Penetration Testing mailing list archives
RE: Automated wireless testing script
From: Darren <darren.turnbull () btinternet com>
Date: Sun, 31 May 2009 14:21:39 +0100
-----Original Message----- From: Aarón Mizrachi <unmanarc () gmail com> Sent: 29 May 2009 09:11 To: pen-test () securityfocus com Cc: subscribe subscribe <subscr1b3m3 () gmail com>; Renato Bovo Inácio <renatobovo () gmail com> Subject: Re: Automated wireless testing script On Jueves 28 Mayo 2009 15:23:13 subscribe subscribe escribió:
Thanks for your interest.. I wanted to ask you guys this. I'm a bit worried if my tool will cause me any legal problems incase it is misused.. Is GPL enough to protect me?
GPL does not protect you against legal problems derived of illegal use by third party... GPL protect your software freedom to copy, modify, redistribute, etc.... And protect your software from being reassembled with commercial pourporses ( GPL is viric ;-) ) ----------------- Im not a lawyer... It may depend on country, but this is my opinion: 1. You can put a disclaimer who advice the end user that should not be used for illegal pourporse. For many countries, this should be acceptable. 2. MANY software can be used for malicious pourporses... SSH could be used as a backdoor, Microsoft SMB protocol also..., aircrack-ng suite also could be used for malicious pourporses, inclusive, the linux popular command "rm" could be used for crime also, Nessus is a harmful tool that can be used also for criminal pourporses. So, your software also can be used for malicious pourporses... BUT. There is a fact, software like this one, can be used also for Pentesting (Ethical Hacking), and proof of concept. That is a legal pourporse. Ethical point of view: Your software is not exploiting a zero day, the full disclosure method are fulfilled, the vendor was adviced of WEP/WPA bugs and the time to patch this bugs is over. Nothing else to say. -------------- I released a software in the same situation on 2004. Was called, URCS... and was a RAT (Remote Admin Tool). URCS were designed with ethic, URCS does not hide their proccess, URCS have an authentication plataform, URCS also have an installer. URCS does not have any infection engines, URCS does not have also any method to prevent their hand removal, URCS activate logs by default with connection IP a [The entire original message is not included] ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Automated wireless testing script subscribe subscribe (May 28)
- Re: Automated wireless testing script Ramiro Caire (May 28)
- Re: Automated wireless testing script subscribe subscribe (May 28)
- Message not available
- Re: Automated wireless testing script subscribe subscribe (May 28)
- Re: Automated wireless testing script Ramiro Caire (May 28)
- Message not available
- Re: Automated wireless testing script subscribe subscribe (May 28)
- Re: Automated wireless testing script Aarón Mizrachi (May 29)
- Re: Automated wireless testing script subscribe subscribe (May 28)
- Message not available
- Re: Automated wireless testing script subscribe subscribe (May 29)
- <Possible follow-ups>
- RE: Automated wireless testing script Darren (May 31)