69CeYr16OsfuYu6u1oe8U= =bGZi -----END PGP SIGNATURE-----
Current thread:
- Re: nessus exceptions, (continued)
- Re: nessus exceptions Jacco Tunnissen (Aug 09)
- Re: nessus exceptions hellNbak (Aug 03)
- Re: nessus exceptions Mr. Rufus Faloofus (Aug 03)
- Re: nessus exceptions FocusHacks (Aug 05)
- Re: nessus exceptions Stefano Zanero (Aug 10)
- Re: nessus exceptions FocusHacks (Aug 05)
- Re: nessus exceptions Paul Johnston (Aug 05)
- RE: nessus exceptions Marc Heuse (Aug 05)
- Re: nessus exceptions DokFLeed.Net (Aug 05)
- RE: nessus exceptions Jerry Shenk (Aug 09)
- RE: nessus exceptions R. DuFresne (Aug 09)
- RE: nessus exceptions Jerry Shenk (Aug 09)
- Re: nessus exceptions Pete Herzog (Aug 05)
- Re: nessus exceptions Chris McNab (Aug 05)
- Re: nessus exceptions H Carvey (Aug 05)
- RE: nessus exceptions Strand, John (Aug 09)