Vulscan, found at http://www.computec.ch/projekte/vulscan/ can be used in conjunction with Nmap as a 'poor man's Nessus' for a lack of better terms. Using Nmap's operating system guess algorithms, you can then follow certain vulnerability databases, like OSVDB, CVE, and ExploitDB. So far, I have tested this with a couple of servers at work... but unfortunately, the servers are web sites, and for some reason, Nmap can't figure out what the OS fingerprint is. I am wondering if the fingerprinting isn't somehow being affected by my router, because it's showing up as...
Nmap output from a webserver at work |
Sorry for the size... I'm still figuring this "import image" thing out... But I am damn sure we aren't running "Apple embedded" anything at work... So, I thought I would try going through a different Internet connection, that being tethered to my phone.
LOL... it's even worse tethered to my phone. That same webserver that I scanned from my home, now on my phone is saying that it's a "Panasonic Webcam". What the hell? Guess I need to investigate further. More on that later...
I fully intend to continue testing with Vulscan, maybe as a quick vuln scanner. We just bought Nessus at work, and pairing OpenVAS with Vulscan will allow us to catch even more issues than previously.
No comments:
Post a Comment