Re: Intrusion Automation

From: Jamie Fifield (fifieldat_private)
Date: Wed Aug 08 2001 - 12:46:59 PDT

  • Next message: Gary V.Vaughan: "Re: [Fwd: Re: m4 and format strings]"

    > Exploit and intrusion automation tools - An introductory FAQ
    > 
    > by Mixter <mixterat_private>
    > http://mixter.net/papers.html
    > August 2001
    > 
    > 
    > -----------------------------------------------------------------------------
    > 
    > Q: What are future goals of NEAT?
    > 
    > Personally, I'd like to aim toward a open database and script language
    > standard or format for professional open-source exploit automation tools,
    > if and when they are starting to be deployed by whitehats. Intrusion and
    > exploit automation tools are at their very beginning right now. In the
    > future, they may be used for periodical security assessments of the own
    > hosts and networks, with automatic vulnerability updates. Ideally, exploit
    > automation tools would eventually "join forces" with full-disclosure
    > resources such as vulnerability mailing lists, the Securityfocus database,
    > MITRE's CVE [3] system, and other free resources.
    > 
    > -----------------------------------------------------------------------------
    
    What is the difference between NEAT and Nessus?  (Which wasn't
    listed in the Resources).
    
    My understanding of this FAQ suggests that they're very similar tools,
    except that Nessus already has a vulnerability development community.
    
    -- 
    Jamie Fifield
    <fifieldat_private>
    



    This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 11:12:19 PDT