RE: Vuln scan tool for web

From: Bojan Zdrnja (Bojan.Zdrnjaat_private)
Date: Tue Jul 15 2003 - 15:51:55 PDT

Next message: Richard Stevens: "RE: Check point eng allowing Nmap NULL access"

Previous message: Alvin Oga: "Re: Vuln scan tool for web"
In reply to: Domingos Costa: "Vuln scan tool for web"
Next in thread: MARTIN M. Bénoni: "RE: Vuln scan tool for web"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'd definetly recommend Nessus, as some else did already.

You can find it at http://www.nessus.org

Additionaly, when you create users, be sure to limit hosts they can scan
with your Nessus machine, otherwise they'll be able to use it to scan
practically any machine on the Internet.
You can put those limits while adding new users with nessus-adduser script.

You might also want to change and disable some plugins.

Best regards,

Bojan Zdrnja

> -----Original Message-----
> From: Domingos Costa [mailto:domingosat_private] 
> Sent: Wednesday, 16 July 2003 5:00 a.m.
> To: pen-testat_private
> Subject: Vuln scan tool for web
> 
> 
> Hello,
> 
> I'm looking for a web tool that allow a user connected to my 
> lan scan his own computer for 
> vulnerabilities. It's something similar to ShieldsUP! at 
> grc.com, but i wanna put it inside my lan, 
> at a web server and the user can just click on to start 
> probbing his ports. Do you know some tool??
> I'm working with linux slackware.
> 
> Thanks.
> 
> 
> 
> --------------------------------------------------------------
> -------------
> Your network Firewall and IDS products do not prevent Web application
> exploits - the most common form of online attack - resulting in Web
> defacement, data theft, sabotage and fraud.
> 
> KaVaDo is the first and only company that provides a complete and an
> integrated suite of Web application security products, allowing you to
> assess your entire environment, automatically set positive security
> policies and maintainĀ it without compromising business performance.
> 
> For more information on KaVaDo and to download a FREE white 
> paper on Web
> applications - security policy automation, please visit:
> http://www.kavado.com/ad.htm
> --------------------------------------------------------------
> --------------
> 
> 


---------------------------------------------------------------------------
Your network Firewall and IDS products do not prevent Web application
exploits - the most common form of online attack - resulting in Web
defacement, data theft, sabotage and fraud.

KaVaDo is the first and only company that provides a complete and an
integrated suite of Web application security products, allowing you to
assess your entire environment, automatically set positive security
policies and maintainĀ it without compromising business performance.

For more information on KaVaDo and to download a FREE white paper on Web
applications - security policy automation, please visit:
http://www.kavado.com/ad.htm
----------------------------------------------------------------------------

Next message: Richard Stevens: "RE: Check point eng allowing Nmap NULL access"
Previous message: Alvin Oga: "Re: Vuln scan tool for web"
In reply to: Domingos Costa: "Vuln scan tool for web"
Next in thread: MARTIN M. Bénoni: "RE: Vuln scan tool for web"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 15 2003 - 19:32:27 PDT