Published on November 9th, 2011 | by NJ Ouchn0
COREvidence™ Beta 004 released (Improved Web Assessment Service with Nikto Scanner)
COREvidence™ is the First Software as a Service (SaaS) Marketplace for everything Security. It integrates solutions & services to create a single access. Customers have access to Technology Leaders in Vulnerability Management, Compliance Achievement and IT Monitoring.
We have updated the COREvidence™ 3rd parties “Plugins Architecture” with Nikto Web Vulnerability Scanner Tool. Thus enhances the Web Application Service with correlation, accuracy and decreasing of false positives.
Today we are proud to announce that with 1 Click the Customer fires many technologies (Cenzic, NeXpose, Nikto, WhatWeb and Email Collector Metasploit module) at the same time and at very low cost.
The Metasploit API was also successfully integrated. For this release, we are testing how Metasploit interacts with our Engine and enabled only the “Email Collector” Module. This will improve the “Information Gathering” Service and report any “email” found during the scan.
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software
The Metasploit Project is an open-source computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its most well-known sub-project is the Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive, and security research.
- Updated the 3rd parties “Plugins Management Architecture”
- Integration of Nikto Vulnerability Scanner in the Web Application Service.
- Integration of Email Collector a Metasploit Module in the Information Gathering Service
- The WAS Service is now 5 engines*: Cenzic, NeXpose Web Profile, WhatWeb, Nikto Scanner and Metasploit Email Collector module.
- Improved the Information Gathering Service
- HTTP Server Type
- Web Technology
- Country Location
- Emails Grabbing
- Update the Reporting PDF to reflect the new changes
- New “Information Gathering” Section Added
- Mapping with OWASP Ids when available
- Bugs fixed
* The “Friends Plan” supports 4 Engines: Cenzic, WhatWeb, Nikto & Metasploit Email Collector.
GET A FREE ACCOUNT https://corevidence.com
GET ON-DEMAND ACCOUNT WITH TAILORED PRICING https://corevidence.com