HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 42 guests and 3 members online
 
Advertisement

You are here: Home arrow Resourcesarrow Toolsarrow Vulnerability scanning / pentesting tools
EH-Net
May 22, 2013, 06:42:13 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Vulnerability scanning / pentesting tools  (Read 7044 times)
0 Members and 1 Guest are viewing this topic.
alucian
Full Member
***
Offline Offline

Posts: 225



View Profile
« on: November 09, 2010, 02:12:25 PM »
Hello guys,

I need your help in choosing some security tools. We will improve our security program and I have to propose some vulnerability scanning / penetration testing tools that we will buy.
Our network has around 3000 active IPs, and we have almost 40 IPs in the DMZ.
 I have thought about some tools, and I should provide my managers some reasons why I did choose a particular one (for example in category Networks scanners I chose Nessus, and I can justify this on a Forrester research). Here are my categories and my picks:

Network scanning:
1.   Nessus (cheaper ~ 3600$ for 3 licenses, very good product, and we already have it)
2.   Nexpose (very good but will cost us 40.000$ /year)
3.   Qualys

Database vulnerability scanners
1.   DB Audit – good reviews; 4500$ for 10 servers
2.   Appdetective – more expensive
3.   Pangolin – amazing SQL injection tool. It costs 2000$ and maybe I will convince them to buy it together with DB Audit

Web application
1.   Burpsuite pro – 225$ plus Accunetix – 5000$
2.   Webinspect – 6000$
3.   Appscan – 15.000$

Penetration testing
1.   Core impact – 20.000$ plus Metasploit framework
2.   Metasploit express – 3000$
3.   Saint exploit – 20.000$ ?

Besides this we will use some open source tools, but we need also good commercial tools (management get excited about support  Cool )

If I miss some categories please tell me.
So, I would like hear your suggestions and opinions.
Thanks!
Logged
CISSP ISSAP, CISM/A, GWAPT, GCIH, eCPPT, OSWP
sil
Hero Member
*****
Offline Offline

Posts: 549



View Profile WWW
« Reply #1 on: November 09, 2010, 03:24:02 PM »
If I had to do it my way in your situation on the pay for play + freeware model I would go for:

Network and vulnerability scanning:
1.   Nessus (cheaper ~ 3600$ for 3 licenses, very good product, and we already have it)
+ OpenVAS
+ Metasploit Express
+Hailstorm

Database vulnerability scanners
SQL Ninja http://sqlninja.sourceforge.net/
Typhon III (http://www.ngssoftware.com/services/software-products/Internet-Security/TyphonIII.aspx)
NGS *anything* (http://www.ngssoftware.com/services/software-products/Database-Security.aspx)


Web application
1.   Burpsuite pro – 225$ plus Accunetix – 5000$
2.   Webinspect – 6000$
Wikto
N-Stalker over Acunetix

Penetration testing
1.   Core impact
Canvas (period)

For the reasoning... Metasploit + OpenVAS alongside Nessus for network mapping AND vulnerability scanning. OpenVAS because its free and sometimes their signatures are more accurate on the "low day" exploits... What the heck is low day? Low day is a term I'm throwing out there for exploits that are in the wild yet have no defined CVE, author, etc., for example, my mushroomcloud is not necessarily 0day because I semi disclosed it. It is a known problem that affects Trend Micro which in turn messes up VMWare. So "low day" it is a visible threat and sort of known... Hailstorm is an excellent (albeit pricey) tool which complements the other two... Now why Metasploit for scanning/vuln testing? Its capable of accurately finding the low hanging fruit quickly.

DB Vuln Testing tools... I selected SQL Ninja because its free and a kick .... tool.  Typhoon and anything else from NGS. I say this because of Dave Litchfield. He is the defacto db pimp and knows his stuff

Web app tools: Burpsuite is worth the money and Webinspect is a little noisy not to mention you HAVE TO (repeat HAVE TO) fiddle with your timing variables and depth of scanning otherwise it WILL take out your servers. Wikto is a definitive must. Acunetix you can do without if you'd like me to I can make you a quickie video using a real time comparison of a known to be vulnerable server of mine using Acunetix versus N-Stalker. N-Stalker is capable of finding and drilling down into a lot more than Acunetix can. While Acunetix WVS is ok, its not all that.
N-Stalker over Acunetix

Core Impact if you can afford it but a MUST is Canvas period. If you can fork out for the exploit packs even better (D2 Exploit pack, etc.)
Logged
http://www.infiltrated.net/mgz/puppylecter.jpg
alucian
Full Member
***
Offline Offline

Posts: 225



View Profile
« Reply #2 on: November 10, 2010, 08:21:34 AM »
THANK YOU VERY MUCH!

I am analyzing your list, and I will see what I will propose (maybe next week).

I think I wasn't specific enough with my list. For each category only the fist element is chosen; the others are just to do an analysis of the available products.

Anyway, my company will not invest so much money in vulnerability management. Also, it will be very difficult to convince them to buy Canvas or Core Impact. I need an excellent business case for this.

Lucian
Logged
CISSP ISSAP, CISM/A, GWAPT, GCIH, eCPPT, OSWP
sil
Hero Member
*****
Offline Offline

Posts: 549



View Profile WWW
« Reply #3 on: November 10, 2010, 08:32:18 AM »
Canvas is 1/10th the cost of Core Wink
Logged
http://www.infiltrated.net/mgz/puppylecter.jpg
ckirsch
Newbie
*
Offline Offline

Posts: 10


View Profile
« Reply #4 on: November 11, 2010, 08:46:38 AM »
Hi Lucian,

Have you also tried the Metasploit Pro, which came out last month? If you are a professional penetration tester, it may be the right tool for you. List price is $15,000. If cost is an option, you can opt for Metasploit Express at $3,000 with less features. Both licenses include exploits so you don't need to spend money on additional exploit packs.

Here's feature comparison between the two:
http://www.rapid7.com/products/metasploit/compare-and-buy.jsp

I'd recommend you give Metasploit Pro a test drive. Free trial is available at:
http://www.rapid7.com/downloads/metasploit-pro.jsp


Chris
Logged
ckirsch
Newbie
*
Offline Offline

Posts: 10


View Profile
« Reply #5 on: November 11, 2010, 04:36:43 PM »
BTW - for full disclosure: I work for Rapid7, the company behind the Metasploit Project and the commercial editions of Metasploit.

Chris
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.078 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Free Business and Tech Magazines and eBooks

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.