Re: Need help in making penetration testing tool

From: killy (killfactory@gmail.com)
Date: Wed Jun 14 2006 - 13:21:19 EDT


Are you going to build an server/appliance?

You could I guess start your pentest/scanning tools from your
server/appliance which would have to be in the line of traffic. Maybe
between the firewall and perimeter router. Then once you find a
vulnerability you could have it trigger and script new ACL / Ip Chain
rule on your server/appliance to stop traffic to the target?
That would stop attacks from outside your network only.

That would be vulnerability assessment/IPS.

Based on something like that, you could I guess try exploits and based
on the results activate ACLs.

But think about this, It sounds like this is an automated tool you are
trying to create. It makes IMO more sense to continually 'scan' for
vulnerabilities and stop traffic and alert you, then it would to
continually run expolits on your production network and stop traffic
based on the results.

In other words, you could create havoc on your network if your were
running say, DOS expolits all day ;-)

Not to mention, possibly breaking functionality.

It is also, possible that I am missing your point altogether. ;-)

Good luck either way. It definately sounds very interesting.

On 6/11/06, baumgartner@oneconsult.com <baumgartner@oneconsult.com> wrote:
> Hi,
>
> Your idea of combining several functionalities is not so new. So called
> vulnerability management tools and systems (e.g. SkyBox) combine assessment
> tools like vulnerability scanners (e.g. Nessus, GFI Languard, Retina), port
> and network scanners (e.g. Nmap) with security patching funcionality.
>
> But the idea, to combine pen test tools with intrusion detection and
> prevention is knew (as far as I know). But I would not combine such
> functionalities because pen testing and IPS are following different
> approaches. A pen test searches for all (technical) security weaknesses and
> flaws in the target systems (configuration, firmware, os, applications,
> services in use, patching level, etc.). An IDP/IPS analyses the network
> traffic based on patterns.
>
> I would recommend to take a look at the open source tools nmap
> (www.nmap.org), nessus (www.nessus.org) and snort (www.snort.org) to have an
> idea of the complexity of state of the art security scanners and ids/ids.
> Maybe you might code a control cockpit for (open source) security scanners
> and idp/ips.
>
> Regards,
>
> Christoph Baumgartner
>
> --
> OneConsult GmbH
> IT Security & Strategic Consulting
> Christoph Baumgartner
> lic. oec. publ., OPST
> CEO
>
> Zürcherstrasse 73, 8800 Thalwil, Switzerland
> Tel.: +41 43 443 52 52 - Fax: +41 43 443 52 62
> baumgartner@oneconsult.com - www.oneconsult.com
>
>
> mh_omair@yahoo.com writes:
>
> > HEllo;
> > By the way l I am new to this list.... iam final year student of computer science...my final year project is a penetration testing tool.. actually we are trying to merge capabilites of both pen test tool and IPS(not just providing testing but remedies too).. i donot know if i
> > am thinking in wrong way....
> > I donot know where to start...please tell me some suggestion and resources that can help me in my project...right now i need good basics and then advance concept... i believe if i can pentrate a system than it would be easy to close that doors for others.
> >
> > Waiting for poistive response.....
> >
> > ------------------------------------------------------------------------------
> > This List Sponsored by: Cenzic
> >
> > Concerned about Web Application Security?
> > Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
> > Choice Award from eWeek. As attacks through web applications continue to rise,
> > you need to proactively protect your applications from hackers. Cenzic has the
> > most comprehensive solutions to meet your application security penetration
> > testing and vulnerability management needs. You have an option to go with a
> > managed service (Cenzic ClickToSecure) or an enterprise software
> > (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
> > help you: http://www.cenzic.com/news_events/wpappsec.php
> > And, now for a limited time we can do a FREE audit for you to confirm your
> > results from other product. Contact us at request@cenzic.com for details.
> > ------------------------------------------------------------------------------
> >
>
> ------------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security?
> Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
> Choice Award from eWeek. As attacks through web applications continue to rise,
> you need to proactively protect your applications from hackers. Cenzic has the
> most comprehensive solutions to meet your application security penetration
> testing and vulnerability management needs. You have an option to go with a
> managed service (Cenzic ClickToSecure) or an enterprise software
> (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
> help you: http://www.cenzic.com/news_events/wpappsec.php
> And, now for a limited time we can do a FREE audit for you to confirm your
> results from other product. Contact us at request@cenzic.com for details.
> ------------------------------------------------------------------------------
>
>

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:05 EDT