Penetration Testing mailing list archives
Re: Commercial Exploit Tools
From: HD Moore <hdm () digitaloffense net>
Date: Sat, 01 Oct 2011 03:02:46 -0400
On 9/29/2011 2:42 PM, Kent Blackwell wrote:
Greetings all, I work for a DoD organization as a penetration tester. We currently use a combination of open source tools and eEye Retina for our tests, however some excess cash in the budget has given us the opportunity to grab ourselves a commercial exploitation tool. Given that our distribution of choice is Backtrack 5 the most obvious choice was Metasploit Pro. I checked out the most recent list of exploit tools on seclists, but as the survey is hitting the five year mark I'd expect things have changed. A quick Google at some alternatives gave me a list of sponsored ads that I have zero trust in so I figured I'd probe the community here. My question is what commercial exploitation tools do you use and what's your opinion on them. I don't need a huge, detailed explanation of the tool, just an opinion and the name of the tool. Thanks in advance!
Feel free to put Metasploit Pro to the test. We provide a competitive level of exploit coverage (with all exploits available under the open source framework) and strive to go beyond just "pop a shell" and solve real needs in the penetration testing and vulnerability management space. This includes a strong focus on multi-user collaboration, import of dozens of tool exports (NeXpose, Retina, etc), customizable reporting, extensive password testing (brute force, replay, and spot testing), and a wide range of features that we find useful when conducting our own engagements. We dogfood our products religiously and a large portion of the development team consists of former penetration tests, including some with DoD experience. We provide a free trial if you want to conduct your own evaluation: http://www.rapid7.com/downloads/metasploit-pro.jsp The Metasploit Pro development team is the same group of folks that work on the Metasploit Framework and are highly active within the security community. We have a policy of transparency that no commercial competitors can offer. Metasploit Pro sales directly fund the continued development of the open source Metasploit Framework too :) -HD ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Commercial Exploit Tools HD Moore (Oct 01)
- <Possible follow-ups>
- RE: Commercial Exploit Tools sekhar (Oct 01)