February 03, 2014
Starting at $203 for a one-IP license.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Virtual machine makes deployment easy, high-gain antenna for Wi-Fi cracking.
- Weaknesses: Can be expensive.
- Verdict: This tool keeps getting better and better. If you can afford the cost, this one may be for you.
A couple of years ago, we saw the Penetrator from SecPoint in its first iteration. Back then it came as a small Dell computer running some form of Linux loaded with a bunch of vulnerability scanning and penetration features. We found it was a great product in concept, but it needed a lot of polish to compete amongst the high-end penetration testing tools. With this new version, we have started to see that polish and this product is looking pretty good. First and foremost, SecPoint has ditched the clunky hardware in favor of a virtual machine that can be run in VMware or Microsoft Hyper-V. Second, the company has added a large, high-gain Wi-Fi antenna for wireless penetration testing. More on all that later.
As for setup, we found the process to be much more smooth than in the previous version. The virtual machine comes loaded on a DVD packed into a two-part zip file. Depending on deployment needs, once unzipped, the virtual machine can be easily loaded using VMware Player, VMware Workstation, VMware vSphere or Microsoft Hyper-V. We chose to simply run the virtual machine in VMware Player on one of our Windows 7 lab machines. It took us no time at all to get the virtual machine up and running, and once it was booted we were greeted with a cleanly displayed setup desktop that had all the tools and components of the Penetrator ready to go.
We found this product to be quite easy to use overall and to have a comprehensive feature set. The scanning engine includes several pre-defined scanning options, such as a normal scan, extended scan or firewall scan among others, and reports can be easily exported in several formats, including PDF and XML. On top of the network scanning capability, the Penetrator comes ready for Wi-Fi encryption cracking and key recovery. Supplied with the software is a high-gain Wi-Fi antenna that can be easily connected to the virtual machine for integration into the Wi-Fi scanning and cracking application. This can be used against WEP, WPA, WPA2 and WPS encryption modes.
Documentation for this solution included an installation guide, full user manual and a few other pieces of supplemental documentation for the Wi-Fi components. The installation guide provided an excellent amount of detail on how to deploy the virtual machine and get the Penetrator up and running, and the user manual provides complete in-depth configuration and feature usage information. We found all documentation to be well-organized and easy to follow with clear, step-by-step instructions, screen shots and configuration examples.
SecPoint offers 24/7 email- and web-based live chat support as part of the product price. Customers also have access to a small assistance area on the website, which includes product documentation downloads, a knowledge base, user forum and training videos.
At a price starting at just over $200 for a single IP license, this product comes with quite the price tag. However, we find the SecPoint Penetrator to be an overall good value for the money based on its ease of use and flexible deployment options on top of a well-rounded feature set. Despite the cost, this is a solid product.
Sign up to our newsletters
SC Magazine Articles
- Long list of devices believed to be affected by NetUSB vulnerability
- Scammers target oil companies with sneaky attack
- CareFirst BlueCross BlueShield breached, more than one million individuals notified
- Study: Employees acknowledge risky security behavior, continue to engage in it
- Hack of airplane systems described in FBI docs raises security questions
- Hackers exploit Starbucks auto-reload feature to steal from customers
- Study: Nearly all SAP systems remain unpatched and vulnerable to attacks
- Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign
- Millions of WordPress websites vulnerable to XSS bug
- FireEye first cybersecurity firm awarded DHS SAFETY Act certification
- Thousands of Bellevue Hospital Center patients notified of data breach
- Study: 86 percent of websites contain at least one 'serious' vulnerability
- Investigation ongoing in reported multimillion member Adult FriendFinder breach
- Report: $19M breach settlement between MasterCard, Target terminated
- FTC gives thumbs up to companies that cooperate during breach probes