Re: Commercial Exploit Tools



immunitysec's canvas is one of the best I've heard.
(to expensive for me so I only heard it, and a few vids of working with canvas)
metasploit is second behind them with Rapid7 neXpose and their Framework.
Nessus can be handy sometimes...

Slaintz,
Neusbeer

Op 29-9-2011 20:42, Kent Blackwell schreef:
Greetings all,

I work for a DoD organization as a penetration tester. We currently
use a combination of open source tools and eEye Retina for our tests,
however some excess cash in the budget has given us the opportunity to
grab ourselves a commercial exploitation tool. Given that our
distribution of choice is Backtrack 5 the most obvious choice was
Metasploit Pro. I checked out the most recent list of exploit tools on
seclists, but as the survey is hitting the five year mark I'd expect
things have changed. A quick Google at some alternatives gave me a
list of sponsored ads that I have zero trust in so I figured I'd probe
the community here.

My question is what commercial exploitation tools do you use and
what's your opinion on them. I don't need a huge, detailed explanation
of the tool, just an opinion and the name of the tool. Thanks in
advance!

-Kent

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • Re: Pentesting lab
    ... Most pros that I have ever heard of/met/read use Metasploit. ... One subject is pen-testing and second subject is malware analysis. ... actually do a proper penetration test. ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • RE: Pentesting lab
    ... Well it is not fair to say that Metasploit is designed for kids. ... One subject is pen-testing and second subject is malware analysis. ... actually do a proper penetration test. ... Information Assurance Certification Review ...
    (Pen-Test)
  • Re: Graduate CS Pen Testing Class
    ... You can find a really good free online course at MetaSploit Unleashed. ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)
  • Re: Metasploit
    ... How well do you know metasploit? ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)
  • RE: Which Commercial Web App Scanner?
    ... so assuming that leaves WebInspect and Acunetix ... actually do a proper penetration test. ... Information Assurance Certification Review Board ...
    (Pen-Test)