What I tried to say is this:
Tell me what vulnerabilities you've found. Tell me about all that you can
identify with a given tool. (It may not be all possible things, but whatever
you decide on, you should be able to report).
Don't tell me what it might be unless you can rule out false positives based
on the known info at the time. My point was, sadmind was well known at the
time).
I'm going to have to deal with each box anyway, so, there's no point in trying
to claim a match based on something as generic as the existance of
/scripts/cmd.exe.
I am not expecting production grade from a free tool, and if identification of
the exploit requires production grade then omit it instead of trying to
identify it anyway.
Please read what I wrote more carefully next time ;-).. as we've been talking
past each other.
(FWIW: Our solution was to write our own tool after being frustrated with
vendor provided tools in the short amount of time available. Worked better to
identify the threat and get all the info to be able to manually properly
classify and evaluated the various matches. I was thankful to have the eEye
tool, but it ended up being more of a learning experience (in a variety of
areas) than much useful).
Jay Woody wrote:
[..]
