RE: Info collection

[Petr.Kazil () eap nl]

These tools (1-4) may be more suitable for an inside security scan than an
(external) penetration test.

1) I have written a set of VBScripts. You dump the Windows 2000 / AD info
using the CSVDE command and then the scripts do a rough sorting and
analysis of the user / group etc. data. If you combine it with a dump of
SYSVOL you can get a rough cross reference between OU's and Group Policies.
They're home grown and a bit chaotic.  I'm willing to share them - but I'm
not willing to explain, support nor to document them :-)

You might be better off using DUMPSEC and the Group Policies Tool that
works under Windows 2003/XP (forgot the name).

2) Then if you do a pentest it's always interesting to see how vulnerable
the workstations on the inside are against an attack from the outside.
There are several websites that can do a browser check for you and some
websites that can send you test e-mails to check the mail filters.

http://www.heise.de/security/dienste/browsercheck/
http://browsercheck.qualys.com/
http://bcheck.scanit.be/bcheck/

http://www.heise.de/security/dienste/emailcheck/
http://www.gfi.com/emailsecuritytest/

Whatever you do - never send the deadly 42.zip file :-)

3) I know nessus and ISS but I think GFI Languard is good value for money.

4) I may sound like a newb, but MBSA is a simple and effective tool to
check if the patches are up to date.

5) This sounds like a very good tool for testing websites, but it's
expensive:
WebInspect™  4.0  Enterprise Edition