Home page logo
/

pen-test logo Penetration Testing mailing list archives

Tools to use for Penetration Testing?
From: christopher.riley () r-it at
Date: Thu, 11 Sep 2008 08:49:05 +0200

It's hard to give a list of definitive tools because the base toolset is 
so large and always changing.

I'd say the best bet would be to become familiar with Linux and the built 
in tools (i.e. Netcat, tcpdump, etc) before moving onto things like 
Nessus/openVAS and maybe Metasploit (once you understand what the exploits 
do). Spending some time understanding the underlying protocols stack and 
how DNS, TCP/UDP, ICMP work helps a lot as well (playing about with HPING 
and tcpdump helps to learn this as you can send packets and see what goes 
out and comes back in).

Also check out the various methodologies to get an overview on the 
penetration testing process (OSSTMM or NIST 800-42 for example).

http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html is also a 
good resource.

Chris



pen-test-return-1078487087 () securityfocus com 
Gesendet von: listbounce () securityfocus com
11.09.2008 01:34

An
pen-test () securityfocus com
Kopie

Thema
Tools to use for Penetration Testing?






Hello

I am interested in getting started as a white hat hacker/pen tester.

I would like to know what tools I should get familiar with, and be
able to use to be a pen-tester.

I only know of a few at the moment, and of them, I only use 2 (NMap
and Wireshark).

Can I please receive recommendations on tools to use?

Thanks in advance,

Chip Panarchy

PS: I am currently in training towards my CCNA and (maybe) MCSE.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------




----------------------------------------
Raiffeisen Informatik GmbH, Firmenbuchnr. 88239p, Handelsgericht Wien, DVR 0486809, UID ATU 16351908

Der Austausch von Nachrichten mit oben angefuehrtem Absender via E-Mail dient ausschliesslich Informationszwecken. 
Rechtsgeschaeftliche Erklaerungen duerfen ueber dieses Medium nicht ausgetauscht werden. 
Correspondence with above mentioned sender via e-mail is only for information purposes. This medium may not be used for 
exchange of legally-binding communications.
----------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault