RE: Automated penetration test

[<leegarner () dive-shield com>]

I do hope that you are a newbie..

If you are not going to use a coded script that you have done your self and
you need it done for you then there are so many commercially built testing
tools that will give a report at the end for you.

Bt 3 you can soft script to do what ever you need it to do. 
“Penetration testing, but no one would want to hack my network”.. 

Penetration testing is the act of viewing your network as a target, with
each computer being the prey of an attack. With penetration testing you
discover and exploit vulnerabilities and see how far we can get into your
network. An engagement can take on differing perspectives (Modem, Wireless,
External, Internal, Role based, or Social engineering tests etc).  you must
find the vulnerabilities in your environment, exploit them, and show you how
to remediate these problems.
But make sure your client or boss understands that a test is not just the
internal lan it’s the whole network an that’s to included external,
wireless, web, and the building as well as users. 

There are a number of good standards and guidelines in relation to
information security in general, for penetration tests in particular, and
for the storage of certain types of data. Any provider chosen should at
least have a working knowledge of these standards and would ideally be
exceeding their recommendations. 

Notable organizations and standards include: 
OSSTMM, CHECK and OWASP to name just a few of the list.


Just make sure you follow a plan and go thou your plan and keep full
documents and build the reports as you go 


Lee garner
Security person


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of >p3dRø<
Sent: Wednesday, April 01, 2009 6:29 PM
To: security-basics () securityfocus com
Subject: Automated penetration test



Hello,

I need to make an automated penetration test in a network. 

I always find tutorials about one especific exploit, in metasploit
framework,
for example. I need a tutorial for automated test with all the exploits as
possible just especifying the subnet, for example 192.168.1.0/24. I mean, is
there a program that could do this? :

./program -allexploits 192.168.1.0/24

or in few steps do that ? (text mode, web? )

The tool doesn\'t matter: backtrack, metasploit, but I need to launch the
automated penetration test as I mentioned. 

Someone knows a good tutorial or link about that ?

Thanks in advance,
Pedro 
         


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

No time or budget for traveling to a training course in this fiscal year?
Check out the online information security courses available at InfoSec
Institute. More than a boring "talking head", train in our virtual labs for
a total hands-on training experience. Get the certs you need: CEH, CPT,
CEPT, CISA, CISSP, CISM

http://www.infosecinstitute.com/request_online_training.html
------------------------------------------------------------------------

No virus found in this incoming message.
Checked by AVG - www.avg.com 
Version: 8.0.238 / Virus Database: 270.11.37/2036 - Release Date: 04/02/09
06:09:00


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

No time or budget for traveling to a training course in this fiscal year? Check out the online information security 
courses available at InfoSec Institute. More than a boring "talking head", train in our virtual labs for a total 
hands-on training experience. Get the certs you need: CEH, CPT, CEPT, CISA, CISSP, CISM

http://www.infosecinstitute.com/request_online_training.html
------------------------------------------------------------------------