Re: which is next step after using tools in penetration testing?



Hi Manoj,

After the Penetration Testing is done u'll have good amount of data, vulnerability names, CVE's, BID's etc which come under Vulnerability Correlation. Based upon the information available (mentioned above) for Vulnerability, you can google for various exploits. For specific sites u can go through Metasploit, milw0rm etc which are free. You can use commercial tools like CoreImpact, Canvas, BreakingPoint etc which are loaded with commercial exploits.

On the other hand if u r good at perl/python scripting and able to understand the Vulnerability u can write your own exploits. Developing exploits using C/C++ is time consuming.

Best Regards,
Praveen Darshanam,
Security Researcher,
INDIA