On Tue, 6 Nov 2001, Scott Seglie wrote:
> I'm sure there is a more efficient way to do this. I realize that
> there is research involved and hands on (work must be done...but for
> the initial information gathering, is anyone going about it a
> different way? Maybe a series of scripts?
you may want to look into expect scripting this, ie conditional
executions, interactions, etc ...
CORE SDI is working on a new tool, Impact, which is based on their
research on automated pen testing. they have made many presentations on
it, including at blackhat this year.
http://www.core-sdi.com/solutions/core_impact.html
http://www.blackhat.com/
VERY cool stuff, these guys are REALLY bright. worth checking out, even if
only to get some ideas.
____________________________
jose nazario jose_at_cwru.edu
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Nov 08 2001
Intro
