use core-Impact..... 'nuff said :-)
----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <full-disclosure@lists.grok.org.uk> Sent: Thursday, January 19, 2006 1:27 PM Subject: Re: [Full-disclosure] Vulnerability/Penetration Testing Tools > Madison, > See, thats the challenge. I am not looking for a tool that does > strict vulnerability assessments. I am looking for a tool that will do > an automated vulnerability assessment and then automated attacks > against those vulnerabilities. Core Impact has such a tool and it is > well worth the money. In fact, I already have that in my to-purchase > list. I am now searching for free tools however and haven't found > anything. > > My goal is to identify tools that have a high ROI... free == the > higest. Never the less, automation can only be used a limited amount as > it reduces quality and accuracy.... I know this. > > > -Adriel > > -----Original Message----- > From: Madison, Marc <[EMAIL PROTECTED]> > To: H D Moore <[EMAIL PROTECTED]>; > full-disclosure@lists.grok.org.uk > Sent: Wed, 18 Jan 2006 08:02:59 -0600 > Subject: RE: [Full-disclosure] Vulnerability/Penetration Testing Tools > > I've looked at BidiBLAH (enfaces on the BLAH). Their product does > nothing more than take the results from > Nessus, Metasploit and such, then cram them all together in a easy to > understand format for your boss. > BidiBLAH IMHO is not a vulnerability assessment tool, rather a reporting > tool. If anyone can correct me > please do, since at one point I was in contact with BidiBLAH sales > asking what I got for $10,000.00 outside > Of the reporting? Their answer, well let's just say I'm still waiting. > > My two cent, Nessus. It's cheap, effective, and probably the most > supported network vulnerability assessment > tool on the market. > > > > > >>H D Moore wrote: > > >>Er, woops, misread - you want to scan and automatically exploit > systems. > >This can be easily done with a little scripting and the available > open-source tools. SensePost > >>has a project called BiDiBLAH that integrates Google-discovery, a TCP > port scanner, Nessus, > >>and Metasploit: - http://www.sensepost.com/research/bidiblah/ > > >>The next version of the Metasploit Framework (v3) has support for > 'recon' > >>modules that technically you could use to automate this, but it will > take some time before this is usable. > > >>-HD > > > >On Tuesday 17 January 2006 18:04, H D Moore wrote: > > You should check out the Metasploit Framework: > > - http://metasploit.com/projects/Framework/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > ________________________________________________________________________ > Check Out the new free AIM(R) Mail -- 2 GB of storage and > industry-leading spam and email virus protection. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/