Re: Vulnerabilty Assessment & Whisker Doubts

["Hamid . K" <elite_netbios () yahoo com>]

Hi

we already provided a near-complete assesment
framework
which also cover what you need. 
take a look at it 

http://www.oissg.org/content/view/108/1/



Hamid
--- kaps lock <secnerdkaps () yahoo com> wrote:

> Hi all,
> Am right now trying to design a VA/penetration
> testing
> lab at work and looking into various options tools
> that are available and the procedures to follow
> ,follwoing are the things i have outlined ....please
> add on whatever you feel is imporant and i have
> missed
> out:
>
> Get acquainted with Client Network
> Google Hacking
> Arin
> getting names from email bouncing
>
> DNS Finger printing and using dig for trying ZONE
> TRANSFERS OR cash poisioning vulnerabilties.
>
> get on with your NMAP and finding open ports/and
> perform some OS Fingerprinting.
>
> Now for Vulnerabilty detection on open ports ....
> Nessus
> NessusWX??
> NeWT--->>>does it have a linux version too to
> download??
> which is better
>
> Now the gray area where i am wanting to use all open
> source web application testing tools:
> 1) Whisker--->could anybody point me to a good
> documentation on its usage,wiretrip doesnt have it
> ,if
> any link for command usage you could share I wil
> highly appreciate it.
> 2)Nikto....
>
>
> Other Aspects would be social engineering...
> checking out physical security...war dialing
> ,dumpster
> driving...
>
>
> Basically I would like to know what are the best
> open
> source scanners/tools/Vulnerabilty DETECTION Tools i
> could use to make my kit complete and as good as one
> Qualys uses.
>
> thanks in advance.
> a real sec nerd :)
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam
> protection around 
> http://mail.yahoo.com 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com