Penetration Testing mailing list archives
Re: Pen Test Basic Needs
From: Kyle Maxwell <krmaxwell () gmail com>
Date: Fri, 15 Jul 2005 12:53:45 -0500
On 7/14/05, Stephane Auger <sauger () pre2post com> wrote:
1) If you had to do a pen-test, what type of information would you need to begin with? External IP? Web site name? Anything else I'm forgetting?
Depends on what the client wants -- is this 'zero knowledge'? What's fair game? This is part of the scope determination.
2) What tools would you use for the pen-test? Nessus, Snort, Cain&Abel. Anything else that would be useful?
Not really sure what use Snort would be. That said, you should first have a basic methodology for the test (footprint, enumeration, etc.), and *that* will drive your tools. Putting the tools ahead of the process is asking for trouble. -- Kyle Maxwell http://caffeinatedsecurity.com [krmaxwell () gmail com]
Current thread:
- Pen Test Basic Needs Stephane Auger (Jul 14)
- Re: Pen Test Basic Needs Kyle Maxwell (Jul 15)
- <Possible follow-ups>
- RE: Pen Test Basic Needs Stephane Auger (Jul 15)
- Re: Pen Test Basic Needs Security Professional (Jul 15)
- RE: Pen Test Basic Needs Stephane Auger (Jul 15)
- Re: Pen Test Basic Needs Saint Anthony (Jul 16)