Penetration Testing mailing list archives
RE: The Ultimate Toolkit...
From: "Pete Herzog" <pete () isecom org>
Date: Fri, 7 May 2004 11:46:14 +0200
Hi, I think this really depends on your goal, doesn't it? You've mixed a few things here and it looks like you're MSWindows focused (plus Knoppix for the Linux tools you need). While it's a "fun" question, I think it's probably a little too open-ended. I think there are a few others looking to answer a similar question. Although there are many good such LiveCD and LiveDisk releases: http://www.linuxlinks.com/Distributions/LiveCD/. I like what Local Area Security is doing (localareasecurity.com) with their Linux on CD release and they're very receptive to improvements. Actually, we're trying to find more help for them to do some interesting things. I would like to have their little distro for use in our Hacker Highschool Project. Anyway, in this toolkit format, I would like to see: 1. The distro have a running DB which collects tool outputs from all the tools it contains, meaning it has tables to support them by default. 2. The distro contain the Mosix kernel patch so I can use it for distributed computing regardless of the other systems around me for password cracking and other cpu-intensive activities like datamining the document grinding output. 3. Ability to use and update things from my choice location like nessus plug-ins, SAINT and SARA updates, Nikto updates, virus signatures, snort sigs, etc. 4. The ability to make mini versions of itself on the fly (like boot disk or USB key) for harnessing the power of PCs without CD drives. 5. The ability to save data to a USB key, disk, or alternative location on the network for data correlation (especially if used as localized NIDS within a large network for forensic tracking). 6. Access to an online exploit database (or to tell it where to find one). 7. Honeynet AND Honeytoken capabilities using a ram drive or external source to look local. So I can boot up a honeypot on some network machine and have it point to a load of honeytoken Excel sheets, memos, or warez we can track through the IDS somewhere on the network or Internet but it looks like it is coming from the honeypot. And more but I don't have the list in front of me.... Most of the tools I am looking for would be the kind that you'll find on most top 50 tools lists but what's important is that I have the ability to create, send, and receive any type of packets, do local and network forensics, do local and network intrusion detection, create exploits, compile new tools, run Windows tools (WINE enabled?), and facilitate my analysis as much as my data collection and testing. These Live distros are interesting tools but they need to get more creative and start being building blocks for the pen testers to be creative with. Perhaps we'll be looking at "LiveDVDs" but then again, why not? They ae just as easily burned and passed around (but downloading might take a little while). Sincerely, -pete. Pete Herzog, Managing Director Institute for Security and Open Methodologies www.isecom.org - www.osstmm.org www.hackerhighschool.org - www.isestorm.org
-----Original Message----- From: Mark Melonson [mailto:blindtechie () yahoo com] Sent: Thursday, May 06, 2004 22:46 PM To: pen-test () securityfocus com Subject: The Ultimate Toolkit... Hi all, I'm researching tools, and would like input on, what would be your ultimate toolkit be. I'm attempting to put together some resources! Be as specific as possible. I'm looking for tools that are somewhat portable i.e.: can be put on a CD and used w/o an install. For all platforms... My list: (OS Independant): -- Knoppix-STD (Windows): -- ntchpw [bootdisk] - NetCat (duh!) - RegAgeR (Automated enumeration and exploitation against weak Registries) - Scanline - Fpipe - Fport - Achilles __________________________________ Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs http://hotjobs.sweepstakes.yahoo.com/careermakeover ------------------------------------------------------------ ------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_trai
ning.html ---------------------------------------------------------------------- --------- ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- The Ultimate Toolkit... Mark Melonson (May 06)
- Re: The Ultimate Toolkit... Max (May 07)
- Re: The Ultimate Toolkit... a arse (May 07)
- Re: The Ultimate Toolkit... Andrew Simmons (May 07)
- Re: The Ultimate Toolkit... easternerd (May 07)
- RE: The Ultimate Toolkit... Pete Herzog (May 07)
- Re: The Ultimate Toolkit... Clint Bodungen (May 07)
- Re: The Ultimate Toolkit... Konstantin Gavrilenko (May 10)
- Message not available
- Re: The Ultimate Toolkit... Konstantin Gavrilenko (May 11)
- enumeration of SQL column names failed when a column is of type "bit" Chan Fook Sheng (May 12)
- Re: enumeration of SQL column names failed when a column is of type "bit" Thor (May 12)
- Message not available
- <Possible follow-ups>
- RE: The Ultimate Toolkit... Holmes, Brian (May 07)
- RE: The Ultimate Toolkit... vruy () chez com (May 07)
- RE: The Ultimate Toolkit... Lepich, Jesse A Mr GLWACH (May 07)
- RE: The Ultimate Toolkit... Steven A. Fletcher (May 07)