lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <8C7E9FEACA6661F-514-1000A@FWM-D03.sysops.aol.com>
Date: Wed Jan 18 04:28:13 2006
From: greybrimstone at aim.com (greybrimstone@....com)
Subject: Vulnerability/Penetration Testing Tools

HD,
     Metasploit has already been added to my archive of must haves. I'm 
primarly interested in tools that would in effect combine a nessus like 
front end to something like core impact/metasploit. Any ideas on 
something like that? Do I need to write my own?

-----Original Message-----
From: H D Moore <fdlist@...italoffense.net>
To: full-disclosure@...ts.grok.org.uk
Sent: Tue, 17 Jan 2006 18:04:27 -0600
Subject: Re: [Full-disclosure] Vulnerability/Penetration Testing Tools

  You should check out the Metasploit Framework:
 - http://metasploit.com/projects/Framework/

<rant>
When I viewed the online demo of SAINT Exploit in December of 2005, 
nearly
all of their exploit modules had names very similar to the ones found 
in
version 2.5 of the Metasploit Framework. The demo has been updated 
since
then and a handful of new exploits have been mixed in while others had
their name changed. Oh, and their placement of a Google Adword on
"metasploit" was a nice touch...
</rant>

-HD


On Tuesday 17 January 2006 16:25, greybrimstone@....com wrote:
> All,
>     I am in the process of researching a wide variety of penetration
> testing tools and vulnerability assessment tools. I've already
> researched many of the commercial tools like Coresecurity's Core 
Impact
> tool and even know a bit about the new tool that saint is about to 
come
> out with. What about open-source tools?
>
>     Are there any open source tools like Core Impact that allow you to
> not only scan a network for vulnerabilities but then allow you to 
issue
> attacks against those vulnerabilities? I'm interested in both windows
> based and *nix based tools. Yes I am aware of nessus, exploit tree,
> metaspoloit etc... but none of those really have the "identify then
> attack" type of structure... they are either "identify" or "attack".
>
> -simon
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


________________________________________________________________________
Check Out the new free AIM(R) Mail -- 2 GB of storage and 
industry-leading spam and email virus protection.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