Security Basics mailing list archives

RE: Penetration Testing Software

From: Sheldon Malm <Sheldon_Malm () rapid7 com>
Date: Wed, 21 Sep 2011 16:26:57 +0000

Heh - here I go again ...

Full Disclosure (again): I work for Rapid7.

There are 3 versions of Metasploit that you could look at.  The Metasploit Framework/Project is free; Metasploit 
Express is low cost; Metasploit Pro is low cost compared to other commercial options, but not low cost compared to 
Metasploit Express.  For nice client reports, you'll want to look at Express or Pro.

For an overview, you can check them out here: http://www.rapid7.com/products/penetration-testing.jsp

If you're looking specifically at web application pen testing, I'd recommend that you check out w3af -- web application 
attack and audit framework.  It's free.  Info on w3af can be found here: http://w3af.sourceforge.net/


I hope this helps.




Sheldon Malm
Senior Director, Security Strategy & Alliances
Rapid7



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Dimitrios Hilton
Sent: Wednesday, September 21, 2011 11:46 AM
To: security-basics () securityfocus com
Subject: Penetration Testing Software 

Does anyone have a recommendation for a low cost Penetration Testing Software that can produce nice client reports

Dimitrios Hilton
President & Senior Consultant
The IT Guy, Ltd.
413 Wacouta Street, Suite 350
St. Paul, MN 55101
(Cell) 651-226-6112
(Dispatch)  651-298-0037
(FAX) 651-917-9239
dhilton () theitguy us
www.theitguy.us
 
 
 


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Penetration Testing Software Dimitrios Hilton (Sep 21)
- RE: Penetration Testing Software Sheldon Malm (Sep 21)
- RE: Penetration Testing Software Bahrs, Art (Sep 21)
- Re: Penetration Testing Software AK (Sep 21)
  - RE: Penetration Testing Software Eggleston, Mark (Sep 21)
    - Re: Penetration Testing Software AK (Sep 23)
    - RE: Penetration Testing Software Eggleston, Mark (Sep 23)
- Re: Penetration Testing Software ted fred (Sep 21)
- Re: Penetration Testing Software Todd Haverkos (Sep 23)
  - Re: Penetration Testing Software Nirin Rattanaubol (Sep 26)
- Re: Penetration Testing Software Richard Thomas (Sep 26)
- <Possible follow-ups>
- Re: Penetration Testing Software krymson (Sep 22)