Re: Vulnerabilty Assessment & Whisker Doubts
From: Hamid . K (elite_netbios_at_yahoo.com)
Date: 01/19/05
- Previous message: Roger A. Grimes: "RE: Remote Desktop vs VPN on Windows 2003"
- In reply to: kaps lock: "Vulnerabilty Assessment & Whisker Doubts"
- Next in thread: Tom Stracener: "Re: Web Application Scanners"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 18 Jan 2005 22:32:47 -0800 (PST) To: kaps lock <secnerdkaps@yahoo.com>, security-basics@securityfocus.com
Hi
we already provided a near-complete assesment
framework
which also cover what you need.
take a look at it
http://www.oissg.org/content/view/108/1/
Hamid
--- kaps lock <secnerdkaps@yahoo.com> wrote:
> Hi all,
> Am right now trying to design a VA/penetration
> testing
> lab at work and looking into various options tools
> that are available and the procedures to follow
> ,follwoing are the things i have outlined ....please
> add on whatever you feel is imporant and i have
> missed
> out:
>
> Get acquainted with Client Network
> Google Hacking
> Arin
> getting names from email bouncing
>
> DNS Finger printing and using dig for trying ZONE
> TRANSFERS OR cash poisioning vulnerabilties.
>
> get on with your NMAP and finding open ports/and
> perform some OS Fingerprinting.
>
> Now for Vulnerabilty detection on open ports ....
> Nessus
> NessusWX??
> NeWT--->>>does it have a linux version too to
> download??
> which is better
>
> Now the gray area where i am wanting to use all open
> source web application testing tools:
> 1) Whisker--->could anybody point me to a good
> documentation on its usage,wiretrip doesnt have it
> ,if
> any link for command usage you could share I wil
> highly appreciate it.
> 2)Nikto....
>
>
> Other Aspects would be social engineering...
> checking out physical security...war dialing
> ,dumpster
> driving...
>
>
> Basically I would like to know what are the best
> open
> source scanners/tools/Vulnerabilty DETECTION Tools i
> could use to make my kit complete and as good as one
> Qualys uses.
>
> thanks in advance.
> a real sec nerd :)
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam
> protection around
> http://mail.yahoo.com
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
- Previous message: Roger A. Grimes: "RE: Remote Desktop vs VPN on Windows 2003"
- In reply to: kaps lock: "Vulnerabilty Assessment & Whisker Doubts"
- Next in thread: Tom Stracener: "Re: Web Application Scanners"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
