Penetration Testing mailing list archives
Re: List of "clickable" on-line pen-test tools
From: "David Ball" <lostinvietnam () hotmail com>
Date: Thu, 26 Jan 2006 09:43:09 +0800
Traceroute also helps determine filtering devices sitting between you and a target host/network. Once filtering devices such as routers and Firewalls have been identified/inferred and IP address or FQDN's determined the devices themselves can be fingerprinted and/or scanned for vulnerabilities. Router/Firewall ACLs can also be "walked" and then manipulated to push crafted packets through and allow mapping of hosts sitting behind the Firewall. See traceroute, traceroute -I, tcptraceroute, tcptrace, hping2/3 and Firewalk.how does traceroute help you with pen-test??
Alvin Oga <alvin.sec () Mail Linux-Consulting com> No Phone Info Available 01/25/2006 05:15 PM To "Ivan ." <ivanhec () gmail com> cc "Petr.Kazil () eap nl" <Petr.Kazil () eap nl>, pen-test () securityfocus com Subject Re: List of "clickable" on-line pen-test toolshi ya On Tue, 24 Jan 2006, Ivan . wrote: > A good online traceroute > > http://networking.ringofsaturn.com/Tools/traceroute.php how does traceroute help you with pen-test?? other than it telling you on the inside, how you got to the outside > > Here is my personal favorite list of on-line pen test tools: > > http://www.xs4all.nl/~kazil/testfiles/index.htm > > > > The idea is that you can sit at a customer's terminal and by just "clicking > > around" > > you can perform a quick assessment of the perimeter security and content > > scanning. do an "online update" and see how long ago since they'd maintained their boxes with "FREE" updates > > You don't need to install or run anything. Everyting runs from external > > (public) websites. always a good way to do things > > Do you have some of your own favorites to add to this list? too many to list, but to list in one line: http://Linux-Sec.net - find your favorite sites with: - these online scanners/tests are from outside public sites and intended to see how secure your client box is that you're sitting on and clicking away - online port scanners - online nessus scanners - online dns scanners - online apache scanners - online firewall testers - online open relay tests - online virus scanners of incoming virus ... on-n-on ... c ya alvin ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
_________________________________________________________________FREE English Booklet! Improve your English. http://www.linguaphonenet.com/BannerTrack.asp?EMSCode=MSN03-08ETFJ-0211E
------------------------------------------------------------------------------Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Re: List of "clickable" on-line pen-test tools David Ball (Jan 25)
- <Possible follow-ups>
- Re: List of "clickable" on-line pen-test tools David Ball (Jan 25)