Penetration Testing mailing list archives

RE: Vuln Scanner

From: "Lyal Collins" <lyal.collins () key2it com au>
Date: Sat, 29 Oct 2005 16:26:35 +1000

Hmm. 
C rules out Newt!

Nstealth looks Ok.
I've trialled SandCat, but found way too many false positives (about 4 for
every actual issue).

Nikto is helpful, but only works at the http layer.

Lyal


-----Original Message-----
From: Michael Gargiullo [mailto:mgargiullo () pvtpt com] 
Sent: Saturday, 29 October 2005 4:43 AM
To: pen-test () securityfocus com
Subject: Vuln Scanner


I have a client that states in his RFP that we run nessus, and at least one
other vulnerability scanner to compare the output.

 

Does anyone here know of an inexpensive vulnerability scanner, that:

 

A)      Is as effective as nessus.

B)      Doesn't cost nearly as much as say ISS or SAINT (free would be
good).

C)      Doesn't use nessus plugins (like x-scan).

 

-Mike




----------------------------------------------------------------------------
--
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are

futile against web application hacking. Check your website for
vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers
do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------------
---



------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

Vuln Scanner Michael Gargiullo (Oct 28)
- RE: Vuln Scanner Lyal Collins (Oct 29)
- RE: Vuln Scanner Omar A. Herrera (Oct 29)
- Re: Vuln Scanner Frederic Charpentier (Oct 29)
- RE: Vuln Scanner Richard Zaluski (Oct 29)
- <Possible follow-ups>
- RE: Vuln Scanner Jarmon, Don R (Oct 29)
- RE: Vuln Scanner Evans, Arian (Oct 31)
- Re: RE: Vuln Scanner chingshiong (Oct 31)