Announcement

Collapse
No announcement yet.

penetration testing tools

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Be0wolf
    replied
    Re: penetration testing tools

    I know what you mean, but the sad thing is: it's not only Europe which really has lost perspective, but also the USA: they ratified the Council of Europe Cybercrime Convention in 2006, funny thing is: Germany, my main focus for the paper, has not yet even ratified the treaty, but will do so soon; Russia, Canada and Japan signed it as well as South Africa, I can't tell you by heart if they have already ratified the treaty as well, the treaty came into force in 2004.
    Personally I believe that laws which forbid to offer exploit code to the public since the code provides a means to gain access to other people's data, is one of the worst steps possible, it criminalises those who really just explore AND cooperate on the matter with the organisations or people involved, but nowadays I would be very careful to contact anyone about any hole found. It pushes people into a corner and closer to the really dark spots, and apps and OS manufacturers can pretend to have become more and more secure, because no one will publish an exploit unless he can be sure he will not be in jail the very next day.
    I'm very convinced that the number of vulnerabilities published will decline within the next two years, if someone wants to bet on it: let me know.
    On the relationship between money and security: I've been working as a salesman for a network security company in Germany, and one potential customer (they were running some kind of online gambling business back in 2002) explicitly told me that they simply don't care, for them the most important thing was to gain as much money as possible in the shortest timeframe possible.
    Last edited by Be0wolf; February 24, 2008, 19:16.

    Leave a comment:


  • 0x58
    replied
    Re: penetration testing tools

    What about libnet? It is a library that can be both used for good and evil. Same can be said with so many other things! I can do SQL injection using a browser.

    There are so many things wrong with laws such as those, and I find that as a European I am ashamed of the laws that the European union is passing. Some of them are down-right against what they have stood for in the past (personal liberty, privacy and more). It shows how politicians do not have a clear grasp of what it takes to secure THEIR personal data, and that with tools that SHOW that break-ins are possible, that companies are going to become lax concerning security.

    There are already too many people in upper management that do not want to invest in IT, since they are losing money. IT does not make money so for the people up-stairs it makes no sense to put money into IT. It is not until it is shown to them how easy someone could steal information from the company USING the tools that are provided by people that they re-consider. It is too often that security/IT is considered the last thing to invest in until the company is on the news trying to explain how hackers got their top-secret-hidden data.

    Leave a comment:


  • Be0wolf
    replied
    Re: penetration testing tools

    @XOR: thanks, this confirms my initial starting point is at least popular :)
    @ox58: well, social engineering is a super interesting topic, but unfortunately I will not be able to refer to it since these laws are rather concerned with software and code, I cannot apply them to social engineering, they affect tools such as Nessus, John the Ripper, l0pht crack or websites such as php-security.org, packetstorm and the alike.
    Last edited by Be0wolf; February 24, 2008, 19:16.

    Leave a comment:


  • 0x58
    replied
    Re: penetration testing tools

    Is hacking of humans not allowed anymore either?

    Leave a comment:


  • xor
    replied
    Re: penetration testing tools

    I was sending you to http://www.insecure.org which is http://www.sectools.org. I always got to that list via the NMap site; so like I said DUH? Pointing and clicking one doesn't always pay attention to what is in the address bar.

    xor

    Leave a comment:


  • Be0wolf
    replied
    Re: penetration testing tools

    Hello Xor,

    never mind a changed URL, what was your idea concerning pen tools?
    Thanks for your contribution.
    Best

    Beo

    Leave a comment:


  • TheCotMan
    replied
    Re: penetration testing tools

    Originally posted by xor View Post
    Opps never mind, didn't know the url changed my duh? I hate when there is no way to delete your own post .... :-(

    xor
    We allow users to edit posts if they discover a mistake within 24 hours.

    Allowing users to delete posts results in destruction of thread continuity, as users appear to reply to a post that does not exist.

    Person A: "I like Defcon because of all the presentation, more than the games."
    Person B: "Defcon is the worst convention in the world."
    Person C: "I disagree, and you have probably never attended."

    Now person B deletes their post to give us:
    Person A: "I like Defcon because of all the presentation, more than the games."
    Person C: "I disagree, and you have probably never attended."

    Deletion of posts can ruin continuity.

    Additionally, some people will look to, "revise history," if they become unhappy, or find themselves in an argument that cites their old content in examples of mistakes.

