Penetration Testing mailing list archives

RE: Pen Test Basic Needs

From: "Stephane Auger" <sauger () pre2post com>
Date: Fri, 15 Jul 2005 14:22:24 -0400

Let's say that it's not zero knowledge, but close.  Only the information
to get to the entry points, and that's it.  I want to figure out as much
as possible by myself.

As for the methodology, I guess the links and documents everyone has
sent me so far should be much help for that.  

 

-----Original Message-----
From: Kyle Maxwell [mailto:krmaxwell () gmail com] 
Sent: July 15, 2005 1:54 PM
To: Stephane Auger
Cc: pen-test () securityfocus com
Subject: Re: Pen Test Basic Needs

On 7/14/05, Stephane Auger <sauger () pre2post com> wrote:

1) If you had to do a pen-test, what type of information would you

need to begin with? External IP? Web site name? Anything else I'm
forgetting?

Depends on what the client wants -- is this 'zero knowledge'? What's
fair game? This is part of the scope determination.

2) What tools would you use for the pen-test? Nessus, Snort,

Cain&Abel. Anything else that would be useful?

Not really sure what use Snort would be. That said, you should first
have a basic methodology for the test (footprint, enumeration, etc.),
and *that* will drive your tools. Putting the tools ahead of the
process is asking for trouble.

-- 
Kyle Maxwell
http://caffeinatedsecurity.com
[krmaxwell () gmail com]

Current thread:

Pen Test Basic Needs Stephane Auger (Jul 14)
- Re: Pen Test Basic Needs Kyle Maxwell (Jul 15)
- <Possible follow-ups>
- RE: Pen Test Basic Needs Stephane Auger (Jul 15)
- Re: Pen Test Basic Needs Security Professional (Jul 15)
- RE: Pen Test Basic Needs Stephane Auger (Jul 15)
- Re: Pen Test Basic Needs Saint Anthony (Jul 16)