Penetration Testing mailing list archives
RE: Tools to use for Penetration Testing?
From: "Rivest, Philippe" <PRivest () transforce ca>
Date: Thu, 11 Sep 2008 08:45:09 -0400
You should look up the net for these, it is very easy to build your own toolbox that will match your need. Here is what I already have shared twice on this list, you could also go check out insecure.org and many other sites Tools needed to perform a Penetration test or a Vulnerability assessment http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html Tools for: Foot printing 1. Nmap (Linux) http://nmap.org/download.html 2. THC Amap (Linux) http://www.thc.org/thc-amap/ 3. OpenSSH 1. SSH (linux) (built-in) 2. Putty (windows) http://www.openssh.org/windows.html 4. Netstumbler http://www.netstumbler.com/ 5. Sysinternal (pstools suite) http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx 6. P0f (Linux) http://lcamtuf.coredump.cx/p0f.shtml 7. Firewalk (Linux) http://www.packetfactory.net/projects/firewalk/ 8. Ike-scan (Linux) http://www.nta-monitor.com/tools/ike-scan/ 9. Whois http://technet.microsoft.com/en-us/sysinternals/bb897435.aspx 10. Psloglist http://technet.microsoft.com/en-us/sysinternals/bb897544.aspx 11. Tor http://www.torproject.org/ 12. Web-harvest (http://web-harvest.sourceforge.net/) 13. Sam Spade http://64.233.167.104/search?q=cache:UXhTem4ujdUJ:www.softpedia.com/get/Netwo rk-Tools/Network-Tools-Suites/Sam-Spade.shtml+sam+spade&hl=fr&ct=clnk&cd=19&g l=ca 14. Maltego Vulnerability 1. Nessus (Linux if you can) http://www.nessus.org/nessus/ 2. Nikto (Linux) http://www.cirt.net/nikto2 3. Paros proxy (Linux if you can) http://www.parosproxy.org/index.shtml 4. Ike-scan (Linux) http://www.nta-monitor.com/tools/ike-scan/ 5. SARA (Security Auditor's Research Assistant) (Linux) http://www-arc.com/sara/ 6. MBSA (discutable) http://technet.microsoft.com/en-us/security/cc184923.aspx Exploit 1. Metasploit (Linux) http://www.metasploit.com/ 2. Netcat (Linux) http://netcat.sourceforge.net/ 3. Cain and abel http://www.oxid.it/cain.html 4. Sysinternal (pstools suite) http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx 5. Perl, python 6. Bloodshed c++ http://www.bloodshed.net/devcpp.html Sniffing 1. Wireshark http://www.wireshark.org/ 2. Cain and Abel http://www.oxid.it/cain.html 3. Airsnort (Linux) http://airsnort.shmoo.com/ 4. Aircrack (Linux) Cracker 1. John the ripper (Linux) http://www.openwall.com/john/ 2. THC Hydra (Linux) http://www.thc.org/thc-hydra/ 3. LC4 (l0phtcrack) 4. Pwdump (The new version is fgdump and pwdump7) 5. Tcpdump (Linux) http://www.tcpdump.org/ Other 1- Cam studio (To record visually the evidence) Merci / Thanks Philippe Rivest, CEH, Network+, Server+, A+ Vérificateur interne en sécurité de l'information Courriel: Privest () transforce ca Téléphone: (514) 331-4417 www.transforce.ca Vous pourriez imprimer ce courriel, mais faire pousser un arbre c'est long. You could print this email, but it does takes a long time to grow trees. "Everything that can fail, will fail. If something can't fail, it will fail anyway" - Murphy -----Message d'origine----- De : listbounce () securityfocus com [mailto:listbounce () securityfocus com] De la part de Chip Panarchy Envoyé : 10 septembre 2008 00:57 À : pen-test () securityfocus com Objet : Tools to use for Penetration Testing? Hello I am interested in getting started as a white hat hacker/pen tester. I would like to know what tools I should get familiar with, and be able to use to be a pen-tester. I only know of a few at the moment, and of them, I only use 2 (NMap and Wireshark). Can I please receive recommendations on tools to use? Thanks in advance, Chip Panarchy PS: I am currently in training towards my CCNA and (maybe) MCSE. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Tools to use for Penetration Testing? Chip Panarchy (Sep 10)
- Message not available
- Re: Tools to use for Penetration Testing? Chip Panarchy (Sep 12)
- RE: Tools to use for Penetration Testing? Shenk, Jerry A (Sep 13)
- Re: Tools to use for Penetration Testing? J. Oquendo (Sep 14)
- Re: Tools to use for Penetration Testing? Chip Panarchy (Sep 12)
- Message not available
- RE: Tools to use for Penetration Testing? Ardian Silvano (Sep 12)
- Re: Tools to use for Penetration Testing? Thorgul (Sep 12)
- RE: Tools to use for Penetration Testing? Veal, Richard (Sep 12)
- RE: Tools to use for Penetration Testing? Rivest, Philippe (Sep 12)
- Re: Tools to use for Penetration Testing? Todd Haverkos (Sep 12)
- <Possible follow-ups>
- Re: Tools to use for Penetration Testing? Jon Kibler (Sep 12)
- Re: Tools to use for Penetration Testing? Nikhil Wagholikar (Sep 12)
- Tools to use for Penetration Testing? christopher . riley (Sep 12)
- Re: Tools to use for Penetration Testing? philip . finn (Sep 12)