Have anyone ever try modding/changing a Vulnerability scanner or coding their own? I'd like to see some examples of coded or changed around scanners that focus on one specific aspect. If you can show me a site or have your own, please reply.
Printable View
Have anyone ever try modding/changing a Vulnerability scanner or coding their own? I'd like to see some examples of coded or changed around scanners that focus on one specific aspect. If you can show me a site or have your own, please reply.
It depends on what scanner you are talking about. Most of them have the ability to either code your own modules or to adjust the code in the existing ones. My recommendation would be to find the modules and play around with them. I personally always modify the modules some. For example, sometimes the helpfile or hints to fix the problem or to describe it are insufficient to hand to a customer so I add to it. Sometimes there is a list of old passwords or old SNMP community names or things like that that shouldn't be floating around any more, so I add those to the existing modules. Or perhaps you don't like the way it is checking a particular vulnerability, have a look at how it is doing and modify it a little bit.
Nessus is a freebie vulnerability scanner and comes with a set stock of vulnerability tests (.nasl files). It is basically a scripting language. Download it, have a look at them, it would at least be a start.
Neb