I downloaded N-stealth, and ran it against one of my apache servers...I then parsed out my logs to see what it was looking for...
It does a bunch of extra unicode checks and it checks for a *crapload* of default directories... Maybe someone can help me...is there anything wrong with me going through my log files, finding deltas (between Nessus and N-stealth), and adding these to Nessus???? John W. Lampe https://f00dikator.aceryder.com/ ----- Original Message ----- From: "~Kevin Davis�" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, June 09, 2003 7:54 PM Subject: Re: N-Stealth vs. Nessus > To further that thought, ISS Internet Scanner (6.21/7.0) only covers > slightly over 1,200 vulnerabilities. And several of those are very old > vulns. There is a big difference between having a database of vulns and > properly scanning and identifying them and them being relatively pertinent. > > ~Kevin Davis� > > What possibly could go wrong? > ----- Original Message ----- > From: "Renaud Deraison" <[EMAIL PROTECTED]> > To: "Luman" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Monday, June 09, 2003 9:31 PM > Subject: Re: N-Stealth vs. Nessus > > > > For the record, securityfocus's vuln database > > contains less than 8,000 entries at this time (including non-web and > > local vulnerabilities), and I think ISS's XF database contains ~ 12,000 > > entries (and again, this includes local and non-web vulnerabilities). > --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.488 / Virus Database: 287 - Release Date: 6/9/2003
