RE: Vulnerability/Penetration Testing Tools

["Madison, Marc" <mmadison () fnni com>]

I've looked at BidiBLAH (enfaces on the BLAH).  Their product does
nothing more than take the results from
Nessus, Metasploit and such, then cram them all together in a easy to
understand format for your boss.
BidiBLAH IMHO is not a vulnerability assessment tool, rather a reporting
tool.  If anyone can correct me 
please do, since at one point I was in contact with BidiBLAH sales
asking what I got for $10,000.00 outside 
Of the reporting?  Their answer, well let's just say I'm still waiting.

My two cent, Nessus.  It's cheap, effective, and probably the most
supported network vulnerability assessment 
tool on the market.




> > H D Moore wrote:

> > Er, woops, misread - you want to scan and automatically exploit
systems. 
> This can be easily done with a little scripting and the available
open-source tools. SensePost 
> > has a project called BiDiBLAH that integrates Google-discovery, a TCP
port scanner, Nessus, 
> > and Metasploit: - http://www.sensepost.com/research/bidiblah/

> > The next version of the Metasploit Framework (v3) has support for
'recon' 
> > modules that technically you could use to automate this, but it will
take some time before this is usable.

> > -HD


> On Tuesday 17 January 2006 18:04, H D Moore wrote:
> You should check out the Metasploit Framework:
>  - http://metasploit.com/projects/Framework/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/