Re: [PEN-TEST] First step of a pen-test

[Max Vision <vision () WHITEHATS COM>]

On Wed, 20 Sep 2000, Loschiavo, Dave wrote:
> With checking out the website being a first step...
>
> Does anyone know if there is a tool that will comb through a website to pull
> nouns down into a dictionary file that you use for a customized dictionary
> attack specific to that company?
I've been doing this, creating custom attack dictionaries for each
penetration test, for several years.  Nothing complex - just spidering all
html and sorting all found strings (sans html markup, although those
strings are already in my base dictionary).  I use proprietary tools, but
you could just as well use wget|find|strings|sort...

Picking out "nouns" is a bad idea - known words should be covered in
existing dictionaries.  The point of pulling down website/newsgroup
content is to find *unknown* terms and names specific to the company.

AFAIK, I'm the only auditor who has included this as a documented,
standard procedure for testing.  In any case, it is a valuable technique
that almost always yields results.

--
Max Vision Network Security        <vision () whitehats com>
Network Security Assessment         http://maxvision.net/
100% Success Rate : Penetration Testing & Risk Mitigation
Free Visibility Analysis and Price Quote for Your Network