Penetration Testing mailing list archives
Re: All of the things you need to learn to be a pen-tester (Re: Pen t est basic needs)
From: Nick Waringa <nwaringa () gmail com>
Date: Tue, 9 Aug 2005 09:02:08 -0400
Dsniff might also be a good addition. Most high usage tools are generally listed on Pen-Test CD's like Whax, Knoppix-STD, and Auditor. Good basic lists are here: http://portsonline.net/whaxlist.html http://www.knoppix-std.org/tools.html http://new.remote-exploit.org/index.php/Auditor_tools http://www.insecure.org/tools.html I would submit that all of these cd's have configurations that differ so carrying all three, learning one better than the others....or ideally creating or modifying your own liveCD would probably be the best. Regards, Nick On Mon Aug 08 13:41:19 GMT+10:00 2005, richard <barbarian () cryptomail org> wrote:
U will probably need to "morphine" your evil apps before you run them on an AV protected machine - download morphine from hxdef.org; might as well pick up a copy of hf's rootkit while your there... Richard - every1 say: "thankyou HF!" -----Original Message----- From: Matt Reid [mailto:matthew () servepath com] Sent: Saturday, 6 August 2005 8:06 AM To: Omar Herrera; pen-test () securityfocus com Subject: Re: All of the things you need to learn to be a pen-tester (Re: Pen t est basic needs) Hi all, Here is a basic list of some progs to use for pen-testing. If anyone wants to add some on here in the respective categories we could get a really good list going for pen-testers! -Matt Reid *Port Scanners* Amap – versioning port scanner NMap – general purpose port scanner pPscan – proxy port scanner * Vuln Scanners* Nessus – general vul. scanner DNAscan – for ASP Owa – Outlook Web Nikto – http vulns *Brute Forcers & Crackers* John the Ripper – password cracker WlGen – word list generator Hydra – multi-protocol authentication brute forcer *DNS enumeration* Ghba – RDNS scanner Dig – DNS lookup util Nslookup – interactive name server query engine *Loggers* Tcpdump – network traffic dumper Ethereal – network traffic analyzer – use in conjunction with tcpdump Kismet – wifi traffic analyzer *Dicts [to concat into larger file]* Argon – 2GB dict file Cracklib - another good one Word.lst - word list *Trojans & Rootkits* BackOrifice - Back Orifice is not a virus. It is in essence a remote administration tool. LRK – Linux-kernel Root Kit Netbus - NetBus runs under the NT operating system as well as Win95/98 *Firewall Throughpass* Firewalk – trace packets through firewall filters ------------------------------------------------------------------------------ FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 ------------------------------------------------------------------------------- !+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+ CryptoMail provides free end-to-end message encryption. http://www.cryptomail.org/ Ensure your right to privacy. Traditional email messages are not secure. They are sent as clear-text and thus are readable by anyone with the motivation to acquire a copy. !+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+ ------------------------------------------------------------------------------ FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 -------------------------------------------------------------------------------
Current thread:
- Re: All of the things you need to learn to be a pen-tester (Re: Pen t est basic needs), (continued)
- Re: All of the things you need to learn to be a pen-tester (Re: Pen t est basic needs) Omar Herrera (Aug 05)
- Re: All of the things you need to learn to be a pen-tester (Re: Pen t est basic needs) s0u1d13r s0u1d13r (Aug 06)
- Re: All of the things you need to learn to be a pen-tester (Re: Pen t est basic needs) Matt Reid (Aug 06)
- What are some good sources to keep me up top :) ? Pigeon (Aug 06)
- Re: What are some good sources to keep me up top :) ? Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Aug 07)
- Re: What are some good sources to keep me up top :) ? AdamT (Aug 07)
- Re: What are some good sources to keep me up top :) ? Pigeon (Aug 07)
- Re: All of the things you need to learn to be a pen-tester (Re: Pen t est basic needs) Omar Herrera (Aug 05)
- Re: All of the things you need to learn to be a pen-tester (Re: Pen t est basic needs) Nick Waringa (Aug 09)