Re: All of the things you need to learn to be a pen-tester (Re: Pen t est basic needs)

From: Nick Waringa (nwaringa@gmail.com)
Date: Tue Aug 09 2005 - 09:02:08 EDT


Dsniff might also be a good addition. Most high usage tools aregenerally listed on Pen-Test CD's like Whax, Knoppix-STD, and Auditor.
Good basic lists are here: http://portsonline.net/whaxlist.htmlhttp://www.knoppix-std.org/tools.htmlhttp://new.remote-exploit.org/index.php/Auditor_toolshttp://www.insecure.org/tools.html
I would submit that all of these cd's have configurations that differso carrying all three, learning one better than the others....orideally creating or modifying your own liveCD would probably be thebest.
Regards,Nick
On Mon Aug 08 13:41:19 GMT+10:00 2005, richard <barbarian@cryptomail.org> wrote:> U will probably need to "morphine" your evil apps before you run them on an AV protected machine - download morphine from hxdef.org; might as well pick up a copy of hf's rootkit while your there...> Richard> - every1 say: "thankyou HF!"> -----Original Message-----> From: Matt Reid [mailto:matthew@servepath.com]> Sent: Saturday, 6 August 2005 8:06 AM> To: Omar Herrera; pen-test@securityfocus.com> Subject: Re: All of the things you need to learn to be a pen-tester (Re: Pen t est basic needs)> Hi all,> Here is a basic list of some progs to use for pen-testing. If anyone> wants to add some on here in the respective categories we could get a> really good list going for pen-testers!> -Matt Reid> *Port Scanners*> Amap – versioning port scanner> NMap – general purpose port scanner> pPscan – proxy port scanner> *> Vuln Scanners*> Nessus – general vul. scanner> DNAscan – for ASP> Owa – Outlook Web> Nikto – http vulns> *Brute Forcers & Cr
ackers*> John the Ripper – password cracker> WlGen – word list generator> Hydra – multi-protocol authentication brute forcer> *DNS enumeration*> Ghba – RDNS scanner> Dig – DNS lookup util> Nslookup – interactive name server query engine> *Loggers*> Tcpdump – network traffic dumper> Ethereal – network traffic analyzer – use in conjunction with tcpdump> Kismet – wifi traffic analyzer> *Dicts [to concat into larger file]*> Argon – 2GB dict file> Cracklib - another good one> Word.lst - word list> *Trojans & Rootkits*> BackOrifice - Back Orifice is not a virus. It is in essence a remote> administration tool.> LRK – Linux-kernel Root Kit> Netbus - NetBus runs under the NT operating system as well as Win95/98> *Firewall Throughpass*> Firewalk – trace packets through firewall filters> ------------------------------------------------------------------------------> FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't> Learn the hacker's secrets that compromise wireless LANs. Secure your> WLAN b
y understanding these threats, available hacking tools and proven> countermeasures. Defend your WLAN against man-in-the-Middle attacks and> session hijacking, denial-of-service, rogue access points, identity> thefts and MAC spoofing. Request your complimentary white paper at:> http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801> -------------------------------------------------------------------------------> > > !+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+> CryptoMail provides free end-to-end message encryption.> http://www.cryptomail.org/ Ensure your right to privacy.> Traditional email messages are not secure. They are sent as> clear-text and thus are readable by anyone with the motivation> to acquire a copy.> !+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+> > > ------------------------------------------------------------------------------> FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't> > Learn the hacker's secrets that compromise wireless LANs.
Secure your> WLAN by understanding these threats, available hacking tools and proven> countermeasures. Defend your WLAN against man-in-the-Middle attacks and> session hijacking, denial-of-service, rogue access points, identity> thefts and MAC spoofing. Request your complimentary white paper at:> > http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801> -------------------------------------------------------------------------------> >



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:43 EDT