On Wed, Oct 21, 2009 at 09:48, Mike Mestnik <che...@visi.com> wrote: > Are there any applications or projects to provide this *badly needed > service? I'm willing to assist in using or putting together an nmap > type applications that scans for known vulnerabilities and attempts to > make use of them for security awareness and _,*"prof"*,_ of concept > means. > > Rant: > * Too often are PCI compliance testings coming up with false positives > based on server provided version data. No matter how many times it's > spelled out that "These are to be used by authorized/allowed > applications(to discover usable features or avoid version conflicts) > and not by malicious applications.", there is always some one who is > happy for me to change(With the approval of BOFH) the reported version > to 0.0.0. > > Hello Mike,
are you referring to something like the OpenVAS project[1]? It is a fork of Nesssus. If so, it is currently available for Debian Unstable, and if I am not mistaken, partially available for Debian Stable (Lenny). There is an unofficial Debian repository for OpenVAS packages for lenny, provided by Intevation, a German company behind the development of OpenVAS. Sorry if I did not understand your question/message fully. [1] http://openvas.org/ Best regards, -- Jonás Andradas Skype: jontux LinkedIn: http://www.linkedin.com/in/andradas GPG Fingerprint: 678F 7BD0 83C3 28CE 9E8F 3F7F 4D87 9996 E0C6 9372 Keyservers: pgp.mit.edu | pgp.rediris.es
