Penetration Testing mailing list archives
Re: How do VA scans work technically
From: Jason <securitux () gmail com>
Date: Wed, 9 Jul 2008 10:58:51 -0400
Not exactly... Qualys does not exploit the vulnerabilities. It checks for the existence of the vulnerability in any number of ways, such as a patch missing or the behavior of the target / application when sent a certain packet or sequence of packets. Many vulnerabilities are the result of the way a certain piece of code behaves when sent a sequence of data and Qualys knows how the vulnerable version behaves when sent this data. It doesn't have to exploit it to make the determination. That being said, Qualys also has 'potential' vulnerabilities, which are vulnerabilities it believes exist based on the checks, but is not certain as the only way to be certain is to run the exploit code and possibly crash the system out, which it will not do. You therefore should check manually. Nessus works in a similar way however it will also exploit some vulnerabilities, not going too far unless safe checks are disabled. In that case, Nessus will tell you if the vulnerability is there but as a result may crash the system, rendering the rest of the test useless. And even if safe checks are enabled, I have crashed systems using Nessus on custom coded apps. All in all Nessus, which I have been using forever, is very invasive. Use caution with it on anything custom coded. I guess it depends on your definition of exploit I suppose but usually by exploit you mean to take advantage of a vulnerability to cause unintended system behavior which the vulnerability scanners try not to do. That's more the role of the Metasploit / Core apps. -J On Wed, Jul 9, 2008 at 1:29 AM, Tariq Naik <Tariq_Naik () symantec com> wrote:
Hi, Qualys and Nessus do exploit the vulnerabilities. A very few of them only find the version of the OS and services along with the patch levels and then list the vulnerabilities from a pre built database without actually exploiting them. They will list a vulnerability even if the vulnerability has been actually remediated using some remediation. Regards, Tariq -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Aseem Kumar Sent: Wednesday, July 09, 2008 1:33 AM To: pen-test () securityfocus com Subject: How do VA scans work technically Hey, Can someone tell me (any weblink , any ebook, or direct answers) as to how the VA scans like those of Qualys or Nessus work? How do they find the vulnerabilities of a system without ever exploiting it? Regards Aseem ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- How do VA scans work technically Aseem Kumar (Jul 08)
- RE: How do VA scans work technically Tariq Naik (Jul 08)
- Re: How do VA scans work technically Jason (Jul 09)
- RE: How do VA scans work technically Tariq Naik (Jul 16)
- Re: How do VA scans work technically Jason (Jul 09)
- Re: How do VA scans work technically Killy (Jul 08)
- Re: How do VA scans work technically Aseem Kumar (Jul 09)
- Re: How do VA scans work technically Todd Haverkos (Jul 09)
- AW: How do VA scans work technically puppe (Jul 10)
- RE: How do VA scans work technically Rivest, Philippe (Jul 10)
- Re: How do VA scans work technically Aseem Kumar (Jul 10)
- RE: How do VA scans work technically sandip (Jul 25)
- Re: How do VA scans work technically Aseem Kumar (Jul 09)
- Re: How do VA scans work technically Zed Qyves (Jul 22)
- RE: How do VA scans work technically Tariq Naik (Jul 08)
- <Possible follow-ups>
- Re: How do VA scans work technically HITESH PATEL (Jul 09)