Dear mailing list,
we are a small group of security researchers at CISPA/Saarland
University that is interested in using planning methods to aid
penetration testers. In our efforts to provide a through enough report
of a network to simulate an attacker, we have extended OpenVAS with the
following features:
- plugin-interface, which integrates the following features as plugins
- network scanning: slaves try to reach each other on the network to
devise the network topology
- credential scanning: a flexible OVAL interface allows specifying
known locations where credentials are places, in order to device
which hosts have access to which services. E.g., if the firefox
profile on host A indicates access to the admin interface of
a router R, this relation between A and R can be security relevant.
We think these features could be useful outside our domain. Is there
interest in integrating these features upstream? How would one go about
integrating them.
With kind regards, Robert Künnemann
--
Robert Künnemann, Ph.D.
Information Security & Cryptography Group, Saarland University
E 9.1, Room 3.03, 66123 Saarbrücken
Phone: +49 681 302 70962
_______________________________________________
Openvas-devel mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-devel
_______________________________________________
Openvas-devel mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-devel
