Penetration Testing mailing list archives
RE: Exploit Repositories and Due Diligence
From: "Carl Tucker" <manuscity () hotmail com>
Date: Tue, 14 Jun 2005 14:39:19 -0700
Jeff, you raise an interesting point, I have been growing a list of exploit files and regularly found many of them not to deliver what they claimed. I have been using metasploits for a while and got on ok with it, many of those files are not correct either and having to do a hand audit can be a pain in the ass.
I started using a pretty cool app called traffic iq from www.karalon.com a while ago and that has got a big library in it and I havent found any problems.
CT
From: "Jeff" <jb () jbware net> Reply-To: <jb () jbware net> To: <pen-test () securityfocus com> Subject: Exploit Repositories and Due Diligence Date: Thu, 9 Jun 2005 21:19:52 -0400 I have a question regarding the use of exploit repositories (includingprojects like Metaploit, and compliations on bootable distros like Whoppix).With all of the large exploit repositories used to make pen testing fasterand easier, what methods do you use to ensure you've done your due diligence in not unleashing something actually harmful on your clients? I have my own thoughts, such as googling and superficial|deep code reviews, but ultimatelymy concern is over the malcious hiding of intentions. Thanks for any insights and suggestions. - Jeff
_________________________________________________________________Is your PC infected? Get a FREE online computer virus scan from McAfee® Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
Current thread:
- RE: SQL injection Todd Towles (Jun 09)
- <Possible follow-ups>
- Re: SQL injection Davi Ottenheimer (Jun 09)
- RE: SQL injection Bénoni MARTIN (Jun 09)
- Re: RE: SQL injection travis . barlow (Jun 09)
- RE: SQL injection Ofer Shezaf (Jun 09)
- RE: SQL injection Hecber Cordova (Jun 09)
- Exploit Repositories and Due Diligence Jeff (Jun 09)
- RE: Exploit Repositories and Due Diligence Leandro Reox (Jun 09)
- RE: Exploit Repositories and Due Diligence Sahir Hidayatullah (Jun 10)
- RE: Exploit Repositories and Due Diligence Carl Tucker (Jun 14)
- RE: Exploit Repositories and Due Diligence Carl Tucker (Jun 20)
- RE: SQL injection Hecber Cordova (Jun 09)
- Re: SQL injection Tim (Jun 09)
- Re: SQL injection James Riden (Jun 09)
- RE: SQL injection Leandro Reox (Jun 09)
- RE: SQL injection Todd Towles (Jun 09)
- RE: SQL injection Leandro Reox (Jun 10)
- Re: SQL injection Hernán M . Racciatti (Jun 10)
- Re: SQL injection DokFLeed (Jun 10)
- RE: SQL injection Leandro Reox (Jun 10)
- RE: SQL injection Faiz Ahmad Shuja (Jun 12)