Web software security scanners
Hey all,
I am looking for some scanners which look for known vulnerabilities in
different web software.
I have a collegue who runs a community web server with some 100
different sites and almost half that in different CMS', blogs,
publishing software, formmail scripts, postnuke, phpnuke, drupal,
moveable type, etc. They have unfortunately allowed their people to
install whatever software they want, which has resulted in this
hodgepodge of random software, at different versions (not all debian
packages) and some of these pieces of software have some exploitable
holes in them.
This is known because he has found script kiddies who have been able
to upload tar.gz files as user www-data into /tmp /var/tmp and
/home/www-data and then extract them and run them. This has resulted
in shells being started as www-data, and scripted attempts to escalate
priviledges using lkm, mremap, and other kernel holes (which haver
never, to his knowledge, worked because he maintains the latest kernel
and watches his filesystem with aide and sees the rogue processess
started almost immediately and they get killed, but there is still the
possibility of course).
Anyways, he is rebuilding the machine, as he should, with much more
strict web hosting security considerations in mind, but he still would
like to track down which piece of software is vulnerable. Based on the
data that I have gone over for him, it is pretty plain that someone is
using some sort of vulnerability scanner to find that he is running a
phpnuke (for eg.) that is vulnerable, and then running an exploit on
it. The attacks are with out a doubt scripted. He has run nessus on
the system, but nessus only really gives you false positives about
software that is installed that isn't the right version (because the
debian packages actually backport the security fixes), but it doenst
know anything about the different CMS' etc.
Does anyone know of these types of scanners?
Thanks!
Reply to: