Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] First step of a pen-test
From: "Teicher, Mark" <mark.teicher () NETWORKICE COM>
Date: Tue, 19 Sep 2000 09:29:14 -0700


Let's start over again.

If you are given the the network domain name, one can start putting
together an initial network footprint.

ARIN database http://www.arin.net/whois/
Securities and Exchange Commission(SEC) http://www.sec.gov/
WHOIS database http://www.networksolutions.com

PhoneSweep by Sandstorm http://www.sandstorm.net
THC http://www.infowar.co.uk/thc/
ToneLoc http://www.hackersclub.com/km/files/pfiles/Tl110.zip

Network Mapper (Nmap) http://www.insecure.org/nmap
CyberCop Scanner 5.5 by NAI http://www.nai.com
Internet Scanner by ISS http:/www.iss.net
WebTrends Security Analyzerby WebTrends http://www.webtrends.com
ESM  www.axent.com

At 02:38 PM 9/18/00 -0400, Christopher M. Bergeron wrote:
What is the industry norm for _beginning_ a pen-test after the contract
has been made?  Would one first map the network?  Try to war-dial the
exchange for possible remote (pcanywhere, etc). access machines?  VRFY
email addresses to look for user logins?  Is it typical to ask for
information about the network (ie. network architecture) beforehand or do
most pen-tests start "blindly" and do the network reconnaissance.

Thanks to anyone who addresses even one of my many questions.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]