Re: Passive PenTesting

[Maverick <myeaddress () gmail com>]

Thanks Robin, I really appreciate your detailed response. So there are
no existing tools or scripts that do banner grabbing for you. I am
trying 'pads' it purports to do passive banner grabbing for you but I
am not having any luck so far. Please lt me know if you have tried
this tool before.

On Fri, Dec 3, 2010 at 3:56 PM, Robin <robin () rbsec net> wrote:
> Mak,
>
> If the requests for the websites went through the machine that was
> capturing, they should appear in the hosts list in Network Miner. If
> you're only getting part of them, you might need to open the pcap file
> in Wireshark, and look by hand. Filtering traffic to/from tcp 80 should
> give you most of the sites.
>
> Telling if there's a firewall is very difficult from a cap file. You can
> look for evidence of connections being dropped, but that's about it. As
> for software - again, you're going to have to look for connections taht
> could lead to software. If they've got an outbound connection to tcp
> 6667, they're probably running an IRC client. Not much you can do other
> than that, unless you can grab banners.
>
> A cap file is very limited for what you're trying to do; the information
> you want can only really be gained through active testing. At the end of
> the day, you can only get as much information as your cap contains, and
> it's unlikely to contain what you're looking for.
>
> ~Robin
> >  Robin, thanks for the information. I have another question may be you
> > will be able to answer that. How can I pull out information like which
> > sites user visited, if a firewall is installed on that machine, what
> > softwares are installed etc. I would appreciate if you can guide me on
> > that.
> >
> > Best,
> > MAK
> >
> > On Fri, Dec 3, 2010 at 3:41 PM, Robin <robin () rbsec net> wrote:
> >
> > > Mak,
> > >
> > > Network Miner is a Windows tool that can pull a lot of information from
> > > pcap files. It gives you a list of hosts, known information about them
> > > (open ports, OS, etc), and also extracts files and text from the capture.
> > >
> > > http://networkminer.sourceforge.net/
> > >
> > > ~Robin
> > >
> > > > Hi All,
> > > > I was wondering if there is any free tool available to do
> > > > penetrationtesting/banner grabbing from the packet capture file.
> > > > Thanks
> > > > MAK
> > > >
> > > > ------------------------------------------------------------------------
> > > > This list is sponsored by: Information Assurance Certification Review Board
> > > >
> > > > Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB 
> > > > CPT and CEPT certs require a full practical examination in order to become certified.
> > > >
> > > > http://www.iacertification.org
> > > > ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------