[Full-disclosure] New tool for pentesting
A new product was born, similiar to Core Impact, Metasploit and Immunity Canvas. INSECT is affordable, easy to use and it has a friendly user interface. It promises to be an excellent tool and it allows organizations of all sizes to conduct comprehensive penetration testing across their infrastructure and applications. INSECT's interface is designed to be usable by individuals both with and without specialized training in penetration testing and vulnerability assessment, and includes functions for generating reports from the gathered information. See more at: http://www.faltaenvido.org/ Watch videos at: http://www.youtube.com/user/FaltaEnvidoVideo Regards ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New tool for pentesting
...without specialized training in penetration testing... Are you sure? I wouldn't let a newby to use a pentest tool in my company!! xDD 2010/9/17 runlvl run...@gmail.com A new product was born, similiar to Core Impact, Metasploit and Immunity Canvas. INSECT is affordable, easy to use and it has a friendly user interface. It promises to be an excellent tool and it allows organizations of all sizes to conduct comprehensive penetration testing across their infrastructure and applications. INSECT's interface is designed to be usable by individuals both with and without specialized training in penetration testing and vulnerability assessment, and includes functions for generating reports from the gathered information. See more at: http://www.faltaenvido.org/ Watch videos at: http://www.youtube.com/user/FaltaEnvidoVideo Regards ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New tool for pentesting
- Forwarded Message From: Jhfjjf Hfdsjj taser3...@yahoo.com To: runlvl run...@gmail.com Sent: Fri, September 17, 2010 3:26:44 AM Subject: Re: [Full-disclosure] New tool for pentesting Are you expecting us to believe that a windows only supported penetration tool with absolutely zero information regarding true effectiveness or methods is supposed to compete with metasploit? For all I know I could be paying $500 for a shiny box that spits blinkenlights at me with a message saying you just h4x0red y0urself! Trust meh1 umm yeahI think ill go back to reviewing that PoC args From: runlvl run...@gmail.com To: full-disclosure@lists.grok.org.uk Sent: Thu, September 16, 2010 7:02:06 PM Subject: [Full-disclosure] New tool for pentesting A new product was born, similiar to Core Impact, Metasploit and Immunity Canvas. INSECT is affordable, easy to use and it has a friendly user interface. It promises to be an excellent tool and it allows organizations of all sizes to conduct comprehensive penetration testing across their infrastructure and applications. INSECT's interface is designed to be usable by individuals both with and without specialized training in penetration testing and vulnerability assessment, and includes functions for generating reports from the gathered information. See more at: http://www.faltaenvido.org/ Watch videos at: http://www.youtube.com/user/FaltaEnvidoVideo Regards ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New tool for pentesting
A new product was born, similiar to Core Impact, Metasploit and Immunity Canvas. INSECT is affordable, easy to use and it has a friendly user interface. It promises to be an excellent tool and it allows organizations of all sizes to conduct comprehensive penetration testing across their infrastructure and applications. INSECT's interface is designed to be usable by individuals both with and without specialized training in penetration testing and vulnerability assessment, and includes functions for generating reports from the gathered information. Main tool for pentesting is brain. By the way we already have free Metasploit with nice CLI interface. Core Impact is enterprise level solution and Canvas has good exploit packs. What benefits does have Insect? -- Taras http://oxdef.info ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New tool for pentesting
ORLY? This screenshot http://www.faltaenvido.org/wp-content/uploads/2010/09/mainimage.jpg reminds me somehow of http://www.metasploit.com/modules/exploit/windows/ftp This module exploits a stack-based buffer overflow in EasyFTP Server 1.7.0.11 and earlier. EasyFTP fails to check input size when parsing 'CWD' commands, which leads to a stack based buffer overflow. EasyFTP allows anonymous access by default; You didn't even bother to write your own stuff? Pen-Testing has nothing to do with pressing buttons or a fancy looking gui. Nor shouldn't it ripoff open source solutions and selling it for money. dude... --- runlvl run...@gmail.com schrieb am Do, 16.9.2010: Von: runlvl run...