[Nikto-discuss] Help Nikto
mailforalexb@googlemail.com
mailforalexb at googlemail.com
Sun Oct 14 09:10:35 CDT 2012
I think clustering the vulnerabilities shouldn't be too difficult. Of course the work involved depends on the granularity. Considering that you want to automatically generate exploits then yes this will be difficult and time consuming.
Rather than full automation, I think it would save a lot of time and be more practical to cluster less specifically and provide some options to end user. One click exploits that ate up to date sounds too dreamy. Just my opinion though. I'm no professional. This is the first thread I've posted too and not really qualified through experience, only my thinking here.
Alex.
----- Reply message -----
From: "Mansour Ahmadi" <mansourweb at gmail.com>
To: "Alex Brook" <mailforalexb at googlemail.com>
Cc: <nikto-discuss at attrition.org>
Subject: [Nikto-discuss] Help Nikto
Date: Sun, Oct 14, 2012 2:14 AM
Dear Alex,
Thank you for your reply. As you said, It is a two-step process. At the moment, I want to focus at the first step, Then I want to use AI to generate exploit somewhat.
Now, I want to focus on the predicting of the class automatically. Before that I must cluster (Grouping) the vulnerabilities because :
1) There is no standard for different vulnerabilities databases. each vuln database has its own categories.
2) The total number of vulnerabilities is high each day ( the number of vulnerabilities reported in January 2012, amounts to 488). so it is a cumbersome task.
3) Working with words in AI applications has many challenges (finding useful words to help classification and clustering)
Don't you agree with me that even the first step is useful and is not easy ?
On Sat, Oct 13, 2012 at 8:18 PM, Alex Brook <mailforalexb at googlemail.com> wrote:
Hi Mansour,
How would you generate the exploit automatically? I think class of the exploit is simple enough but perhaps automatic generation of the exploit not so easy. Would there not be some variables?
Alex.
On Oct 13, 2012 12:22 PM, "Mansour Ahmadi" <mansourweb at gmail.com> wrote:
Dear Sullo,
Thank you for your reply.
I mean, I want to detect the lable (class or category) of a vulnerability automatically. for example, In OSVDB or CVE, If a new bug release, I predict what is the calss of it (SQL inj, XSS, ...). then, generate the exploit of it automatically.
Do you think is it possible and useful ?
Thanks a lot
On Sat, Oct 13, 2012 at 4:39 AM, Sullo <csullo at gmail.com> wrote:
I'm not sure I follow what you mean about "clustering" them... could you explain a bit further?
Thanks,Sullo
On Sun, Oct 7, 2012 at 3:38 PM, Mansour Ahmadi <mansourweb at gmail.com> wrote:
Dear Friends,
I want to cluster OSVDB vulnerabilities with a novel algorithm. if I cluster the vulnerabilities, how it can help Nikto ? Is it useful or not ?
Thank you so much
_______________________________________________
Nikto-discuss mailing list
Nikto-discuss at attrition.org
https://attrition.org/mailman/listinfo/nikto-discuss
--
http://www.cirt.net | http://richsec.com/
_______________________________________________
Nikto-discuss mailing list
Nikto-discuss at attrition.org
https://attrition.org/mailman/listinfo/nikto-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20121014/e86b52fa/attachment-0001.html>
More information about the Nikto-discuss
mailing list