lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <8C7EB3D2E4D2535-864-4573@mblk-r18.sysops.aol.com>
Date: Thu Jan 19 18:28:13 2006
From: greybrimstone at aim.com (greybrimstone@....com)
Subject: Vulnerability/Penetration Testing Tools

Madison,
     See, thats the challenge. I am not looking for a tool that does 
strict vulnerability assessments. I am looking for a tool that will do 
an automated vulnerability assessment and then automated attacks 
against those vulnerabilities. Core Impact has such a tool and it is 
well worth the money. In fact, I already have that in my to-purchase 
list. I am now searching for free tools however and haven't found 
anything.

     My goal is to identify tools that have a high ROI... free == the 
higest. Never the less, automation can only be used a limited amount as 
it reduces quality and accuracy.... I know this.


-Adriel

-----Original Message-----
From: Madison, Marc <mmadison@...i.com>
To: H D Moore <fdlist@...italoffense.net>; 
full-disclosure@...ts.grok.org.uk
Sent: Wed, 18 Jan 2006 08:02:59 -0600
Subject: RE: [Full-disclosure] Vulnerability/Penetration Testing Tools

  I've looked at BidiBLAH (enfaces on the BLAH).  Their product does
nothing more than take the results from
Nessus, Metasploit and such, then cram them all together in a easy to
understand format for your boss.
BidiBLAH IMHO is not a vulnerability assessment tool, rather a reporting
tool.  If anyone can correct me
please do, since at one point I was in contact with BidiBLAH sales
asking what I got for $10,000.00 outside
Of the reporting?  Their answer, well let's just say I'm still waiting.

My two cent, Nessus.  It's cheap, effective, and probably the most
supported network vulnerability assessment
tool on the market.




>>H D Moore wrote:

>>Er, woops, misread - you want to scan and automatically exploit
systems.
>This can be easily done with a little scripting and the available
open-source tools. SensePost
>>has a project called BiDiBLAH that integrates Google-discovery, a TCP
port scanner, Nessus,
>>and Metasploit: - http://www.sensepost.com/research/bidiblah/

>>The next version of the Metasploit Framework (v3) has support for
'recon'
>>modules that technically you could use to automate this, but it will
take some time before this is usable.

>>-HD


>On Tuesday 17 January 2006 18:04, H D Moore wrote:
> You should check out the Metasploit Framework:
>  - http://metasploit.com/projects/Framework/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


________________________________________________________________________
Check Out the new free AIM(R) Mail -- 2 GB of storage and 
industry-leading spam and email virus protection.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