@gmail.com Betreff: [Full-disclosure] New tool for pentesting An: full-disclosure@lists.grok.org.uk Datum: Donnerstag, 16. September, 2010 22:02 Uhr A new product was born, similiar to Core Impact, Metasploit and Immunity Canvas. INSECT is affordable, easy to use and it has a friendly user interface. It promises to be an excellent tool and it allows organizations of all sizes to conduct comprehensive penetration testing across their infrastructure and applications. INSECT's interface is designed to be usable by individuals both with and without specialized training in penetration testing and vulnerability assessment, and includes functions for generating reports from the gathered information. See more at: http://www.faltaenvido.org/ Watch videos at: http://www.youtube.com/user/FaltaEnvidoVideo Regards ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New tool for pentesting
Looking at that webpage is making me rage. I'm sending him an invoice for a new keyboard. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New tool for pentesting
Seriously. The only reason CANVAS and IMPACT are still used is because of the 0-days that come packaged with them. Metasploit if far superior not only in exploitation, but post exploitation, persistance, networking pivioting, and just generally being a badass! Can ANYTHING really compare to the meterpreter for pwning windows? They implemented remote kernel calls for gods sake! You have the ENTIRE windows API at your disposal with it, assuming you don't want to use one of the very awesome ruby scripts that come with it to manipulate your tokens or do remote route additions! If I'm going to use any 'enterprise level vulnerability scanner' ::shudders:: it'll be Metasploit express, or MAYBE Nessus. Mainly just my brain though, which costs me nothing! If you're going to try to sell stuff like this, I wouldn't go where ACTUAL security people dwell, I'd go back to the netstumbler forums. You'd have better luck there. On Sep 17, 2010, at 11:31 AM, Eyeballing Weev eyeballing.w...@gmail.com wrote: Looking at that webpage is making me rage. I'm sending him an invoice for a new keyboard. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New tool for pentesting
To be fair, both Canvas and Impact had the same pivoting features years before Metasploit (and yes, that includes the entire Windows API too). It's no wonder really, since Metasploit is newer too (Impact was created some ten odd years ago and Canvas came shortly later, if I'm not wrong). But IMHO if a community, open source project like Metasploit can reach the quality of it's big budget, closed source competitors, that alone is quite impressive! What I think is really wrong here is someone made a poorly designed (at least judging from the GUI), Windows-only commercial tool by ripping off a few public exploits... What's the added value here? What are these people trying to charge money for, exactly? This looks like snake oil to me. On Fri, Sep 17, 2010 at 6:54 PM, rdse...@mtu.edu wrote: Seriously. The only reason CANVAS and IMPACT are still used is because of the 0-days that come packaged with them. Metasploit if far superior not only in exploitation, but post exploitation, persistance, networking pivioting, and just generally being a badass! Can ANYTHING really compare to the meterpreter for pwning windows? They implemented remote kernel calls for gods sake! You have the ENTIRE windows API at your disposal with it, assuming you don't want to use one of the very awesome ruby scripts that come with it to manipulate your tokens or do remote route additions! If I'm going to use any 'enterprise level vulnerability scanner' ::shudders:: it'll be Metasploit express, or MAYBE Nessus. Mainly just my brain though, which costs me nothing! If you're going to try to sell stuff like this, I wouldn't go where ACTUAL security people dwell, I'd go back to the netstumbler forums. You'd have better luck there. On Sep 17, 2010, at 11:31 AM, Eyeballing Weev eyeballing.w...@gmail.com wrote: Looking at that webpage is making me rage. I'm sending him an invoice for a new keyboard. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- HONEY: I want to… put some powder on my nose. GEORGE: Martha, won’t you show her where we keep the euphemism? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New tool for pentesting
I know the story of this guy. He was fired from Core for incompetence and swore he'd make a better product and compete with them. I bet they're still laughing their asses off... Check out his Twitter account: https://twitter.com/runlvl Apparently this guy used to do website defacements, judging from his tweets... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New tool for pentesting
I was just commenting on the Wordpress page, with the ugly theme, the weird URLs (page ID), and the lack of an image slideshow.. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/