[unisog] Vulnerability scanner for MS05-039
r.fulton at auckland.ac.nz
Tue Aug 16 21:25:12 GMT 2005
I'll add my thanks to Syl's! Great work Chris.
I have also been busy and hacked a version metasploit's mscli to take a file of IPs this makes it somewhat faster than running the mscli from a script because you are not starting perl and loading metasploit for each machine. The original version spawned processes to run the tests in parallel but I am not sure if this is reliable -- more testing needed.
I have been using noxscan since yesterday morning and getting large numbers of INCONCLUSIVEs.
I turns out that 2003 and XP turn up as INCONCLUSIVE (quite rightly since one can't test the vulnerability without logging in) but there were also some w2k boxes too so I used my script to recheck these machines and came up with about 80 more (to add to the 600 we found on the first scan). I hasten to add that the number is much lower this morning ;)
I'll do a bit more work on my metasploit bulk script this morning and then post it to the list.
Chris Russel wrote:
> Our vuln scanning tool is here, updated to detect MS05-039:
> (also checks MS04-007, MS04-011 for good measure)
> It is designed for speed and should do a class-B in 5-10 minutes or less
> (run with 100+ threads). I got tired of renaming it after every new
> Microsoft security bulletin, so it is just called noxscan now (used to be
> 011scan). It is somewhat of a hack but works well enough for us - standard
> disclaimer, YMMV, no guarantees of any kind... Tested on Linux, OpenBSD,
> and Solaris.
> Thanks to those on #unisog who helped test it.
More information about the unisog