Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Penetration Test Appliance

Posted on 2013-06-19
2
Medium Priority
?
489 Views
Last Modified: 2013-07-02
Hello,
we search for a Appliance to secure our Environment. Have you any references for this. Wich Appliance is the best for our points.

* Seurity OS (Hotfixes and so on)
* Exploits
* Opened Ports
* Standard Passwords (Rainbowtable?)
* Networkshares
* Reporting vs. autom. Reporting via eMail
* perhaps you have any other Points vs. Ideas

In the last Weeks we tested Greenbone Appliance, but we search for Alternatives for Validation.

Thank you !

Elmar
0
Comment
Question by:Elmar Koschka
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 25

Assisted Solution

by:Zephyr ICT
Zephyr ICT earned 1000 total points
ID: 39258791
Hi,

I wish I could say these all-in-one solutions exist, though there are quite a few that come close, all of them will not give you everything you might need, but they will come darn close.

The thing is, with penetration testing, there are so much factors to take into account, that one tool might not do all the tests you need.

I don't want to digress too much, here are some great tools that can do much of what you like to test, I've used most of them and they all have their pro's and cons... Like I said, it's not just about one tool:

- Metasploit: http://www.metasploit.com/ (very good tool)
- Retina Network Security Scanner: http://www.beyondtrust.com/Products/RetinaNetworkSecurityScanner/
- Nessus: http://www.tenable.com/products/nessus
- nmap: http://nmap.org/

You could also think about integrating an IDS into your network (like snort for example)... That is also a valuable tool.
0
 
LVL 25

Accepted Solution

by:
madunix earned 1000 total points
ID: 39259199
Actually I use Backtrack + Meta for vulnerability

1.      Nessus (Linux if you can) http://www.nessus.org/nessus/
2.      Nikto (Linux) http://www.cirt.net/nikto2
3.      Paros proxy (Linux if you can) http://www.parosproxy.org/index.shtml
4.      Ike-scan (Linux) http://www.nta-monitor.com/tools/ike-scan/
5.      SARA (Security Auditor's Research Assistant) (Linux) http://www-arc.com/sara/
6.      MBSA (discutable) http://technet.microsoft.com/en-us/security/cc184923.aspx
7.      Meta http://www.metasploit.com/
8.      http://www-01.ibm.com/software/awdtools/appscan/

Also find attached the following links (Network-,Website-,Database- and Distributed-Scanner)
http://www.securitywizardry.com/index.php/products/scanning-products/network-scanners.html
http://www.securitywizardry.com/index.php/products/scanning-products/website-scanners.html
http://www.securitywizardry.com/index.php/products/scanning-products/database-scanners.html
http://www.securitywizardry.com/index.php/products/scanning-products/distributed-scanners.html
http://en.wikipedia.org/wiki/BackTrack
http://www.linux-magazine.com/w3/issue/77/BackTrack.pdf



You could look at http://projects.webappsec.org/Web-Application-Security-Scanner-List


Commercial Tools:
----------------------
Acunetix WVS by Acunetix
AppScan by IBM
Burp Suite Professional by PortSwigger
Hailstorm by Cenzic
N-Stalker by N-Stalker
Nessus by Tenable Network Security
NetSparker by Mavituna Security
NeXpose by Rapid7
NTOSpider by NTObjectives
ParosPro by MileSCAN Technologies
Retina Web Security Scanner by eEye Digital Security
WebApp360 by nCircle
WebInspect by HP
WebKing by Parasoft
Websecurify by GNUCITIZEN




 
Software-as-a-Service Providers:
------------------------------------------
AppScan OnDemand by IBM
ClickToSecure by Cenzic
QualysGuard Web Application Scanning by Qualys
Sentinel by WhiteHat
Veracode Web Application Security by Veracode
VUPEN Web Application Security Scanner by VUPEN Security
WebInspect by HP
WebScanService by Elanize KG



Free / Open Source Tools:
-------------------------------
Arachni by Tasos Laskos
Grabber by Romain Gaucher
Grendel-Scan by David Byrne and Eric Duprey
Paros by Chinotec
Andiparos
Zed Attack Proxy
Powerfuzzer by Marcin Kozlowski
SecurityQA Toolbar by iSEC Partners
Skipfish by Michal Zalewski
W3AF by Andres Riancho
Wapiti by Nicolas Surribas
Watcher by Casaba Security
WATOBO by siberas
Websecurify by GNUCITIZEN
Zero Day Scan
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
What's worse than having your data encrypted by ransomware? Getting attacked by a so-called "wiper," which simply destroys the data and offers you no hope of ever seeing it again.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question