HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 16 guests and 3 members online
EH-Net Donations

Enter Amount:
$
Google Ads
EH-Net News Feeds
Latest Additions
Book Recommendations



 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Pentration Test Framework
Ethical Hacker Community Forums
January 08, 2009, 12:13:04 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: ChicagoCon 2-Day Ethical Hacking Conference with MS Blue Hats Oct 31 - Nov 1. Tickets Only $100! www.chicagocon.com/content/view/103/51/
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Pentration Test Framework  (Read 1592 times)
0 Members and 1 Guest are viewing this topic.
toggmeister
Newbie
*
Offline Offline

Posts: 22


View Profile
« on: September 17, 2008, 02:36:23 PM »
Hi,
I put together this and slowly add updates to help people out and as a reminder/ resource for myself and others when away on task. Syntax, links to tools to download and try and links to good resources when you are testing a network.

Basically I'm after :

Opinions on the way forward for the framework
New input

This will progress this so the community as a whole can benefit, its what I intended this for.

Really looking for any input whether it be extra ports in the format I've tried to keep throughout or somebody wanting to add a whole new section devoted to one particular application of area.  I'm also trying to expand my skills on research of targets i.e. information leakage, social networking links, any cool tools and sites that could help in this, we all need to learn.


You can view it from:

http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html

Its about a meg in size, lots of content.

I originally did this using freemind and I have the source available for anyone also, plus pdf on the site if they need it.

Hope this has proved useful to a few of you.

Rgds

Toggmeister
Logged
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 2435


Editor-In-Chief


View Profile WWW
« Reply #1 on: September 17, 2008, 04:15:07 PM »
Thanks for the post. In fact, we should thank you. Your work has been mentioned on this site a few times, and I've seen it elsewhere. It has slowly made its way into courseware, articles, talks at conferences, and more.

I'm sure we can find at least a few EH-Netters to help.

PM me, and maybe there are other ways we can help.

Thanks for joining,
Don
Logged
CISSP, MCSE, CEH, Security+ SME
NickFnord
Newbie
*
Offline Offline

Posts: 47



View Profile WWW
« Reply #2 on: September 18, 2008, 05:07:19 AM »
This is really great!  it needs a lot of work still, but it's great as just a brain dump like you've mentioned.

I havn't gone through every tool linked religiously, but have you included everything mentioned in Fyodor's top 100 tools list here?


there also appears to be a spelling mistake here:
"pentest mokney.net"  should be monkey...... I know, it's a stupidly trivial thing and I'm ashamed for even pointing it out. 
Logged
vijay2
Full Member
***
Offline Offline

Posts: 134


View Profile
« Reply #3 on: September 18, 2008, 08:07:03 AM »
Togg,

Welcome to the forum, and thanks for the post. I am sure you will hear a lots of good feedback about work, which is great and sure has made to one of the top Pen testing methodologies and is mentioned in a few course wares.

I  have had glanced thought it but have never used it exclusively. I will look into it in more detail and if I have i will let you know,

Thanks

VJ
Logged
GPEN GCIH CISSP CISA GSEC OSCP C|EH Security+
toggmeister
Newbie
*
Offline Offline

Posts: 22


View Profile
« Reply #4 on: September 18, 2008, 02:36:02 PM »
Quote from: NickFnord on September 18, 2008, 05:07:19 AM
This is really great!  it needs a lot of work still, but it's great as just a brain dump like you've mentioned.

Any areas you would suggest that need the work?
 
I havn't gone through every tool linked religiously, but have you included everything mentioned in Fyodor's top 100 tools list here?

Not included the top 100 (about 50 though  Wink)for a number of reasons:

Top 100 already now a year out of date
Some tools are deprecated (superscan/ pwdump (although still useful in some scenarios))
Retina/ ISS are pay and I prefer GFI and Nessus with web app and database scanners for custom apps (and manual testing also of course  Grin)
Sara again, I believe Nessus totally kills from extensibility angle.
A number of tools have similar functionality i.e Paros and Webscarab (matter of choice which u chose or how about burpsuite?)
Want the framework to be practical not a general link listing, can go to sectools for that  Wink

Thats my reasoning behind what I have put together with some help from a couple of others in certain sections along the way

Hope that answers the post.

Togg
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.7 | SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.047 seconds with 24 queries.
 
Sponsors

cwnp_moto__120x90.gif

Polls
How many security events including conferences and training do you attend a year:
 
Support EH-Net

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.
cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!
Recent Forum Topics
Vote For EH-Net

progenic.com
Click here to Vote!

binarica.com
Binarica Logo

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2009 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.