RE: Features of a vulnerability scanner

From: Blake Wiedman [Icons] (bwiedman@iconsinc.com)
Date: Mon Dec 01 2003 - 14:20:53 EST

• Next message: wirepair: "Re: Features of a vulnerability scanner"
• Previous message: Patrick Boucher: "Re: Features of a vulnerability scanner"
• In reply to: Marc Ruef: "Features of a vulnerability scanner"
• Next in thread: wirepair: "Re: Features of a vulnerability scanner"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

My major gripe is reporting, I would love a product that gives me full
extensibility in regards to the output of the report (in MSWord Format)
.

I would like to also see the possibility of out put being grouped by
vulnerability not by machine.

Example:
Level: Low
The following machines have remote RPC enabled:
192.168.1.1
192.168.1.2
192.168.1.3

By machine is good for small scans but becomes cumbersome for large
scans of hosts >=50.

Blake Wiedman
Icons Inc.
Security Technician
(732) 821-9100 x103

-----Original Message-----
From: Marc Ruef [mailto:maru@scip.ch]
Sent: Monday, December 01, 2003 5:27 AM
To: pen-test@securityfocus.com
Cc: sectools@securityfocus.com
Subject: Features of a vulnerability scanner

 
WARNING: Unsanitized content follows.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear List

I would like to ask you pen-testers two generic questions about
vulnerability scanners:

1. Which features for you are very important or is the most important in
a vulnerability scanner software?
2. Which features are you missing in the existing vulnerability scanner
products?

A vulnerability scanner in this context is a tool that looks automaticly
for potential security holes. There are for example Nessus, ISS Internet
Scanner, Symantec NetRecon, GFI LanGuard, SATAN, SAINT, Vigilante, Dante
Security Scanner, ... Port scanner and enumeration utilities like nmap,
N-Stealth, Whisker or Nikto are here not counted to vulnerability
scanners.

Yours,

Marc Ruef

- --
) scip AG (
Technoparkstr. 1
8005 Zürich
T +41 1 445 18 18
F +41 1 445 18 19

maru@scip.ch
www.scip.ch

- - Pragmatisches Projektmanagement -

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: http://www.scip.ch

iQA/AwUBP8sXXhe5hzJzqVMhEQLYZwCgpFHRj/ilv51PUAEFHWRqbuo+fHkAn24J
z6YgR9JIPl1/Q6lcCfOw4zKr
=RDZw
-----END PGP SIGNATURE-----

------------------------------------------------------------------------

---
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Next message: wirepair: "Re: Features of a vulnerability scanner"
• Previous message: Patrick Boucher: "Re: Features of a vulnerability scanner"
• In reply to: Marc Ruef: "Features of a vulnerability scanner"
• Next in thread: wirepair: "Re: Features of a vulnerability scanner"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:43 EDT