Solved

Penetration Test Appliance

Posted on 2013-06-19
2
474 Views
Last Modified: 2013-07-02
Hello,
we search for a Appliance to secure our Environment. Have you any references for this. Wich Appliance is the best for our points.

* Seurity OS (Hotfixes and so on)
* Exploits
* Opened Ports
* Standard Passwords (Rainbowtable?)
* Networkshares
* Reporting vs. autom. Reporting via eMail
* perhaps you have any other Points vs. Ideas

In the last Weeks we tested Greenbone Appliance, but we search for Alternatives for Validation.

Thank you !

Elmar
0
Comment
Question by:Elmar-H
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 25

Assisted Solution

by:Zephyr ICT
Zephyr ICT earned 250 total points
ID: 39258791
Hi,

I wish I could say these all-in-one solutions exist, though there are quite a few that come close, all of them will not give you everything you might need, but they will come darn close.

The thing is, with penetration testing, there are so much factors to take into account, that one tool might not do all the tests you need.

I don't want to digress too much, here are some great tools that can do much of what you like to test, I've used most of them and they all have their pro's and cons... Like I said, it's not just about one tool:

- Metasploit: http://www.metasploit.com/ (very good tool)
- Retina Network Security Scanner: http://www.beyondtrust.com/Products/RetinaNetworkSecurityScanner/
- Nessus: http://www.tenable.com/products/nessus
- nmap: http://nmap.org/

You could also think about integrating an IDS into your network (like snort for example)... That is also a valuable tool.
0
 
LVL 25

Accepted Solution

by:
madunix earned 250 total points
ID: 39259199
Actually I use Backtrack + Meta for vulnerability

1.      Nessus (Linux if you can) http://www.nessus.org/nessus/
2.      Nikto (Linux) http://www.cirt.net/nikto2
3.      Paros proxy (Linux if you can) http://www.parosproxy.org/index.shtml
4.      Ike-scan (Linux) http://www.nta-monitor.com/tools/ike-scan/
5.      SARA (Security Auditor's Research Assistant) (Linux) http://www-arc.com/sara/
6.      MBSA (discutable) http://technet.microsoft.com/en-us/security/cc184923.aspx
7.      Meta http://www.metasploit.com/
8.      http://www-01.ibm.com/software/awdtools/appscan/

Also find attached the following links (Network-,Website-,Database- and Distributed-Scanner)
http://www.securitywizardry.com/index.php/products/scanning-products/network-scanners.html
http://www.securitywizardry.com/index.php/products/scanning-products/website-scanners.html
http://www.securitywizardry.com/index.php/products/scanning-products/database-scanners.html
http://www.securitywizardry.com/index.php/products/scanning-products/distributed-scanners.html
http://en.wikipedia.org/wiki/BackTrack
http://www.linux-magazine.com/w3/issue/77/BackTrack.pdf



You could look at http://projects.webappsec.org/Web-Application-Security-Scanner-List


Commercial Tools:
----------------------
Acunetix WVS by Acunetix
AppScan by IBM
Burp Suite Professional by PortSwigger
Hailstorm by Cenzic
N-Stalker by N-Stalker
Nessus by Tenable Network Security
NetSparker by Mavituna Security
NeXpose by Rapid7
NTOSpider by NTObjectives
ParosPro by MileSCAN Technologies
Retina Web Security Scanner by eEye Digital Security
WebApp360 by nCircle
WebInspect by HP
WebKing by Parasoft
Websecurify by GNUCITIZEN




 
Software-as-a-Service Providers:
------------------------------------------
AppScan OnDemand by IBM
ClickToSecure by Cenzic
QualysGuard Web Application Scanning by Qualys
Sentinel by WhiteHat
Veracode Web Application Security by Veracode
VUPEN Web Application Security Scanner by VUPEN Security
WebInspect by HP
WebScanService by Elanize KG



Free / Open Source Tools:
-------------------------------
Arachni by Tasos Laskos
Grabber by Romain Gaucher
Grendel-Scan by David Byrne and Eric Duprey
Paros by Chinotec
Andiparos
Zed Attack Proxy
Powerfuzzer by Marcin Kozlowski
SecurityQA Toolbar by iSEC Partners
Skipfish by Michal Zalewski
W3AF by Andres Riancho
Wapiti by Nicolas Surribas
Watcher by Casaba Security
WATOBO by siberas
Websecurify by GNUCITIZEN
Zero Day Scan
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

OnPage: Incident management and secure messaging on your smartphone
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question