Re: Trend towards cheaper pen-test suites

["Andres Riancho" <andres.riancho () gmail com>]

Andre,

On 8/5/08, Andre Gironda <andreg () gmail com> wrote:
> Has anyone noticed a recent trend towards cheaper pen-test suites?
>
> E.g. SAINTexploit and CORE Impact Essential
> http://www.saintcorporation.com/products/penetration_testing/saint_exploit.html
> http://www.corest.com/content/core-impact-essential-overview
>
> Has anyone used these or do you plan on using them?
>
> I did a little statistics on the CVE's of the now 4 major exploitation
> suites (Impact, SaintExploit, Canvas, and Metasploit) and it appears
> that over 60% of the exploits are unique to one suite.  This means
> that there is only 40% overlap.
>
> It also appears that Canvas has the most unique exploits, followed by
> SaintExploit then Metasploit.  About 80% of Impact's exploits are
> featured in the other suites.

    I think it's pretty simple... if metasploit keeps getting
better(more exploits, more reliable, better support in their mailing
list, etc) all commercial tools that perform the same tasks will have
to cut down their prices in order to keep their market share.

> Cheers,
> Andre
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes in
> Securing Web Applications
> Get 45 Min Video and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------


-- 
Andres Riancho
http://w3af.sourceforge.net/
Web Application Attack and Audit Framework

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------