toolsmith: OpenVAS-4



Between writing this post and writing April's toolsmith a couple of weeks ago, I used OpenVAS-4, April's toolsmith topic, for a penetration testing engagement rather than the other freely available vulnerability scanner.
The project leads just released OpenVAS-4 in March and it offers some noteworty enhancements.
Between the highly functional web UI, the Greebone Security Assistant, and the impressive scan configuration methodology, I may be a convert.



OpenVAS-4 offers seriously strong report-fu; an essential part of successful engagement tooling.
I also find the ability to slave multiple OpenVAS Managers to one Manager to load balance and distrbute resource intensive scan tasks.






As part of recent testing I discovered a host running the Mongoose web server.



It's here we'll have some fun, a contest if you will, more of a guessing game than anything.
On what specific host type was Mongoose running?
Hint: Keep in mind that Mongoose is an "easy to use web server. It also can be used as embedded web server library to provide a web interface to applications."
First correct guess received via holisticinfosec at gmail dot com will receive an information security book of my choosing.


Check out OpenVAS; I think you'll be impressed.
Cheers.

Comments

Bo said…
Russ - was it a Roku?
Russ McRee said…
Not Roku.
Other incorrect guesses so far have included:
OpenWRT
Windows XP
GSA machine
Can you give us another hint Russ?
Russ McRee said…
Indeed, I'll narrow it down. Running as part of firmware on a device.
Anonymous said…
I'm taking a wild guess and saying Android
Russ McRee said…
RE: Android...negative, Ghost Rider
Hth said…
Was it your DSL router?
Russ McRee said…
No, but you're getting closer. ;-)
Dmitry said…
Wireless access point then ;)
Russ McRee said…
Winner! Dmitry got it.

Popular posts from this blog

Toolsmith In-depth Analysis: motionEyeOS for Security Makers

Toolsmith Release Advisory: Malware Information Sharing Platform (MISP) 2.4.52

Toolsmith Tidbit: XssPy