From: wirepair (wirepair@roguemail.net)
Date: Thu Mar 18 2004 - 22:31:45 EST
Creating a database and some web app is really way easier than you think, invest 40-80 hours learning basic
NonMS: MySQL/php
MS: MSSQL (MSDE is free)/VBScript/ASP.
and you can probably have what you're looking for at at least a basic configuration. (doing diff's and stuff will probably
take longer). I did the same thing for nessus and was feeling the hate towards finding stuff easily just as you have.
-wire
On Tue, 16 Mar 2004 16:27:01 -0600
"JTH" <jth@visi.com> wrote:
>All, two things.
>
>First, I'm working on trying to find a solution of some sort that I can
>use to collect & hold information and results from scans performed for
>different clients. Ideally, the end result would allow me to pull up
>previously delivered deliverables for comparison. The generated
>deliverable would pull info from nmap, nessus, superscan, phonesweep, and
>any other tools that I use in my assessment. I'd like to get as close as
>possible to a point-n-click report setup. I would then take this and clean
>it up, add an executive summary, my recommendations, etc. and be done,
>rather than having to gather & reformat all of this information (which is
>what I'm doing right now.)
>
>An obvious answer is either to dump everything into a database or use
>XSLT/XML with all of this data, but I don't [yet] know enough about this
>stuff to do this, nor do I know what an ideal design would look like.
>Aside from this, I'd much rather use or modify an existing tool than
>engineer one, if I can.
>
>I know topics like this have come up, but several searches on the archive
>didn't come up with much except for tool-specific solutions (i.e.
>nmap-only). Does anyone know of or use an all-in-one type program to save
>and tie this information together?
>
>Second, and more or less unrelated, when you perform a penetration test,
>how do you track your progress? Do you use a spreadsheet/workbook, an
>audit-style checklist, notebook, etc?
>
>Thanks, jth.
>
>
>---------------------------------------------------------------------------
>Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
>any course! All of our class sizes are guaranteed to be 10 students or less
>to facilitate one-on-one interaction with one of our expert instructors.
>Attend a course taught by an expert instructor with years of in-the-field
>pen testing experience in our state of the art hacking lab. Master the skills
>of an Ethical Hacker to better assess the security of your organization.
>Visit us at:
>http://www.infosecinstitute.com/courses/ethical_hacking_training.html
>----------------------------------------------------------------------------
>
-- Visit Things From Another World for the best comics, movies, toys, collectibles and more. http://www.tfaw.com/?qt=wmf --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:50 EDT