Security Basics mailing list archives
Vulnerabilty Assessment & Whisker Doubts
From: kaps lock <secnerdkaps () yahoo com>
Date: Sat, 15 Jan 2005 14:06:28 -0800 (PST)
Hi all, Am right now trying to design a VA/penetration testing lab at work and looking into various options tools that are available and the procedures to follow ,follwoing are the things i have outlined ....please add on whatever you feel is imporant and i have missed out: Get acquainted with Client Network Google Hacking Arin getting names from email bouncing DNS Finger printing and using dig for trying ZONE TRANSFERS OR cash poisioning vulnerabilties. get on with your NMAP and finding open ports/and perform some OS Fingerprinting. Now for Vulnerabilty detection on open ports .... Nessus NessusWX?? NeWT--->>>does it have a linux version too to download?? which is better Now the gray area where i am wanting to use all open source web application testing tools: 1) Whisker--->could anybody point me to a good documentation on its usage,wiretrip doesnt have it ,if any link for command usage you could share I wil highly appreciate it. 2)Nikto.... Other Aspects would be social engineering... checking out physical security...war dialing ,dumpster driving... Basically I would like to know what are the best open source scanners/tools/Vulnerabilty DETECTION Tools i could use to make my kit complete and as good as one Qualys uses. thanks in advance. a real sec nerd :) __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Current thread:
- Web Application Scanners Leon Rosenstein (Jan 12)
- <Possible follow-ups>
- Re: Web Application Scanners Bit Rider (Jan 14)
- Re: Web Application Scanners kaps lock (Jan 17)
- Vulnerabilty Assessment & Whisker Doubts kaps lock (Jan 17)
- Re: Vulnerabilty Assessment & Whisker Doubts Hamid . K (Jan 19)
- Re: Web Application Scanners Tom Stracener (Jan 18)