| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: visigoth at securitycentric.com (visigoth) Subject: New Tool: MetaCoretex (DB Security Scanner) On Thu, Oct 02, 2003 at 11:19:22AM -0300, Rodrigo Barbosa wrote: > Care to make a quick comparation against nessus for us here ? > This is a good start point to get people plugged on your software :) Sure! I love Nessus, and would never want to degrade it in any way. MetaCoretex has a strong database focus because of the JAVA JDBC construct. JDBC Type IV drivers are database drivers that are completely written in JAVA. This means, I can include one JAR in my classpath and have access to libraries to communicate with Oracle, MsSQL, MySQL et. all. without haveing to install any database software. People could certianly write probes for the tool which are not database related (I think I may start writting some that test application servers), but this is clearly one of the strengths. MetaCoretex's "knowledge base" is used by probes to hand off information for other probes' later use. One of the largest features of MetaCoretex is that this KB stores Objects, not Strings. This means that if any probe manages to get a connection to a database instance, it can put that ConnectionObject into the KB so other probes which test the DB don't even need to bother with connection logic. Additionally, probes are written as extensions of already existing AbstractProbe objects which have almost everything you need already done. The probes are written in JAVA which means that the only limitations to what you can do in a probe would have to be limitations of the JAVA programming language (heh, so none right? not.. raw sockets... *sniff*). MetaCoretex is also completely stand alone and requires only a modern JVM. There is nothing to compile or install in any way. Updates are handled by the wizard, and there are even probe generators for some of the common probe types. Don't fret about the lack of docs ;) I'll get some better stuff together soon... Hope that helps, -visigoth -- "Omnis tuus capsa sunt inesse nos" -------------------------------------------------- Ever wanted to... read registry entries remotely?..as LocalSystem? ...from linux? portscan a system?..from itself?..to the loopback?..to another? bruteforce passwds?..using the target system's CPU? MetaCoretex - Finally, an open DB Security Scanner! www.metacoretex.com -------------------------------------------------- Security Centric Labs www.securitycentric.com --------------------------------------------------
Powered by blists - more mailing lists