Sunday, April 03, 2011

toolsmith: OpenVAS-4

Between writing this post and writing April's toolsmith a couple of weeks ago, I used OpenVAS-4, April's toolsmith topic, for a penetration testing engagement rather than the other freely available vulnerability scanner.
The project leads just released OpenVAS-4 in March and it offers some noteworty enhancements.
Between the highly functional web UI, the Greebone Security Assistant, and the impressive scan configuration methodology, I may be a convert.

OpenVAS-4 offers seriously strong report-fu; an essential part of successful engagement tooling.
I also find the ability to slave multiple OpenVAS Managers to one Manager to load balance and distrbute resource intensive scan tasks.

As part of recent testing I discovered a host running the Mongoose web server.

It's here we'll have some fun, a contest if you will, more of a guessing game than anything.
On what specific host type was Mongoose running?
Hint: Keep in mind that Mongoose is an "easy to use web server. It also can be used as embedded web server library to provide a web interface to applications."
First correct guess received via holisticinfosec at gmail dot com will receive an information security book of my choosing.

Check out OpenVAS; I think you'll be impressed.


Bo said...

Russ - was it a Roku?

Russ McRee said...

Not Roku.
Other incorrect guesses so far have included:
Windows XP
GSA machine

Information Security Training said...

Can you give us another hint Russ?

Russ McRee said...

Indeed, I'll narrow it down. Running as part of firmware on a device.

Anonymous said...

I'm taking a wild guess and saying Android

Russ McRee said...

RE: Android...negative, Ghost Rider

Hth said...

Was it your DSL router?

Russ McRee said...

No, but you're getting closer. ;-)

Dmitry said...

Wireless access point then ;)

Russ McRee said...

Winner! Dmitry got it.

McRee added to ISSA's Honor Roll for Lifetime Achievement

HolisticInfoSec's Russ McRee was pleased to be added to ISSA International's Honor Roll this month, a lifetime achievement award rec...