Penetration Testing mailing list archives

Re: Tools to use for Penetration Testing?

From: Todd Haverkos <infosec () haverkos com>
Date: Fri, 12 Sep 2008 02:50:35 -0500

"Chip Panarchy" <forumanarchy () gmail com> writes:

Hello

I am interested in getting started as a white hat hacker/pen tester.

I would like to know what tools I should get familiar with, and be
able to use to be a pen-tester.

I only know of a few at the moment, and of them, I only use 2 (NMap
and Wireshark).

Can I please receive recommendations on tools to use?


Hi Chip, 

If you want a one line answer, nmap, dig, Nessus, metasploit,
wireshark, ettercap, cain & Abel, rainbow crack, john, pwdump, kismet,
snort (not that it's a pentest tool, but stimulates learning),
webscarab make for a list for learning.

There's a great live Linux CD distribution out there called Backtrack
3 that's loaded with goodies.  Penetration testing involves a ton of
different tools, and the toolset evolves with the new technologies
that come out, and as new attacks are invented.  Backtrack has a huge
number of those tools, and the price is certainly attractive (free).
        http://www.remote-exploit.org/backtrack.html
There  are about 300 tools on Backtrack.  They're listed on their wiki
here: 
      http://wiki.remote-exploit.org/index.php/Tools


As for another list with details/screenshots of use and c commentary,
if you would overlook a shameless plug, there's actually a chapter in
a book I recently contributed a chapter to that you'd probably be
interested in.  Chapter 5 "The hacking top 10" of this title

         UNIX and Linux Forensic Analysis DVD Toolkit
         http://www.amazon.com/UNIX-Linux-Forensic-Analysis-Toolkit/dp/1597492698

PS: I am currently in training towards my CCNA and (maybe) MCSE.


If your goal is a career in information security, these certifications
may not be the best use of limited time and funds, though the
knowledge you'll gain in attaining those will certainly be useful.  As
pen testing requires a very broad vendor-agnostic knowledge of
networking and operating systems, knowing the business end of Cisco
networking equipment and Microsoft products is certainly a
prerequisite, but since both certs are vendor driven, they aren't
really lingua franca to pen testers.  On the other hand they certainly
won't hurt you.

I'd encourage you to get involved with your local defcon or 2600
chapter to stimulate your thinking and knowledge.  Maybe OWASP has a
chapter in your town with meetings and presentations.  The annual
Defcon conference itself is a great low budget way to immerse yourself
in hacking thoughts and techniques, held each summer in steamy heat of
Vegas.  defcon.org.

As for infosec certs--setting aside the valid debate as to whether
certs mean anything--the CEH from EC-Council is a gateway drug of
sorts and is an entry level certification in infosec you might want to
consider.

The SANS courses and associated GIAC certs (sans.org
http://www.giac.org/certifications/) are well esteemed and they offer
a wide range of tracks.  You'd probably be most interested in Security
401 and Security 504 courses and related certs. 

CISSP from ISC is probably the best known security cert out there. If
nothing else, those 5 letters makes a solid search term for
experienced information security jobs.  To attain it you need someone
to attest that you are experienced in the security field, which you
aren't currently.  It's extremely broad in scope, and periodically
miles deep.  If you want to get started in the biz it's something to
be aware of and good material to start soaking in, if for no other
reason to be able to converse in common terms.  The Shon Harris CISSP
exam guide wouldn't be bad to add to the bookshelf.  Currently it's in
its 4th edition. 

Hope that helps get you started! 

Best Regards, 
--
Todd Haverkos, LPT CEH MsCompE
http://haverkos.com/

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

Current thread:

Tools to use for Penetration Testing? Chip Panarchy (Sep 10)
- Message not available
  - Re: Tools to use for Penetration Testing? Chip Panarchy (Sep 12)
    - RE: Tools to use for Penetration Testing? Shenk, Jerry A (Sep 13)
    - Re: Tools to use for Penetration Testing? J. Oquendo (Sep 14)
- RE: Tools to use for Penetration Testing? Ardian Silvano (Sep 12)
- Re: Tools to use for Penetration Testing? Thorgul (Sep 12)
- RE: Tools to use for Penetration Testing? Veal, Richard (Sep 12)
- RE: Tools to use for Penetration Testing? Rivest, Philippe (Sep 12)
- Re: Tools to use for Penetration Testing? Todd Haverkos (Sep 12)
- <Possible follow-ups>
- Re: Tools to use for Penetration Testing? Jon Kibler (Sep 12)
- Re: Tools to use for Penetration Testing? Nikhil Wagholikar (Sep 12)
- Tools to use for Penetration Testing? christopher . riley (Sep 12)
- Re: Tools to use for Penetration Testing? philip . finn (Sep 12)