RE: Smart-phone for pen tester

["Brad Bemis" <brad.bemis () secureitexpert com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

It may have already been mentioned, but one key advantage of the Android
phone as a pen-testing tool is its open architecture.  While the number and
quality of tools for either platform may be limited, at least there is the
potential for new and interesting tools being developed by other like-minded
folks for the Android (without the hoops Apple requires to get something
listed for the iPhone).  

Brad Bemis, CISSP, CISA
Information Security Professional
SecureITExpert | Seattle WA
===========================
PGP KeyID: 0xC89B8AA1 (.asc)
http://www.secureitexpert.com      
http://twitter.com/SecureITExpert 
===========================
"Change is the Only Constant!"


- -----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Adrian J Milanoski
Sent: Friday, October 15, 2010 7:08 PM
To: Gleb Paharenko
Cc: pen-test () securityfocus com
Subject: Re: Smart-phone for pentester

Just go with an Android or iPhone there is much more support for them and
users. So, if you have an issue chances are that someone else has already
tried it some where at some point.

Just a thought. Good luck with it all mate.


Thanks,
Adrian
_________________
Sent from my iPhone

On 2010-10-13, at 3:57 PM, Gleb Paharenko <gpaharenko () gmail com> wrote:

> Thank you every one.
>
> I'm currently looking more and more towards n900. However I'm shine 
> with the following:
> - weak battery
> - Resistive touchscreen
> - less application than in Apple Store and Android Store (however I'm 
> not sure if this is true :)
>
> Does battery and resistive screen do not make you uncomfortable?
>
> 2010/10/13 Adrian J Milanoski <amilanoski () gmail com>:
> > Hey Curt,
> >
> > I was honestly just browsing and was curious one day.
> >
> > I used Cydia on my jail broken iPhone and searched for metasploit and 
> > nmap and installed them both. I must say thought it is a bit 
> > difficult to use just do to the fact that it is an iPhone and screen 
> > size is limited, but none the less it works.
> >
> > As for a WiFi analyzer I use a App called WiFiFoFum pretty cool app.
> > You should check it out.
> >
> > Good luck.
> >
> > Regards,
> > Adrian
> >
> > On Tue, Oct 12, 2010 at 10:11 AM, Curt Purdy <infosysec () gmail com>
> > wrote:
> > > OK, you want to tell us how in the heck you got a full-blown *NIX 
> > > app like Metasploit to run on iphone? Needless to say it is 
> > > jailbroken, but do you have a link to step-by-step? Are you using 
> > > something like Cydia?
> > >
> > > Also, any recommendations from the list on the best WIFI analyzer 
> > > for iphone out there? My one and only real complaint to Jobs, is his 
> > > banning these apps. Really dumb, Steve.
> > >
> > > Curt Purdy CISSP, GSNA, GSEC, MCSE+I, CCNA
> > >
> > >
> > > On Tue, Oct 12, 2010 at 6:01 AM, Adrian J Milanoski 
> > > <amilanoski () gmail com> wrote:
> > > > Sorry forgot plain text my bad.
> > > >
> > > > I have a iPhone 3GS and have Metasploit and nmap installed on it.
> > > > Haven't tried aircrack-ng on it but I would assume since it is unix 
> > > > based it would work.
> > > >
> > > > Good luck.
> > > >
> > > > Regards,
> > > > Adrian
>
>
>
> --
> Best regards.
> Gleb Pakharenko.
> http://gpaharenko.livejournal.com
> http://www.linkedin.com/in/gpaharenko
> +380503116172
> skype: gpaharenko
>
> ---
> ---------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review 
> Board
>
> Prove to peers and potential employers without a doubt that you can 
> actually do a proper penetration test. IACRB CPT and CEPT certs 
> require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ---
> ---------------------------------------------------------------------

- ------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually
do a proper penetration test. IACRB CPT and CEPT certs require a full
practical examination in order to become certified. 

http://www.iacertification.org
- ------------------------------------------------------------------------



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.10.0 (Build 500)
Charset: US-ASCII

wsFVAwUBTLx89B2oBrjIm4qhAQiWYg//Rzq89vcVnUbbqikQfZFg9ke50tM85hwq
s3FKG98OSyx6jhoedGIwMfYCSTNuKev5el3mvMABmecgC8hht3jQYaaAsdoG7bag
7+/qwVK3e7tGxkc4754f996PmVFdzY95Nmu+x0bUfG6mSqTXHDTQHIfPmIupfPqx
kcPIkkFFYaIiuYI2q+XJ4cRUTdbPUDZUpp/HrA9YrCaSUBHOoieWMvxNNHKXsjU2
vBu3btztE2ZrbhNvDgb3EIz8YSVqZg8a56bKWvThlO8mvhUrMroM8rGp+X6Kn31/
F1R9rtnmAMTaSLVb3qtViY+i+a2JY2swRuWhs1N7JeSKQbe42j4s3iV/zqbreLgH
fKvlrlAzLa8I9X5479nvrTDPjx5qNlYg+GerO7VF7XKCOE4V9hc5sjjUBJtMZx7t
dS16pOV8crYFCgTALikhnrJ0JfZxyOAOvnjaBUfyO17h6JnEEayrKYiLMInFcB9f
46naXuLTueFshxLcdFssBVuj1ftq8qS+Nv+YMVExga8Qp32wBklauZljqtlyZfS+
I1SCy/8Flo/I/rGJxiVjTEwVRFAaEx0KyfaaGuaRoWhR/65cGydYjTPZxFWR/bAx
pktHu5KK4UAF+9ZeVfvLxQpqgXfcYM43I+VJ1KHdXQ5noiInNmrPCOp6PY5+TAYS
wAYezah0Sys=
=ri5g
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------