Open Source Assessment Tools vs. Pay For Tools

Wondering what IT security assessment tools you should pay for and which are okay to use from open source? See the take from Chris Roberts, the founder of One World Labs enterprise counter-intelligence agency.


Just heading back from a client site, again time on site was well spent, the team was able to breach just about everything we discovered with the exception of a couple of passwords that I think are still being cracked. It is a familiar scene, sitting on a plane working on notes and generally putting the documentation together???all from the tools that we’ve been using (and updating) for the last few years???only one of which is a ???paid??? tool.

However, this time I feel different, I have been playing with a community edition of MetaSploit and Nexpose (playing with being the main word here.) I like the tool, I like the interface and the ease at which you can just point and shoot it at an entire organization’s architecture (although Nexpose only allows 36 IP’s at a time to be scanned. More can be done with a large chunk of cash (more on that later) I like how I can just wander off, go talk with the client (instead of being hunched over the computer like a mad scientist) go get coffee, or sit there and pick the locks on the client’s nice shiny new doors.