Penetration Testing mailing list archives
RE: Info collection
From: Petr.Kazil () eap nl
Date: Tue, 10 Aug 2004 16:45:27 +0200
These tools (1-4) may be more suitable for an inside security scan than an (external) penetration test. 1) I have written a set of VBScripts. You dump the Windows 2000 / AD info using the CSVDE command and then the scripts do a rough sorting and analysis of the user / group etc. data. If you combine it with a dump of SYSVOL you can get a rough cross reference between OU's and Group Policies. They're home grown and a bit chaotic. I'm willing to share them - but I'm not willing to explain, support nor to document them :-) You might be better off using DUMPSEC and the Group Policies Tool that works under Windows 2003/XP (forgot the name). 2) Then if you do a pentest it's always interesting to see how vulnerable the workstations on the inside are against an attack from the outside. There are several websites that can do a browser check for you and some websites that can send you test e-mails to check the mail filters. http://www.heise.de/security/dienste/browsercheck/ http://browsercheck.qualys.com/ http://bcheck.scanit.be/bcheck/ http://www.heise.de/security/dienste/emailcheck/ http://www.gfi.com/emailsecuritytest/ Whatever you do - never send the deadly 42.zip file :-) 3) I know nessus and ISS but I think GFI Languard is good value for money. 4) I may sound like a newb, but MBSA is a simple and effective tool to check if the patches are up to date. 5) This sounds like a very good tool for testing websites, but it's expensive: WebInspect™ 4.0 Enterprise Edition
Current thread:
- Info collection Jeff Gercken (Aug 05)
- RE: Info collection Israel Torres (Aug 09)
- Re: Info collection Ali-Reza Anghaie (Aug 09)
- <Possible follow-ups>
- Re: Info collection H Carvey (Aug 09)
- RE: Info collection Michael Shirk (Aug 09)
- RE: Info collection Petr . Kazil (Aug 10)
- RE: Info collection Jeff Gercken (Aug 09)
- RE: Info collection Frank Knobbe (Aug 10)
- Re: Info collection Martin Mačok (Aug 11)
- RE: Info collection Frank Knobbe (Aug 10)
- Re: Info collection H Carvey (Aug 10)
- RE: Info collection Jack Cullen (Aug 11)
- Re: Info collection H Carvey (Aug 12)