Hi Joe, If you are interested in testing with real exploit code you may be interested in taking a look at IDS Informer. It has an attack database of 700+ attacks which it can replay while spoofing source and destination ip addresses. You can grab an eval from our website if you would like to take a look
www.blade-software.com Regards Matt -----Original Message----- From: Joe Skaboika [mailto:[EMAIL PROTECTED] Sent: 06 August 2003 19:33 To: [EMAIL PROTECTED] Subject: Nessus NASL + Canned Exploit database Has anyone seen any project involving linking nessus .NASL scripts with a canned exploit database of some sort. For instance, I plug my .NBE file into this tool which spits me out known public canned exploits (the actual exploit not links or info). I was thinking about a pen-testing extention to nessus where I pipe output from nessus into a tool that runs a canned exploit automagically (based on this database) I realize known canned exploits are buggy and architecture for something like this would be a nightmare but I'm curious if anyone has started or even started thinking of anything like this. --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
