Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
PrivacyProtect [dot] org → traditionally involved with crap. On Fri, Aug 26, 2011 at 11:02 PM, Juan Sacco jsa...@insecurityresearch.com wrote: We are happy to announce a new release of INSECT Pro 2.7 including changes that people ask about most often This is a partial list of the major changes implented in version 2.7 - Available targets now has a submenu under right-click button - Check update function added in order to verify current version - Threading support for GET request - Module log added and functional - Sniffer support added - 50 Remote exploits added - Project saved on userland - Application Data special folder - Executed module windows added and functionality for it - AgentConnect now use telnetlib Download now from: http://www.insecurityresearch.com Juan Sacco (runlvl) -- -- Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.7 was released stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Marcio Barbado, Jr. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
On Wed, 31 Aug 2011 14:24:54 +1000, GloW - XD said: So basically once you sign over a GPL v2 , you sign over any right to misuse even the code wich you have written ? That is indeed the basic point of the GPL - once you release something under the GPL, everybody who receives a copy is free to use it for new and interesting purposes, *including ones you don't approve of*. Ever actually read the EULA on most commercial packages, where you end up agreeing to onerous terms like You agree to not badmouth our company in public and you agree to not reverse engineer our code in order to make an even better competing product and put us out of business and so on? That's exactly what Stallman was trying to prevent with the GPL. i guess i thought this could be scrutinized outside of the GPL via means of a solicitor but, if the law is complacent about use and misse then, i guess thats that and your correct, i have actually yes, used myself the CC lisence and was thinking the gpl was just a simpler version but seems that is Nope, it's not just a simpler version. The GPL has different goals than the various CC licenses. The CC tends to be very good at I took this photo, it is *mine*, and you're allowed to use it as long as you don't make money off it that should be mine, or claim that you took it. But that's because that was the CC goal. The GPL was expressly designed so that people could easily take GPL-licensed software, fork it, and improve it - but then be unable to take the fork closed-source the way you can with a BSD license. It makes a *lot* more sense if you don't think of the GPL as protecting *your* rights, but protecting the *software's* right to be free and open. (No, software doesn't have its own rights in the current legal system, but the logic is easier to follow if you think of it as if it *did* have rights). probably safer to go wityh CC i guess there atleast you have some say over mis-use in cases where you specify wich docunments in particular, ie: sourcecode1.cpp,source2.cpp and v.cpp must not be modified... the rest could be.., for example. Note that going that route has its own issues. For instance, if the person comes up with a really neat patch to foobar.cpp which speeds the program up by 400% by using a better algorithm, but it involves adding an extra parameter to a function call located in source2.cpp, he may be stuck. Even more importantly, if he finds a bug *in* source2.cpp, he may not be able to patch it because that would be a modification. It also doesn't address using source2.cpp *without* modification but for evil purposes. (At least it's not as thoroughly broken as the Gnu Free Documentation License's concept of invariant sections - consider something where the title page has been declared an invariant secton - or even better, the 'List of Changes in this version. Hilarity ensues ;) Also, there's actually a *range* of CC licenses, and it *is* possible to end up in a situation where you want to do a remix mash-up of 4 things, but two of them have incompatible licenses. For instance, if two both have share-alike, but one specifies commercial use and the other is non-commerical, you will have a really hard time distributing the result. Ohwell, that shoots any theory then of why it is even being mentioned in the list, other than to potentially harm all users of tightvnc src. Bingo. GPL violations potentially harm the users of the GPL'ed software who don't receive their rights (which include a right to the source code so they can fix/improve what you gave them). pgpw7nyXiZUKT.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
