[prev in list] [next in list] [prev in thread] [next in thread]
List: nikto-discuss
Subject: [Nikto-discuss] Help Nikto
From: mansourweb () gmail ! com (Mansour Ahmadi)
Date: 2012-10-26 11:39:04
Message-ID: CAGT9xrBWKdsGRWqC=-LrFyZ3bRPY6ZngKwjVAajfLux6Mim3Qg () mail ! gmail ! com
[Download RAW message or body]
Dear Friends,
Thank you for your reply.
I got many good points from your responses.
Kind Regards,
Mansour Ahmadi
On Sun, Oct 14, 2012 at 5:40 PM, mailforalexb at googlemail.com <
mailforalexb at googlemail.com> wrote:
> I think clustering the vulnerabilities shouldn't be too difficult. Of
> course the work involved depends on the granularity. Considering that you
> want to automatically generate exploits then yes this will be difficult and
> time consuming.
> Rather than full automation, I think it would save a lot of time and be
> more practical to cluster less specifically and provide some options to end
> user. One click exploits that ate up to date sounds too dreamy. Just my
> opinion though. I'm no professional. This is the first thread I've posted
> too and not really qualified through experience, only my thinking here.
>
> Alex.
>
>
> ----- Reply message -----
> From: "Mansour Ahmadi" <mansourweb at gmail.com>
> To: "Alex Brook" <mailforalexb at googlemail.com>
> Cc: <nikto-discuss at attrition.org>
> Subject: [Nikto-discuss] Help Nikto
> Date: Sun, Oct 14, 2012 2:14 AM
>
>
> Dear Alex,
>
> Thank you for your reply.
> As you said, It is a two-step process. At the moment, I want to focus at
> the first step, Then I want to use AI to generate exploit somewhat.
> Now, I want to focus on the predicting of the class automatically. Before
> that I must cluster (Grouping) the vulnerabilities because :
>
> 1) There is *no standard* for different vulnerabilities databases. each
> vuln database has its own categories.
> 2) The *total number* of vulnerabilities is high each day ( the number of
> vulnerabilities reported in January 2012, amounts to \
> 488<http://www.symantec.com/threatreport/topic.jsp?id=vulnerability_trends&aid=total_number_of_vulnerabilities>).
> so it is a cumbersome task.
> 3) Working with words in AI applications has many challenges (finding *useful
> words* to help classification and clustering)
>
> Don't you agree with me that even the first step is useful and is not easy
> ?
>
>
> On Sat, Oct 13, 2012 at 8:18 PM, Alex Brook <mailforalexb at googlemail.com>wrote:
>
> > Hi Mansour,
> >
> > How would you generate the exploit automatically? I think class of the
> > exploit is simple enough but perhaps automatic generation of the exploit
> > not so easy. Would there not be some variables?
> >
> > Alex.
> > On Oct 13, 2012 12:22 PM, "Mansour Ahmadi" <mansourweb at gmail.com> wrote:
> >
> > > Dear Sullo,
> > >
> > > Thank you for your reply.
> > >
> > > I mean, I want to detect the lable (class or category) of a
> > > vulnerability automatically. for example, In OSVDB or CVE, If a new bug
> > > release, I predict what is the calss of it (SQL inj, XSS, ...). then,
> > > generate the exploit of it automatically.
> > >
> > > Do you think is it possible and useful ?
> > >
> > > Thanks a lot
> > >
> > > On Sat, Oct 13, 2012 at 4:39 AM, Sullo <csullo at gmail.com> wrote:
> > >
> > > > I'm not sure I follow what you mean about "clustering" them... could
> > > > you explain a bit further?
> > > >
> > > > Thanks,
> > > > Sullo
> > > >
> > > > On Sun, Oct 7, 2012 at 3:38 PM, Mansour Ahmadi <mansourweb at \
> > > > gmail.com>wrote:
> > > > > Dear Friends,
> > > > >
> > > > > I want to cluster OSVDB vulnerabilities with a novel algorithm. if I
> > > > > cluster the vulnerabilities, how it can help Nikto ? Is it useful or not ?
> > > > >
> > > > > Thank you so much
> > > > >
> > > > > _______________________________________________
> > > > > Nikto-discuss mailing list
> > > > > Nikto-discuss at attrition.org
> > > > > https://attrition.org/mailman/listinfo/nikto-discuss
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > >
> > > > http://www.cirt.net | http://richsec.com/
> > > >
> > >
> > >
> > > _______________________________________________
> > > Nikto-discuss mailing list
> > > Nikto-discuss at attrition.org
> > > https://attrition.org/mailman/listinfo/nikto-discuss
> > >
> > >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20121026/7aa0bd3e/attachment.html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic