Solved

Penetration Test Appliance

Posted on 2013-06-19
2
465 Views
Last Modified: 2013-07-02
Hello,
we search for a Appliance to secure our Environment. Have you any references for this. Wich Appliance is the best for our points.

* Seurity OS (Hotfixes and so on)
* Exploits
* Opened Ports
* Standard Passwords (Rainbowtable?)
* Networkshares
* Reporting vs. autom. Reporting via eMail
* perhaps you have any other Points vs. Ideas

In the last Weeks we tested Greenbone Appliance, but we search for Alternatives for Validation.

Thank you !

Elmar
0
Comment
Question by:Elmar-H
2 Comments
 
LVL 25

Assisted Solution

by:Zephyr ICT
Zephyr ICT earned 250 total points
ID: 39258791
Hi,

I wish I could say these all-in-one solutions exist, though there are quite a few that come close, all of them will not give you everything you might need, but they will come darn close.

The thing is, with penetration testing, there are so much factors to take into account, that one tool might not do all the tests you need.

I don't want to digress too much, here are some great tools that can do much of what you like to test, I've used most of them and they all have their pro's and cons... Like I said, it's not just about one tool:

- Metasploit: http://www.metasploit.com/ (very good tool)
- Retina Network Security Scanner: http://www.beyondtrust.com/Products/RetinaNetworkSecurityScanner/
- Nessus: http://www.tenable.com/products/nessus
- nmap: http://nmap.org/

You could also think about integrating an IDS into your network (like snort for example)... That is also a valuable tool.
0
 
LVL 25

Accepted Solution

by:
madunix earned 250 total points
ID: 39259199
Actually I use Backtrack + Meta for vulnerability

1.      Nessus (Linux if you can) http://www.nessus.org/nessus/
2.      Nikto (Linux) http://www.cirt.net/nikto2
3.      Paros proxy (Linux if you can) http://www.parosproxy.org/index.shtml
4.      Ike-scan (Linux) http://www.nta-monitor.com/tools/ike-scan/
5.      SARA (Security Auditor's Research Assistant) (Linux) http://www-arc.com/sara/
6.      MBSA (discutable) http://technet.microsoft.com/en-us/security/cc184923.aspx
7.      Meta http://www.metasploit.com/
8.      http://www-01.ibm.com/software/awdtools/appscan/

Also find attached the following links (Network-,Website-,Database- and Distributed-Scanner)
http://www.securitywizardry.com/index.php/products/scanning-products/network-scanners.html
http://www.securitywizardry.com/index.php/products/scanning-products/website-scanners.html
http://www.securitywizardry.com/index.php/products/scanning-products/database-scanners.html
http://www.securitywizardry.com/index.php/products/scanning-products/distributed-scanners.html
http://en.wikipedia.org/wiki/BackTrack
http://www.linux-magazine.com/w3/issue/77/BackTrack.pdf



You could look at http://projects.webappsec.org/Web-Application-Security-Scanner-List


Commercial Tools:
----------------------
Acunetix WVS by Acunetix
AppScan by IBM
Burp Suite Professional by PortSwigger
Hailstorm by Cenzic
N-Stalker by N-Stalker
Nessus by Tenable Network Security
NetSparker by Mavituna Security
NeXpose by Rapid7
NTOSpider by NTObjectives
ParosPro by MileSCAN Technologies
Retina Web Security Scanner by eEye Digital Security
WebApp360 by nCircle
WebInspect by HP
WebKing by Parasoft
Websecurify by GNUCITIZEN




 
Software-as-a-Service Providers:
------------------------------------------
AppScan OnDemand by IBM
ClickToSecure by Cenzic
QualysGuard Web Application Scanning by Qualys
Sentinel by WhiteHat
Veracode Web Application Security by Veracode
VUPEN Web Application Security Scanner by VUPEN Security
WebInspect by HP
WebScanService by Elanize KG



Free / Open Source Tools:
-------------------------------
Arachni by Tasos Laskos
Grabber by Romain Gaucher
Grendel-Scan by David Byrne and Eric Duprey
Paros by Chinotec
Andiparos
Zed Attack Proxy
Powerfuzzer by Marcin Kozlowski
SecurityQA Toolbar by iSEC Partners
Skipfish by Michal Zalewski
W3AF by Andres Riancho
Wapiti by Nicolas Surribas
Watcher by Casaba Security
WATOBO by siberas
Websecurify by GNUCITIZEN
Zero Day Scan
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now