First of all an introduction. My name is Thomas Olofsson (skjortan) on efnet. and has been working with network and application security for the past ten years. I did use nessus from time to time up till the 2.x release. and before then i used s.a.t.a.n. Currently i am mostly working with pure application/code security and do not do much network scans other then as a part test for some PCI compliance evaluation.
I was very happy when i read about the OpenVas project and i have synced the repository and almost gotten it to build. I must say that i am very impressed with the amount of work you guys have done so far. Especially with all the licensing issues. It is really nice to see a working Open branch again. I am very much looking forward to contibute to this project that i really think is helping the both the security and the open source comunity. I was also happy to find a very active and living mailinglist that actually very openly discuss the development roadmap: Now to my thoughts on the last days discussions regarding external .sig formats. Start with .nasl and do them good. It is allways tempting to get input from other sources but the build is not even stable yet. I think we should start with a stable platform that builds on anything, with working .nasl scripts for the most obvious things (windows/smb) and major vendor network services. There is a lot of job just getting up an running, producing decent scan results. > hm, this would turn OpenVAS into a cracker tool. > We have to be careful with this. OpenVAS should > stay a analysis tool. Though it might make sense to > use metasploit in some ways to report security problems > rather to pop up a root shell. I agree to this. a security scanner should be a security scanner and a exploit framework a exploit framework. If you are a decent penetration tester you should know how to exploit your findings with metasploit. If we integrate them we risk turning this into a 'script kiddie' toolbox. And thereby taking focus from what we really should do (finding vulnerabilities). _______________________________________________ Openvas-devel mailing list Openvas-devel@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-devel
