| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Jan 18 14:03:15 2006 From: mmadison at fnni.com (Madison, Marc) Subject: Vulnerability/Penetration Testing Tools I've looked at BidiBLAH (enfaces on the BLAH). Their product does nothing more than take the results from Nessus, Metasploit and such, then cram them all together in a easy to understand format for your boss. BidiBLAH IMHO is not a vulnerability assessment tool, rather a reporting tool. If anyone can correct me please do, since at one point I was in contact with BidiBLAH sales asking what I got for $10,000.00 outside Of the reporting? Their answer, well let's just say I'm still waiting. My two cent, Nessus. It's cheap, effective, and probably the most supported network vulnerability assessment tool on the market. >>H D Moore wrote: >>Er, woops, misread - you want to scan and automatically exploit systems. >This can be easily done with a little scripting and the available open-source tools. SensePost >>has a project called BiDiBLAH that integrates Google-discovery, a TCP port scanner, Nessus, >>and Metasploit: - http://www.sensepost.com/research/bidiblah/ >>The next version of the Metasploit Framework (v3) has support for 'recon' >>modules that technically you could use to automate this, but it will take some time before this is usable. >>-HD >On Tuesday 17 January 2006 18:04, H D Moore wrote: > You should check out the Metasploit Framework: > - http://metasploit.com/projects/Framework/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists