Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Vulnerability/Penetration Testing Tools

from [greybrimstone] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Vulnerability/Penetration Testing Tools
Date: Thu, 19 Jan 2006 13:28:46 -0500 
Again... cheaper than core impact... but not free...

-Adriel

-----Original Message-----
From: Madison, Marc <mmadison@fnni.com>
To: H D Moore <fdlist@digitaloffense.net>; full-disclosure@lists.grok.org.uk
Sent: Wed, 18 Jan 2006 08:13:05 -0600
Subject: RE: [Full-disclosure] Vulnerability/Penetration Testing Tools

H D, my apologize. My FD emails were out of order, and I took your
response out of context. If your looking for a script that will combine
MetaSploit, and Nessus then BidiBLAH will work. Still for $10 grand I
would suggest taking a scripting class at your local college so you can
make your own BidiBlah.

Math:
BidiBLAH: $10,000
College scripting class: $350

The knowledge you'll gain for ever, priceless.



>I've looked at BidiBLAH (enfaces on the BLAH). Their product does
nothing more than take the results from Nessus, >Metasploit and such,
then cram them all together in a easy to understand format for your
boss.
>BidiBLAH IMHO is not a vulnerability assessment tool, rather a
reporting tool. If anyone can correct me
>please do, since at one point I was in contact with BidiBLAH sales
asking what I got for $10,000.00 outside Of the >reporting? Their
answer, well let's just say I'm still waiting.

>My two cent, Nessus. It's cheap, effective, and probably the most
supported network vulnerability assessment tool >on the market.




>>H D Moore wrote:

>>Er, woops, misread - you want to scan and automatically exploit
systems.
>>This can be easily done with a little scripting and the available
open-source tools. SensePost
>>has a project called BiDiBLAH that integrates Google-discovery, a TCP
port scanner, Nessus,
>>and Metasploit: - http://www.sensepost.com/research/bidiblah/

>>The next version of the Metasploit Framework (v3) has support for
'recon'
>>modules that technically you could use to automate this, but it will
take some time before this is usable.



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


________________________________________________________________________
Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam and email virus protection.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] Vulnerability/Penetration Testing Tools, greybrimstone
Next by Date:  Re[2]: [Full-disclosure] Vulnerability/Penetration Testing Tools, Thierry Zoller
Previous by Thread:  [Full-disclosure] Re: Vulnerability/Penetration Testing Tools, Dave Korn
Next by Thread:  Re[2]: [Full-disclosure] Vulnerability/Penetration Testing Tools, Thierry Zoller
Indexes:  [Date] [Thread] [Top] [All Lists]