Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] How to "break into" the Pen-Testing field

From: "Frasnelli, Dan" <dfrasnel () COREWAR COM>
Date: Sun, 10 Sep 2000 18:17:32 -0400
What would be the typical tool suite one would use on a Pen Test??


I assume you meant the usual network-based penetration test by that.
If you are asked to mess with a client's pbx/vmb, physical security,
employees, etc... there are other techniques or hardware involved.

Most penetration tests are conducted in two phases: exploration and
exploitation.
I recommend you tailor a software 'tool suite' with those as
guidelines.  Depending on your style, organizing tools this way may
or may not be efficient.
Below are examples biased towards Unix; perhaps an NT person has
suggestions for that platform.

Exploration and Analysis
- portscanners:
        nmap            (www.insecure.org)
- sniffers:
        tcpdump         (www.tcpdump.org)
        ngrep           (sourceforge.net/projects/ngrep)
        dsniff          (www.monkey.org/~dugsong/dsniff)
- vuln scanners:
        vlad            (razor.bindview.com/tools/)
        whisker         (sourceforge.net/projects/whisker)
- Samba, nbtscan, l0phtcrack & other tools for windows networks
- the inevitable custom code and scripts

Exploitation
- hunt                  (www.gncz.cz/kra/index.html)
- misc tools            (www.ussrback.com, www.packetfactory.net)
- whatever is current from packetstorm/ussrlabs/bugtraq/etc.
  for the targets.

This category is dynamic and typically contains unreleased
exploits, in-house code, etc.  Its also the attack phase which
causes most 'script kiddies' grief, as it requires a lot of creative
tweaking to avoid detection.

A portable computer and disc with various tools compiled for your platform
of choice is a good starting point for a network penetration kit.

-dan
Previous By Date Next
Previous By Thread Next

Current thread: