Re: documentation/snapshot tool for pentest

[Drew <simonis () myself com>]

Siebenkaes Stefan wrote:
> Hi,
>
> I am doing a lot of "pen tests" (in better words: port scans),
> mostly on web-servers. The tests are not very deep, but I
> have to scan a lot of servers. I do that with nessus and a
> host list.
> Actually I am looking for a tool to do a snapshot of any webserver
> before and after the scans, including the browser-frames and menus,
> as an enduser view (NOT my idea). I am scripting a lot and it
> gives me a pain...
>
> Is there any documentation tool for
> "here is the hostlist, take a webbrowser-snapshot and put
> it into a filesystem/database/..." ???

I would look into rolling your own with something like Perl and
the LWP family of modules, but I find it hard to imagine a need 
to look at the static content of a website.  Much more interesting,
as you probably know, is the behavior of the dynamic stuff in the 
site.  Seems you may have misguided management.  It might be more
beneficial to spend the energy level setting as opposed to bowing
to such odd requests.    


> Well, the reports with an actual snapshot of a tested website
> really look cool and give you a great lobby in meetings with
> management, I underestimated that for a long time...
> (INCLUDING the "was it still OK after the scan"-question :-)
>
> Any hints appreciated,

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/