Penetration Testing mailing list archives
Re: Automated wireless testing script
From: Aarón Mizrachi <unmanarc () gmail com>
Date: Fri, 29 May 2009 03:41:59 -0430
On Jueves 28 Mayo 2009 15:23:13 subscribe subscribe escribió:
Thanks for your interest.. I wanted to ask you guys this. I'm a bit worried if my tool will cause me any legal problems incase it is misused.. Is GPL enough to protect me?
GPL does not protect you against legal problems derived of illegal use by third party... GPL protect your software freedom to copy, modify, redistribute, etc.... And protect your software from being reassembled with commercial pourporses ( GPL is viric ;-) ) ----------------- Im not a lawyer... It may depend on country, but this is my opinion: 1. You can put a disclaimer who advice the end user that should not be used for illegal pourporse. For many countries, this should be acceptable. 2. MANY software can be used for malicious pourporses... SSH could be used as a backdoor, Microsoft SMB protocol also..., aircrack-ng suite also could be used for malicious pourporses, inclusive, the linux popular command "rm" could be used for crime also, Nessus is a harmful tool that can be used also for criminal pourporses. So, your software also can be used for malicious pourporses... BUT. There is a fact, software like this one, can be used also for Pentesting (Ethical Hacking), and proof of concept. That is a legal pourporse. Ethical point of view: Your software is not exploiting a zero day, the full disclosure method are fulfilled, the vendor was adviced of WEP/WPA bugs and the time to patch this bugs is over. Nothing else to say. -------------- I released a software in the same situation on 2004. Was called, URCS... and was a RAT (Remote Admin Tool). URCS were designed with ethic, URCS does not hide their proccess, URCS have an authentication plataform, URCS also have an installer. URCS does not have any infection engines, URCS does not have also any method to prevent their hand removal, URCS activate logs by default with connection IP address, and commands executed. URCS was the first remote admin tool that used the star and tree topology with reverse connections. URCS were designed because in this time, my ISP used a big NAT, therefore, if i wanted to connect to my computer, URCS help me a lot. URCS were released opensource. I used URCS for legal pourporses like manage my home computers over NAT, and many of my users also used it for legal pourporses. But AV houses putted it on a blacklist and rated him as a trojan/backdoor... while some compilation of SSH and VNC servers, even Windows also can be used as a trojan/backdoor. On many discussions with AV houses, their argument were that my program can be used silently, but, my argument is that if you run the main program (not the installer), then, this program is not automatically installed, only oppened (like when you start an tftp service alone without installing it...).
2009/5/28 Renato Bovo Inácio <renatobovo () gmail com>:Very good, but where's the program to download? You can provide it with GPL. Regards, congratulations, On Thu, May 28, 2009 at 12:59 PM, subscribe subscribe <subscr1b3m3 () gmail com> wrote:Hi, Just recently I wrote a program for testing wireless security. The program automates another program called aircrack-ng. Will crack all wireless access point in one command. No need to type anything, just hit enter. Useful if you find it daunting to type commands while roaming around the client's premises during the wireless assessment. Check out the videos at: http://www.youtube.com/watch?v=aYWe4_zcY-I Please comment so I can make improvements before releasing it.. Thanks. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org -------------------------------------------------------------------------- ------------------------------------------ Renato Bovo Inácio CSO - Chief Security Officer ------------------------------------------ AVISO LEGAL Esta mensagem é exclusivamente para a pessoa do destinatário, podendo conter informações confidenciais ou legalmente protegidas. A transmissão incorreta da mensagem não acarreta a perda de sua confidencialidade. É vetado a qualquer pessoa que não seja destinatário usar, revelar, distribuir ou copiar qualquer parte desta mensagem. LEGAL WARNING This message is intended exclusively for its addressee. It may contain confidential or legally protected information. The incorrect transmission of this message does not mean the loss of its confidentiality. It is forbidden to any person who is not intended addressee to use, reveal, distribute, or copy any part of this message.------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
-- Ing. Aaron G. Mizrachi P. http://www.unmanarc.com Mobil 1: + 58 416-6143543 Mobil 2: + 58 424-2412503 BBPIN: 0x 247066C1
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- Re: Automated wireless testing script subscribe subscribe (May 28)
- Re: Automated wireless testing script Ramiro Caire (May 28)
- Re: Automated wireless testing script subscribe subscribe (May 28)
- Message not available
- Re: Automated wireless testing script subscribe subscribe (May 28)
- Re: Automated wireless testing script Ramiro Caire (May 28)
- Message not available
- Re: Automated wireless testing script subscribe subscribe (May 28)
- Re: Automated wireless testing script Aarón Mizrachi (May 29)
- Re: Automated wireless testing script subscribe subscribe (May 28)
- Message not available
- Re: Automated wireless testing script subscribe subscribe (May 29)
- <Possible follow-ups>
- RE: Automated wireless testing script Darren (May 31)