RE: Automated penetration test

No,

There are tools that would do that (autopwn). Metasploit Framework itself
has that capability (sort of) - see
http://blog.metasploit.com/2006/09/metasploit-30-automated-exploitation.html
and http://digg.com/d18BYD. Fast-Track in BT3 has menus for this and more
(see also https://www.securestate.com/Pages/Fast-Track.aspx).

Also look at SAINTExploit (some $)
http://www.saintcorporation.com/products/penetration_testing/saint_exploit.h
tml

Core Impact ($$$) has similar functionality and is far easier to use (GUI).

There may be others but these are the ones I am familiar with.

Thank You

Rui Pereira,B.Sc.(Hons),CIPS ISP,CISSP,CISA,CWNA/CWSP,CPTS/CPTE
Principal Consultant
WaveFront Consulting Group

wavefront1 (at) shaw.ca | www.wavefrontcg.com | ....


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of David Gillett
Sent: April 2, 2009 11:52 AM
To: p.valera@xxxxxxxxxxx; security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: Automated penetration test

That's not a "penetration test". That's a "vulnerability scan",
and if you Google on "vulnerability scanners" you'll have lots to
choose from.

David Gillett


-----Original Message-----
From: >p3dRø< [mailto:p.valera@xxxxxxxxxxx]
Sent: Wednesday, April 01, 2009 10:29 AM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Automated penetration test



Hello,

I need to make an automated penetration test in a network.

I always find tutorials about one especific exploit, in
metasploit framework, for example. I need a tutorial for
automated test with all the exploits as possible just
especifying the subnet, for example 192.168.1.0/24. I mean,
is there a program that could do this? :

./program -allexploits 192.168.1.0/24

or in few steps do that ? (text mode, web? )

The tool doesn\'t matter: backtrack, metasploit, but I need
to launch the automated penetration test as I mentioned.

Someone knows a good tutorial or link about that ?

Thanks in advance,
Pedro



--------------------------------------------------------------
----------
This list is sponsored by: InfoSec Institute

No time or budget for traveling to a training course in this
fiscal year? Check out the online information security
courses available at InfoSec Institute. More than a boring
"talking head", train in our virtual labs for a total
hands-on training experience. Get the certs you need: CEH,
CPT, CEPT, CISA, CISSP, CISM

http://www.infosecinstitute.com/request_online_training.html
--------------------------------------------------------------
----------


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

No time or budget for traveling to a training course in this fiscal year?
Check out the online information security courses available at InfoSec
Institute. More than a boring "talking head", train in our virtual labs for
a total hands-on training experience. Get the certs you need: CEH, CPT,
CEPT, CISA, CISSP, CISM

http://www.infosecinstitute.com/request_online_training.html
------------------------------------------------------------------------

No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.0.238 / Virus Database: 270.11.35/2033 - Release Date: 04/02/09
19:07:00


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

No time or budget for traveling to a training course in this fiscal year? Check out the online information security courses available at InfoSec Institute. More than a boring "talking head", train in our virtual labs for a total hands-on training experience. Get the certs you need: CEH, CPT, CEPT, CISA, CISSP, CISM

http://www.infosecinstitute.com/request_online_training.html
------------------------------------------------------------------------

Relevant Pages

  • Re: Automated penetration test
    ... I need to make an automated penetration test in a network. ... I always find tutorials about one especific exploit, in metasploit framework, ... InfoSec Institute ...
    (Security-Basics)
  • RE: Automated penetration test
    ... I need to make an automated penetration test in a network. ... I always find tutorials about one especific exploit, ... InfoSec Institute ... No time or budget for traveling to a training course in this ...
    (Security-Basics)
  • Re: Automated penetration test
    ... I need to make an automated penetration test in a network. ... I always find tutorials about one especific exploit, ... InfoSec Institute ... Check out the online information security courses available at ...
    (Security-Basics)
  • Automated penetration test
    ... I need to make an automated penetration test in a network. ... I always find tutorials about one especific exploit, in metasploit framework, ... possible just especifying the subnet, ...
    (Security-Basics)
  • Automated penetration test
    ... I need to make an automated penetration test in a network. ... I always find tutorials about one especific exploit, in metasploit framework, ... possible just especifying the subnet, ...
    (Security-Basics)