All, As some of you may have notice I've been a bit quiet lately, due to a rather large piece of testing that I've been involved with at $job. However it's give me some time to have a think about some things that it would be nice to have. I'm mainly sending this email as a way to remind myself of them later, but if anyone wants to have a crack at them feel free:
* Microsoft RPC DCOM check results in false positives; * The Microsoft local checks result in much noise when OpenVAS can't connect; * smbcl_func.inc should maybe be deprecated in favour of SecPod's routines?; * ssh_func.inc is broken, making Solaris plugins in my branch useless at this time; * We have mutiple LDAP checks, implemented in varying ways, these checks should be aggregated; * A check for http://www.portcullis-security.com/294.php which allows username enumeration against a fully patched Windows 2003 system running LDAP would be nice (there's a Python POC here: http://downloads.securityfocus.com/vulnerabilities/exploits/ldapuserenum-32305.py); * A new class of checks that look for broadcast traffic such as MS NLB, CDP, VRRP and HSRP etc would be awesome. Cheers, Tim -- Tim Brown <mailto:[EMAIL PROTECTED]> <http://www.nth-dimension.org.uk/> _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
