Penetration Testing mailing list archives
Re: documentation/snapshot tool for pentest
From: Drew <simonis () myself com>
Date: Mon, 08 Apr 2002 09:49:14 -0400
Siebenkaes Stefan wrote:
Hi, I am doing a lot of "pen tests" (in better words: port scans), mostly on web-servers. The tests are not very deep, but I have to scan a lot of servers. I do that with nessus and a host list. Actually I am looking for a tool to do a snapshot of any webserver before and after the scans, including the browser-frames and menus, as an enduser view (NOT my idea). I am scripting a lot and it gives me a pain... Is there any documentation tool for "here is the hostlist, take a webbrowser-snapshot and put it into a filesystem/database/..." ???
I would look into rolling your own with something like Perl and the LWP family of modules, but I find it hard to imagine a need to look at the static content of a website. Much more interesting, as you probably know, is the behavior of the dynamic stuff in the site. Seems you may have misguided management. It might be more beneficial to spend the energy level setting as opposed to bowing to such odd requests.
Well, the reports with an actual snapshot of a tested website really look cool and give you a great lobby in meetings with management, I underestimated that for a long time... (INCLUDING the "was it still OK after the scan"-question :-) Any hints appreciated,
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- documentation/snapshot tool for pentest Siebenkaes Stefan (Apr 06)
- Re: documentation/snapshot tool for pentest Drew (Apr 08)
- RE: documentation/snapshot tool for pentest Benjamin Tomhave (Apr 09)
- Re: documentation/snapshot tool for pentest Drew (Apr 08)