even better competing product and put us out of business and so on? That's exactly what Stallman was trying to prevent with the GPL. And the best part? He got the situation even worse. EOF On Wed, Aug 31, 2011 at 3:02 PM, valdis.kletni...@vt.edu wrote: On Wed, 31 Aug 2011 14:24:54 +1000, GloW - XD said: So basically once you sign over a GPL v2 , you sign over any right to misuse even the code wich you have written ? That is indeed the basic point of the GPL - once you release something under the GPL, everybody who receives a copy is free to use it for new and interesting purposes, *including ones you don't approve of*. Ever actually read the EULA on most commercial packages, where you end up agreeing to onerous terms like You agree to not badmouth our company in public and you agree to not reverse engineer our code in order to make an even better competing product and put us out of business and so on? That's exactly what Stallman was trying to prevent with the GPL. i guess i thought this could be scrutinized outside of the GPL via means of a solicitor but, if the law is complacent about use and misse then, i guess thats that and your correct, i have actually yes, used myself the CC lisence and was thinking the gpl was just a simpler version but seems that is Nope, it's not just a simpler version. The GPL has different goals than the various CC licenses. The CC tends to be very good at I took this photo, it is *mine*, and you're allowed to use it as long as you don't make money off it that should be mine, or claim that you took it. But that's because that was the CC goal. The GPL was expressly designed so that people could easily take GPL-licensed software, fork it, and improve it - but then be unable to take the fork closed-source the way you can with a BSD license. It makes a *lot* more sense if you don't think of the GPL as protecting *your* rights, but protecting the *software's* right to be free and open. (No, software doesn't have its own rights in the current legal system, but the logic is easier to follow if you think of it as if it *did* have rights). probably safer to go wityh CC i guess there atleast you have some say over mis-use in cases where you specify wich docunments in particular, ie: sourcecode1.cpp,source2.cpp and v.cpp must not be modified... the rest could be.., for example. Note that going that route has its own issues. For instance, if the person comes up with a really neat patch to foobar.cpp which speeds the program up by 400% by using a better algorithm, but it involves adding an extra parameter to a function call located in source2.cpp, he may be stuck. Even more importantly, if he finds a bug *in* source2.cpp, he may not be able to patch it because that would be a modification. It also doesn't address using source2.cpp *without* modification but for evil purposes. (At least it's not as thoroughly broken as the Gnu Free Documentation License's concept of invariant sections - consider something where the title page has been declared an invariant secton - or even better, the 'List of Changes in this version. Hilarity ensues ;) Also, there's actually a *range* of CC licenses, and it *is* possible to end up in a situation where you want to do a remix mash-up of 4 things, but two of them have incompatible licenses. For instance, if two both have share-alike, but one specifies commercial use and the other is non-commerical, you will have a really hard time distributing the result. Ohwell, that shoots any theory then of why it is even being mentioned in the list, other than to potentially harm all users of tightvnc src. Bingo. GPL violations potentially harm the users of the GPL'ed software who don't receive their rights (which include a right to the source code so they can fix/improve what you gave them). ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
On 08/28/2011 06:43 PM, Jacqui Caren-home wrote: On 27/08/2011 23:12, Dan Dart wrote: Looks like it's freeWARE but not free per se. With the added disadvantage that it runs on none of the platforms I use. How sad. 0/5 review from me then. http://www.insecurityresearch.com/files/download/ From the readme's its an old version of metasploit under a wrapper. Also anyone from tightvnc want to see if gpl-violations are interested? INSECT Pro/exploits/framework/msf3/external/source/tightvnc/LICENCE.TXT GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ That file is under the msf3 tree, if Insect pro is violating GPL, Metasploit is also doing it (and everything including it, like 80% of security frameworks out there), remember MSF is BSD licensed. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
