Penetration Testing mailing list archives

RE: Tools to use for Penetration Testing?

From: "Rivest, Philippe" <PRivest () transforce ca>
Date: Thu, 11 Sep 2008 08:45:09 -0400

You should look up the net for these, it is very easy to build your own
toolbox that will match your need. 
Here is what I already have shared twice on this list, you could also go
check out insecure.org and many other sites


Tools needed to perform a Penetration test or a Vulnerability assessment
http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html

Tools for:
Foot printing
1.      Nmap (Linux) http://nmap.org/download.html
2.      THC Amap (Linux) http://www.thc.org/thc-amap/
3.      OpenSSH
1.      SSH (linux) (built-in)
2.      Putty (windows) http://www.openssh.org/windows.html
4.      Netstumbler http://www.netstumbler.com/
5.      Sysinternal (pstools suite)
http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx
6.      P0f (Linux) http://lcamtuf.coredump.cx/p0f.shtml
7.      Firewalk (Linux) http://www.packetfactory.net/projects/firewalk/
8.      Ike-scan (Linux) http://www.nta-monitor.com/tools/ike-scan/
9.      Whois http://technet.microsoft.com/en-us/sysinternals/bb897435.aspx
10.     Psloglist
http://technet.microsoft.com/en-us/sysinternals/bb897544.aspx
11.     Tor http://www.torproject.org/
12.     Web-harvest (http://web-harvest.sourceforge.net/)
13.     Sam Spade
http://64.233.167.104/search?q=cache:UXhTem4ujdUJ:www.softpedia.com/get/Netwo
rk-Tools/Network-Tools-Suites/Sam-Spade.shtml+sam+spade&hl=fr&ct=clnk&cd=19&g
l=ca
14.     Maltego
Vulnerability
1.      Nessus (Linux if you can) http://www.nessus.org/nessus/
2.      Nikto (Linux) http://www.cirt.net/nikto2
3.      Paros proxy (Linux if you can) http://www.parosproxy.org/index.shtml
4.      Ike-scan (Linux) http://www.nta-monitor.com/tools/ike-scan/
5.      SARA (Security Auditor's Research Assistant) (Linux)
http://www-arc.com/sara/
6.      MBSA (discutable)
http://technet.microsoft.com/en-us/security/cc184923.aspx
Exploit
1.      Metasploit (Linux) http://www.metasploit.com/
2.      Netcat (Linux) http://netcat.sourceforge.net/
3.      Cain and abel http://www.oxid.it/cain.html
4.      Sysinternal (pstools suite)
http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx
5.      Perl, python
6.      Bloodshed c++ http://www.bloodshed.net/devcpp.html
Sniffing
1.      Wireshark http://www.wireshark.org/
2.      Cain and Abel http://www.oxid.it/cain.html
3.      Airsnort (Linux) http://airsnort.shmoo.com/
4.      Aircrack (Linux)
Cracker
1.      John the ripper (Linux) http://www.openwall.com/john/
2.      THC Hydra (Linux) http://www.thc.org/thc-hydra/
3.      LC4 (l0phtcrack)
4.      Pwdump (The new version is fgdump and pwdump7)
5.      Tcpdump (Linux) http://www.tcpdump.org/

Other
1-      Cam studio (To record visually the evidence)


Merci / Thanks
Philippe Rivest, CEH, Network+, Server+, A+
Vérificateur interne en sécurité de l'information
Courriel: Privest () transforce ca
Téléphone: (514) 331-4417
www.transforce.ca

Vous pourriez imprimer ce courriel, mais faire pousser un arbre c'est long.
You could print this email, but it does takes a long time to grow trees.
"Everything that can fail, will fail. If something can't fail, it will fail
anyway" - Murphy

-----Message d'origine-----
De : listbounce () securityfocus com [mailto:listbounce () securityfocus com] De la
part de Chip Panarchy
Envoyé : 10 septembre 2008 00:57
À : pen-test () securityfocus com
Objet : Tools to use for Penetration Testing?

Hello

I am interested in getting started as a white hat hacker/pen tester.

I would like to know what tools I should get familiar with, and be able to
use to be a pen-tester.

I only know of a few at the moment, and of them, I only use 2 (NMap and
Wireshark).

Can I please receive recommendations on tools to use?

Thanks in advance,

Chip Panarchy

PS: I am currently in training towards my CCNA and (maybe) MCSE.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

Current thread:

Tools to use for Penetration Testing? Chip Panarchy (Sep 10)
- Message not available
  - Re: Tools to use for Penetration Testing? Chip Panarchy (Sep 12)
    - RE: Tools to use for Penetration Testing? Shenk, Jerry A (Sep 13)
    - Re: Tools to use for Penetration Testing? J. Oquendo (Sep 14)
- RE: Tools to use for Penetration Testing? Ardian Silvano (Sep 12)
- Re: Tools to use for Penetration Testing? Thorgul (Sep 12)
- RE: Tools to use for Penetration Testing? Veal, Richard (Sep 12)
- RE: Tools to use for Penetration Testing? Rivest, Philippe (Sep 12)
- Re: Tools to use for Penetration Testing? Todd Haverkos (Sep 12)
- <Possible follow-ups>
- Re: Tools to use for Penetration Testing? Jon Kibler (Sep 12)
- Re: Tools to use for Penetration Testing? Nikhil Wagholikar (Sep 12)
- Tools to use for Penetration Testing? christopher . riley (Sep 12)
- Re: Tools to use for Penetration Testing? philip . finn (Sep 12)