Hi there,
I have recognized scapy as a dependency of the current w3af.
Also, the current osCommanding plugin seems to use "ping" on a remote host
to verify a vulnerability.
That's smart. :)
But isn't it smarter / equally smart to let the remote host ping / netcat
*OUR* server, and check via raw socket / scapy if a ICMP, TCP or UDP packet
arrived?
I like that idea, but I would like to get some feedback before I hack up
the plugin.
Thanks,
Daniel
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