Ahem, http://mail.metasploit.com/pipermail/framework/2010-September/006889.html A bit of msf licensing history is mentioned here (and abuses): http://blog.metasploit.com/2008/10/metasploit-32-bsd-licensing.html The new license will lead to commercial abuse, but I believe that the project is now strong enough to succeed even with competition from commercial entities that are using our source code. The key to our success is the Metasploit community and our dedication to sharing security information (and code) in a timely fashion. Metasploit is great at destroying FUD, whether the source is an incompetent product vendor or a media-happy security company. -Patrick On Thu, Sep 1, 2011 at 3:51 AM, valdis.kletni...@vt.edu wrote: On Wed, 31 Aug 2011 14:34:58 -0300, root said: That file is under the msf3 tree, if Insect pro is violating GPL, Metasploit is also doing it (and everything including it, like 80% of security frameworks out there), remember MSF is BSD licensed. And even the top-level Metasploit HACKING says: By submitting code contributions to the Metasploit Project it is assumed that you are offering your code under a BSD or similar license. MIT and Ruby Licenses are also fine. We specifically cannot include GPL code. LGPL code is accepted on a case by case basis for libraries only and is never accepted for modules. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
Hello Jacqui, Jacqui Caren-home wrote: http://www.insecurityresearch.com/files/download/ From the readme's its an old version of metasploit under a wrapper. Also anyone from tightvnc want to see if gpl-violations are interested? INSECT Pro/exploits/framework/msf3/external/source/tightvnc/LICENCE.TXT GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Do I understand correctly that someone has included GPL-licensed source code from TightVNC to their software which is incompatible with GPL? What is a recommended procedure to stop the violation? -- Best Regards, Constantin Kaplinsky GlavSoft LLC ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
On Tue, Aug 30, 2011 at 1:32 AM, Constantin Kaplinsky co...@tightvnc.com wrote: Hello Jacqui, Jacqui Caren-home wrote: http://www.insecurityresearch.com/files/download/ From the readme's its an old version of metasploit under a wrapper. Also anyone from tightvnc want to see if gpl-violations are interested? INSECT Pro/exploits/framework/msf3/external/source/tightvnc/LICENCE.TXT GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Do I understand correctly that someone has included GPL-licensed source code from TightVNC to their software which is incompatible with GPL? What is a recommended procedure to stop the violation? http://www.gnu.org/contact/: If you want to report a free software license violation that you have found, please read our license violation page [http://www.gnu.org/copyleft/gpl-violation.html], and then contact license-violat...@gnu.org. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
On Tuesday 30 Aug 2011, Constantin Kaplinsky wrote: Jacqui Caren-home wrote: http://www.insecurityresearch.com/files/download/ From the readme's its an old version of metasploit under a wrapper. Also anyone from tightvnc want to see if gpl-violations are interested? INSECT Pro/exploits/framework/msf3/external/source/tightvnc/LICENCE.TXT GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Do I understand correctly that someone has included GPL-licensed source code from TightVNC to their software which is incompatible with GPL? What is a recommended procedure to stop the violation? Please note that just bundling a GPL program with a proprietary package is explicitly permitted by the GPL (all versions). There is only a violation if the proprietary package includes GPL code in it's own code at compile time. Regards, -- Raj -- Raj Mathurr...@kandalaya.org http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F PsyTrance Chill: http://schizoid.in/ || It is the mind that moves ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
woah! OK so it is not that nice to deface another product, thats kinda why i do pick on it myself but about the GPL, well i have to help anyone on this one, including tighvnc themself, as they did release this as open src software remember, Let me try and explain this abit better/clearer.. Regarding the GPL, I dont think the guy has breached it directly or indirectly. Ofcourse, if he has, wich i dont thinkso* then he would be subject to being sued by either TighVNC group, or Metasploit. IF the INSECT pro exploit for tightvnc/code wich is used for that, is being manipulated AT ALL , that is at compile time, if it is modified from the original code, to the end user/product. IF that is the case, then tighVNC would be able to scrutinize the insect pro maker,and perhaps even take it to small claims or worse, direct defamation of product, wich would not be a good/smart thing todo for anyone. So, i think this should clear up alittle of this small debacle wich has broken about GPL... GPL is usually there to protect the src code in the GPL (named), but is also, not to be used in ways wich defame, wich is why it exists.. if tightvnc wanted to now, they could look at ALL its uses and scrutinize them in every case, and why the code is being used. It is something wich is verymuch now up to them and up to wether people have modified theyre code. regards, xd - This isnt a company making a big product, Im doing this because I like doing it. Good for you. I think that is great. But you are pretending to be a big company. Stop that. I am happy to see you removed that silly donation-for-download scheme. I'm not forcing you to use my software, if you don't like it please don't waste bandwith on it. Fantastic advice. We are working on a JAVA version in order to support multi-plataform, and because I really like to JAVA I did too, until I learned how to program. Oracle's purchase/murder also hastened my departure. Might I suggest C++/Qt? :-) Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
