Re: pentest documentation

[IndianZ <indianz () indianz ch>]

Hi there

You can use open source tools: 

- logging packets with tcpdump (tcpdump -i ethX -nv -s0 -w FILE.pcap -> additional you can use a net or host filter)
- console-logging with script (script FILE.txt -> Ctrl+D for exit and save)
- pipe the output from testing tools into a txt-file (or use a script with tee -a $log)

my 5 cts,
cheers, IndianZ

http://www.indianz.ch



On Mon, 02 Oct 2006 20:55:56 +0200
"Jürgen R. Plasser" <plasser () hexagon at> wrote:

> David Swafford wrote:
> > I have not used this personally but I have seen it demonstrated in an
> > ethical hacker training:
> >
> > A commercial product by the name of Core Impact.  It's capabilities are
> > enormous as it can capture the entire packet flow, key commands, and all
> > the necessary info and then break it out to nicely written reports.
> >
> > Link:  www.coresecurity.com/products/coreimpact/ 
>
> I've heard of Core Impact and even tried to get a price info. Their 
> sales dpt did not respond ...
>
> It would be nice to have some open source tools for this tasks.
>
> Jürgen
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------