Penetration Testing
RE: Commercial Exploit Tools Sep 30 2011 11:00PM
sekhar (vedantamsekhar gmail com)
Core Impact is another tool.
It has client side exploitation as well.
They claim that it has web attack capability but in reality it is useless...

Sent from Mobile
-----Original Message-----
From: Neusbeer
Sent: 01/10/2011 1:05:04 am
To: Kent Blackwell; pen-test (at) securityfocus (dot) com [email concealed]
Subject: Re: Commercial Exploit Tools

immunitysec's canvas is one of the best I've heard.
(to expensive for me so I only heard it, and a few vids of working with
canvas)
metasploit is second behind them with Rapid7 neXpose and their Framework.
Nessus can be handy sometimes...

Slaintz,
Neusbeer

Op 29-9-2011 20:42, Kent Blackwell schreef:
> Greetings all,
>
> I work for a DoD organization as a penetration tester. We currently
> use a combination of open source tools and eEye Retina for our tests,
> however some excess cash in the budget has given us the opportunity to
> grab ourselves a commercial exploitation tool. Given that our
> distribution of choice is Backtrack 5 the most obvious choice was
> Metasploit Pro. I checked out the most recent list of exploit tools on
> seclists, but as the survey is hitting the five year mark I'd expect
> things have changed. A quick Google at some alternatives gave me a
> list of sponsored ads that I have zero trust in so I figured I'd probe
> the community here.
>
> My question is what commercial exploitation tools do you use and
> what's your opinion on them. I don't need a huge, detailed explanation
> of the tool, just an opinion and the name of the tool. Thanks in
> advance!
>
> -Kent
>
> ------------------------------------------------------------------------

> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

>
>

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus