Re: [Full-disclosure] Vulnerability/Penetration Testing Tools

From: greybrimstone@xxxxxxx
Date: Tue, 17 Jan 2006 23:27:49 -0500

HD, Metasploit has already been added to my archive of must haves. I'm primarly interested in tools that would in effect combine a nessus like front end to something like core impact/metasploit. Any ideas on something like that? Do I need to write my own?

-----Original Message-----
From: H D Moore <fdlist@xxxxxxxxxxxxxxxxxx>
To: full-disclosure@xxxxxxxxxxxxxxxxx
Sent: Tue, 17 Jan 2006 18:04:27 -0600
Subject: Re: [Full-disclosure] Vulnerability/Penetration Testing Tools

 You should check out the Metasploit Framework:
- http://metasploit.com/projects/Framework/

<rant> When I viewed the online demo of SAINT Exploit in December of 2005, nearly all of their exploit modules had names very similar to the ones found in version 2.5 of the Metasploit Framework. The demo has been updated since then and a handful of new exploits have been mixed in while others had their name changed. Oh, and their placement of a Google Adword on "metasploit" was a nice touch... </rant>

-HD

On Tuesday 17 January 2006 16:25, greybrimstone@xxxxxxx wrote:

All, I am in the process of researching a wide variety of penetration testing tools and vulnerability assessment tools. I've already researched many of the commercial tools like Coresecurity's Core

Impact

tool and even know a bit about the new tool that saint is about to

come

out with. What about open-source tools?
Are there any open source tools like Core Impact that allow you to not only scan a network for vulnerabilities but then allow you to

issue

attacks against those vulnerabilities? I'm interested in both windows
based and *nix based tools. Yes I am aware of nessus, exploit tree,
metaspoloit etc... but none of those really have the "identify then
attack" type of structure... they are either "identify" or "attack".

-simon

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

________________________________________________________________________ Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam and email virus protection.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Vulnerability/Penetration Testing Tools
  - From: greybrimstone
- Re: [Full-disclosure] Vulnerability/Penetration Testing Tools
  - From: H D Moore

Prev by Date: Re: [Full-disclosure] PC Firewall Choices
Next by Date: Re: [Full-disclosure] Vulnerability/Penetration Testing Tools
Previous by thread: Re: [Full-disclosure] Vulnerability/Penetration Testing Tools
Next by thread: RE: [Full-disclosure] Vulnerability/Penetration Testing Tools
Index(es):
- Date
- Thread

Relevant Pages

RE: [Full-disclosure] Vulnerability/Penetration Testing Tools
... I've looked at BidiBLAH. ... Nessus, Metasploit and such, then cram them all together in a easy to ... My two cent, Nessus. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ...
(Full-Disclosure)
Re: [Full-disclosure] security industry software license
... They start requiring licenses to have Metasploit ... or Snort or Nessus, it's a slippery slope, and they'll start requiring a ...
(Full-Disclosure)
Re: personal firewall test site
... Download a copy of nessus onto another computer and scan your target ... http://www.nessus.org/ You could also give MetaSploit a try, ...
(comp.security.firewalls)
Re: [Full-Disclosure] Pentesting an IDP-System
... I will definately have a closer look on metasploit and IDS-Informer, ... maybe also nessus but i already tried languard and it just created so ... much noise everything got blocked fear the same with nessus... ...
(Full-Disclosure)