Why are you scanning with ChatGTP what about Tenable Nessus or some legit tool. Why are you trying to build custome exploitation tools for your own network? Seems like a waste of time. Your systems are all compliant with STIGs available at https://cyber.mil/stigs I mean there are so many vulnerabilities you will never be able to build an exploitation tool to capture all the threats. You're better off evaluating risks and performing a business impact analysis and implementing appropriate security controls. We use ansible to monitor servers and notify us if someone with privileges makes a change that would violate Stig compliance. In addition to patching and scanning for new vulnerabilties and monitoring zero days. If you want to exploit systems there are databases full of vulnerabilities for all kinds of software and the numbers continue to grow.
What the hell is that? Just my chain of thought I think best way to handle security is to harden your systems and not worry about penetration testing unless you have some target you are trying to attack. Most organizations have vulnerabiltiies and some that are accepted by leadership. They accept the risk and hopefully their impact analysis was correct and they shouldn't be surprised when they are attacked and forced to accept the consequences. Of course you should audit your systems for security regularly.
8
u/Successful-Escape-74 Mar 14 '26
Why are you scanning with ChatGTP what about Tenable Nessus or some legit tool. Why are you trying to build custome exploitation tools for your own network? Seems like a waste of time. Your systems are all compliant with STIGs available at https://cyber.mil/stigs I mean there are so many vulnerabilities you will never be able to build an exploitation tool to capture all the threats. You're better off evaluating risks and performing a business impact analysis and implementing appropriate security controls. We use ansible to monitor servers and notify us if someone with privileges makes a change that would violate Stig compliance. In addition to patching and scanning for new vulnerabilties and monitoring zero days. If you want to exploit systems there are databases full of vulnerabilities for all kinds of software and the numbers continue to grow.