lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <DEDFD939A181F94AAF3D965C58B7AADC01FCE5BA@001fntcex01.fnb.fnni.com>
Date: Wed Jan 18 14:13:22 2006
From: mmadison at fnni.com (Madison, Marc)
Subject: Vulnerability/Penetration Testing Tools

H D, my apologize.  My FD emails were out of order, and I took your
response out of context.  If your looking for a script that will combine
MetaSploit, and Nessus then BidiBLAH will work.  Still for $10 grand I
would suggest taking a scripting class at your local college so you can
make your own BidiBlah.

Math:
BidiBLAH:				$10,000
College scripting class:		$350

The knowledge you'll gain for ever, priceless.



>I've looked at BidiBLAH (enfaces on the BLAH).  Their product does
nothing more than take the results from Nessus, >Metasploit and such,
then cram them all together in a easy to understand format for your
boss.
>BidiBLAH IMHO is not a vulnerability assessment tool, rather a
reporting tool.  If anyone can correct me 
>please do, since at one point I was in contact with BidiBLAH sales
asking what I got for $10,000.00 outside Of the >reporting?  Their
answer, well let's just say I'm still waiting.

>My two cent, Nessus.  It's cheap, effective, and probably the most
supported network vulnerability assessment tool >on the market.




>>H D Moore wrote:

>>Er, woops, misread - you want to scan and automatically exploit
systems. 
>>This can be easily done with a little scripting and the available
open-source tools. SensePost 
>>has a project called BiDiBLAH that integrates Google-discovery, a TCP
port scanner, Nessus, 
>>and Metasploit: - http://www.sensepost.com/research/bidiblah/

>>The next version of the Metasploit Framework (v3) has support for
'recon' 
>>modules that technically you could use to automate this, but it will
take some time before this is usable.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