Penetration Testing mailing list archives
Tools to use for Penetration Testing?
From: christopher.riley () r-it at
Date: Thu, 11 Sep 2008 08:49:05 +0200
It's hard to give a list of definitive tools because the base toolset is so large and always changing. I'd say the best bet would be to become familiar with Linux and the built in tools (i.e. Netcat, tcpdump, etc) before moving onto things like Nessus/openVAS and maybe Metasploit (once you understand what the exploits do). Spending some time understanding the underlying protocols stack and how DNS, TCP/UDP, ICMP work helps a lot as well (playing about with HPING and tcpdump helps to learn this as you can send packets and see what goes out and comes back in). Also check out the various methodologies to get an overview on the penetration testing process (OSSTMM or NIST 800-42 for example). http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html is also a good resource. Chris pen-test-return-1078487087 () securityfocus com Gesendet von: listbounce () securityfocus com 11.09.2008 01:34 An pen-test () securityfocus com Kopie Thema Tools to use for Penetration Testing? Hello I am interested in getting started as a white hat hacker/pen tester. I would like to know what tools I should get familiar with, and be able to use to be a pen-tester. I only know of a few at the moment, and of them, I only use 2 (NMap and Wireshark). Can I please receive recommendations on tools to use? Thanks in advance, Chip Panarchy PS: I am currently in training towards my CCNA and (maybe) MCSE. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------ ---------------------------------------- Raiffeisen Informatik GmbH, Firmenbuchnr. 88239p, Handelsgericht Wien, DVR 0486809, UID ATU 16351908 Der Austausch von Nachrichten mit oben angefuehrtem Absender via E-Mail dient ausschliesslich Informationszwecken. Rechtsgeschaeftliche Erklaerungen duerfen ueber dieses Medium nicht ausgetauscht werden. Correspondence with above mentioned sender via e-mail is only for information purposes. This medium may not be used for exchange of legally-binding communications. ---------------------------------------- ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Re: Tools to use for Penetration Testing?, (continued)
- Message not available
- Re: Tools to use for Penetration Testing? Chip Panarchy (Sep 12)
- RE: Tools to use for Penetration Testing? Shenk, Jerry A (Sep 13)
- Re: Tools to use for Penetration Testing? J. Oquendo (Sep 14)
- Message not available