.

Comparison between different tools with different goals and price ranges

<<

dmarques

User avatar

Newbie
Newbie

Posts: 5

Joined: Thu Mar 28, 2013 8:56 am

Post Fri Mar 29, 2013 7:51 am

Comparison between different tools with different goals and price ranges

Hi,

We are now deciding some investments for this year and I have the chance to buy some new tools.
I've been looking around for the most known tools at least, but there's different goals and price ranges on them.
For example, I need a tool for web vulnerability scanning with some urgency.
From what I've read, Burp Suite and Acunetix seems good options.  But their price ranges are completely different.
So, does the major price difference really justifies for the additions on Acunetix?
Second question, spending a bit more than the Acunetix pricing for example, I could go into a more complete tool, like Metasploit Pro or Core Impact, but are they as good as Acunetix for web vulnerability scanning?

So any inputs are welcome so I can balance myself and make the best investment possible.

Thanks.
<<

Matthias2012

User avatar

Newbie
Newbie

Posts: 12

Joined: Mon Sep 17, 2012 3:08 pm

Location: Germany

Post Fri Mar 29, 2013 12:06 pm

Re: Comparison between different tools with different goals and price ranges

Hi,

if you not fixed on open source, have you also had an eye on the lan security scanner from GFI.com?
Afaik, you can download a trial version..

Regards
Matthias Dörfer
_______________________________________________________
eCPPT - C|EH - MCITP
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Fri Mar 29, 2013 5:04 pm

Re: Comparison between different tools with different goals and price ranges

Use/buy the tool that help you to do the job in the right way plus you feel comfortable use it.
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

m0wgli

User avatar

Sr. Member
Sr. Member

Posts: 308

Joined: Fri Jul 20, 2012 3:34 pm

Post Sat Mar 30, 2013 4:44 am

Re: Comparison between different tools with different goals and price ranges

Security + | OSWP | eCPPT (Silver & Gold) | CSTA
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Sun Mar 31, 2013 11:01 pm

Re: Comparison between different tools with different goals and price ranges

I hate Acunetix, I use Burp Pro for everything now.
<<

dmarques

User avatar

Newbie
Newbie

Posts: 5

Joined: Thu Mar 28, 2013 8:56 am

Post Sat Apr 06, 2013 4:45 pm

Re: Comparison between different tools with different goals and price ranges

Thanks for the inputs.
I did knew that report, but it's quite helpful.

From what I've seen from that study, Acunetix seems to be a bit better than Burp, but the price is 10 times more, so my question is does anyone think that Acunetix justifies that huge difference? 
Also, anyone uses both that can have some inputs?

Thanks
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Sat Apr 06, 2013 6:19 pm

Re: Comparison between different tools with different goals and price ranges

I completely disagree. Just gave Acunetix another shot this week on a client and hate it even more. Worst. Product. Ever.

If all you need are pretty reports with false positives, Acunetix is your tool.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Sat Apr 06, 2013 7:27 pm

Re: Comparison between different tools with different goals and price ranges

I pretty much use burp, all the time.  

Two reasons:

A.) Acunetix, with all it's bells and whistles, is costly and tends to be unreliable, from my experience (I second cd1zz on that)

B.)  Burp just WORKS, and works well / consistently.  I personally know no experienced and trustworthy pentesters, who would disagree.

I guess if you're prepared to cross-check every finding from Acunetix, using tools like burp, anyway, to validate the findings, having multiple tools is nice.  But if you can do without it, and get by without it, I'd stick to burp.

It's really the same with most of the GUI vuln tools, etc.  Sure, they're handy and faster, in many cases, than manual testing.  But they usually come with a hefty cost associated, and if I can show the same vulnerabilities using free tools, without having to cross-check findings, etc, then I prefer to save my time and money.

My 2 cents, anyway...
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Mon Apr 08, 2013 4:23 am

Re: Comparison between different tools with different goals and price ranges

I have always used burp suite and the paid version is worth the money. However if you looking for free alternative ZAP by OWASP is pretty good.
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er
<<

dmarques

User avatar

Newbie
Newbie

Posts: 5

Joined: Thu Mar 28, 2013 8:56 am

Post Mon Apr 08, 2013 12:21 pm

Re: Comparison between different tools with different goals and price ranges

Hi,

Thanks for the inputs.

I have also another question in mind.
We've been talking about web apps testing, but we also do network, client side, wireless testing, etc.
So one other option would be to go into a professional tool, like metasploit pro or core impact, that both do web apps also.
Of course the prices are even higher, but has anyone compared the web apps testing with tools like burp compared to metasploit pro or core impact?

Thanks
<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Tue Apr 09, 2013 3:24 am

Re: Comparison between different tools with different goals and price ranges

I never used them as a pro version but I guess it depends what your looking for but I don't think there is any tool that can do a job 100%. I find most tools that I use will find low hanging fruit but more advance SQL and XSS need manual work to exploit them.

There is another web tool that you can buy think its called web inspector.
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Tue Apr 09, 2013 6:39 am

Re: Comparison between different tools with different goals and price ranges

Burp is great and you can't go wrong with the price.

Some additional options (both free):

w3af - Web Application Attack and Audit Framework

arachni - Web Application Security Scanner Framework
<<

dmarques

User avatar

Newbie
Newbie

Posts: 5

Joined: Thu Mar 28, 2013 8:56 am

Post Tue Apr 09, 2013 7:07 am

Re: Comparison between different tools with different goals and price ranges

Yeah, I totally know that there's no bullet proof solution and no point and click on this area, but what I'm looking is for a major package and tool for web apps and for network also, that's why I mentioned Core Impact and Metasploit Pro.

And anyone has some thoughts on Core Impact vs Metasploit Pro?

Thanks
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Wed Apr 10, 2013 8:31 am

Re: Comparison between different tools with different goals and price ranges

They're both awesome for pen testing.  Core impact has exploits in it that are not public and Meta Pro can help automate large pentests, it is a phishing platform and does some other stuff. Not sure about web app scanning, I doubt it. That would be be creeping into their other product, Nexpose. I always turn the Nexpose spidering/scanning option off. In my opinion, web app scanners are only as good as the guy using it. Burp is the only option + someone who knows what they're doing.

For network, you need a good vuln scanner. I like Nexpose. However, there are a billion vulns that dont show up in a vuln scanner either. Again, it depends on the person driving. I guess what I'm saying is that you need multiple tools. Meta pro and core are expensive, the rest are not. What you give up in the pro, you can make up with old school metasploit.
<<

dmarques

User avatar

Newbie
Newbie

Posts: 5

Joined: Thu Mar 28, 2013 8:56 am

Post Wed Apr 10, 2013 8:48 am

Re: Comparison between different tools with different goals and price ranges

Hi,

I understand what you mean and that are good comments.
Thanks for the inputs.
Next

Return to Tools

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software