Re: Live Penetration Testing.

[Jonas Andradas <j.andradas@gmail.com>]

On Wed, Oct 21, 2009 at 09:48, Mike Mestnik <cheako@visi.com> wrote:

Are there any applications or projects to provide this *badly needed
service? I'm willing to assist in using or putting together an nmap
type applications that scans for known vulnerabilities and attempts to
make use of them for security awareness and _,*"prof"*,_ of concept
means.

Rant:
* Too often are PCI compliance testings coming up with false positives
based on server provided version data.  No matter how many times it's
spelled out that "These are to be used by authorized/allowed
applications(to discover usable features or avoid version conflicts)
and not by malicious applications.", there is always some one who is
happy for me to change(With the approval of BOFH) the reported version
to 0.0.0.

Hello Mike, 

are you referring to something like the OpenVAS project[1]?  It is a fork of Nesssus.  If so, it is currently available for Debian Unstable, and if I am not mistaken, partially available for Debian Stable (Lenny).  There is an unofficial Debian repository for OpenVAS packages for lenny, provided by Intevation, a German company behind the development of OpenVAS.

Sorry if I did not understand your question/message fully.

[1] http://openvas.org/

Best regards,

-- 
Jonás Andradas

Skype: jontux
LinkedIn: http://www.linkedin.com/in/andradas
GPG Fingerprint:  678F 7BD0 83C3 28CE 9E8F
                           3F7F 4D87 9996 E0C6 9372
Keyservers:  pgp.mit.edu | pgp.rediris.es