Penetration Testing mailing list archives

Re: All of the things you need to learn to be a pen-tester (Re: Pen t est basic needs)

From: Nick Waringa <nwaringa () gmail com>
Date: Tue, 9 Aug 2005 09:02:08 -0400

Dsniff might also be a good addition. Most high usage tools are
generally listed on Pen-Test CD's like Whax, Knoppix-STD, and Auditor.

Good basic lists are here: 
http://portsonline.net/whaxlist.html
http://www.knoppix-std.org/tools.html
http://new.remote-exploit.org/index.php/Auditor_tools
http://www.insecure.org/tools.html

I would submit that all of these cd's have configurations that differ
so carrying all three, learning one better than the others....or
ideally creating or modifying your own liveCD would probably be the
best.

Regards,
Nick

On Mon Aug 08 13:41:19 GMT+10:00 2005, richard <barbarian () cryptomail org> wrote:

U will probably need to "morphine" your evil apps before you run them on an AV protected machine - download morphine 
from hxdef.org; might as well pick up a copy of hf's rootkit while your there...
Richard
- every1 say: "thankyou HF!"
-----Original Message-----
From: Matt Reid [mailto:matthew () servepath com]
Sent: Saturday, 6 August 2005 8:06 AM
To: Omar Herrera; pen-test () securityfocus com
Subject: Re: All of the things you need to learn to be a pen-tester (Re: Pen t est basic needs)
Hi all,
Here is a basic list of some progs to use for pen-testing. If anyone
wants to add some on here in the respective categories we could get a
really good list going for pen-testers!
-Matt Reid
*Port Scanners*
Amap – versioning port scanner
NMap – general purpose port scanner
pPscan – proxy port scanner
*
Vuln Scanners*
Nessus – general vul. scanner
DNAscan – for ASP
Owa – Outlook Web
Nikto – http vulns
*Brute Forcers & Crackers*
John the Ripper – password cracker
WlGen – word list generator
Hydra – multi-protocol authentication brute forcer
*DNS enumeration*
Ghba – RDNS scanner
Dig – DNS lookup util
Nslookup – interactive name server query engine
*Loggers*
Tcpdump – network traffic dumper
Ethereal – network traffic analyzer – use in conjunction with tcpdump
Kismet – wifi traffic analyzer
*Dicts [to concat into larger file]*
Argon – 2GB dict file
Cracklib -  another good one
Word.lst  - word list
*Trojans & Rootkits*
BackOrifice - Back Orifice is not a virus. It is in essence a remote
administration tool.
LRK – Linux-kernel Root Kit
Netbus - NetBus runs under the NT operating system as well as Win95/98
*Firewall Throughpass*
Firewalk – trace packets through firewall filters
------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't
Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:
http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------


!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+
CryptoMail provides free end-to-end message encryption.
http://www.cryptomail.org/   Ensure your right to privacy.
Traditional email messages are not secure.  They are sent as
clear-text and thus are readable by anyone with the motivation
to acquire a copy.
!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+


------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------

Current thread:

Re: All of the things you need to learn to be a pen-tester (Re: Pen t est basic needs), (continued)
- Re: All of the things you need to learn to be a pen-tester (Re: Pen t est basic needs) Omar Herrera (Aug 05)
  - Re: All of the things you need to learn to be a pen-tester (Re: Pen t est basic needs) s0u1d13r s0u1d13r (Aug 06)
  - Re: All of the things you need to learn to be a pen-tester (Re: Pen t est basic needs) Matt Reid (Aug 06)
    - Re: All of the things you need to learn to be a pen-tester (Re: Pen t est basic needs) Pigeon (Aug 06)
    - RE: All of the things you need to learn to be a pen-tester (Re: Pen t est basic needs) dave kleiman (Aug 07)
    - What are some good sources to keep me up top :) ? Pigeon (Aug 06)
    - Re: What are some good sources to keep me up top :) ? Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Aug 07)
    - Re: What are some good sources to keep me up top :) ? AdamT (Aug 07)
    - Re: What are some good sources to keep me up top :) ? Pigeon (Aug 07)
- RE: All of the things you need to learn to be a pen-tester (Re: Pen t est basic needs) richard (Aug 08)
  - Re: All of the things you need to learn to be a pen-tester (Re: Pen t est basic needs) Nick Waringa (Aug 09)