On Wed, 31 Aug 2011 13:36:12 +1000, GloW - XD said: So, i think this should clear up alittle of this small debacle wich has broken about GPL... GPL is usually there to protect the src code in the GPL (named), but is also, not to be used in ways wich defame, wich is why it exists.. if tightvnc wanted to now, they could look at ALL its uses and scrutinize them in every case, and why the code is being used. It is something wich is verymuch now up to them and up to wether people have modified theyre code. Ahem. What the GPL V2 actually says: 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. Not to defame is an additional restriction, as is scrutinize why the code is being used. You can't do either of those for a GPL-licensed package - you may be thinking of some of the Creative Commons licenses. pgpDpkaS7w79X.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
So basically once you sign over a GPL v2 , you sign over any right to misuse even the code wich you have written ? i guess i thought this could be scrutinized outside of the GPL via means of a solicitor but, if the law is complacent about use and misse then, i guess thats that and your correct, i have actually yes, used myself the CC lisence and was thinking the gpl was just a simpler version but seems that is probably safer to go wityh CC i guess there atleast you have some say over mis-use in cases where you specify wich docunments in particular, ie: sourcecode1.cpp,source2.cpp and v.cpp must not be modified... the rest could be.., for example. Ohwell, that shoots any theory then of why it is even being mentioned in the list, other than to potentially harm all users of tightvnc src. Stranger things have happened i guess.. Sorry for my earlier report and, enjoy the code! lol xd cheers Valdis .. On 31 August 2011 14:14, valdis.kletni...@vt.edu wrote: On Wed, 31 Aug 2011 13:36:12 +1000, GloW - XD said: So, i think this should clear up alittle of this small debacle wich has broken about GPL... GPL is usually there to protect the src code in the GPL (named), but is also, not to be used in ways wich defame, wich is why it exists.. if tightvnc wanted to now, they could look at ALL its uses and scrutinize them in every case, and why the code is being used. It is something wich is verymuch now up to them and up to wether people have modified theyre code. Ahem. What the GPL V2 actually says: 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. Not to defame is an additional restriction, as is scrutinize why the code is being used. You can't do either of those for a GPL-licensed package - you may be thinking of some of the Creative Commons licenses. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
On 08/27/2011 08:54 AM, Mario Vilas wrote: On Sat, Aug 27, 2011 at 4:27 AM, GloW - XD doo...@gmail.com wrote: when is smeone going to warez this... it aint free.. http://www.insecurityresearch.com/files/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ It's just a GUI slapped to a bunch of public exploits taken from metasploit and exploit-db. Totally unlike serious software like metasploit-pro and core impact. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
You are comparing a new product with others who have years of development, it is not fair. If you like Core Impact or Metrasploit Express, please pay your license and use them. I'm not pushing you to use my software. INSECT Pro is free and I do it because I like it. Not to like you. Juan Sacco ( runlvl ) On Mon, 29 Aug 2011 13:24:15 -0300, root wrote: On 08/27/2011 08:54 AM, Mario Vilas wrote: On Sat, Aug 27, 2011 at 4:27 AM, GloW - XD doo...@gmail.com wrote: when is smeone going to warez this... it aint free.. http://www.insecurityresearch.com/files/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ It's just a GUI slapped to a bunch of public exploits taken from metasploit and exploit-db. Totally unlike serious software like metasploit-pro and core impact. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.6.1 was released stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
