Penetration Testing mailing list archives
RE: documentation/snapshot tool for pentest
From: "Benjamin Tomhave" <falcon () cybersecret com>
Date: Mon, 8 Apr 2002 21:44:30 -0600
I can see value in some sort of checksum/file list "snapshot" tool for quick assessments, since some scans attempt to place or manipulate files and it can be time-consuming to go back and check a large number of systems for "proof of vulnerability", especially if one were working for, say, a Big 5 consulting firm that insisted on cutting the number of hours for the annual audit each year. :) Is there a whole lot of value in this? Maybe not. But, it would at least provide a less time-consuming method for validating vuln. scans using automagical tools. Perhaps some derivation of tripwire/sim. would do the trick? Something that could do a very fast indexing of specific key directories (\\winnt, IIS home, apache home, etc) and create checksums for later comparison. -----Original Message----- From: Drew [mailto:simonis () myself com] Sent: Monday, April 08, 2002 7:49 AM To: 'pen-test () securityfocus com' Subject: Re: documentation/snapshot tool for pentest Siebenkaes Stefan wrote:
Hi, I am doing a lot of "pen tests" (in better words: port scans), mostly on web-servers. The tests are not very deep, but I have to scan a lot of servers. I do that with nessus and a host list. Actually I am looking for a tool to do a snapshot of any webserver before and after the scans, including the browser-frames and menus, as an enduser view (NOT my idea). I am scripting a lot and it gives me a pain... Is there any documentation tool for "here is the hostlist, take a webbrowser-snapshot and put it into a filesystem/database/..." ???
I would look into rolling your own with something like Perl and the LWP family of modules, but I find it hard to imagine a need to look at the static content of a website. Much more interesting, as you probably know, is the behavior of the dynamic stuff in the site. Seems you may have misguided management. It might be more beneficial to spend the energy level setting as opposed to bowing to such odd requests.
Well, the reports with an actual snapshot of a tested website really look cool and give you a great lobby in meetings with management, I underestimated that for a long time... (INCLUDING the "was it still OK after the scan"-question :-) Any hints appreciated,
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- documentation/snapshot tool for pentest Siebenkaes Stefan (Apr 06)
- Re: documentation/snapshot tool for pentest Drew (Apr 08)
- RE: documentation/snapshot tool for pentest Benjamin Tomhave (Apr 09)
- Re: documentation/snapshot tool for pentest Drew (Apr 08)