Penetration Testing mailing list archives

Tools to use for Penetration Testing?

From: christopher.riley () r-it at
Date: Thu, 11 Sep 2008 08:49:05 +0200

It's hard to give a list of definitive tools because the base toolset is
so large and always changing.

I'd say the best bet would be to become familiar with Linux and the built
in tools (i.e. Netcat, tcpdump, etc) before moving onto things like
Nessus/openVAS and maybe Metasploit (once you understand what the exploits
do). Spending some time understanding the underlying protocols stack and
how DNS, TCP/UDP, ICMP work helps a lot as well (playing about with HPING
and tcpdump helps to learn this as you can send packets and see what goes
out and comes back in).

Also check out the various methodologies to get an overview on the
penetration testing process (OSSTMM or NIST 800-42 for example).

http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html is also a
good resource.

Chris

pen-test-return-1078487087 () securityfocus com
Gesendet von: listbounce () securityfocus com
11.09.2008 01:34

An
pen-test () securityfocus com
Kopie

Thema
Tools to use for Penetration Testing?

Hello

I am interested in getting started as a white hat hacker/pen tester.

I would like to know what tools I should get familiar with, and be
able to use to be a pen-tester.

I only know of a few at the moment, and of them, I only use 2 (NMap
and Wireshark).

Can I please receive recommendations on tools to use?

Thanks in advance,

Chip Panarchy

PS: I am currently in training towards my CCNA and (maybe) MCSE.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

----------------------------------------
Raiffeisen Informatik GmbH, Firmenbuchnr. 88239p, Handelsgericht Wien, DVR 0486809, UID ATU 16351908

Der Austausch von Nachrichten mit oben angefuehrtem Absender via E-Mail dient ausschliesslich Informationszwecken.
Rechtsgeschaeftliche Erklaerungen duerfen ueber dieses Medium nicht ausgetauscht werden.
Correspondence with above mentioned sender via e-mail is only for information purposes. This medium may not be used for
exchange of legally-binding communications.
----------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

Current thread:

Re: Tools to use for Penetration Testing?, (continued)
- - Message not available
    - Re: Tools to use for Penetration Testing? Chip Panarchy (Sep 12)
    - RE: Tools to use for Penetration Testing? Shenk, Jerry A (Sep 13)
    - Re: Tools to use for Penetration Testing? J. Oquendo (Sep 14)
- RE: Tools to use for Penetration Testing? Ardian Silvano (Sep 12)
- Re: Tools to use for Penetration Testing? Thorgul (Sep 12)
- RE: Tools to use for Penetration Testing? Veal, Richard (Sep 12)
- RE: Tools to use for Penetration Testing? Rivest, Philippe (Sep 12)
- Re: Tools to use for Penetration Testing? Todd Haverkos (Sep 12)
- Re: Tools to use for Penetration Testing? Jon Kibler (Sep 12)
- Re: Tools to use for Penetration Testing? Nikhil Wagholikar (Sep 12)
- Tools to use for Penetration Testing? christopher . riley (Sep 12)
- Re: Tools to use for Penetration Testing? philip . finn (Sep 12)