|
Penetration Testing
How do VA scans work technically Jul 08 2008 08:02PM Aseem Kumar (kumaraseem gmail com) (2 replies) Re: How do VA scans work technically Jul 09 2008 05:37AM Killy (killfactory gmail com) (1 replies) Re: How do VA scans work technically Jul 09 2008 08:52AM Aseem Kumar (kumaraseem gmail com) (4 replies) RE: How do VA scans work technically Jul 09 2008 05:29AM Tariq Naik (Tariq_Naik symantec com) (1 replies) |
|
|
Privacy Statement |
Last time i checked nmap -sV was doing what ask as well as amap (or
vmap - i have a bad memory ).
Best regards,
Z
On 7/9/08, Aseem Kumar <kumaraseem (at) gmail (dot) com [email concealed]> wrote:
> Hi,
>
> Thanks for all the gr8 replies.
>
> Showing of already remediated vulnerabilities was what i was concerned.
> So i always have to take the reports from these scans with a pinch of
> salt. They even might miss something.
>
> But what if i am running say a web server on a non-standard port and
> have really disabled all settings that might allow an outsider to get
> a banner or version number of underlying application then will the
> scanners still be able to do some heuristics and come out with nearly
> correct answers.
>
> Can someone point me to any link that will provide more insight into
> this process.
>
> Regards
> Aseem
>
> On Wed, Jul 9, 2008 at 11:07 AM, Killy <killfactory (at) gmail (dot) com [email concealed]> wrote:
>> Nessus can ne configured to perform safe scans. It will still for blank
>> root, as and administrator passwords under that config.
>>
>> So, it depends on your definition of exploit :)
>>
>> Nessus can also be configured to prrerform brute force attacks using a
>> hydra
>> plugin/module
>>
>> You also perform thorough tests/scans.
>>
>> I have feeling that you are wanting to if nessus and qualys operate like
>> metasploit, canvas or other exploit frameworks.
>>
>> I would say no. But nessusbis very flexible and you can customize It and
>> create your own plugin to do just about anything.
>>
>> There is plenty of documentation and help online.
>>
>> Sent from my iPod
>>
>> On Jul 8, 2008, at 4:02 PM, "Aseem Kumar" <kumaraseem (at) gmail (dot) com [email concealed]> wrote:
>>
>>> Hey,
>>>
>>> Can someone tell me (any weblink , any ebook, or direct answers) as to
>>> how the VA scans like those of Qualys or Nessus work?
>>>
>>> How do they find the vulnerabilities of a system without ever exploiting
>>> it?
>>>
>>> Regards
>>> Aseem
>>>
>>> ------------------------------------------------------------------------
>>> This list is sponsored by: Cenzic
>>>
>>> Top 5 Common Mistakes in
>>> Securing Web Applications
>>> Get 45 Min Video and PPT Slides
>>>
>>> www.cenzic.com/landing/securityfocus/hackinar
>>> ------------------------------------------------------------------------
>>>
>>
>
>
>
> --
> Love enables you to put your deepest feelings and fears in the palm of
> your partner's hand, knowing they will be handled with care.
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes in
> Securing Web Applications
> Get 45 Min Video and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------
>
>
--
---------------------------------------------------------------------
Î?ÏÎÏ?ν
á¼Î½ Ï?á¿?δ᾽ á¼?Ï?αÏ?κε γá¿?· Ï?ὸ δὲ ζηÏ?οÏμενον
á¼Î»Ï?Ï?Ï?ν, á¼ÎºÏ?εÏγειν δὲ Ï?á¼?μελοÏμενον.
Î?ιδίÏ?οÏ?Ï? ΤÏÏÏανοÏ? [110]
---------------------------------------------------------------------
Creon
In this our land, so said he, those who seek Shall find; unsought, we
lose it utterly.
Oedipus Rex [110]
---------------------------------------------------------------------
[ reply ]