Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Vulnerability/Penetration Testing Tools

from [H D Moore] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Vulnerability/Penetration Testing Tools
Date: Tue, 17 Jan 2006 18:04:27 -0600 
You should check out the Metasploit Framework:
 - http://metasploit.com/projects/Framework/

<rant>
When I viewed the online demo of SAINT Exploit in December of 2005, nearly 
all of their exploit modules had names very similar to the ones found in 
version 2.5 of the Metasploit Framework. The demo has been updated since 
then and a handful of new exploits have been mixed in while others had 
their name changed. Oh, and their placement of a Google Adword on 
"metasploit" was a nice touch...
</rant>

-HD


On Tuesday 17 January 2006 16:25, greybrimstone@aim.com wrote:

All,
    I am in the process of researching a wide variety of penetration
testing tools and vulnerability assessment tools. I've already
researched many of the commercial tools like Coresecurity's Core Impact
tool and even know a bit about the new tool that saint is about to come
out with. What about open-source tools?

    Are there any open source tools like Core Impact that allow you to
not only scan a network for vulnerabilities but then allow you to issue
attacks against those vulnerabilities? I'm interested in both windows
based and *nix based tools. Yes I am aware of nessus, exploit tree,
metaspoloit etc... but none of those really have the "identify then
attack" type of structure... they are either "identify" or "attack".

-simon

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT, Kornbrust, Alexander
Next by Date:  Re: [Full-disclosure] Vulnerability/Penetration Testing Tools, Gadi Evron
Previous by Thread:  [Full-disclosure] Vulnerability/Penetration Testing Tools, greybrimstone
Next by Thread:  Re: [Full-disclosure] Vulnerability/Penetration Testing Tools, Gadi Evron
Indexes:  [Date] [Thread] [Top] [All Lists]