Re: What tools do you use?

["insecure" <insecure () yandex ru>]

> Hi,
>
> I am conducting a survey and would like to know what the standard tools 
> in your toolkit are. I know that there is far more to a pen test than 
> tools alone, but for this survey I am focusing on the tools alone.
>
> Consider this hypothetical situation: You are hired to conduct a 
> penetration test on a small company's network. You have no details of 
> the network itself, but you have just been told what to do and been 
> given permission to do so. Unknown to you, there is a NAT router with an 
> SPI firewall, behind which are a set of workgrouped computers - mostly 
> Windows XP, but two of them are running SUSE Linux 10.0. The router also 
> has a DMZ setup to port 80 to one of the workgrouped computers, which is 
> a SUSE box running an Apache webserver with PHP and MySQL as well.
>
> Therefore, my question is: what tools would you use to discover this, 
> and what tools would you then use to determine the vulnerabilities and 
> attempt to exploit them?
>
> Here are my main ones:
>
> - nmap
> - nessus
> - hping
> - nikto
> - E-Or (came across this recently - quite good)
> - metasploit
>
> Knowledge of SQL queries and other programming languages do not count as 
> tools ;)
>
> Thanks,
>
> J_K9

First of all you should create some kind of plan for you assesment (reconnaissance phase, scanning, etc), then for 
every task you have to choose particular tool. Good set of tools already groupped for different tasks can be found in 
live distro, such as Auditor - http://www.remote-exploit.org/index.php/Auditor. 

Also, Top 75 Security Tools - http://www.insecure.org/tools.html  
NT Toolbox - http://ntsecurity.nu/toolbox/

-- 
Roman Shirokov
Systems Administrator
85A4 8586 FEEE 171B D0F1  A9C1 27C8 A907 EE45 7D0E

http://securitybox.org.ru
e-mail: securitybox () softhome net
Making the roads safe...



------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
As attacks through web applications continue to rise, you need to proactively 
protect your applications from hackers. Cenzic has the most comprehensive 
solutions to meet your application security penetration testing and 
vulnerability management needs. You have an option to go with a managed 
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). 
Download FREE whitepaper on how a managed service can help you: 
http://www.cenzic.com/forms/ec.php?pubid=10025
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com
------------------------------------------------------------------------------