Apparently you are invulnerable to sarcasm. On 08/29/2011 01:45 PM, Juan Sacco wrote: You are comparing a new product with others who have years of development, it is not fair. If you like Core Impact or Metrasploit Express, please pay your license and use them. I'm not pushing you to use my software. INSECT Pro is free and I do it because I like it. Not to like you. Juan Sacco ( runlvl ) On Mon, 29 Aug 2011 13:24:15 -0300, root wrote: On 08/27/2011 08:54 AM, Mario Vilas wrote: On Sat, Aug 27, 2011 at 4:27 AM, GloW - XD doo...@gmail.com wrote: when is smeone going to warez this... it aint free.. http://www.insecurityresearch.com/files/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ It's just a GUI slapped to a bunch of public exploits taken from metasploit and exploit-db. Totally unlike serious software like metasploit-pro and core impact. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
People hate you because you've been stealing software, slapping a new wrapper on it, and calling it your own. All other complaints, criticisms, or even approvals is nothing in light of that simple fact. A light that was cast the first time you released InsectPro to FD and all you got was a horde of angry researchers telling you to shutup and stop sending stupid crap like your stolen software to FD. No one is telling you to not use, hell only a few people are telling you not to share it. But almost everybody is telling you to KEEP CRAP LIKE THIS OFF FULL DISCLOSURE. You can argue the crap point all you want and be dismissive, but you'll just be missing the point. On Mon, Aug 29, 2011 at 9:45 AM, Juan Sacco jsa...@insecurityresearch.com wrote: You are comparing a new product with others who have years of development, it is not fair. If you like Core Impact or Metrasploit Express, please pay your license and use them. I'm not pushing you to use my software. INSECT Pro is free and I do it because I like it. Not to like you. Juan Sacco ( runlvl ) On Mon, 29 Aug 2011 13:24:15 -0300, root wrote: On 08/27/2011 08:54 AM, Mario Vilas wrote: On Sat, Aug 27, 2011 at 4:27 AM, GloW - XD doo...@gmail.com wrote: when is smeone going to warez this... it aint free.. http://www.insecurityresearch.com/files/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ It's just a GUI slapped to a bunch of public exploits taken from metasploit and exploit-db. Totally unlike serious software like metasploit-pro and core impact. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.6.1 was released stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
Hey Gage, bad day huh? I don't argue with people on mailing list. You are taking INSECT Pro too personal, take it easy. If you like it, use it, if you dont like it dont use it, if you can do it better, do it. Good luck. Juan Sacco ( runlvl ) On Mon, 29 Aug 2011 16:53:56 -0700, Gage Bystrom wrote: People hate you because you've been stealing software, slapping a new wrapper on it, and calling it your own. All other complaints, criticisms, or even approvals is nothing in light of that simple fact. A light that was cast the first time you released InsectPro to FD and all you got was a horde of angry researchers telling you to shutup and stop sending stupid crap like your stolen software to FD. No one is telling you to not use, hell only a few people are telling you not to share it. But almost everybody is telling you to KEEP CRAP LIKE THIS OFF FULL DISCLOSURE. You can argue the crap point all you want and be dismissive, but you'll just be missing the point. On Mon, Aug 29, 2011 at 9:45 AM, Juan Sacco jsa...@insecurityresearch.com wrote: You are comparing a new product with others who have years of development, it is not fair. If you like Core Impact or Metrasploit Express, please pay your license and use them. I'm not pushing you to use my software. INSECT Pro is free and I do it because I like it. Not to like you. Juan Sacco ( runlvl ) On Mon, 29 Aug 2011 13:24:15 -0300, root wrote: On 08/27/2011 08:54 AM, Mario Vilas wrote: On Sat, Aug 27, 2011 at 4:27 AM, GloW - XD doo...@gmail.com wrote: when is smeone going to warez this... it aint free.. http://www.insecurityresearch.com/files/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ It's just a GUI slapped to a bunch of public exploits taken from metasploit and exploit-db. Totally unlike serious software like metasploit-pro and core impact. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.6.1 was released stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.6.1 was released stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
On 27/08/2011 23:12, Dan Dart wrote: Looks like it's freeWARE but not free per se. With the added disadvantage that it runs on none of the platforms I use. How sad. 0/5 review from me then. http://www.insecurityresearch.com/files/download/ From the readme's its an old version of metasploit under a wrapper. Also anyone from tightvnc want to see if gpl-violations are interested? INSECT Pro/exploits/framework/msf3/external/source/tightvnc/LICENCE.TXT GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
