Hi again,
I added related metasploit modules pages for vendors, products and
versions. For example you can view list of metasploit modules related
to mac os x, sample here :
http://securityvulnerability.net/metasploit-modules.php?product_id=156
I added list of related metasploit modules to the bottom of cve
details page, so you can view metasploit modules related to a cve
entry easily.
I also added a one click nessus plugin search link to cve details
page, clicking to the nessus logo at cve details page takes you
directly to nessus plugin search results page.
That's all for now. These should make things much easier.
Regards
Serkan Özkan
2010/5/13 Serkan Özkan <serkanozkan (at) gmail (dot) com [email concealed]>:
> Hi,
> Adding references to tools may be possible if vendors publish mappings
> of their plugins to cve numbers. Even if such mappings exist at the
> moment they are in completely different formats; published at their
> web sites as a webpage or emailed to subscribers. So it's hard to
> automatically map those data to cve entries, and cover many tool
> references.
>
> I checked metasploit and nessus plugin/module data. I will add
> references to metasploit modules in a few days using the cve numbers
> associated with modules, as listed at
> http://www.metasploit.com/framework/modules.
> Nessus plugin data are huge compared to metasploit modules so that's a
> bit more complicated. First of all I will add a link to cve details
> page to the plugin search page at Nessus web site,
> http://www.nessus.org/plugins/index.php?view=search, it's not a big
> deal but may save you a few seconds. I will see what I can do later.
>
> Regards
> Serkan Özkan
>
> 2010/5/12 YGN Ethical Hacker Group <lists (at) yehg (dot) net [email concealed]>:
>> As far as we see, only exploit-db.com and packetstorm have timely exploits.
>> However, these two sites cannot have complete exploit references.
>>
>> A lot of exploits are scattered across forums, individual hacker sites/blogs,
>> group hacker sites/blogs or some are featured as zero-day in
>> presentations in unknown/known
>> hacker/security conferences or informal meetups, also in security
>> companies' research > advisories sections.
>>
>> We've listed some of those sites:
>> http://yehg.net/hwd/?id=c&go=122 [Advisories]
>> http://yehg.net/hwd/?id=c&go=58 [Exploits]
>>
>> Your linking to vulnerability with available exploits is reasonable.
>> But sometimes, those listed exploits might not work/might have
>> backdoors/might not be trusted unless re-tested/re-coded/sanitized.
>> Also, running each exploit for each vulnerability might be a pain or
>> time consuming for pen tester as we usually/always have to pentest in
>> very limited time frame.
>> So, what we wish you is to link vulnerabilities to integrated
>> scanners/exploiters such as
>> - Nessus
>> - Metasploit
>> - Some scanners dedicated to one stuff (e.g., Tool ABC can check all
>> vulnerabilities of Product XYZ )
>>
>> So, upon seeing a vulnerability, we all can ensure that
>> Nessus/Metasploit/Tool ABC can cover this.
>> This can be achieved by community means or can be done with the aid of
>> intelligent data miner and analyzer.
>>
>>
>>
>> ---------------------------------
>> Best regards,
>> YGN Ethical Hacker Group
>> Yangon, Myanmar
>> http://yehg.net
>> Our Lab | http://yehg.net/lab
>> Our Directory | http://yehg.net/hwd
>>
>
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
I added related metasploit modules pages for vendors, products and
versions. For example you can view list of metasploit modules related
to mac os x, sample here :
http://securityvulnerability.net/metasploit-modules.php?product_id=156
I added list of related metasploit modules to the bottom of cve
details page, so you can view metasploit modules related to a cve
entry easily.
I also added a one click nessus plugin search link to cve details
page, clicking to the nessus logo at cve details page takes you
directly to nessus plugin search results page.
That's all for now. These should make things much easier.
Regards
Serkan Özkan
2010/5/13 Serkan Özkan <serkanozkan (at) gmail (dot) com [email concealed]>:
> Hi,
> Adding references to tools may be possible if vendors publish mappings
> of their plugins to cve numbers. Even if such mappings exist at the
> moment they are in completely different formats; published at their
> web sites as a webpage or emailed to subscribers. So it's hard to
> automatically map those data to cve entries, and cover many tool
> references.
>
> I checked metasploit and nessus plugin/module data. I will add
> references to metasploit modules in a few days using the cve numbers
> associated with modules, as listed at
> http://www.metasploit.com/framework/modules.
> Nessus plugin data are huge compared to metasploit modules so that's a
> bit more complicated. First of all I will add a link to cve details
> page to the plugin search page at Nessus web site,
> http://www.nessus.org/plugins/index.php?view=search, it's not a big
> deal but may save you a few seconds. I will see what I can do later.
>
> Regards
> Serkan Özkan
>
> 2010/5/12 YGN Ethical Hacker Group <lists (at) yehg (dot) net [email concealed]>:
>> As far as we see, only exploit-db.com and packetstorm have timely exploits.
>> However, these two sites cannot have complete exploit references.
>>
>> A lot of exploits are scattered across forums, individual hacker sites/blogs,
>> group hacker sites/blogs or some are featured as zero-day in
>> presentations in unknown/known
>> hacker/security conferences or informal meetups, also in security
>> companies' research > advisories sections.
>>
>> We've listed some of those sites:
>> http://yehg.net/hwd/?id=c&go=122 [Advisories]
>> http://yehg.net/hwd/?id=c&go=58 [Exploits]
>>
>> Your linking to vulnerability with available exploits is reasonable.
>> But sometimes, those listed exploits might not work/might have
>> backdoors/might not be trusted unless re-tested/re-coded/sanitized.
>> Also, running each exploit for each vulnerability might be a pain or
>> time consuming for pen tester as we usually/always have to pentest in
>> very limited time frame.
>> So, what we wish you is to link vulnerabilities to integrated
>> scanners/exploiters such as
>> - Nessus
>> - Metasploit
>> - Some scanners dedicated to one stuff (e.g., Tool ABC can check all
>> vulnerabilities of Product XYZ )
>>
>> So, upon seeing a vulnerability, we all can ensure that
>> Nessus/Metasploit/Tool ABC can cover this.
>> This can be achieved by community means or can be done with the aid of
>> intelligent data miner and analyzer.
>>
>>
>>
>> ---------------------------------
>> Best regards,
>> YGN Ethical Hacker Group
>> Yangon, Myanmar
>> http://yehg.net
>> Our Lab | http://yehg.net/lab
>> Our Directory | http://yehg.net/hwd
>>
>
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
[ reply ]