Penetration Testing mailing list archives
Re: Tool kit assembly
From: Dave Ryan <dave.ryan () eircom net>
Date: Wed, 25 Jul 2001 20:40:24 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
It look's like I will need to do some penetration test for the organization I work for in the not-to-distant-future. The problem is, I do not really know where to begin as far as what programs would be appropriate. The organization I work for is currently just a Microsoft shop with very-few non MS services/programs made available to the masses.
If you are new to the penetration testing arena (seems you are) its best to get an overview of what is entailed in real penetration tests. A good place to start is the open source security testing methodology manual lcoated at:: http://www.ideahamster.org or http://uk.osstmm.org/osstmm.htm This might be a bit too much information for a beginner but it is definitely useful none the less. It should put things in perspective for you. At the end of the day it comes down to understanding of the methodologies you choose to employ and experience in doing so.
And here begins my request... I was wondering if anyone on this list could give me recommendations of programs or websites that would be useful for someone (such as myself) who is creating a 'tool kit'. With the wide array of programs available, I'd like to avoid getting programs that are not up to par. commercial or non-commercial is fine.
The OSSTMM provides a listing of tools applicable to certain aspects of performing a penetration test. Another useful source of consolidated tools is located at: http://www.networkintrusion.co.uk Just to stress (as I am sure more followups will) a penetration test isn't something as simple as running a few tools which are provided via open source or indeed purchased from a commercial supplier. Still they are a good place to start and will no doubt be useful as your own experience increases. I'm sure some people will argue that an effective penetration test should be performed by a "professional" in that area, everyone has to start somewhere (just make sure that your company understands that much at least). Good luck. - -- Dave Ryan Computer Incident Response Team dave.ryan () eircom net Eircom Multimedia -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (OpenBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjtfIKIACgkQHSjBCI+q2yIDGACfW1x4xeXy6b9ml1x8qk/PpLE7 DHUAnidPXMBsJXLYGDF0ihRKByVMUNVP =8rQ3 -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Tool kit assembly Eric R. Van Skike (Jul 25)
- Re: Tool kit assembly Nicolas Gregoire (Jul 25)
- Re: Tool kit assembly Jonathan Rickman (Jul 26)
- Re: Tool kit assembly Dave Ryan (Jul 25)
- Re: Tool kit assembly seclists (Jul 26)
- Re: Tool kit assembly DA Smith (Jul 29)
- <Possible follow-ups>
- RE: Tool kit assembly Coffey, Christopher S. (Jul 25)
- RE: Tool kit assembly Sean Knox (Jul 26)
- Re: Tool kit assembly xbud (Jul 26)
- RE: Tool kit assembly Petruzel, Oliver (Jul 26)
- Re: Tool kit assembly Nicolas Gregoire (Jul 25)