| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8C7EB3D51A51290-864-4583@mblk-r18.sysops.aol.com> Date: Thu Jan 19 18:30:57 2006 From: greybrimstone at aim.com (greybrimstone@....com) Subject: Vulnerability/Penetration Testing Tools Again... cheaper than core impact... but not free... -Adriel -----Original Message----- From: Madison, Marc <mmadison@...i.com> To: H D Moore <fdlist@...italoffense.net>; full-disclosure@...ts.grok.org.uk Sent: Wed, 18 Jan 2006 08:13:05 -0600 Subject: RE: [Full-disclosure] Vulnerability/Penetration Testing Tools H D, my apologize. My FD emails were out of order, and I took your response out of context. If your looking for a script that will combine MetaSploit, and Nessus then BidiBLAH will work. Still for $10 grand I would suggest taking a scripting class at your local college so you can make your own BidiBlah. Math: BidiBLAH: $10,000 College scripting class: $350 The knowledge you'll gain for ever, priceless. >I've looked at BidiBLAH (enfaces on the BLAH). Their product does nothing more than take the results from Nessus, >Metasploit and such, then cram them all together in a easy to understand format for your boss. >BidiBLAH IMHO is not a vulnerability assessment tool, rather a reporting tool. If anyone can correct me >please do, since at one point I was in contact with BidiBLAH sales asking what I got for $10,000.00 outside Of the >reporting? Their answer, well let's just say I'm still waiting. >My two cent, Nessus. It's cheap, effective, and probably the most supported network vulnerability assessment tool >on the market. >>H D Moore wrote: >>Er, woops, misread - you want to scan and automatically exploit systems. >>This can be easily done with a little scripting and the available open-source tools. SensePost >>has a project called BiDiBLAH that integrates Google-discovery, a TCP port scanner, Nessus, >>and Metasploit: - http://www.sensepost.com/research/bidiblah/ >>The next version of the Metasploit Framework (v3) has support for 'recon' >>modules that technically you could use to automate this, but it will take some time before this is usable. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ________________________________________________________________________ Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam and email virus protection.
Powered by blists - more mailing lists