Penetration Testing mailing list archives
Re: Core Impact
From: Christoph Puppe <puppe () hisolutions com>
Date: Wed, 22 Jun 2005 16:06:21 +0200
Salve, I've review the tool for a german magazin (www.ix.de). It's very impressive. The net-recon funktions are very good, you can edit the database of all found hosts and fix the mistakes that CI makes. When it comes to exploiting stuff it's not that impressive. When I tested them a year ago, they had about 70 remote exploits. As this exploits had a very narrow targets list, it failed my tests. The exploits are mostly for US versions, for example the exploit works against RedHat Linux but not against SuSE Linux. They tell you that an admin can do the job of a pentester with this tool. As a person doing pen-tests has thousands of exploits on his/her disposal, this is just not true. What can be done by an admin, is to have a cool recon and some fun exploiting stuff. As it does not do a VA, the admin needs to use a VA-Tool as well. I've read the results of retina can be imported now, which is a good thing and something I recommended to them in my article. If I had the money, I'd buy it, as it helps with pentesting, but use it together with metasploit, nessus, gcc, gdb and all the other very specialized tools, exploits and nifty command line tricks. I strongly believe in the unix tool credo "do a small thing, but do it right". -- Mit freundlichen Grüßen Christoph Puppe Security Consultant We secure your business.(TM) _______________________________________________________ HiSolutions AG Phone: +49 30 533289-0 Bouchéstrasse 12 Fax: +49 30 533289-99 D-12435 Berlin Internet: http://www.hisolutions.com _______________________________________________________
Current thread:
- Re: Core Impact, (continued)
- Re: Core Impact Chris Raymond (Jun 21)
- RE: Core Impact boxerb (Jun 21)
- Re: Core Impact David Eduardo Acosta Rodríguez (Jun 21)
- Re: Core Impact paul dansing (Jun 22)
- Re: Core Impact securityfocus (Jun 21)
- Re: Core Impact Daniel Miessler (Jun 24)
- Re: Core Impact Daniele Milan (Jun 24)
- Re: Core Impact Chris Byrd (Jun 24)
- Re: Core Impact nick johnson (Jun 24)
- Re: Core Impact Daniel Miessler (Jun 24)
- RE: Core Impact Andre Protas (Jun 21)
- Re: Core Impact Christoph Puppe (Jun 22)
- Core Impact Security Professional (Jun 23)