Penetration Testing mailing list archives

Re: Some help on methodologies and reports

From: m.delibero () comcast net
Date: Thu, 28 Dec 2006 01:04:16 +0000

Nikolaj,

  If you are running windows you can try the OWASP Report Generator.

  http://www.owasp.org/index.php/ORG_%28Owasp_Report_Generator%29

  Thanks,
  Mike de Libero
 -------------- Original message ----------------------
From: Nikolaj <lorddoskias () gmail com>

I would like to ask a few question concerning some aspects of 
penetration testing.

A friend setup a little lan to mimic an ISP. He has different services - 
ranging from mysql to nagios etc. I was able to penetrate one of the 
server which let me to another and so forth. Eg. I penetrated his 
network. Now I want to create a legit report, so that it looks like a 
real one. Can you give me links or some hints on what should one such 
report include? Maybe there are drafts somewhere.

I feel that what I did was more plain hacking than just pen testing. 
What are the differences between them, except the business relationship.

Regards.

Current thread:

Some help on methodologies and reports Nikolaj (Dec 27)
- <Possible follow-ups>
- Re: Some help on methodologies and reports m . delibero (Dec 27)
  - Re: Some help on methodologies and reports crazy frog crazy frog (Dec 28)
- RE: Some help on methodologies and reports Shenk, Jerry A (Dec 28)