* Kitty Veach sez:
: Does anyone have any experience with Vulnerability Assessment tools?
: If so, what do you recommend?
I am using a modified (rules wise) Version on whisker to find IIS and
similar plagues on the network. At the same time, I use some Python
magic to craft hping packets for IDS evasion tests and firewall
penetrations. Next step usually consists of a nmap output parsed through
all human routines (read: look at nmap, look at banners, try to
recollect vulnerabilities, check on well-known sites for
vulnerabilities).
That's the more or less automatic part. The next step consists mainly of
a few hours of tinkering with the services I found. Like playing on the
webpages, running snort in sniffer mode in the background and logging
things like cookies etc.
Third step starts by reading huge amounts of printed data I captured
before + my notes. Fragg the paperless office, I still print my stuff
out (at least some of it) and read it in the bathtub or on the bus.
Hoping for a flash of creativity I browse the data until I find things
that look ... well ... exploitable. And that I do, then.
What I wanted to say: the best Vulnerability Assessment Tool is your
brain (on caffeine and nictotine, in my case).
--
See you at NANOG 22, May 20-22 in Scottsdale, Arizona
http://www.nanog.org/mtg-0105/index.html
PGP signature
