[Nikto-discuss] Help Nikto

Fri Oct 26 06:27:04 CDT 2012

Dear Friends,

Thank you for your reply.
I got many good points from your responses.

Kind Regards,
Mansour Ahmadi

On Sun, Oct 14, 2012 at 5:40 PM, mailforalexb at googlemail.com <
mailforalexb at googlemail.com> wrote:

> I think clustering the vulnerabilities shouldn't be too difficult. Of
> course the work involved depends on the granularity. Considering that you
> want to automatically generate exploits then yes this will be difficult and
> time consuming.
> Rather than full automation, I think it would save a lot of time and be
> more practical to cluster less specifically and provide some options to end
> user. One click exploits that ate up to date sounds too dreamy. Just my
> opinion though. I'm no professional. This is the first thread I've posted
> too and not really qualified through experience, only my thinking here.
>
> Alex.
>
>
> ----- Reply message -----
> From: "Mansour Ahmadi" <mansourweb at gmail.com>
> To: "Alex Brook" <mailforalexb at googlemail.com>
> Cc: <nikto-discuss at attrition.org>
> Subject: [Nikto-discuss] Help Nikto
> Date: Sun, Oct 14, 2012 2:14 AM
>
>
> Dear Alex,
>
> Thank you for your reply.
> As you said, It is a two-step process. At the moment, I want to focus at
> the first step, Then I want to use AI to generate exploit somewhat.
> Now, I want to focus on the predicting of the class automatically. Before
> that I must cluster (Grouping) the vulnerabilities because :
>
> 1) There is *no standard* for different vulnerabilities databases. each
> vuln database has its own categories.
> 2) The *total number* of vulnerabilities is high each day ( the number of
> vulnerabilities reported in January 2012, amounts to 488<http://www.symantec.com/threatreport/topic.jsp?id=vulnerability_trends&aid=total_number_of_vulnerabilities>).
> so it is a cumbersome task.
> 3) Working with words in AI applications has many challenges (finding *useful
> words* to help classification and clustering)
>
> Don't you agree with me that even the first step is useful and is not easy
> ?
>
>
> On Sat, Oct 13, 2012 at 8:18 PM, Alex Brook <mailforalexb at googlemail.com>wrote:
>
>> Hi Mansour,
>>
>> How would you generate the exploit automatically? I think class of the
>> exploit is simple enough but perhaps automatic generation of the exploit
>> not so easy. Would there not be some variables?
>>
>> Alex.
>> On Oct 13, 2012 12:22 PM, "Mansour Ahmadi" <mansourweb at gmail.com> wrote:
>>
>>> Dear Sullo,
>>>
>>> Thank you for your reply.
>>>
>>> I mean, I want to detect the lable (class or category) of a
>>> vulnerability automatically.  for example, In OSVDB or CVE, If a new bug
>>> release, I predict what is the calss of it (SQL inj, XSS, ...). then,
>>> generate the exploit of it automatically.
>>>
>>> Do you think is it possible and useful ?
>>>
>>> Thanks a lot
>>>
>>> On Sat, Oct 13, 2012 at 4:39 AM, Sullo <csullo at gmail.com> wrote:
>>>
>>>> I'm not sure I follow what you mean about "clustering" them... could
>>>> you explain a bit further?
>>>>
>>>>  Thanks,
>>>> Sullo
>>>>
>>>> On Sun, Oct 7, 2012 at 3:38 PM, Mansour Ahmadi <mansourweb at gmail.com>wrote:
>>>>
>>>>> Dear Friends,
>>>>>
>>>>> I want to cluster OSVDB vulnerabilities with a novel algorithm. if I
>>>>> cluster the vulnerabilities, how it can help Nikto ? Is it useful or not ?
>>>>>
>>>>> Thank you so much
>>>>>
>>>>> _______________________________________________
>>>>> Nikto-discuss mailing list
>>>>> Nikto-discuss at attrition.org
>>>>> https://attrition.org/mailman/listinfo/nikto-discuss
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> http://www.cirt.net     |      http://richsec.com/
>>>>
>>>
>>>
>>> _______________________________________________
>>> Nikto-discuss mailing list
>>> Nikto-discuss at attrition.org
>>> https://attrition.org/mailman/listinfo/nikto-discuss
>>>
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20121026/7aa0bd3e/attachment.html>