Penetration Testing mailing list archives
Re: [PEN-TEST] First step of a pen-test
From: Max Vision <vision () WHITEHATS COM>
Date: Wed, 20 Sep 2000 15:50:18 -0700
On Wed, 20 Sep 2000, Loschiavo, Dave wrote:
With checking out the website being a first step... Does anyone know if there is a tool that will comb through a website to pull nouns down into a dictionary file that you use for a customized dictionary attack specific to that company?
I've been doing this, creating custom attack dictionaries for each penetration test, for several years. Nothing complex - just spidering all html and sorting all found strings (sans html markup, although those strings are already in my base dictionary). I use proprietary tools, but you could just as well use wget|find|strings|sort... Picking out "nouns" is a bad idea - known words should be covered in existing dictionaries. The point of pulling down website/newsgroup content is to find *unknown* terms and names specific to the company. AFAIK, I'm the only auditor who has included this as a documented, standard procedure for testing. In any case, it is a valuable technique that almost always yields results. -- Max Vision Network Security <vision () whitehats com> Network Security Assessment http://maxvision.net/ 100% Success Rate : Penetration Testing & Risk Mitigation Free Visibility Analysis and Price Quote for Your Network
Current thread:
- Re: [PEN-TEST] First step of a pen-test, (continued)
- Re: [PEN-TEST] First step of a pen-test Wandering One (Sep 20)
- Re: [PEN-TEST] First step of a pen-test Dunker, Noah (Sep 19)
- Re: [PEN-TEST] First step of a pen-test Tonick, Mike (Sep 19)
- Re: [PEN-TEST] First step of a pen-test Jason Stout (Sep 20)
- Re: [PEN-TEST] First step of a pen-test Teicher, Mark (Sep 20)
- [PEN-TEST] anyone using firewalking? The Picard (Sep 20)
- Re: [PEN-TEST] anyone using firewalking? Jonathan Rickman (Sep 21)
- Re: [PEN-TEST] anyone using firewalking? El Nahual (Sep 21)
- Re: [PEN-TEST] First step of a pen-test Teicher, Mark (Sep 20)
- Re: [PEN-TEST] First step of a pen-test H Carvey (Sep 20)
- Re: [PEN-TEST] First step of a pen-test Loschiavo, Dave (Sep 20)
- Re: [PEN-TEST] First step of a pen-test Max Vision (Sep 20)
- Re: [PEN-TEST] First step of a pen-test Dawes, Rogan (Sep 21)
- Re: [PEN-TEST] First step of a pen-test Riley Hassell (Sep 23)
- Re: [PEN-TEST] First step of a pen-test Erik Tayler (Sep 23)
- Re: [PEN-TEST] First step of a pen-test Riley Hassell (Sep 23)
- Re: [PEN-TEST] First step of a pen-test Tonick, Mike (Sep 22)
- Re: [PEN-TEST] First step of a pen-test Robert van der Meulen (Sep 22)
- Re: [PEN-TEST] First step of a pen-test Wolfgang Zenker (Sep 22)
- Re: [PEN-TEST] First step of a pen-test Missy, E (Sep 22)
- Re: [PEN-TEST] First step of a pen-test Cassiano Aquino (Sep 22)
- Re: [PEN-TEST] First step of a pen-test Robert van der Meulen (Sep 22)