    Disallowing deletion by users means that a users contributions may exist for all to see. Any knowledge, or lack of knowledge becomes history to be cited or referenced by anyone else.

    Frankenstein voice: Deletion bad! Hurrrnnhnnnnn!

    Leave a comment:


  • xor
    replied
    Re: penetration testing tools

    Originally posted by Be0wolf View Post
    Dear all,

    I would like to compile a list of popular penetration testing tools, and of course I already did some research on various sites, but I am wondering if those lists I found are still up to date, for example the one over at sectools.org.
    I'm currently writing a paper on recent or foreseen changes in the legislation in Germany and the UK, more specifically the so called "Hacker-Paragraph" 202c StGB in Germany, and a similar piece of legal code in the UK, an amendment to the Computer Misuse Act banning "hacking" tools.
    A part of my paper will also look at currently popular pen testing tools and their usage in this new legal environment. Moreover I will have to take a look at the history of those tools, since one of the requirements of them being unlawful is the reason for their creation, meaning for pure testing purposes or "hacking"/"cracking".
    So my question is: when you think of pen testing, which tools are you thinking of?
    Thank you all in advance for your replies!

    Beo
    Opps never mind, didn't know the url changed my duh? I hate when there is no way to delete your own post .... :-(

    xor

    Leave a comment:


  • SarperDomain
    replied
    Re: penetration testing tools

    there is always the script kiddie s*** from packetstorm to look into

    Leave a comment:


  • Be0wolf
    replied
    Re: penetration testing tools

    Thanks for the tip, I'll try it out after I have handed in my paper in March.

    Leave a comment:


  • DaKahuna
    replied
    Re: penetration testing tools

    Originally posted by Be0wolf View Post
    Yes, that was one of the tools I didn't see on the list and I also haven't seen tcpdump, but then again they might have replaced it by something more sophisticated... I have tested a number of those tools myself, but since I'm not using them on a regular basis I lost a bit track on the latest developments.
    I just checked: Nessus 3 now requires registration and the acceptance of an EULA, and you need to pay dearly for the newest plugins! So no wonder it's not on the disc.
    tcpdump is not shown on the list but it is installed as a part of the SLAX OS. Simply type tcpdump at the command line as root and it will run with the default settings. If you prefer a GUI, Wireshark (formerly Ethereal) is in the tools list and performs pretty much all the functions as tcpdrump.

    As for Nessus, thePrez98 was correct - it does install and there are even some pretty good tutorials on how to install at least two versions of Nessus on BackTrack. You can still effectively use Nessus without paying. You can get plug in updates for the free (as in beer) version but it is updated seven (7) days after the paid version. Unless a vulnerability you are interested in is a new one, I found not had any issues using the free version although for my "day job" I have a pay version on our internal network and another that is accessible from the Internet.

    Leave a comment:


  • Be0wolf
    replied
    Re: penetration testing tools

    Yes, that was one of the tools I didn't see on the list and I also haven't seen tcpdump, but then again they might have replaced it by something more sophisticated... I have tested a number of those tools myself, but since I'm not using them on a regular basis I lost a bit track on the latest developments.
    I just checked: Nessus 3 now requires registration and the acceptance of an EULA, and you need to pay dearly for the newest plugins! So no wonder it's not on the disc.

    Leave a comment:


  • theprez98
    replied
    Re: penetration testing tools

    Originally posted by Deviant Ollam View Post
    are you referring to Nessus? because if i recall, there was some legal/licensing wrangling happening there and it was not included in BackTrack 2.
    That is in fact the reason. Tenable's licensing of Nessus did not allow it to be mass distributed. However, it is easily installed manually.

    Leave a comment:


  • Deviant Ollam
    replied
    Re: penetration testing tools

    Originally posted by Be0wolf View Post
    is one of you convinced the list ... is not complete and lacking THE tool?
    are you referring to Nessus? because if i recall, there was some legal/licensing wrangling happening there and it was not included in BackTrack 2.

    Leave a comment:


  • Be0wolf
    replied
    Re: penetration testing tools

    My apologies for insisting, but does the rest of you agree to DaKahuna's referral to Backtrack, or is one of you convinced the list (unfortunately only for Version 2: http://wiki.remote-exploit.org/index.php/Tools ) is not complete and lacking THE tool?

    Leave a comment:

Working...
X