INSECT Pro uses native exploits and these are taken from the Internet, modified and tested to work with our tool, the sources of these exploits are exploit-db and securityfocus in most cases. Also has support for some modules of metasploit. If you look at INSECT PRO exploit description you could check the source of each one, native or metasploit This isnt a company making a big product, Im doing this because I like doing it. I'm not forcing you to use my software, if you don't like it please don't waste bandwith on it. We are working on a JAVA version in order to support multi-plataform, and because I really like to JAVA We are a small group of developers so we do this on baby steps, we dont like to receive that kind of critic from people like you, you should try to help instead of drop shit all around the internet Juan Sacco ( runlvl ) -- Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.7 was released stay tunned On Sun, 28 Aug 2011 22:43:00 +0100, Jacqui Caren-home wrote: On 27/08/2011 23:12, Dan Dart wrote: Looks like it's freeWARE but not free per se. With the added disadvantage that it runs on none of the platforms I use. How sad. 0/5 review from me then. http://www.insecurityresearch.com/files/download/ From the readme's its an old version of metasploit under a wrapper. Also anyone from tightvnc want to see if gpl-violations are interested? INSECT Pro/exploits/framework/msf3/external/source/tightvnc/LICENCE.TXT GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.6.1 was released stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
On 8/28/2011 6:52 PM, Juan Sacco wrote: This isnt a company making a big product, Im doing this because I like doing it. Good for you. I think that is great. But you are pretending to be a big company. Stop that. I am happy to see you removed that silly donation-for-download scheme. I'm not forcing you to use my software, if you don't like it please don't waste bandwith on it. Fantastic advice. We are working on a JAVA version in order to support multi-plataform, and because I really like to JAVA I did too, until I learned how to program. Oracle's purchase/murder also hastened my departure. Might I suggest C++/Qt? :-) Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
On Sat, Aug 27, 2011 at 4:27 AM, GloW - XD doo...@gmail.com wrote: when is smeone going to warez this... it aint free.. http://www.insecurityresearch.com/files/ -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
hi! ahhh... awesome stuff :-) i will have a look and see if it is as good as the author has said it is, thankyou. xd On 27 August 2011 21:54, Mario Vilas mvi...@gmail.com wrote: On Sat, Aug 27, 2011 at 4:27 AM, GloW - XD doo...@gmail.com wrote: when is smeone going to warez this... it aint free.. http://www.insecurityresearch.com/files/ -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
We are happy to announce a new release of INSECT Pro 2.7 including changes that people ask about most often This is a partial list of the major changes implented in version 2.7 - Available targets now has a submenu under right-click button - Check update function added in order to verify current version - Threading support for GET request - Module log added and functional - Sniffer support added - 50 Remote exploits added - Project saved on userland - Application Data special folder - Executed module windows added and functionality for it - AgentConnect now use telnetlib Download now from: http://www.insecurityresearch.com Juan Sacco (runlvl) -- -- Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.7 was released stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
when is smeone going to warez this... it aint free.. but since its ad here...well, shouldnt we b able to get a copy, thru the wares community : cheers! waiting on those links to come pourin in1 This tool does sound great, i just wont pay for a domplete app without some form of trial...heck metasploit is pro version to, but, they atleast provide a stable and useable free version... insect needs a nudge ! On 27 August 2011 12:02, Juan Sacco jsa...@insecurityresearch.com wrote: We are happy to announce a new release of INSECT Pro 2.7 including changes that people ask about most often This is a partial list of the major changes implented in version 2.7 - Available targets now has a submenu under right-click button - Check update function added in order to verify current version - Threading support for GET request - Module log added and functional - Sniffer support added - 50 Remote exploits added - Project saved on userland - Application Data special folder - Executed module windows added and functionality for it - AgentConnect now use telnetlib Download now from: http://www.insecurityresearch.com Juan Sacco (runlvl) -- -- Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.7 was released stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
