Showing posts from January, 2018

Scanning faults

I'm sure many know that scanning a network is only valid for so long. Many even understand the idea that you must leverage attacks in relative time to the results from scanning.
I bring these problems up because it seems few people discuss automating attacks and scans together. You get "lets automate this attack by using tools like metasploit" or "lets use nmap to scan the network" or occasionally "lets use nmap scripts or metasploit's db_nmap." But none of these solve the functional problem of incorporating the two unless you want to build your own nmap script. Thats the key point here: one time use scan and exploit python scripts by themselves suck, one time use scripts for nmap for a highly specialized cve sucks by itself. Surely there is a way to handle this better!
Well there are tools out there to help with this, but when it comes down to it, if it doesn't work the way you want it all the time, you will end up scripting your own anyway.