Bruno, You may want to check out a little utility I wrote to assist in auditing Lotus Domino servers in specific. DominoDig is an open-source (GPL) utility written by myself (Grant Torresan) for the purpose of quickly and cheaply auditing Lotus Domino web servers and extracting useful information from any anonymously accessible pages that are found. Features of note include the following: -Searches for a large number of default notest databases. -Parses contents of each page it accesses looking for references to other unique (custom) .nsf databases. -Collects email addresses and unique IP addresses that appear in any page it indexes. -Produces an HTML report detailing all of the information it was able to gather, and a list of hyperlinks to each .nsf database it was able to access anonymously. If you are interested in trying it out, please browse to http://dominodig.sourceforge.net for the latest release. Please note that this software is a "work-in-progress" and as such it is being freqently updated and new features are being added all the time. If there is a paricular piece of information DominoDig is not searching for that you think would be particularly useful, or if you encounter any problems with the software, please let me know by sending me an email at sonofthorat_private Hope this helps, Grant Torresan. ----- Original Message ----- From: "Aaron C. Newman (Application Security, Inc.)" <anewmanat_private> To: "'Bruno Mosconi'" <bmosconiat_private>; <vuln- devat_private> Sent: Sunday, December 01, 2002 4:04 PM Subject: RE: Lotus NOTES > Bruno, > > Check out: > > http://www.dominosecurity.org > http://www.lotus.com/security > http://www.appsecinc.com/cgi-bin/show_policy_list.pl? app_type=8&category > =3 > > Regards, > Aaron > _______________________________ > Aaron C. Newman > CTO/Founder > Application Security, Inc. > www.appsecinc.com > Phone: 212-420-9720 > Fax: 212-420-9680 > - Protection Where It Counts - > > -----Original Message----- > From: Bruno Mosconi [mailto:bmosconiat_private] > Sent: Thursday, November 28, 2002 1:08 PM > To: vuln-devat_private > Subject: Lotus NOTES > > Does anyone knows a good source of Lotus Notes security > issues/holes? > > []'s Bruno Mosconi > F/Nazca S&S - AdverSiting > > ---------------------------------------------------------------- > The information transmitted is intended only for the person or entity to > which it is addressed and may contain confidential and/or privileged > material. Any review, retransmission, dissemination or other use of, or > taking of any action in reliance upon, this information by persons or > entities other than the intended recipient is prohibited. If you > received > this in error, please contact the sender and delete the material from > any > computer. > ---------------------------------------------------------------- > > >
This archive was generated by hypermail 2b30 : Sun Dec 01 2002 - 23:58:28 PST