Full Disclosure mailing list archives
RE: Vulnerability/Penetration Testing Tools
From: "Madison, Marc" <mmadison () fnni com>
Date: Wed, 18 Jan 2006 08:13:05 -0600
H D, my apologize. My FD emails were out of order, and I took your response out of context. If your looking for a script that will combine MetaSploit, and Nessus then BidiBLAH will work. Still for $10 grand I would suggest taking a scripting class at your local college so you can make your own BidiBlah. Math: BidiBLAH: $10,000 College scripting class: $350 The knowledge you'll gain for ever, priceless.
I've looked at BidiBLAH (enfaces on the BLAH). Their product does
nothing more than take the results from Nessus, >Metasploit and such, then cram them all together in a easy to understand format for your boss.
BidiBLAH IMHO is not a vulnerability assessment tool, rather a
reporting tool. If anyone can correct me
please do, since at one point I was in contact with BidiBLAH sales
asking what I got for $10,000.00 outside Of the >reporting? Their answer, well let's just say I'm still waiting.
My two cent, Nessus. It's cheap, effective, and probably the most
supported network vulnerability assessment tool >on the market.
H D Moore wrote:
Er, woops, misread - you want to scan and automatically exploit
systems.
This can be easily done with a little scripting and the available
open-source tools. SensePost
has a project called BiDiBLAH that integrates Google-discovery, a TCP
port scanner, Nessus,
and Metasploit: - http://www.sensepost.com/research/bidiblah/
The next version of the Metasploit Framework (v3) has support for
'recon'
modules that technically you could use to automate this, but it will
take some time before this is usable. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Vulnerability/Penetration Testing Tools, (continued)
- Re: Vulnerability/Penetration Testing Tools greybrimstone (Jan 19)
- Re: Vulnerability/Penetration Testing Tools H D Moore (Jan 17)
- Re: Vulnerability/Penetration Testing Tools greybrimstone (Jan 17)
- Re: Vulnerability/Penetration Testing Tools greybrimstone (Jan 17)
- RE: Vulnerability/Penetration Testing Tools Madison, Marc (Jan 18)
- Re: Vulnerability/Penetration Testing Tools greybrimstone (Jan 19)
- Re: Vulnerability/Penetration Testing Tools Exibar (Jan 19)
- Re: Vulnerability/Penetration Testing Tools greybrimstone (Jan 19)
- Re: Vulnerability/Penetration Testing Tools GroundZero Security (Jan 19)
- Re: Vulnerability/Penetration Testing Tools greybrimstone (Jan 19)
- Re: Vulnerability/Penetration Testing Tools greybrimstone (Jan 19)
- Re: Vulnerability/Penetration Testing Tools Valdis . Kletnieks (Jan 18)
- Re: Vulnerability/Penetration Testing Tools greybrimstone (Jan 19)
- Re: Vulnerability/Penetration Testing Tools Dave Korn (Jan 27)
- Re[2]: Vulnerability/Penetration Testing Tools Thierry Zoller (Jan 19)
- Re: Vulnerability/Penetration Testing Tools Michael Holstein (Jan 19)
- Re: Vulnerability/Penetration Testing Tools greybrimstone (Jan 19)
- Re: Vulnerability/Penetration Testing Tools Yvan Boily (Jan 18)
- Re: Vulnerability/Penetration Testing Tools Valdis . Kletnieks (Jan 18)