Security Basics mailing list archives
RE: Automated penetration test
From: <leegarner () dive-shield com>
Date: Thu, 2 Apr 2009 22:06:42 +0100
I do hope that you are a newbie.. If you are not going to use a coded script that you have done your self and you need it done for you then there are so many commercially built testing tools that will give a report at the end for you. Bt 3 you can soft script to do what ever you need it to do. Penetration testing, but no one would want to hack my network.. Penetration testing is the act of viewing your network as a target, with each computer being the prey of an attack. With penetration testing you discover and exploit vulnerabilities and see how far we can get into your network. An engagement can take on differing perspectives (Modem, Wireless, External, Internal, Role based, or Social engineering tests etc). you must find the vulnerabilities in your environment, exploit them, and show you how to remediate these problems. But make sure your client or boss understands that a test is not just the internal lan its the whole network an thats to included external, wireless, web, and the building as well as users. There are a number of good standards and guidelines in relation to information security in general, for penetration tests in particular, and for the storage of certain types of data. Any provider chosen should at least have a working knowledge of these standards and would ideally be exceeding their recommendations. Notable organizations and standards include: OSSTMM, CHECK and OWASP to name just a few of the list. Just make sure you follow a plan and go thou your plan and keep full documents and build the reports as you go Lee garner Security person -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of >p3dRø< Sent: Wednesday, April 01, 2009 6:29 PM To: security-basics () securityfocus com Subject: Automated penetration test Hello, I need to make an automated penetration test in a network. I always find tutorials about one especific exploit, in metasploit framework, for example. I need a tutorial for automated test with all the exploits as possible just especifying the subnet, for example 192.168.1.0/24. I mean, is there a program that could do this? : ./program -allexploits 192.168.1.0/24 or in few steps do that ? (text mode, web? ) The tool doesn\'t matter: backtrack, metasploit, but I need to launch the automated penetration test as I mentioned. Someone knows a good tutorial or link about that ? Thanks in advance, Pedro ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute No time or budget for traveling to a training course in this fiscal year? Check out the online information security courses available at InfoSec Institute. More than a boring "talking head", train in our virtual labs for a total hands-on training experience. Get the certs you need: CEH, CPT, CEPT, CISA, CISSP, CISM http://www.infosecinstitute.com/request_online_training.html ------------------------------------------------------------------------ No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.0.238 / Virus Database: 270.11.37/2036 - Release Date: 04/02/09 06:09:00 ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute No time or budget for traveling to a training course in this fiscal year? Check out the online information security courses available at InfoSec Institute. More than a boring "talking head", train in our virtual labs for a total hands-on training experience. Get the certs you need: CEH, CPT, CEPT, CISA, CISSP, CISM http://www.infosecinstitute.com/request_online_training.html ------------------------------------------------------------------------
Current thread:
- Automated penetration test p3dRø (Apr 02)
- RE: Automated penetration test David Gillett (Apr 03)
- RE: Automated penetration test Rui Pereira (WCG) (Apr 03)
- RE: Automated penetration test leegarner (Apr 03)
- Re: Automated penetration test Nikhil Wagholikar (Apr 03)
- Re: Automated penetration test Nicholas Harvey (Apr 03)
- <Possible follow-ups>
- Automated penetration test p3dRø (Apr 02)
- Re: Automated penetration test Abhishek Kumar (Apr 03)
- Re: Automated penetration test τ∂υƒιφ * (Apr 03)
- Re: Automated penetration test Sujit Ghosal (Apr 03)
- Re: Re: Automated penetration test jeevanullas (Apr 20)
- RE: Automated penetration test David Gillett (Apr 03)