Also, Saint is supposed to be half way decent and tie in tightly to their exploitation framework but I have only "demo'ed" that product - I never used it.Ĭobalt Strike isn't an exploitation framework and it doesn't do vulnerability scanning, it's a C2 orchestration framework. On a scanner note, I kind of like Eeye's (Beyond secure now) you can sync it up w/ metasploit and "click-to-exploit" (a feature I wish Nessus had). If you want to add more web testing I would try Netsparker or Accunetix those on top of the Burp Pro you have would be a good set. Note these are mainly network/system focused and not so much web focused. From there I would move to Coblat Strike, Meta pro, and lastly if money is rolling in Core. Also w/ canvas depending on your needs you could get some of 0-day packs to augment the tool (I have never used them). IMHO you can get pretty far w/ metaploit (free) and canvas (note they will have a lot of duplication but Canvas will have exploits not in Metasploit. The cost was the reason we switched to Canvas (only a few grand) - it wasn't as mature but just as good. I have used Core a long time ago, to me it was a good product, and I believe it still is, but in my opinion it is very hard to justify the expense when there are other tools that are near as good for a fraction of the cost.
0 Comments
Leave a Reply. |