Penetration Testing mailing list archives
RE: pbnj and alternatives
From: Miguel Gonzalez <miguel_3_gonzalez () yahoo es>
Date: Mon, 5 Apr 2010 11:32:09 -0700 (PDT)
Yes, it does, as I said in my previous email the tool is called pbnj and is part of Backtrack live cd (http://pbnj.sourceforge.net/) The only thing that I was thinking to add to pbnj was a "new" state, since as it is now, it only tracks if a port is open or closed. Unfortunately it's not easy to dig into someone else's code with no documentation and not many comments inside the code (besides I'm not a perl expert). I have also been told that there is more advanced tool called ossec hids that does more stuff (http://www.ossec.net/) Miguel --- El lun, 5/4/10, Shenk, Jerry <Jerry.Shenk () windstream com> escribió:
De: Shenk, Jerry <Jerry.Shenk () windstream com> Asunto: RE: pbnj and alternatives Para: "Miguel Gonzalez" <miguel_3_gonzalez () yahoo es>, pen-test () securityfocus com Fecha: lunes, 5 de abril, 2010 14:25 I think something SIMPLE that does just what you've talked about sounds like a good idea. I've toyed with the idea a bit myself...am currently doing it manually. I kindof automate it a little...the scan is automated and a stripped down report is automated but then I have to manually check the ports with last weeks report...takes about 2 minutes. Who knows, maybe it does exist;) -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Miguel Gonzalez Sent: Friday, April 02, 2010 10:06 AM To: pen-test () securityfocus com Subject: pbnj and alternatives Dear all, I'm testing a tool called pbnj. It performs scans with nmap and store the information in a database that is used for comparing previous scans. It's not a tool for monitoring like Nagios (which we'll already have). We are not going to coutinously run this script (like every 5 minutes) but maybe once a day or week. They aim is to to keep a baseline of the services that SHOULD BE open in our servers in a database and compare it to the scan we perform from time to time. A report should tell us two things: - If a new port has been open. That way we can be sure that no new ports are open without being warned. - If a port that should be open is closed. Before reinventing the wheel, I'd like to know if there is any tool like this with better functionality (it's pretty basic, a perl script, the reports and the routine scans have to be configured manually). As I said, essentially performs a scan (with nmap) over a range of IPs and stores the results in a database. Then it tells you if a port has changed its state (from up to down or viceversa - however I'm digging the code to add a "new" state too). Any other tool similar to this one with better capabilities? Thanks, Miguel ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org
------------------------------------------------------------------------ *************************************************************************************** The information contained in this message, including attachments, may contain privileged or confidential information that is intended to be delivered only to the person identified above. If you are not the intended recipient, or the person responsible for delivering this message to the intended recipient, Windstream requests that you immediately notify the sender and asks that you do not read the message or its attachments, and that you delete them without copying or sending them to anyone else.
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- pbnj and alternatives Miguel Gonzalez (Apr 05)
- Re: pbnj and alternatives Jhfjjf Hfdsjj (Apr 08)
- Re: pbnj and alternatives Robin Wood (Apr 08)
- <Possible follow-ups>
- RE: pbnj and alternatives Miguel Gonzalez (Apr 08)