Am 01.10.2014 um 17:21 schrieb Reindl Harald: > Am 01.10.2014 um 16:52 schrieb Brandon Perry: >> I agree that utilities like dirb and nikto are useful as plugins for OpenVAS >> since these are generally applicable >> to any web server. >> >> Arachni and wapiti require such application specific configurations that I >> wouldn't want to give people using >> OpenVAS the idea that running arachni through OpenVAS is as good as running >> it independently. Both are very >> powerful (particularly arachni), but I do think they almost serve a >> different purpose than OpenVAS in that OpenVAS >> in my mind is about finding and remediating known vulnerabilities such as >> missing patches and a /backup folder on a >> web server. >> >> Finding SQL injections and XSS should be in the development lifecycle, not >> the patch management and insecure >> configuration discovery > > no - finding SQL injections and XSS is *by definition* the purpose of a > security scan
but for that OpenVAS would need to learn basics like send the host-header correct to scan a specific vhost maybe with v7 that works now, in the past you always scanned the apache default vhost
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss