Vulnerability Development mailing list archives
Re: Lotus NOTES
From: "Grant Torresan" <sonofthor () severus org>
Date: Sun, 01 Dec 2002 19:09:40 -0500
Bruno, You may want to check out a little utility I wrote to assist in auditing Lotus Domino servers in specific. DominoDig is an open-source (GPL) utility written by myself (Grant Torresan) for the purpose of quickly and cheaply auditing Lotus Domino web servers and extracting useful information from any anonymously accessible pages that are found. Features of note include the following: -Searches for a large number of default notest databases. -Parses contents of each page it accesses looking for references to other unique (custom) .nsf databases. -Collects email addresses and unique IP addresses that appear in any page it indexes. -Produces an HTML report detailing all of the information it was able to gather, and a list of hyperlinks to each .nsf database it was able to access anonymously. If you are interested in trying it out, please browse to http://dominodig.sourceforge.net for the latest release. Please note that this software is a "work-in-progress" and as such it is being freqently updated and new features are being added all the time. If there is a paricular piece of information DominoDig is not searching for that you think would be particularly useful, or if you encounter any problems with the software, please let me know by sending me an email at sonofthor () severus org. Hope this helps, Grant Torresan. ----- Original Message ----- From: "Aaron C. Newman (Application Security, Inc.)" <anewman () appsecinc com> To: "'Bruno Mosconi'" <bmosconi () fnazca com br>; <vuln- dev () securityfocus com> Sent: Sunday, December 01, 2002 4:04 PM Subject: RE: Lotus NOTES
Bruno, Check out: http://www.dominosecurity.org http://www.lotus.com/security http://www.appsecinc.com/cgi-bin/show_policy_list.pl?
app_type=8&category
=3 Regards, Aaron _______________________________ Aaron C. Newman CTO/Founder Application Security, Inc. www.appsecinc.com Phone: 212-420-9720 Fax: 212-420-9680 - Protection Where It Counts - -----Original Message----- From: Bruno Mosconi [mailto:bmosconi () fnazca com br] Sent: Thursday, November 28, 2002 1:08 PM To: vuln-dev () securityfocus com Subject: Lotus NOTES Does anyone knows a good source of Lotus Notes security issues/holes? []'s Bruno Mosconi F/Nazca S&S - AdverSiting ---------------------------------------------------------------- The information transmitted is intended only for the person or entity
to
which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of,
or
taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. ----------------------------------------------------------------
Current thread:
- Lotus NOTES Bruno Mosconi (Dec 01)
- RE: Lotus NOTES Aaron C. Newman (Application Security, Inc.) (Dec 01)
- Re: Lotus NOTES dsanchez (Dec 02)
- <Possible follow-ups>
- Re: Lotus NOTES Grant Torresan (Dec 01)