|
Registered User
Join Date: Feb 2006
Posts: 73
|
No problem I don?t mind answering good honest questions.
Q: How can you possibly run a useful scan on a virtual hosting server where you don't have root uid.
A: On a virtual server we can identify any system or OS level vulnerabilities that could affect the entire server. Granted without root the client could only ask for those issues to be fixed by the provider. Also, just because you are on a virtual server and don?t have root that does not preclude our scan from checking your webapps for things like SQL inject and Xsite scripting among others.
Q: Please explain more about your scan, give us some technical info on how you scan. And I don't mean the nice sales text that you have on your site.
A: Our primary engine is based on Nessus but we have made many significant modifications like enhanced web crawling, five levels of critically per vulnerability, and a downloadable scanner iso for internal checks. (see bottom of post for all the open source tools we use)
Q: Also your site says you use open source software together with custom stuff. Are you aware that you cannot sell/make money of open source packages?
A: I?m not sure that you have your facts straight here. You can sell or make money off almost any open source package so long as you are in compliance with the licensing and release, as open source, any modifications that you have made.
List of open source tools that we have incorporated into our service
Arphound
A tool that listens to all traffic on a network interface. It reports IP/MAC address pairs as well as events such as IP conflicts, IP changes, IP addresses with no RDNS, various ARP spoofing, and packets not using the expected gateway.
Arping
A network tool to broadcast ARP packets and receive replies similar to "ping." Good for mapping a local network and finding used IP space.
ARPwatch
Keeps track of Ethernet/IP address pairings and can detect unusual behavior.
Bing
Bandwidth Ping. A point-to-point bandwidth measurement tool, based on ping. Can measure raw throughput between any two network links.
Bugtraq
A database of known vulnerabilities and exploits providing a large quantity of technical information and resources.
CVE
The Common Vulnerabilities and Exposures dictionary. CVE provides a large quantity of technical information and resources about thousands of vulnerabilities.
Dig
Performs detailed queries about DNS records and zones, extracting configuration and administrative information about a network or domain.
DNStracer
A tool to determine the data source for a given DNS server and follow the chain of DNS servers back to the authorative sources.
Dsniff
A network auditing tool to capture username, password, and authentication information on a local subnet.
Filesnarf
A network auditing tool to capture file transfers and file sharing traffic on a local subnet.
FindSMB
Used to find and describe SMB servers on the local network.
Fping
A utility similar to ping that performs parallel network discovery.
Fragroute
Intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing several IDS evasion techniques.
Fragtest
Tests the IP fragment reassembly behavior of the TCP stack on a target.
Google
Internet search engine that can be used to help search for misconfigurations and/or exposed sensitive information on a network.
Hackbot
A host exploration tool, simple vulnerability scanner, and banner logger.
Hmap
Detailed fingerprinting of web servers to identify vendor, version, patch level, included modules, and much more.
Host
A utility to perform DNS queries, zone transfers, and more.
Hping
Hping and Hping2. A TCP/IP packet assembler and analyzer. Can perform firewall ruleset testing, port scanning, network TOS/QOS testing, MTU discovery, alternate-protocol traceroute, TCP stack auditing, and much more.
Httping
Similar to "ping" but for HTTP requests. Show how long a URL will take to connect, send a request, and receive a reply.
Hunt
A tool for exploiting well known weaknesses in the TCP/IP protocol suite.
LEAP Cracker
A suite of tools to break the NTChallengeResponse encryption technique of the LEAP authentication system used by various vendors of wireless devices.
Libwhisker
Application library designed to assist in scanning for CGI/web vulnerabilities.
Mailsnarf
A network auditing tool to capture SMTP and POP3 email traffic (including message headers, bodies, and attachments) on a local subnet.
Msgsnarf
A network auditing tool to capture instant message (Yahoo, MSN, ICQ, iChat, AIM, and many more) traffic on a local subnet.
NBTScan
A utility for scanning networks for NetBIOS information. Reports IP address, NetBIOS name, logged-in user name, and MAC address.
Nemesis
A network custom packet creation and injection utility.
Nessus
A powerful, fast, and modular security scanner that tests for many thousands of vulnerabilities. The Edgeos system can also be used to create custom Nessus reports.
Netcat
A utility to read and write custom TCP/UDP data packets across a network connection for network debugging or exploration.
NGrep
Similar functions to GNU grep, but applied to the network layer. A packet to sniff network packet payloads and match them against extended regular or hexadecimal expressions.
Nikto
A web server vulnerability scanner that tests over 2,600 potentially dangerous files/CGIs on over 625 types of servers.
Nmap
A port scanner, operating system fingerprinter, service/version identifer, and much more. Nmap is designed to rapidly scan large networks.
OSVDB
The open source vulnerability database providing a large quantity of technical information and resources about thousands of vulnerabilities.
Pathchar
A network tool for inferring the characteristics of Internet paths, including layer-3 hops, bandwidth capacity, and autonomous system (AS) information.
Ping
Standard network utility to send ICMP packets to a target host.
ScanSSH
ScanSSH supports scanning a list of addresses and networks for open proxies, SSH protocol servers, Web and SMTP servers. Where possible, ScanSSH displays the version number of the running services.
SinFP
SinFP is an OS fingerprinting tool that determines the target OS with used TCP frames.
SMBclient
A client to talk to a SMB (Samba, Windows File Sharing) server. Operations include getting files from the server, putting files on the server, retrieving directory information, and more.
SMBtree
A tool to discover and browse SMB (Samba, Windows File Sharing) services. Prints a tree with all the known domains, the servers in those domains, and the shares on the servers.
SMTPscan
A tool to determine the type and version of a remote SMTP mail server based on active probing and analyzing error codes of the target SMTP server.
SSL Certificate Check
ssl-cert-check checks the expiration status of digital certificates on SSL servers.
TCPdump
A network tool for monitoring, protocol debugging, and data acquisition.
TCPreplay
A utility to read captured tcpdump/pcap data and "replay" it back onto the network at arbitrary speeds.
TCPtraceroute
Similar to the "traceroute" network utility, but uses TCP SYN packets instead of ICMP or UDP, attempting to bypass firewalls and packet filters.
THC-Amap
A scanner to remotely fingerprint and identify network applications and services.
THC-Hydra
Network-based authentication/login cracking system supporting almost any service or protocol.
THC-RUT
A tool offering a wide range of network discovery utilities, like ARP lookup on an IP range, spoofed DHCP request, RARP, BOOTP, ICMP-ping, ICMP address mask request, OS fingerprinting, and high-speed host discovery.
THC-Vmap
A scanner to remotely identify version information about network applications and services.
Traceroute
Standard network utility to trace the logical path to a target host by sending ICMP or UDP packets with incrementing TTLs.
URLsnarf
A network auditing tool to capture HTTP traffic on a local subnet.
Whois
A tool to query both domain name and IP address registries to find owner and assignment information.
__________________
|