RE: Distributed Vulnerability Scanners

From: Erik Birkholz (erik@foundstone.com)
Date: Thu Mar 06 2003 - 17:39:01 EST


Talisker...

Hey, I am more of an Oban man myself, but I thought that I would chime
in here.

I just wrote a whole chapter (Ch3) about this sort of thing in the new
Special Ops book, so felt the need to share. As far as distributed
scanning, don't forget FoundScan (Foundstone) if your needs are speed
and accuracy.

Erik Pace Birkholz
Foundstone, Inc.

Special Ops: Host and Network Security for Microsoft, UNIX and Oracle
www.SpecialOpsSecurity.com

-----Original Message-----
From: Talisker [mailto:talisker@networkintrusion.co.uk]
Sent: Wednesday, March 05, 2003 2:56 PM
To: pen-test@securityfocus.com
Subject: Distributed Vulnerability Scanners

Hi
I'm looking for vulnerability scanners that will do their business
remotely, especially useful for distributed networks with low bandwidth
or managed services.

I only know of 3:
Lightning Proxy
http://www.tenablesecurity.com/proxy.html

Nessus
http://www.nessus.org/features.html

Retina
http://www.eeye.com/html/Products/Retina/index.html

Does anyone know of any more, I would suggest that this excludes web
based scanners like shieldsup etc as they don't resolve the bandwidth
issue, was the problem with shieldsup (demonstrated at BlackHat Europe
2001) ever resolved whereby you could use it to scan anyone you wished??

Anyway the list when completed will appear here, though it's not on the
site navigation yet. http://www.networkintrusion.co.uk/dist.htm

Sorry about the amount of posts of late but I have been on vacation and
therefore have time to read my email.

take care
-andy
Taliskers Network Security Tools http://www.networkintrusion.co.uk

------------------------------------------------------------------------

----
Are your vulnerability scans producing just another report? Manage the
entire remediation process with StillSecure VAM's Vulnerability Repair
Workflow. Download a free 15-day trial:
http://www2.stillsecure.com/download/sf_vuln_list.html
----------------------------------------------------------------------------
Are your vulnerability scans producing just another report?
Manage the entire remediation process with StillSecure VAM's
Vulnerability Repair Workflow.
Download a free 15-day trial:
http://www2.stillsecure.com/download/sf_vuln_list.html


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:30 EDT