Date: Wed, 27 Mar 2013 17:51:19 -0400 From: Corey Bryant <coreyb@...ux.vnet.ibm.com> To: Tim Brown <tmb@...35.com> CC: oss-security@...ts.openwall.com Subject: Re: Re: [kernel-hardening] Security vulnerability tools On 03/27/2013 03:58 PM, Tim Brown wrote: > On Wednesday 27 Mar 2013 19:54:04 Corey Bryant wrote: >> Hi, >> >> I'd like to get a better understanding of tools used in the open source >> community (kernel and user space) to detect security vulnerabilities. >> >> I have a list below to get started. If anyone has any input, I'd >> appreciate it! >> >> I'll plan on updating http://oss-security.openwall.org/wiki/tools with >> anything it doesn't already have. >> > > Hey Corey, > > One you might want to add is unix-privesc-check from myself, @inquisb and > @pentestmonkey. There are two versions in existence: > > 1.x - @pentestmonkey's quick and dirty with some hacks by me > trunk - a full blown privesc check framework designed by me with contributions > from the other two, it has multiple modes of operation, a standard library > which can be leveraged for new checks and (already) enhanced capabilities. > Its not perfect yet, I still need to clean it up and port it to the commercial > UNIX platforms we support but it should give a good idea of where we're going > > Once I've stabilised the API of trunk, it will become 2.x and we'll open it up > formerly for contributions. > > It's on Google Code if people want to take a look: > > * http://code.google.com/p/unix-privesc-check > > Tim > Thanks Tim. Sounds nice. This is the first security audit tool on the list so if we could add more in this category that would be nice. -- Regards, Corey Bryant
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