February 03, 2014
Starting at $203 for a one-IP license.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Virtual machine makes deployment easy, high-gain antenna for Wi-Fi cracking.
- Weaknesses: Can be expensive.
- Verdict: This tool keeps getting better and better. If you can afford the cost, this one may be for you.
A couple of years ago, we saw the Penetrator from SecPoint in its first iteration. Back then it came as a small Dell computer running some form of Linux loaded with a bunch of vulnerability scanning and penetration features. We found it was a great product in concept, but it needed a lot of polish to compete amongst the high-end penetration testing tools. With this new version, we have started to see that polish and this product is looking pretty good. First and foremost, SecPoint has ditched the clunky hardware in favor of a virtual machine that can be run in VMware or Microsoft Hyper-V. Second, the company has added a large, high-gain Wi-Fi antenna for wireless penetration testing. More on all that later.
As for setup, we found the process to be much more smooth than in the previous version. The virtual machine comes loaded on a DVD packed into a two-part zip file. Depending on deployment needs, once unzipped, the virtual machine can be easily loaded using VMware Player, VMware Workstation, VMware vSphere or Microsoft Hyper-V. We chose to simply run the virtual machine in VMware Player on one of our Windows 7 lab machines. It took us no time at all to get the virtual machine up and running, and once it was booted we were greeted with a cleanly displayed setup desktop that had all the tools and components of the Penetrator ready to go.
We found this product to be quite easy to use overall and to have a comprehensive feature set. The scanning engine includes several pre-defined scanning options, such as a normal scan, extended scan or firewall scan among others, and reports can be easily exported in several formats, including PDF and XML. On top of the network scanning capability, the Penetrator comes ready for Wi-Fi encryption cracking and key recovery. Supplied with the software is a high-gain Wi-Fi antenna that can be easily connected to the virtual machine for integration into the Wi-Fi scanning and cracking application. This can be used against WEP, WPA, WPA2 and WPS encryption modes.
Documentation for this solution included an installation guide, full user manual and a few other pieces of supplemental documentation for the Wi-Fi components. The installation guide provided an excellent amount of detail on how to deploy the virtual machine and get the Penetrator up and running, and the user manual provides complete in-depth configuration and feature usage information. We found all documentation to be well-organized and easy to follow with clear, step-by-step instructions, screen shots and configuration examples.
SecPoint offers 24/7 email- and web-based live chat support as part of the product price. Customers also have access to a small assistance area on the website, which includes product documentation downloads, a knowledge base, user forum and training videos.
At a price starting at just over $200 for a single IP license, this product comes with quite the price tag. However, we find the SecPoint Penetrator to be an overall good value for the money based on its ease of use and flexible deployment options on top of a well-rounded feature set. Despite the cost, this is a solid product.
Sign up to our newsletters
SC Magazine Articles
- Microsoft report explores dangers of running expired security software
- Survey: real-time SIEM solutions help orgs detect attacks within minutes
- Vulnerabilities identified in three Advantech products
- Android malware 'NotCompatible' evolves, spawns resilient botnet
- State Department hack may be tied to White House network breach
- Operators disable firewall features to increase network performance, survey finds
- Waste no time patching Windows Schannel, OLE bugs, experts warn
- Study: 68 percent of healthcare breaches caused by loss or theft of devices, files
- Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes
- Upping the ante: PCI Security Standard
- Study: Third of employees use company devices for social media and online shopping
- 'DoubleDirect' MitM attack affects iOS, Android and OS X users
- Swedish appeals court nixes Assange's plea
- Critical XSS vulnerability addressed in WordPress
- The Internet of Things (IoT) will fail if security has no context