[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Vulnerability/Penetration Testing Tools
- To: mmadison@xxxxxxxx, fdlist@xxxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Vulnerability/Penetration Testing Tools
- From: greybrimstone@xxxxxxx
- Date: Thu, 19 Jan 2006 13:28:46 -0500
Again... cheaper than core impact... but not free...
-Adriel
-----Original Message-----
From: Madison, Marc <mmadison@xxxxxxxx>
To: H D Moore <fdlist@xxxxxxxxxxxxxxxxxx>;
full-disclosure@xxxxxxxxxxxxxxxxx
Sent: Wed, 18 Jan 2006 08:13:05 -0600
Subject: RE: [Full-disclosure] Vulnerability/Penetration Testing Tools
H D, my apologize. My FD emails were out of order, and I took your
response out of context. If your looking for a script that will combine
MetaSploit, and Nessus then BidiBLAH will work. Still for $10 grand I
would suggest taking a scripting class at your local college so you can
make your own BidiBlah.
Math:
BidiBLAH: $10,000
College scripting class: $350
The knowledge you'll gain for ever, priceless.
>I've looked at BidiBLAH (enfaces on the BLAH). Their product does
nothing more than take the results from Nessus, >Metasploit and such,
then cram them all together in a easy to understand format for your
boss.
>BidiBLAH IMHO is not a vulnerability assessment tool, rather a
reporting tool. If anyone can correct me
>please do, since at one point I was in contact with BidiBLAH sales
asking what I got for $10,000.00 outside Of the >reporting? Their
answer, well let's just say I'm still waiting.
>My two cent, Nessus. It's cheap, effective, and probably the most
supported network vulnerability assessment tool >on the market.
>>H D Moore wrote:
>>Er, woops, misread - you want to scan and automatically exploit
systems.
>>This can be easily done with a little scripting and the available
open-source tools. SensePost
>>has a project called BiDiBLAH that integrates Google-discovery, a TCP
port scanner, Nessus,
>>and Metasploit: - http://www.sensepost.com/research/bidiblah/
>>The next version of the Metasploit Framework (v3) has support for
'recon'
>>modules that technically you could use to automate this, but it will
take some time before this is usable.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
________________________________________________________________________
Check Out the new free AIM(R) Mail -- 2 GB of storage and
industry-leading spam and email virus protection.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/