Penetration Testing mailing list archives

Re: pbnj and alternatives

From: Jhfjjf Hfdsjj <taser3000 () yahoo com>
Date: Wed, 7 Apr 2010 13:08:20 -0700 (PDT)

Well it seems like you might wanna check something a bit closer to the nmap family then :) Zenmap is made by the same 
guys and essentially does exactly what youre asking for plus some.

----- Original Message ----
From: Miguel Gonzalez <miguel_3_gonzalez () yahoo es>
To: pen-test () securityfocus com
Sent: Fri, April 2, 2010 7:06:24 AM
Subject: pbnj and alternatives

Dear all,

 I'm testing a tool called pbnj. It performs scans with nmap and store the information in a database that is used for 
comparing previous scans.

 It's not a tool for monitoring like Nagios (which we'll already have). We are not going to coutinously run this script 
(like every 5 minutes) but maybe once a day or week.

They aim is to to keep a baseline of the services that SHOULD BE open in our servers in a database and compare it to 
the scan we perform from time to time. A report should tell us two things:

- If a new port has been open. That way we can be sure that no new ports 
are open without being warned.

- If a port that should be open is closed.

Before reinventing the wheel, I'd like to know if there is any tool like this with better functionality (it's pretty 
basic, a perl script, the reports and the routine scans have to be configured manually).  As I said, essentially 
performs a scan (with nmap) over a range of IPs and stores the results in a database. Then it tells you if a port has 
changed its state (from up to down or viceversa - however I'm digging the code to add a "new" state too).

Any other tool similar to this one with better capabilities?

Thanks,

Miguel

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

pbnj and alternatives Miguel Gonzalez (Apr 05)
- Re: pbnj and alternatives Jhfjjf Hfdsjj (Apr 08)
- Re: pbnj and alternatives Robin Wood (Apr 08)
- <Possible follow-ups>
- RE: pbnj and alternatives Miguel Gonzalez (Apr 08)