Penetration Testing mailing list archives
RE: Tool kit assembly
From: "Coffey, Christopher S." <Christopher.Coffey () mail va gov>
Date: Wed, 25 Jul 2001 12:41:02 -0500
I'll give you a quick run down of how I would set-up an "attack box" using freeware apps... I would start with a good mid-range laptop. I would recommend you use a version of Linux as an OS unless your company has a policy against it. I would start by loaded a couple of nice freeware tools such as nmap(port scanner) http://www.nmap.org/ and Nessus(remote security scanner) http://www.nessus.org/ . Those would be the core tools I would use for any testing done. Various other great tools I've used include : Whisker - CGI vulnerablity scanner - Good for checking for bad CGI's on any web server http://www.wiretrip.net/rfp/ Saint - Another Vulnerability checker- http://www.wwdsi.com/saint/ Sara - Another Vulnerability checker - http://www-arc.com/sara/ These are just a few of the tons of tools out there, I would recommend you load some up, and play with them in a lab to decide which you think are better for what your doing. Here is a link to a recent servey of the top 50 tools for pen-testing complete with some great links to web sites etc. http://www.nmap.org/tools.html Hope this helps -----Original Message----- From: Eric R. Van Skike [mailto:vanskike () ods ods net] Sent: Wednesday, July 25, 2001 12:08 AM To: pen-test () securityfocus com Subject: Tool kit assembly I've been lurking for awhile, and the vast amount of information that passes through this list has left me with a problem, to much information to process quickly :). It look's like I will need to do some penetration test for the organization I work for in the not-to-distant-future. The problem is, I do not really know where to begin as far as what programs would be appropriate. The organization I work for is currently just a Microsoft shop with very-few non MS services/programs made available to the masses. And here begins my request... I was wondering if anyone on this list could give me recommendations of programs or websites that would be useful for someone (such as myself) who is creating a 'tool kit'. With the wide array of programs available, I'd like to avoid getting programs that are not up to par. commercial or non-commercial is fine. Thanks in advance for any help. -Eric Van Skike vanskike () ods ods net ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Tool kit assembly Eric R. Van Skike (Jul 25)
- Re: Tool kit assembly Nicolas Gregoire (Jul 25)
- Re: Tool kit assembly Jonathan Rickman (Jul 26)
- Re: Tool kit assembly Dave Ryan (Jul 25)
- Re: Tool kit assembly seclists (Jul 26)
- Re: Tool kit assembly DA Smith (Jul 29)
- <Possible follow-ups>
- RE: Tool kit assembly Coffey, Christopher S. (Jul 25)
- RE: Tool kit assembly Sean Knox (Jul 26)
- Re: Tool kit assembly xbud (Jul 26)
- RE: Tool kit assembly Petruzel, Oliver (Jul 26)
- Re: Tool kit assembly Nicolas Gregoire (Jul 25)