Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Pentesting tool - Commercial
From: Trygve Aasheim <trygve () pogostick net>
Date: Tue, 04 Mar 2008 12:47:42 +0100



If these vulnerability assessment management and network
penetration-testing tools were so important - how come they don't help
a person create the next iPhone expoit, the next QuickTime exploit, or
the almost certainly find the next Java JVM or Adobe Reader
vulnerability?


Who says they don't?
Why can't you use metasploit, canvas or impact to help(!) you?

They are all open source, and you can freely add your own exploits, payloads, macros or change existing ones. So the results from your fuzzers can be implemented into modules in these tools and tested. The framework can then run the exploits for you continuously while you test different configurations and version of the target software.

Also it helps if you are looking at exploiting an infrastructure more than just running one exploit against one target. Like HD Moore and Valsmith's speech at Black Hat 2007, where they showed how to use the output from one module as input into another module - and then achieve your goals.
(WPAD -> HASH -> login into Windows Domain example)

The same approach are used by malware developers now, and mpack is a good example. It's a framework built to carry different types of exploits, payloads and perform different tasks.

We're also seeing more and more fuzzingtools being implemented directly into these frameworks, like lorcon in Metasploit and the web attack modules in Impact. So then the tools can search for new vulnerabilities more than just act on the pre-loaded exploits.

So I don't understand your limited view on these tools...
It's like asking "if this car is so damn good, why can't it drive me to work...!?".

But that might be the difference here...you wanna exploit your iPhone, while these tools are made to test the security level of company infrastructures...

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]