From: Dragos Ruiu (dr@kyx.net)
Date: Wed Jul 09 2003 - 14:49:31 EDT
On July 8, 2003 11:38 pm, Kurt Seifried wrote:
> > Also, the CORE team has been very willing to help, and very
> > accommodating. However, there are some issues. You can't evaluate a host
> > until you have run network discovery and found it, and network discovery
> > is limited to ping sweeps, arp, tcp scans, and sniffing. There is no
> > [obvious] way to evaluate a host that does not get picked up by one of
> > these tools. [Turns out there is a way to add unprobed hosts to the
> > target list.]
>
> You can add hosts or import them (i.e. import a previous workspace that
> contains a list of all the hosts at your site or whatever). This needs to
> be better documented, agreed.
There are also modules to import nmap and nessus output.
Though I too wish for stronger info gathering, having polished exploits
with clean source code that have been run through a q/a dept, and tell
you exactly what they work against and that _do_ work against them
also has to count as a time saver versus the usual crap shoot of
"gee, there's this sploit from some guy i've never heard of and it might
work against some machines, maybe." There are also many other
reasons to recommend the product.
Impact is pretty cool.
cheers,
--dr
-- pgpkey http://dragos.com/ kyxpgp --------------------------------------------------------------------------- The Lightning Console aggregates IDS events, correlates them with vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users. Visit Tenable Network Security at http://www.tenablesecurity.com to learn more. ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:36 EDT