|
Penetration Testing
mailing list archives
Re: Trend towards cheaper pen-test suites
From: "Andres Riancho" <andres.riancho () gmail com>
Date: Tue, 5 Aug 2008 18:01:49 -0300
Andre,
On 8/5/08, Andre Gironda <andreg () gmail com> wrote:
Has anyone noticed a recent trend towards cheaper pen-test suites?
E.g. SAINTexploit and CORE Impact Essential
http://www.saintcorporation.com/products/penetration_testing/saint_exploit.html
http://www.corest.com/content/core-impact-essential-overview
Has anyone used these or do you plan on using them?
I did a little statistics on the CVE's of the now 4 major exploitation
suites (Impact, SaintExploit, Canvas, and Metasploit) and it appears
that over 60% of the exploits are unique to one suite. This means
that there is only 40% overlap.
It also appears that Canvas has the most unique exploits, followed by
SaintExploit then Metasploit. About 80% of Impact's exploits are
featured in the other suites.
I think it's pretty simple... if metasploit keeps getting
better(more exploits, more reliable, better support in their mailing
list, etc) all commercial tools that perform the same tasks will have
to cut down their prices in order to keep their market share.
Cheers,
Andre
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
--
Andres Riancho
http://w3af.sourceforge.net/
Web Application Attack and Audit Framework
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
| 
Intro
