[Nikto-discuss] Help Nikto

Mansour Ahmadi mansourweb at gmail.com
Sat Oct 13 14:14:41 CDT 2012


Dear Alex,

Thank you for your reply.
As you said, It is a two-step process. At the moment, I want to focus at
the first step, Then I want to use AI to generate exploit somewhat.
Now, I want to focus on the predicting of the class automatically. Before
that I must cluster (Grouping) the vulnerabilities because :

1) There is *no standard* for different vulnerabilities databases. each
vuln database has its own categories.
2) The *total number* of vulnerabilities is high each day ( the number of
vulnerabilities reported in January 2012, amounts to
488<http://www.symantec.com/threatreport/topic.jsp?id=vulnerability_trends&aid=total_number_of_vulnerabilities>).
so it is a cumbersome task.
3) Working with words in AI applications has many challenges (finding *useful
words* to help classification and clustering)

Don't you agree with me that even the first step is useful and is not easy
?


On Sat, Oct 13, 2012 at 8:18 PM, Alex Brook <mailforalexb at googlemail.com>wrote:

> Hi Mansour,
>
> How would you generate the exploit automatically? I think class of the
> exploit is simple enough but perhaps automatic generation of the exploit
> not so easy. Would there not be some variables?
>
> Alex.
> On Oct 13, 2012 12:22 PM, "Mansour Ahmadi" <mansourweb at gmail.com> wrote:
>
>> Dear Sullo,
>>
>> Thank you for your reply.
>>
>> I mean, I want to detect the lable (class or category) of a
>> vulnerability automatically.  for example, In OSVDB or CVE, If a new bug
>> release, I predict what is the calss of it (SQL inj, XSS, ...). then,
>> generate the exploit of it automatically.
>>
>> Do you think is it possible and useful ?
>>
>> Thanks a lot
>>
>> On Sat, Oct 13, 2012 at 4:39 AM, Sullo <csullo at gmail.com> wrote:
>>
>>> I'm not sure I follow what you mean about "clustering" them... could you
>>> explain a bit further?
>>>
>>>  Thanks,
>>> Sullo
>>>
>>> On Sun, Oct 7, 2012 at 3:38 PM, Mansour Ahmadi <mansourweb at gmail.com>wrote:
>>>
>>>> Dear Friends,
>>>>
>>>> I want to cluster OSVDB vulnerabilities with a novel algorithm. if I
>>>> cluster the vulnerabilities, how it can help Nikto ? Is it useful or not ?
>>>>
>>>> Thank you so much
>>>>
>>>> _______________________________________________
>>>> Nikto-discuss mailing list
>>>> Nikto-discuss at attrition.org
>>>> https://attrition.org/mailman/listinfo/nikto-discuss
>>>>
>>>>
>>>
>>>
>>> --
>>>
>>> http://www.cirt.net     |      http://richsec.com/
>>>
>>
>>
>> _______________________________________________
>> Nikto-discuss mailing list
>> Nikto-discuss at attrition.org
>> https://attrition.org/mailman/listinfo/nikto-discuss
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20121013/243e63ce/attachment.html>


More information about the Nikto-discuss mailing list