RE: All of the things you need to learn to be a pen-tester (Re: Pen t est basic needs)

From: dave kleiman (dave@isecureu.com)
Date: Sat Aug 06 2005 - 21:49:06 EDT


I use eeye's Retina and Iris products, and find them very helpful, although
I would use term compliment to Nessus for Retina, not replacement.

Dave

> -----Original Message-----
> From: Pigeon [mailto:fredit@charter.net]
> Sent: Saturday, August 06, 2005 15:07
> To: pen-test@securityfocus.com
> Subject: Re: All of the things you need to learn to be a
> pen-tester (Re: Pen t est basic needs)
>
> What do you'll think of Retina by Eeye for a vuln scanner?
>
> http://www.eeye.com/html/products/Retina/
>
> A good replacement for nessus?
>
>
> thanks
> Lee
>
>
> ----- Original Message -----
> From: "Matt Reid" <matthew@servepath.com>
> To: "Omar Herrera" <oherrera@prodigy.net.mx>;
> <pen-test@securityfocus.com>
> Sent: Friday, August 05, 2005 6:06 PM
> Subject: Re: All of the things you need to learn to be a
> pen-tester (Re: Pen t est basic needs)
>
>
> > Hi all,
> >
> > Here is a basic list of some progs to use for pen-testing.
> If anyone
> > wants to add some on here in the respective categories we
> could get a
> > really good list going for pen-testers!
> >
> > -Matt Reid
> >
> >
> > *Port Scanners*
> > Amap – versioning port scanner
> > NMap – general purpose port scanner
> > pPscan – proxy port scanner
> > *
> > Vuln Scanners*
> > Nessus – general vul. scanner
> > DNAscan – for ASP
> > Owa – Outlook Web
> > Nikto – http vulns
> >
> > *Brute Forcers & Crackers*
> > John the Ripper – password cracker
> > WlGen – word list generator
> > Hydra – multi-protocol authentication brute forcer
> >
> > *DNS enumeration*
> > Ghba – RDNS scanner
> > Dig – DNS lookup util
> > Nslookup – interactive name server query engine
> >
> > *Loggers*
> > Tcpdump – network traffic dumper
> > Ethereal – network traffic analyzer – use in conjunction
> with tcpdump
> > Kismet – wifi traffic analyzer
> >
> > *Dicts [to concat into larger file]*
> > Argon – 2GB dict file
> > Cracklib - another good one
> > Word.lst - word list
> >
> > *Trojans & Rootkits*
> > BackOrifice - Back Orifice is not a virus. It is in essence
> a remote
> > administration tool.
> > LRK – Linux-kernel Root Kit
> > Netbus - NetBus runs under the NT operating system as well
> as Win95/98
> >
> > *Firewall Throughpass*
> > Firewalk – trace packets through firewall filters
> >
> >
> >
> ----------------------------------------------------------------------
> > -------- FREE WHITE PAPER - Wireless LAN Security: What
> Hackers Know
> > That You Don't
> >
> > Learn the hacker's secrets that compromise wireless LANs.
> Secure your
> > WLAN by understanding these threats, available hacking tools and
> > proven countermeasures. Defend your WLAN against man-in-the-Middle
> > attacks and session hijacking, denial-of-service, rogue
> access points,
> > identity thefts and MAC spoofing. Request your
> complimentary white paper at:
> >
> > http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
> >
> ----------------------------------------------------------------------
> > ---------
> >
>
>
> --------------------------------------------------------------
> ----------------
> FREE WHITE PAPER - Wireless LAN Security: What Hackers Know
> That You Don't
>
> Learn the hacker's secrets that compromise wireless LANs.
> Secure your WLAN by understanding these threats, available
> hacking tools and proven countermeasures. Defend your WLAN
> against man-in-the-Middle attacks and session hijacking,
> denial-of-service, rogue access points, identity thefts and
> MAC spoofing. Request your complimentary white paper at:
>
> http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
> --------------------------------------------------------------
> -----------------
>
>
>

------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:42 EDT