is it worth to buy core impact?
i m very interested in that project which is a fully automated penetration test software
but is it enough ? or we should still have manual penetration test on our servers ?
I am pretty confident that if you can't bother to at least use proper grammar and spell penetration test then you shouldn't be concerned with conducting them nor their associated costs.Originally Posted by SilverSpam
In addition Core Security has a website and trained professionals who not only can spell, but can advise you on this subject.
Not only that but (even though it is Monday) you are up for post of the week.
To be successful here you should read all of the following.
ForumRules
ForumFAQ
If you are new to Back|Track
Back|Track Wiki
Failure to do so will probably get your threads deleted or worse.
Yes hire/contract someone who is trained to perform your Vulnerability Assessments and Penetration Tests.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
I agree with thorin and archangel.amael. Get in a pro.
We use Core impact. It is a great tool, but has some real limitations that mean you cannot do a complete pen test with it. Even if you know it well. For example you can't use it to jump a Vlan, so it's already not a complete test (assuming you have vlans) It does not do wireless, although the next version out in a few weeks time will have. There is a huge list of things it cannot do, so it is far from a complete solution.
It's a great product but it is not a 'fully automate pene test'
In my opinion its a nice product (I like the way it neatly self documents stuff), but its far from complete enough for automated pen testing (even though Core claim otherwise), and its WAAAAAYYYY too expensive!
Oh, and it also means you have to use Windows during a Pen Test, which I always prefer to avoid - basically everything I use (apart from Acunetix WVS) runs on Linux and I like to minimise dual booting or starting up a VM where possible.
Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".
The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.
Yes , but is swiching between vlan dsiabled by core ? or its unable to do that ?
and about ,
is that because of vulnerabilities of windows ?have to use Windows during a Pen Test
or you only comfortable with open source os ?
No I can use Windows perfectly well - Its because I'm more comfortable in Linux. The OS is more flexible and the tools are more powerful, especially the shell and command line tools for text manipulation, which I use a LOT during a test. Plus having to move between environments is an extra hassle I'd prefer to do without.
Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".
The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.
I use Core Impact on a regular basis. Its a great tool. IMO its not enough to just buy an automated tool, that has limitations, without understanding the basics, or understanding what the tool is doing. It would be far from a complete pen-test if you are just using CI.
I might just have summed up every one else's posts... too early
CI is costly for sure, but does what it says. The latest Metasploit 3.3.1 excites me with its "-x"
Posting Permissions
