Automated Pen-testing Tool?

From: Wolf, Glenn (glenn.wolf_at_we-inc.com)
Date: 06/27/03

  • Next message: Rob Shein: "RE: pen testing management and control system"
    To: pen-test@securityfocus.com
    Date: Thu, 26 Jun 2003 16:34:57 -0700
    
    

    I have been seeing the following banner on many posts lately:

    -------------------------------------------------------
    Latest attack techniques.

    You're a pen tester, but is google.com still your R&D team? Now you can get
    trustworthy commercial-grade exploits and the latest techniques from a
    world-class research group.

    Visit us at: www.coresecurity.com/promos/sf_ept1
    or call 617-399-6980
    -------------------------------------------------------

    The company, Core Security, offers an Automated Pen-Testing Tool called Core
    Impact. Has anyone here used this tool, or has any thoughts based on their
    white paper? Any thoughts on potential legality or ethical issues (or even
    feasibility) of using an automated pen-testing tool at a client site?

    Part of their claim:
    "Commercial-grade exploit code. IMPACT provides the tester with a range of
    up-to-date, professionally developed and maintained exploits for different
    platforms, operating systems and applications. IMPACT exploits allow the
    tester to both audit for vulnerabilities and exploit the vulnerabilities to
    gain and retain access on the target host or application."

    Cheers,
    Glenn

    ---------------------------------------------------------------------------
    Latest attack techniques.

    You're a pen tester, but is google.com still your R&D team? Now you can get
    trustworthy commercial-grade exploits and the latest techniques from a
    world-class research group.

    Visit us at: www.coresecurity.com/promos/sf_ept1
    or call 617-399-6980
    ----------------------------------------------------------------------------


  • Next message: Rob Shein: "RE: pen testing management and control system"