Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CORE-Impact license bypass

From: c0ntex <c0ntexb () gmail com>
Date: Mon, 26 Sep 2005 21:10:58 +0100
reports, what are they? Managers, I have seen them on TV.

On 26/09/05, Exibar <exibar () thelair com> wrote:



----- Original Message -----
From: "c0ntex" <c0ntexb () gmail com>
To: "Josh Perrymon" <perrymonj () networkarmor com>;

<full-disclosure () lists grok org uk>

Sent: Monday, September 26, 2005 3:36 PM
Subject: Re: [Full-disclosure] CORE-Impact license bypass




CORE is a good product for what it does. Just as NMAP is and just like
Nessus is, though relying on them is probably not a good idea for an
audit. I rather do all pentesting by hand, nothing can compete against
that and I can't think of a time where I have ever used either Nessus
or CORE in an audit.

Never used CANVAS. I don't care for Automated exploit tools but
someone had CORE and I  fancied a play as the CORE team are a pretty
interesting bunch of guys.



 I fancied a play once too... but she slapped me when I started to play with
her in the hallway :-)

  anyway....  Wouldn't you want to run Nessus on a network you're conducting
a pentest on to get a general overview of what vulnerabilities it finds?
Sure beats guessing or hoping that server-suchandsuch isn't patched.

  As far as automated tools go, bah, manually exploiting the holes is
certainly the way to go.  But, the automated tools usually produce nice
pretty reports that you can show the client.  They just LOOOOOVVVVVEEEEEE
pretty reports with many bright colors and such for the good stuff and dark
"hacker like" colors for the bad stuff :-)

  Exibar






--

regards
c0ntex
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: