Re: Commercial Exploit Tools

On 9/29/2011 2:42 PM, Kent Blackwell wrote:
Greetings all,

I work for a DoD organization as a penetration tester. We currently
use a combination of open source tools and eEye Retina for our tests,
however some excess cash in the budget has given us the opportunity to
grab ourselves a commercial exploitation tool. Given that our
distribution of choice is Backtrack 5 the most obvious choice was
Metasploit Pro. I checked out the most recent list of exploit tools on
seclists, but as the survey is hitting the five year mark I'd expect
things have changed. A quick Google at some alternatives gave me a
list of sponsored ads that I have zero trust in so I figured I'd probe
the community here.

My question is what commercial exploitation tools do you use and
what's your opinion on them. I don't need a huge, detailed explanation
of the tool, just an opinion and the name of the tool. Thanks in

Feel free to put Metasploit Pro to the test. We provide a competitive
level of exploit coverage (with all exploits available under the open
source framework) and strive to go beyond just "pop a shell" and solve
real needs in the penetration testing and vulnerability management
space. This includes a strong focus on multi-user collaboration, import
of dozens of tool exports (NeXpose, Retina, etc), customizable
reporting, extensive password testing (brute force, replay, and spot
testing), and a wide range of features that we find useful when
conducting our own engagements. We dogfood our products religiously and
a large portion of the development team consists of former penetration
tests, including some with DoD experience.

We provide a free trial if you want to conduct your own evaluation:

The Metasploit Pro development team is the same group of folks that work
on the Metasploit Framework and are highly active within the security
community. We have a policy of transparency that no commercial
competitors can offer. Metasploit Pro sales directly fund the continued
development of the open source Metasploit Framework too :)


This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.