I'm advising a client on auditing his systems for vulnerable OpenSSL libs which may be included by 3rd-parties. Does anyone know of some relatively simple tools that I can leverage to figure out what applications were bundled with out of date libs? Most of the focus will be Linux and OSX systems.
I'll cover as much as I can by automating ldd, nm, JAR unpackers and UPX. I'll have to contact developers directly if I find evidence of obfuscation tools. Can someone add to this list of concerns or weigh in on any existing tools that can automate part of this process? I don't know OSX so well so extra advice for this platform is helpful. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
