RE: Vulnerability/Penetration Testing Tools

["Madison, Marc" <mmadison () fnni com>]

H D, my apologize.  My FD emails were out of order, and I took your
response out of context.  If your looking for a script that will combine
MetaSploit, and Nessus then BidiBLAH will work.  Still for $10 grand I
would suggest taking a scripting class at your local college so you can
make your own BidiBlah.

Math:
BidiBLAH:                               $10,000
College scripting class:                $350

The knowledge you'll gain for ever, priceless.



> I've looked at BidiBLAH (enfaces on the BLAH).  Their product does
nothing more than take the results from Nessus, >Metasploit and such,
then cram them all together in a easy to understand format for your
boss.
> BidiBLAH IMHO is not a vulnerability assessment tool, rather a
reporting tool.  If anyone can correct me 
> please do, since at one point I was in contact with BidiBLAH sales
asking what I got for $10,000.00 outside Of the >reporting?  Their
answer, well let's just say I'm still waiting.

> My two cent, Nessus.  It's cheap, effective, and probably the most
supported network vulnerability assessment tool >on the market.




> > H D Moore wrote:

> > Er, woops, misread - you want to scan and automatically exploit
systems. 
> > This can be easily done with a little scripting and the available
open-source tools. SensePost 
> > has a project called BiDiBLAH that integrates Google-discovery, a TCP
port scanner, Nessus, 
> > and Metasploit: - http://www.sensepost.com/research/bidiblah/

> > The next version of the Metasploit Framework (v3) has support for
'recon' 
> > modules that technically you could use to automate this, but it will
take some time before this is usable.



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/