Automated Pen-testing Tool?

• Previous message: Ian Lyte: "Encrypted Password script - easy to defeat"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: pen-test@securityfocus.com
Date: Thu, 26 Jun 2003 16:34:57 -0700

I have been seeing the following banner on many posts lately:

-------------------------------------------------------
Latest attack techniques.

You're a pen tester, but is google.com still your R&D team? Now you can get
trustworthy commercial-grade exploits and the latest techniques from a
world-class research group.

Visit us at: www.coresecurity.com/promos/sf_ept1
or call 617-399-6980
-------------------------------------------------------

The company, Core Security, offers an Automated Pen-Testing Tool called Core
Impact. Has anyone here used this tool, or has any thoughts based on their
white paper? Any thoughts on potential legality or ethical issues (or even
feasibility) of using an automated pen-testing tool at a client site?

Part of their claim:
"Commercial-grade exploit code. IMPACT provides the tester with a range of
up-to-date, professionally developed and maintained exploits for different
platforms, operating systems and applications. IMPACT exploits allow the
tester to both audit for vulnerabilities and exploit the vulnerabilities to
gain and retain access on the target host or application."

Cheers,
Glenn

---------------------------------------------------------------------------
Latest attack techniques.

You're a pen tester, but is google.com still your R&D team? Now you can get
trustworthy commercial-grade exploits and the latest techniques from a
world-class research group.

Visit us at: www.coresecurity.com/promos/sf_ept1
or call 617-399-6980
----------------------------------------------------------------------------

• Previous message: Ian Lyte: "Encrypted Password script - easy to defeat"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]