Announcement

Collapse
No announcement yet.

penetration testing tools

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • penetration testing tools

    Dear all,

    I would like to compile a list of popular penetration testing tools, and of course I already did some research on various sites, but I am wondering if those lists I found are still up to date, for example the one over at sectools.org.
    I'm currently writing a paper on recent or foreseen changes in the legislation in Germany and the UK, more specifically the so called "Hacker-Paragraph" 202c StGB in Germany, and a similar piece of legal code in the UK, an amendment to the Computer Misuse Act banning "hacking" tools.
    A part of my paper will also look at currently popular pen testing tools and their usage in this new legal environment. Moreover I will have to take a look at the history of those tools, since one of the requirements of them being unlawful is the reason for their creation, meaning for pure testing purposes or "hacking"/"cracking".
    So my question is: when you think of pen testing, which tools are you thinking of?
    Thank you all in advance for your replies!

    Beo

  • #2
    Re: penetration testing tools

    So my question is: when you think of pen testing, which tools are you thinking of?
    Something that goes beyond the line of PG-13.

    Sorry, I had to do it.

    Comment


    • #3
      Re: penetration testing tools

      Start with the list of Tools installed on BackTrack3
      DaKahuna
      ___________________
      Will Hack for Bandwidth

      Comment


      • #4
        Re: penetration testing tools

        Thanks DaKahuna, I'll have a look on their wiki after some hours of sleep!
        While we are at it: these laws are partly based on the Cybercrime Convention drafted by the Council of Europe, the interesting part is in section 6, misuse of devices, including software, which are only intended to prepare or to commit a crime, aka "hacking"/"cracking".
        This treaty has also been ratified by the USA in September 2006, and so far I haven't looked at current US legislation, but provided the situation is similar to the UK and Germany, I'm seriously wondering if we will still see the creation of similar tools such as Nessus, KisMAC or even simple proof of concepts, code snippets at all out in the wild in the future.
        For the ones interested in some more reading:
        http://conventions.coe.int/Treaty/EN...s/Html/185.htm
        http://www.usdoj.gov/criminal/cybercrime/intl.html
        Cheers

        Beo

        Comment


        • #5
          Re: penetration testing tools

          My apologies for insisting, but does the rest of you agree to DaKahuna's referral to Backtrack, or is one of you convinced the list (unfortunately only for Version 2: http://wiki.remote-exploit.org/index.php/Tools ) is not complete and lacking THE tool?

          Comment


          • #6
            Re: penetration testing tools

            Originally posted by Be0wolf View Post
            is one of you convinced the list ... is not complete and lacking THE tool?
            are you referring to Nessus? because if i recall, there was some legal/licensing wrangling happening there and it was not included in BackTrack 2.
            "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
            - Trent Reznor

            Comment


            • #7
              Re: penetration testing tools

              Originally posted by Deviant Ollam View Post
              are you referring to Nessus? because if i recall, there was some legal/licensing wrangling happening there and it was not included in BackTrack 2.
              That is in fact the reason. Tenable's licensing of Nessus did not allow it to be mass distributed. However, it is easily installed manually.
              "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

              Comment


              • #8
                Re: penetration testing tools

                Yes, that was one of the tools I didn't see on the list and I also haven't seen tcpdump, but then again they might have replaced it by something more sophisticated... I have tested a number of those tools myself, but since I'm not using them on a regular basis I lost a bit track on the latest developments.
                I just checked: Nessus 3 now requires registration and the acceptance of an EULA, and you need to pay dearly for the newest plugins! So no wonder it's not on the disc.

