Announcement

**velderia** · February 17, 2008, 17:05

Re: penetration testing tools

So my question is: when you think of pen testing, which tools are you thinking of?

Something that goes beyond the line of PG-13.

Sorry, I had to do it.

**DaKahuna** · February 17, 2008, 17:33

Re: penetration testing tools

Start with the list of Tools installed on BackTrack3

**Be0wolf** · February 17, 2008, 19:05

Re: penetration testing tools

Thanks DaKahuna, I'll have a look on their wiki after some hours of sleep!
While we are at it: these laws are partly based on the Cybercrime Convention drafted by the Council of Europe, the interesting part is in section 6, misuse of devices, including software, which are only intended to prepare or to commit a crime, aka "hacking"/"cracking".
This treaty has also been ratified by the USA in September 2006, and so far I haven't looked at current US legislation, but provided the situation is similar to the UK and Germany, I'm seriously wondering if we will still see the creation of similar tools such as Nessus, KisMAC or even simple proof of concepts, code snippets at all out in the wild in the future.
For the ones interested in some more reading:
http://conventions.coe.int/Treaty/EN...s/Html/185.htm
http://www.usdoj.gov/criminal/cybercrime/intl.html
Cheers

Beo

**Be0wolf** · February 18, 2008, 15:25

Re: penetration testing tools

My apologies for insisting, but does the rest of you agree to DaKahuna's referral to Backtrack, or is one of you convinced the list (unfortunately only for Version 2: http://wiki.remote-exploit.org/index.php/Tools ) is not complete and lacking THE tool?

**Deviant Ollam** · February 18, 2008, 15:30

Re: penetration testing tools

Originally posted by Be0wolf View Post

is one of you convinced the list ... is not complete and lacking THE tool?

are you referring to Nessus? because if i recall, there was some legal/licensing wrangling happening there and it was not included in BackTrack 2.

**theprez98** · February 18, 2008, 16:46

Re: penetration testing tools

Originally posted by Deviant Ollam View Post

are you referring to Nessus? because if i recall, there was some legal/licensing wrangling happening there and it was not included in BackTrack 2.

That is in fact the reason. Tenable's licensing of Nessus did not allow it to be mass distributed. However, it is easily installed manually.

**Be0wolf** · February 18, 2008, 16:46

Re: penetration testing tools

Yes, that was one of the tools I didn't see on the list and I also haven't seen tcpdump, but then again they might have replaced it by something more sophisticated... I have tested a number of those tools myself, but since I'm not using them on a regular basis I lost a bit track on the latest developments.
I just checked: Nessus 3 now requires registration and the acceptance of an EULA, and you need to pay dearly for the newest plugins! So no wonder it's not on the disc.

**DaKahuna** · February 19, 2008, 19:33

Re: penetration testing tools

Originally posted by Be0wolf View Post

Yes, that was one of the tools I didn't see on the list and I also haven't seen tcpdump, but then again they might have replaced it by something more sophisticated... I have tested a number of those tools myself, but since I'm not using them on a regular basis I lost a bit track on the latest developments.
I just checked: Nessus 3 now requires registration and the acceptance of an EULA, and you need to pay dearly for the newest plugins! So no wonder it's not on the disc.

tcpdump is not shown on the list but it is installed as a part of the SLAX OS. Simply type tcpdump at the command line as root and it will run with the default settings. If you prefer a GUI, Wireshark (formerly Ethereal) is in the tools list and performs pretty much all the functions as tcpdrump.

As for Nessus, thePrez98 was correct - it does install and there are even some pretty good tutorials on how to install at least two versions of Nessus on BackTrack. You can still effectively use Nessus without paying. You can get plug in updates for the free (as in beer) version but it is updated seven (7) days after the paid version. Unless a vulnerability you are interested in is a new one, I found not had any issues using the free version although for my "day job" I have a pay version on our internal network and another that is accessible from the Internet.

**Be0wolf** · February 20, 2008, 07:41

Re: penetration testing tools

Thanks for the tip, I'll try it out after I have handed in my paper in March.

**SarperDomain** · February 22, 2008, 05:32

Re: penetration testing tools

there is always the script kiddie s*** from packetstorm to look into

**xor** · February 22, 2008, 18:38

Re: penetration testing tools

Originally posted by Be0wolf View Post

Dear all,

I would like to compile a list of popular penetration testing tools, and of course I already did some research on various sites, but I am wondering if those lists I found are still up to date, for example the one over at sectools.org.
I'm currently writing a paper on recent or foreseen changes in the legislation in Germany and the UK, more specifically the so called "Hacker-Paragraph" 202c StGB in Germany, and a similar piece of legal code in the UK, an amendment to the Computer Misuse Act banning "hacking" tools.
A part of my paper will also look at currently popular pen testing tools and their usage in this new legal environment. Moreover I will have to take a look at the history of those tools, since one of the requirements of them being unlawful is the reason for their creation, meaning for pure testing purposes or "hacking"/"cracking".
So my question is: when you think of pen testing, which tools are you thinking of?
Thank you all in advance for your replies!

Beo

Opps never mind, didn't know the url changed my duh? I hate when there is no way to delete your own post .... :-(

xor

**TheCotMan** · February 22, 2008, 19:56

Re: penetration testing tools

Originally posted by xor View Post

Opps never mind, didn't know the url changed my duh? I hate when there is no way to delete your own post .... :-(

xor

We allow users to edit posts if they discover a mistake within 24 hours.

Allowing users to delete posts results in destruction of thread continuity, as users appear to reply to a post that does not exist.

Person A: "I like Defcon because of all the presentation, more than the games."
Person B: "Defcon is the worst convention in the world."
Person C: "I disagree, and you have probably never attended."

Now person B deletes their post to give us:
Person A: "I like Defcon because of all the presentation, more than the games."
Person C: "I disagree, and you have probably never attended."

Deletion of posts can ruin continuity.

Additionally, some people will look to, "revise history," if they become unhappy, or find themselves in an argument that cites their old content in examples of mistakes.

Disallowing deletion by users means that a users contributions may exist for all to see. Any knowledge, or lack of knowledge becomes history to be cited or referenced by anyone else.

Frankenstein voice: Deletion bad! Hurrrnnhnnnnn!

**Be0wolf** · February 23, 2008, 15:48

Re: penetration testing tools

Hello Xor,

never mind a changed URL, what was your idea concerning pen tools?
Thanks for your contribution.
Best

Beo

**xor** · February 23, 2008, 22:44

Re: penetration testing tools

I was sending you to http://www.insecure.org which is http://www.sectools.org. I always got to that list via the NMap site; so like I said DUH? Pointing and clicking one doesn't always pay attention to what is in the address bar.

xor

Announcement

penetration testing tools

penetration testing tools

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment