lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20031002090230.A32103@niobi.securitycentric.com>
From: visigoth at securitycentric.com (visigoth)
Subject: New Tool: MetaCoretex (DB Security Scanner)

On Thu, Oct 02, 2003 at 11:19:22AM -0300, Rodrigo Barbosa wrote:
> Care to make a quick comparation against nessus for us here ?
> This is a good start point to get people plugged on your software :)

Sure!  I love Nessus, and would never want to degrade it in any way.

MetaCoretex has a strong database focus because of the JAVA JDBC construct.
JDBC Type IV drivers are database drivers that are completely written in
JAVA.  This means, I can include one JAR in my classpath and have access
to libraries to communicate with Oracle, MsSQL, MySQL et. all. without
haveing to install any database software.

People could certianly write probes for the tool which are not database
related (I think I may start writting some that test application servers),
but this is clearly one of the strengths.

MetaCoretex's "knowledge base" is used by probes to hand off information
for other probes' later use.  One of the largest features of MetaCoretex
is that this KB stores Objects, not Strings.  This means that if any probe
manages to get a connection to a database instance, it can put that 
ConnectionObject into the KB so other probes which test the DB don't
even need to bother with connection logic.

Additionally, probes are written as extensions of already existing
AbstractProbe objects which have almost everything you need already done.
The probes are written in JAVA which means that the only limitations
to what you can do in a probe would have to be limitations of the JAVA
programming language (heh, so none right? not.. raw sockets... *sniff*).

MetaCoretex is also completely stand alone and requires only a modern JVM.
There is nothing to compile or install in any way.

Updates are handled by the wizard, and there are even probe generators
for some of the common probe types.  Don't fret about the lack of docs ;)
I'll get some better stuff together soon...

Hope that helps,
-visigoth

-- 

"Omnis tuus capsa sunt inesse nos"
--------------------------------------------------
Ever wanted to...

read registry entries remotely?..as LocalSystem? ...from linux?
portscan a system?..from itself?..to the loopback?..to another?
bruteforce passwds?..using the target system's CPU?

MetaCoretex - Finally, an open DB Security Scanner!

www.metacoretex.com
--------------------------------------------------
Security Centric Labs
www.securitycentric.com
--------------------------------------------------


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