                Comment


                • #9
                  Re: penetration testing tools

                  Originally posted by Be0wolf View Post
                  Yes, that was one of the tools I didn't see on the list and I also haven't seen tcpdump, but then again they might have replaced it by something more sophisticated... I have tested a number of those tools myself, but since I'm not using them on a regular basis I lost a bit track on the latest developments.
                  I just checked: Nessus 3 now requires registration and the acceptance of an EULA, and you need to pay dearly for the newest plugins! So no wonder it's not on the disc.
                  tcpdump is not shown on the list but it is installed as a part of the SLAX OS. Simply type tcpdump at the command line as root and it will run with the default settings. If you prefer a GUI, Wireshark (formerly Ethereal) is in the tools list and performs pretty much all the functions as tcpdrump.

                  As for Nessus, thePrez98 was correct - it does install and there are even some pretty good tutorials on how to install at least two versions of Nessus on BackTrack. You can still effectively use Nessus without paying. You can get plug in updates for the free (as in beer) version but it is updated seven (7) days after the paid version. Unless a vulnerability you are interested in is a new one, I found not had any issues using the free version although for my "day job" I have a pay version on our internal network and another that is accessible from the Internet.
                  DaKahuna
                  ___________________
                  Will Hack for Bandwidth

                  Comment


                  • #10
                    Re: penetration testing tools

                    Thanks for the tip, I'll try it out after I have handed in my paper in March.

                    Comment


                    • #11
                      Re: penetration testing tools

                      there is always the script kiddie s*** from packetstorm to look into

                      Comment


                      • #12
                        Re: penetration testing tools

                        Originally posted by Be0wolf View Post
                        Dear all,

                        I would like to compile a list of popular penetration testing tools, and of course I already did some research on various sites, but I am wondering if those lists I found are still up to date, for example the one over at sectools.org.
                        I'm currently writing a paper on recent or foreseen changes in the legislation in Germany and the UK, more specifically the so called "Hacker-Paragraph" 202c StGB in Germany, and a similar piece of legal code in the UK, an amendment to the Computer Misuse Act banning "hacking" tools.
                        A part of my paper will also look at currently popular pen testing tools and their usage in this new legal environment. Moreover I will have to take a look at the history of those tools, since one of the requirements of them being unlawful is the reason for their creation, meaning for pure testing purposes or "hacking"/"cracking".
                        So my question is: when you think of pen testing, which tools are you thinking of?
                        Thank you all in advance for your replies!

                        Beo
                        Opps never mind, didn't know the url changed my duh? I hate when there is no way to delete your own post .... :-(

                        xor
                        Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

                        Comment


                        • #13
                          Re: penetration testing tools

                          Originally posted by xor View Post
                          Opps never mind, didn't know the url changed my duh? I hate when there is no way to delete your own post .... :-(

                          xor
                          We allow users to edit posts if they discover a mistake within 24 hours.

                          Allowing users to delete posts results in destruction of thread continuity, as users appear to reply to a post that does not exist.

                          Person A: "I like Defcon because of all the presentation, more than the games."
                          Person B: "Defcon is the worst convention in the world."
                          Person C: "I disagree, and you have probably never attended."

                          Now person B deletes their post to give us:
                          Person A: "I like Defcon because of all the presentation, more than the games."
                          Person C: "I disagree, and you have probably never attended."

                          Deletion of posts can ruin continuity.

                          Additionally, some people will look to, "revise history," if they become unhappy, or find themselves in an argument that cites their old content in examples of mistakes.

                          Disallowing deletion by users means that a users contributions may exist for all to see. Any knowledge, or lack of knowledge becomes history to be cited or referenced by anyone else.

                          Frankenstein voice: Deletion bad! Hurrrnnhnnnnn!

                          Comment


                          • #14
                            Re: penetration testing tools

                            Hello Xor,

                            never mind a changed URL, what was your idea concerning pen tools?
                            Thanks for your contribution.
                            Best

                            Beo

                            Comment


                            • #15
                              Re: penetration testing tools

                              I was sending you to http://www.insecure.org which is http://www.sectools.org. I always got to that list via the NMap site; so like I said DUH? Pointing and clicking one doesn't always pay attention to what is in the address bar.

                              xor
                              Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

                              Comment

                              Working...
                              X