RE: Automated penetration test

["Rui Pereira (WCG)" <wavefront1 () shaw ca>]

No,

There are tools that would do that (autopwn). Metasploit Framework itself
has that capability (sort of) - see
http://blog.metasploit.com/2006/09/metasploit-30-automated-exploitation.html
and http://digg.com/d18BYD. Fast-Track in BT3 has menus for this and more
(see also https://www.securestate.com/Pages/Fast-Track.aspx). 

Also look at SAINTExploit (some $)
http://www.saintcorporation.com/products/penetration_testing/saint_exploit.h
tml 

Core Impact ($$$) has similar functionality and is far easier to use (GUI). 

There may be others but these are the ones I am familiar with.

Thank You
 
Rui Pereira,B.Sc.(Hons),CIPS ISP,CISSP,CISA,CWNA/CWSP,CPTS/CPTE
Principal Consultant
WaveFront Consulting Group
 
wavefront1 (at) shaw.ca | www.wavefrontcg.com | ....
 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of David Gillett
Sent: April 2, 2009 11:52 AM
To: p.valera () pucp edu pe; security-basics () securityfocus com
Subject: RE: Automated penetration test

  That's not a "penetration test".  That's a "vulnerability scan", 
and if you Google on "vulnerability scanners" you'll have lots to
choose from.

David Gillett
 

> -----Original Message-----
> From: >p3dRø< [mailto:p.valera () pucp edu pe] 
> Sent: Wednesday, April 01, 2009 10:29 AM
> To: security-basics () securityfocus com
> Subject: Automated penetration test
>
>
>
> Hello,
>
> I need to make an automated penetration test in a network. 
>
> I always find tutorials about one especific exploit, in 
> metasploit framework, for example. I need a tutorial for 
> automated test with all the exploits as possible just 
> especifying the subnet, for example 192.168.1.0/24. I mean, 
> is there a program that could do this? :
>
> ./program -allexploits 192.168.1.0/24
>
> or in few steps do that ? (text mode, web? )
>
> The tool doesn\'t matter: backtrack, metasploit, but I need 
> to launch the automated penetration test as I mentioned. 
>
> Someone knows a good tutorial or link about that ?
>
> Thanks in advance,
> Pedro 
>          
>
>
> --------------------------------------------------------------
> ----------
> This list is sponsored by: InfoSec Institute
>
> No time or budget for traveling to a training course in this 
> fiscal year? Check out the online information security 
> courses available at InfoSec Institute. More than a boring 
> "talking head", train in our virtual labs for a total 
> hands-on training experience. Get the certs you need: CEH, 
> CPT, CEPT, CISA, CISSP, CISM
>
> http://www.infosecinstitute.com/request_online_training.html
> --------------------------------------------------------------
> ----------

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

No time or budget for traveling to a training course in this fiscal year?
Check out the online information security courses available at InfoSec
Institute. More than a boring "talking head", train in our virtual labs for
a total hands-on training experience. Get the certs you need: CEH, CPT,
CEPT, CISA, CISSP, CISM

http://www.infosecinstitute.com/request_online_training.html
------------------------------------------------------------------------

No virus found in this incoming message.
Checked by AVG - www.avg.com 
Version: 8.0.238 / Virus Database: 270.11.35/2033 - Release Date: 04/02/09
19:07:00


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

No time or budget for traveling to a training course in this fiscal year? Check out the online information security 
courses available at InfoSec Institute. More than a boring "talking head", train in our virtual labs for a total 
hands-on training experience. Get the certs you need: CEH, CPT, CEPT, CISA, CISSP, CISM

http://www.infosecinstitute.com/request_online_training.html
------------------------------------------------------------------------