Re: Lotus NOTES

["Grant Torresan" <sonofthor () severus org>]

Bruno,

You may want to check out a little utility I wrote to assist in 
auditing Lotus Domino servers in specific.  

DominoDig is an open-source (GPL) utility written by myself (Grant
Torresan) for the purpose of quickly and cheaply auditing Lotus Domino
web servers and extracting useful information from any anonymously
accessible pages that are found.

Features of note include the following:

-Searches for a large number of default notest databases.
-Parses contents of each page it accesses looking for references to
other unique (custom) .nsf databases.
-Collects email addresses and unique IP addresses that appear in any
page it indexes.
-Produces an HTML report detailing all of the information it was able
to gather, and a list of hyperlinks to each .nsf database it was able
to access anonymously.

If you are interested in trying it out, please browse to
http://dominodig.sourceforge.net for the latest release.  Please note
that this software is a "work-in-progress" and as such it is being
freqently updated and new features are being added all the time.  If
there is a paricular piece of information DominoDig is not searching
for that you think would be particularly useful, or if you encounter
any problems with the software, please let me know by sending me an
email at sonofthor () severus org.

Hope this helps,

Grant Torresan.




----- Original Message ----- 
From: "Aaron C. Newman (Application Security, Inc.)" 
<anewman () appsecinc com>
To: "'Bruno Mosconi'" <bmosconi () fnazca com br>; <vuln-
dev () securityfocus com>
Sent: Sunday, December 01, 2002 4:04 PM
Subject: RE: Lotus NOTES


> Bruno,
>
> Check out:
>
> http://www.dominosecurity.org
> http://www.lotus.com/security
> http://www.appsecinc.com/cgi-bin/show_policy_list.pl?
app_type=8&category
> =3
>
> Regards,
> Aaron
> _______________________________
> Aaron C. Newman
> CTO/Founder
> Application Security, Inc.
> www.appsecinc.com
> Phone: 212-420-9720
> Fax: 212-420-9680
> - Protection Where It Counts -
>
> -----Original Message-----
> From: Bruno Mosconi [mailto:bmosconi () fnazca com br] 
> Sent: Thursday, November 28, 2002 1:08 PM
> To: vuln-dev () securityfocus com
> Subject: Lotus NOTES
>
> Does anyone knows a good source of Lotus Notes security 
> issues/holes?
>
> []'s Bruno Mosconi
> F/Nazca S&S - AdverSiting
>
> ----------------------------------------------------------------
> The information transmitted is intended only for the person or entity 
to
> which it is addressed and may contain confidential and/or privileged
> material.  Any review, retransmission, dissemination or other use of, 
or
> taking of any action in reliance upon, this information by persons or
> entities other than the intended recipient is prohibited.   If you
> received
> this in error, please contact the sender and delete the material from
> any
> computer.
> ----------------------------------------------------------------