We already have appscan but I have been finding that it seems to be limited and have been having issues with recording login sessions as the browsers aren't supported even though my version of appscan is fully up to date... Also, with large websites I find that it hangs a lot and I tend to receive a fair amount of out of memory errors and the application crashes and I have to star the scan all over.

I have looked around a bit online and have seen several options in such products like ZAP, Burp, Appscan, Accunetix.... etc.... I wanted to see what some of you might recommend for a good enterprise class web vulnerability scanner? I would be looking for something that could scale to ongoing scanning about around 150-250 medium to large websites. These website would range from having HTML, flash, javascript, ajax, and recently HTML5 incorporated in them. I use ZAP and Burp more for pentests as I am not sure they would scale or are even meant for scanning a large number of site in an ongoing fashion.

Congrats Catalyst256!!

Will do!!

Ahh I see now. Initially when I was playing with the bind syntax I was using double quotes instead os single quotes which explains why it wouldn't run. I will modify my other script that I had using bind and try it again. Thanks!!

Hello all. I am trying to mess with Perl a bit and am trying to put together a ping script but for some reason I am not getting the desired result. I just want to come up with a simple scrip that will ping a range of IP addresses and tell me if they are active or not. Below is what I have come up with so far but to no avail.

"#!/usr/bin/perl

use Net::Ping;

$p = Net::Ping->new("icmp");
$host = "192.168.xx.xx";
@range = (1 .. 255);
foreach $host (@range)
{
print "$host is dead.\n"
unless $p->ping($host);
}
$p->close();
"

I just started my course last Saturday so I am in the thick of things. Definitely an awesome course for sure!!

@Catalyst256 congrats on getting into all of the lab boxes!!

I just registered for 90 days so I will be starting this Saturday Oct. 6th. Looking forward to it and I will also be reading through your blog to get an idea of your experiences along the way.

This is the site I am following only I have Debian in a VM

http://www.aboutdebian.com/snort.htm

I still couldn't get it to work so I am starting over with a fresh VM with Debian 6. Anybody know of a good tutorial for setting up and configuring snort in a VM using Debian?

I have been doing some reading and I am thinking there is something wrong with the way eth1 is setup because if I am understanding things correctly, eth1 should not have an IP address since it should be running in promiscuous mode and only listening for traffic on the wire. I do have that interface setup in VMware as a Bridged connection but when I boot up my Debian install which is running snort, I see that eth0 and eth1 both have IP addresses assigned..

I am not using barnyard. Just BASE via the web url (http://localhost/acidbase). I am not for sure what you are asking for in regards to the snort.conf output line...I will have to take a look at the conf file and see what that is set to but I didn't change anything in regards to output in that file so it would be whatever was default...

Hello everyone. I am trying to get Snort up and running and from what I can tell it is running and I am able to get it to start and to show traffic in verbose mode but I can't for the life of me get any data to show in base or get any "test" rules that I have setup to fire at all... My install environment is as follows:

Windows 7 Ultimate host running Debian 6 in vmware. My vmware instance has 2 NIC's, eth0 is set to host only and eth1 is bridged. I have setup a test rule in local.rules to fire an alert anytime there is ICMP traffic within my HOME_NET and I have tried to ping both IP's assigned to my NIC's on the VM from my host and from the VM back to my host and the pings are successful however there is no alert that fires... Any thoughts?

Zen