?
Solved

Penetration Test Appliance

Posted on 2013-06-19
2
Medium Priority
?
502 Views
Last Modified: 2013-07-02
Hello,
we search for a Appliance to secure our Environment. Have you any references for this. Wich Appliance is the best for our points.

* Seurity OS (Hotfixes and so on)
* Exploits
* Opened Ports
* Standard Passwords (Rainbowtable?)
* Networkshares
* Reporting vs. autom. Reporting via eMail
* perhaps you have any other Points vs. Ideas

In the last Weeks we tested Greenbone Appliance, but we search for Alternatives for Validation.

Thank you !

Elmar
0
Comment
Question by:Elmar Koschka
2 Comments
 
LVL 25

Assisted Solution

by:Zephyr ICT
Zephyr ICT earned 1000 total points
ID: 39258791
Hi,

I wish I could say these all-in-one solutions exist, though there are quite a few that come close, all of them will not give you everything you might need, but they will come darn close.

The thing is, with penetration testing, there are so much factors to take into account, that one tool might not do all the tests you need.

I don't want to digress too much, here are some great tools that can do much of what you like to test, I've used most of them and they all have their pro's and cons... Like I said, it's not just about one tool:

- Metasploit: http://www.metasploit.com/ (very good tool)
- Retina Network Security Scanner: http://www.beyondtrust.com/Products/RetinaNetworkSecurityScanner/
- Nessus: http://www.tenable.com/products/nessus
- nmap: http://nmap.org/

You could also think about integrating an IDS into your network (like snort for example)... That is also a valuable tool.
0
 
LVL 25

Accepted Solution

by:
madunix earned 1000 total points
ID: 39259199
Actually I use Backtrack + Meta for vulnerability

1.      Nessus (Linux if you can) http://www.nessus.org/nessus/
2.      Nikto (Linux) http://www.cirt.net/nikto2
3.      Paros proxy (Linux if you can) http://www.parosproxy.org/index.shtml
4.      Ike-scan (Linux) http://www.nta-monitor.com/tools/ike-scan/
5.      SARA (Security Auditor's Research Assistant) (Linux) http://www-arc.com/sara/
6.      MBSA (discutable) http://technet.microsoft.com/en-us/security/cc184923.aspx
7.      Meta http://www.metasploit.com/
8.      http://www-01.ibm.com/software/awdtools/appscan/

Also find attached the following links (Network-,Website-,Database- and Distributed-Scanner)
http://www.securitywizardry.com/index.php/products/scanning-products/network-scanners.html
http://www.securitywizardry.com/index.php/products/scanning-products/website-scanners.html
http://www.securitywizardry.com/index.php/products/scanning-products/database-scanners.html
http://www.securitywizardry.com/index.php/products/scanning-products/distributed-scanners.html
http://en.wikipedia.org/wiki/BackTrack
http://www.linux-magazine.com/w3/issue/77/BackTrack.pdf



You could look at http://projects.webappsec.org/Web-Application-Security-Scanner-List


Commercial Tools:
----------------------
Acunetix WVS by Acunetix
AppScan by IBM
Burp Suite Professional by PortSwigger
Hailstorm by Cenzic
N-Stalker by N-Stalker
Nessus by Tenable Network Security
NetSparker by Mavituna Security
NeXpose by Rapid7
NTOSpider by NTObjectives
ParosPro by MileSCAN Technologies
Retina Web Security Scanner by eEye Digital Security
WebApp360 by nCircle
WebInspect by HP
WebKing by Parasoft
Websecurify by GNUCITIZEN




 
Software-as-a-Service Providers:
------------------------------------------
AppScan OnDemand by IBM
ClickToSecure by Cenzic
QualysGuard Web Application Scanning by Qualys
Sentinel by WhiteHat
Veracode Web Application Security by Veracode
VUPEN Web Application Security Scanner by VUPEN Security
WebInspect by HP
WebScanService by Elanize KG



Free / Open Source Tools:
-------------------------------
Arachni by Tasos Laskos
Grabber by Romain Gaucher
Grendel-Scan by David Byrne and Eric Duprey
Paros by Chinotec
Andiparos
Zed Attack Proxy
Powerfuzzer by Marcin Kozlowski
SecurityQA Toolbar by iSEC Partners
Skipfish by Michal Zalewski
W3AF by Andres Riancho
Wapiti by Nicolas Surribas
Watcher by Casaba Security
WATOBO by siberas
Websecurify by GNUCITIZEN
Zero Day Scan
0

Featured Post

The Growing Need for Data Analysts

As the amount of data rapidly increases in our world, so does the need for qualified data analysts. WGU's MS in Data Analytics and maximize your leadership opportunities as a data engineer, business analyst, information research scientist, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Still wondering grappling over to strengthen your password, worry no more. Choose a Strong Passphrase instead though second factor is highly recommended. Read on more on the how-to and tips to enhance your "password" using easier to remember passphr…
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question