Penetration Testing: RE: Commercial Exploit Tools

["sekhar" <vedantamsekhar () gmail com>]

Core Impact is another tool. 
It has client side exploitation as well.
They claim that it has web attack capability but in reality it is useless...

Sent from Mobile
-----Original Message-----
From: Neusbeer
Sent:  01/10/2011 1:05:04 am
To: Kent Blackwell; pen-test () securityfocus com
Subject:  Re: Commercial Exploit Tools

immunitysec's canvas is one of the best I've heard.
(to expensive for me so I only heard it, and a few vids of working with 
canvas)
metasploit is second behind them with Rapid7 neXpose and their Framework.
Nessus can be handy sometimes...

Slaintz,
  Neusbeer

Op 29-9-2011 20:42, Kent Blackwell schreef:
> Greetings all,
>
> I work for a DoD organization as a penetration tester. We currently
> use a combination of open source tools and eEye Retina for our tests,
> however some excess cash in the budget has given us the opportunity to
> grab ourselves a commercial exploitation tool. Given that our
> distribution of choice is Backtrack 5 the most obvious choice was
> Metasploit Pro. I checked out the most recent list of exploit tools on
> seclists, but as the survey is hitting the five year mark I'd expect
> things have changed. A quick Google at some alternatives gave me a
> list of sponsored ads that I have zero trust in so I figured I'd probe
> the community here.
>
> My question is what commercial exploitation tools do you use and
> what's your opinion on them. I don't need a huge, detailed explanation
> of the tool, just an opinion and the name of the tool. Thanks in
> advance!
>
> -Kent
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------