Pen Test tools

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi there, I'm trying to collect a list, or something, of all your
favorites tools to perform penetration tests and I want some help :-)
Could you tell me which tools do you use to scan your server to find
vulnerabilities? That's because I've just configured a debian machine
who's working as a web server with some important information. It also
have ssh access, mysql, and ftp.
Right now I'm just using nmap, and that list located at nmap's website
its not so up to date.

Any comment will be well recived.

Thanks a lot.

Re: Pen Test tools

Quoted text here. Click to load it
Nessus is supposed to be good from what I've heard and read. It'll scan
a machine for open ports and looks for known vulnerabilities or risks of
the servers and their configuration on those ports. There are certainly
other tools which are worth trying.

Kind regards

OpenPGP: 0xA330353E (DSA) or 0xD87D188C (RSA)

Re: Pen Test tools

Quoted text here. Click to load it

Well, my practice is to configure all services by hand, not using any
example configuration files.  Then, since I know my own configuration
well, I can test the services for obvious vulnerabilities myself.

The problems with those penetration testing tools is that there is no
really good one.  Real security problems are often not very obvious and
those tools mostly find only obvious problems.  For example my Apache is
running with mass virtual hosting enabled.  For every host, there is a
directory.  Some time ago, I detected that this led to information
disclosure, when the client sends an empty Host header.  Interestingly,
I find this to be a very common configuration mistake on others'
servers, if mass virtual hosting is in use.  But neither Nikto nor
Nessus report it.

You're perfectly fine using Nmap only to find possible entrances, and
then testing those by hand.  Often it's enough to verify the
configuration file and check that the daemon running is not a lot too
old.  This implies that you should keep your machine up to date.  When
you have a security problem raising from a bug, then there isn't much
you could do anyway, unless you're developer.


Re: Pen Test tools

I think that's a good idea to configure all services by hand. I've just
installed slackware 10.0, and I'm planning to setup a lamp server. I
already configured apache following your advice, and will do the same
with php and mysql.

Well, thanks to all of you for your time and advices.

Site Timeline