Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Automated Nmap Scans / Front End

from [jasper . o . waale] Network Security [Permanent Link]
Subject: Re: Automated Nmap Scans / Front End
Date: Fri, 19 Jan 2007 11:13:24 +0700 
I'm sure nmap is a good tool, but you might want to link it to some
database, or look at tools like the qualys, that map and give you your
weakest points

Jasper
                                                                           
             tom jones                                                     
             <p0rt_0@yahoo.com                                             
             >                                                          To 
             Sent by:                  pen-test@securityfocus.com          
             listbounce@securi                                          cc 
             tyfocus.com                                                   
                                                                   Subject 
                                       Automated Nmap Scans / Front End    
             19/01/2007 07:33                                              
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           




Hello,
I am responsible for monitoring hundreds of machines
over thousands of
external IP addresses.  I currently run nmap manually
once a week and import
the results into Excel to compare them with the
previous week to find hosts
that are new and also take note of those that have
been taken off the
Internet.  I am looking for a web front end, batch
process, or similar that
would meet the following requirements.

-Input file of external IP ranges I am responsible for
-Have the tool scan all ranges to determine responding
IPs
-Compare results to previous week and note exceptions
-Scheduling capability to have this take place weekly


From a quick search, I found these two tools that I

might try out if I have
time.  I have not heard of them before and have not
had a chance to read up
on their capabilities:

http://sourceforge.net/projects/gwmos/
http://sourceforge.net/projects/cancerbero/

I am also interested to hear thoughts on the best way
to do host discovery.
Many of our firewalls will block ICMP requests which
is fast and not
complete.  Scanning for every TCP and UDP port can
take days.  I'm looking
for a good middle ground that would be fairly complete
but not take an
excessive amount of time.  I currently scan for about
15 common TCP ports
which takes about half of a day.

I have the ability to run these on either a Windows XP
machine or a web
server (php, etc.).

Thanks in advance.







____________________________________________________________________________________

Don't pick lemons.
See all the new 2007 cars at Yahoo! Autos.
http://autos.yahoo.com/new_cars.html

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW

------------------------------------------------------------------------


ForwardSourceID:NT00073052
_________________________________________________________________
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.  Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited.   If you received
this in error, please contact the sender and delete the material from any
computer.


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Sybase passwords hashes, mugutu sumulunu
Next by Date:  Re: "PenTest" a container file, Thor (Hammer of God)
Previous by Thread:  Automated Nmap Scans / Front End, tom jones
Next by Thread:  Re: Automated Nmap Scans / Front End, Marco Ramilli
Indexes:  [Date] [Thread] [Top] [All Lists]