Penetration Testing mailing list archives
RE: Exploit Repositories and Due Diligence
From: "Leandro Reox" <lmet5on () fibertel com ar>
Date: Fri, 10 Jun 2005 02:22:00 -0200
Jeff, I think that the source of the exploits you use is the most important thing If you don't code it, its important to review de code and to know that the exploit its really ested and comes from a trusted place ( Like securityfocus, k-otik, etc). A lot of pen-testing distros like F.I.R.E , whoopix, PHLACK, etc are a good repository. But I recommend always setup a Testing environment (if you don't have al architectures or platforms to probe, just mount a few virtual machines :D ) and test the exploit you download for yourself, its always a good practice. Like some people says, if you don't code you really don't know it. CHeers -----Original Message----- From: Jeff [mailto:jb () jbware net] Sent: Thursday, June 09, 2005 11:20 PM To: pen-test () securityfocus com Subject: Exploit Repositories and Due Diligence I have a question regarding the use of exploit repositories (including projects like Metaploit, and compliations on bootable distros like Whoppix). With all of the large exploit repositories used to make pen testing faster and easier, what methods do you use to ensure you've done your due diligence in not unleashing something actually harmful on your clients? I have my own thoughts, such as googling and superficial|deep code reviews, but ultimately my concern is over the malcious hiding of intentions. Thanks for any insights and suggestions. - Jeff
Current thread:
- RE: SQL injection Todd Towles (Jun 09)
- <Possible follow-ups>
- Re: SQL injection Davi Ottenheimer (Jun 09)
- RE: SQL injection Bénoni MARTIN (Jun 09)
- Re: RE: SQL injection travis . barlow (Jun 09)
- RE: SQL injection Ofer Shezaf (Jun 09)
- RE: SQL injection Hecber Cordova (Jun 09)
- Exploit Repositories and Due Diligence Jeff (Jun 09)
- RE: Exploit Repositories and Due Diligence Leandro Reox (Jun 09)
- RE: Exploit Repositories and Due Diligence Sahir Hidayatullah (Jun 10)
- RE: Exploit Repositories and Due Diligence Carl Tucker (Jun 14)
- RE: Exploit Repositories and Due Diligence Carl Tucker (Jun 20)
- RE: SQL injection Hecber Cordova (Jun 09)
- Re: SQL injection Tim (Jun 09)
- Re: SQL injection James Riden (Jun 09)
- RE: SQL injection Leandro Reox (Jun 09)
- RE: SQL injection Todd Towles (Jun 09)
- RE: SQL injection Leandro Reox (Jun 10)
- Re: SQL injection Hernán M . Racciatti (Jun 10)
- Re: SQL injection DokFLeed (Jun 10)
- RE: SQL injection Leandro Reox (Jun 10)