lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu Jan 19 18:30:57 2006
From: greybrimstone at aim.com (greybrimstone@....com)
Subject: Vulnerability/Penetration Testing Tools

Again... cheaper than core impact... but not free...

 -Adriel

 -----Original Message-----
 From: Madison, Marc <mmadison@...i.com>
  To: H D Moore <fdlist@...italoffense.net>; 
full-disclosure@...ts.grok.org.uk
 Sent: Wed, 18 Jan 2006 08:13:05 -0600
 Subject: RE: [Full-disclosure] Vulnerability/Penetration Testing Tools

 H D, my apologize. My FD emails were out of order, and I took your
 response out of context. If your looking for a script that will combine
 MetaSploit, and Nessus then BidiBLAH will work. Still for $10 grand I
 would suggest taking a scripting class at your local college so you can
 make your own BidiBlah.

 Math:
 BidiBLAH: $10,000
 College scripting class: $350

 The knowledge you'll gain for ever, priceless.



 >I've looked at BidiBLAH (enfaces on the BLAH). Their product does
 nothing more than take the results from Nessus, >Metasploit and such,
 then cram them all together in a easy to understand format for your
 boss.
 >BidiBLAH IMHO is not a vulnerability assessment tool, rather a
 reporting tool. If anyone can correct me
 >please do, since at one point I was in contact with BidiBLAH sales
 asking what I got for $10,000.00 outside Of the >reporting? Their
 answer, well let's just say I'm still waiting.

 >My two cent, Nessus. It's cheap, effective, and probably the most
 supported network vulnerability assessment tool >on the market.




 >>H D Moore wrote:

 >>Er, woops, misread - you want to scan and automatically exploit
 systems.
 >>This can be easily done with a little scripting and the available
 open-source tools. SensePost
 >>has a project called BiDiBLAH that integrates Google-discovery, a TCP
 port scanner, Nessus,
 >>and Metasploit: - http://www.sensepost.com/research/bidiblah/

 >>The next version of the Metasploit Framework (v3) has support for
 'recon'
 >>modules that technically you could use to automate this, but it will
 take some time before this is usable.



 _______________________________________________
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/


________________________________________________________________________
Check Out the new free AIM(R) Mail -- 2 GB of storage and 
industry-leading spam and email virus protection.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