Commercial Exploit Tools

Greetings all,

I work for a DoD organization as a penetration tester. We currently
use a combination of open source tools and eEye Retina for our tests,
however some excess cash in the budget has given us the opportunity to
grab ourselves a commercial exploitation tool. Given that our
distribution of choice is Backtrack 5 the most obvious choice was
Metasploit Pro. I checked out the most recent list of exploit tools on
seclists, but as the survey is hitting the five year mark I'd expect
things have changed. A quick Google at some alternatives gave me a
list of sponsored ads that I have zero trust in so I figured I'd probe
the community here.

My question is what commercial exploitation tools do you use and
what's your opinion on them. I don't need a huge, detailed explanation
of the tool, just an opinion and the name of the tool. Thanks in


This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

Relevant Pages

  • Re: Internal Penetration Testing
    ... an internal penetration tester my be ... If nobody is watching then an internal pen test is doubly pointless. ... Information Assurance Certification Review Board ...
  • Re: Verify Your Security Provider -- The truth behind manual testing.
    ... application penetration tester, amongst other things, and the crew I ... because of the problems you mention with highly automated testing. ... Do I really need a Facebook page to be a security expert? ... Information Assurance Certification Review Board ...
  • Re: Formal audit background for the penetration tester?
    ... if this would be a step backward or beneficial to a penetration tester or ... someone with purely technical skills in InfoSec. ... security department in industry, some there might care... ... Information Assurance Certification Review Board ...