Full Disclosure mailing list archives
Re: Vulnerability/Penetration Testing Tools
From: "GroundZero Security" <fd () g-0 org>
Date: Thu, 19 Jan 2006 20:00:30 +0100
or learn how to do such tests by hand as that is more accurate as any automated tool out there! a penetration test shouldnt be automated it would miss too many bugs i.e. in custom php/cgi scripts. a professional security audit can only be done by hand. period. too many people rip their customers off with cheap automated tests. -sk http://www.groundzero-security.com ----- Original Message ----- From: <greybrimstone () aim com> To: <mmadison () fnni com>; <fdlist () digitaloffense net>; <full-disclosure () lists grok org uk> Sent: Thursday, January 19, 2006 7:27 PM Subject: Re: [Full-disclosure] Vulnerability/Penetration Testing Tools
Madison, See, thats the challenge. I am not looking for a tool that does strict vulnerability assessments. I am looking for a tool that will do an automated vulnerability assessment and then automated attacks against those vulnerabilities. Core Impact has such a tool and it is well worth the money. In fact, I already have that in my to-purchase list. I am now searching for free tools however and haven't found anything. My goal is to identify tools that have a high ROI... free == the higest. Never the less, automation can only be used a limited amount as it reduces quality and accuracy.... I know this. -Adriel -----Original Message----- From: Madison, Marc <mmadison () fnni com> To: H D Moore <fdlist () digitaloffense net>; full-disclosure () lists grok org uk Sent: Wed, 18 Jan 2006 08:02:59 -0600 Subject: RE: [Full-disclosure] Vulnerability/Penetration Testing Tools I've looked at BidiBLAH (enfaces on the BLAH). Their product does nothing more than take the results from Nessus, Metasploit and such, then cram them all together in a easy to understand format for your boss. BidiBLAH IMHO is not a vulnerability assessment tool, rather a reporting tool. If anyone can correct me please do, since at one point I was in contact with BidiBLAH sales asking what I got for $10,000.00 outside Of the reporting? Their answer, well let's just say I'm still waiting. My two cent, Nessus. It's cheap, effective, and probably the most supported network vulnerability assessment tool on the market.H D Moore wrote:Er, woops, misread - you want to scan and automatically exploitsystems.This can be easily done with a little scripting and the availableopen-source tools. SensePosthas a project called BiDiBLAH that integrates Google-discovery, a TCPport scanner, Nessus,and Metasploit: - http://www.sensepost.com/research/bidiblah/The next version of the Metasploit Framework (v3) has support for'recon'modules that technically you could use to automate this, but it willtake some time before this is usable.-HDOn Tuesday 17 January 2006 18:04, H D Moore wrote: You should check out the Metasploit Framework: - http://metasploit.com/projects/Framework/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ________________________________________________________________________ Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam and email virus protection. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Vulnerability/Penetration Testing Tools, (continued)
- Re: Vulnerability/Penetration Testing Tools Gadi Evron (Jan 18)
- Re: Vulnerability/Penetration Testing Tools Robert Kim Wireless Internet Advisor (Jan 27)
- Re: Vulnerability/Penetration Testing Tools greybrimstone (Jan 19)
- Re: Vulnerability/Penetration Testing Tools H D Moore (Jan 17)
- Re: Vulnerability/Penetration Testing Tools greybrimstone (Jan 17)
- Re: Vulnerability/Penetration Testing Tools greybrimstone (Jan 17)
- RE: Vulnerability/Penetration Testing Tools Madison, Marc (Jan 18)
- Re: Vulnerability/Penetration Testing Tools greybrimstone (Jan 19)
- Re: Vulnerability/Penetration Testing Tools Exibar (Jan 19)
- Re: Vulnerability/Penetration Testing Tools greybrimstone (Jan 19)
- Re: Vulnerability/Penetration Testing Tools GroundZero Security (Jan 19)
- Re: Vulnerability/Penetration Testing Tools greybrimstone (Jan 19)
- Re: Vulnerability/Penetration Testing Tools greybrimstone (Jan 19)
- Re: Vulnerability/Penetration Testing Tools Valdis . Kletnieks (Jan 18)
- Re: Vulnerability/Penetration Testing Tools greybrimstone (Jan 19)
- Re: Vulnerability/Penetration Testing Tools Dave Korn (Jan 27)
- Re[2]: Vulnerability/Penetration Testing Tools Thierry Zoller (Jan 19)
- Re: Vulnerability/Penetration Testing Tools Michael Holstein (Jan 19)
- Re: Vulnerability/Penetration Testing Tools greybrimstone (Jan 19)