RE: [Full-disclosure] Vulnerability/Penetration Testing Tools

["Madison, Marc" <mmadison@xxxxxxxx>]

H D, my apologize.  My FD emails were out of order, and I took your
response out of context.  If your looking for a script that will combine
MetaSploit, and Nessus then BidiBLAH will work.  Still for $10 grand I
would suggest taking a scripting class at your local college so you can
make your own BidiBlah.

Math:
BidiBLAH:                               $10,000
College scripting class:                $350

The knowledge you'll gain for ever, priceless.



>I've looked at BidiBLAH (enfaces on the BLAH).  Their product does
nothing more than take the results from Nessus, >Metasploit and such,
then cram them all together in a easy to understand format for your
boss.
>BidiBLAH IMHO is not a vulnerability assessment tool, rather a
reporting tool.  If anyone can correct me 
>please do, since at one point I was in contact with BidiBLAH sales
asking what I got for $10,000.00 outside Of the >reporting?  Their
answer, well let's just say I'm still waiting.

>My two cent, Nessus.  It's cheap, effective, and probably the most
supported network vulnerability assessment tool >on the market.




>>H D Moore wrote:

>>Er, woops, misread - you want to scan and automatically exploit
systems. 
>>This can be easily done with a little scripting and the available
open-source tools. SensePost 
>>has a project called BiDiBLAH that integrates Google-discovery, a TCP
port scanner, Nessus, 
>>and Metasploit: - http://www.sensepost.com/research/bidiblah/

>>The next version of the Metasploit Framework (v3) has support for
'recon' 
>>modules that technically you could use to automate this, but it will
take some time before this is usable.



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/