If you're interested in WebScarab (seems a lot like BurpSuite) you might be
interested in Paros. Like WebScarab and BurpSuite, it acts like a web proxy
on your local machine, and allows you to see requests and responses. One
thing it has on the others is the ability to analyze the crawl/trap data and
generate easy to read reports.
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of Kevin Ortloff
Sent: Thursday, March 27, 2008 3:23 PM
To: hkshimulbd (at) gmail (dot) com [email concealed]; security-basics (at) securityfocus (dot) com [email concealed]
Subject: RE: Pen tester
Nessus is great for a mixed environment. Good reporting, understandable
and has references to other links for more info.
GFI LanGaurd is great for Windows environments and can do much more than
a scan, it can push updates, show installed apps, and a few other useful
things.
Metasploit is hard to understand, but great for deeper analysis and
actually attacking a machine ( my favorite )
You can also use WebScarBar for webservers. I just downloaded/installed
it but have not figured it out yet.... Seems a little advanced too, but
I'm going to work on it next month sometime....It's like a packet
capture ( before send ) so you can modify the gets,posts,etc before
sending to the server. This would be more for attempting to XXS or SQL
inj. Cool idea though. I can't wait to play.
Hope this helps :)
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of hkshimulbd (at) gmail (dot) com [email concealed]
Sent: Saturday, March 15, 2008 9:00 PM
To: security-basics (at) securityfocus (dot) com [email concealed]
Subject: Pen tester
Hi all,
I am working in a Telco as Assistant Manager, Information Security and
we want to use commercial scanner for pen testing (port scanning,
vulnerability scanning, exploit, password attack etc.).
Please provide me information what are the best pen testers and why?
Regards,
Md. Humayun Kabir (Shimul)
[CCSP,MCSE,MCDBA]
This email, its contents and attachments contain information from j2 Global
Communications, Inc. and/or its affiliates which may be privileged,
confidential or otherwise protected from disclosure. The information is
intended to be for the addressee(s) only. If you are not an addressee, any
disclosure, copy, distribution, or use of the contents of this message is
prohibited. If you have received this email in error please notify the
sender by reply e-mail and delete the original message and any copies. j2
Global Communications. 6922 Hollywood Blvd., Hollywood, CA 90028.
interested in Paros. Like WebScarab and BurpSuite, it acts like a web proxy
on your local machine, and allows you to see requests and responses. One
thing it has on the others is the ability to analyze the crawl/trap data and
generate easy to read reports.
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of Kevin Ortloff
Sent: Thursday, March 27, 2008 3:23 PM
To: hkshimulbd (at) gmail (dot) com [email concealed]; security-basics (at) securityfocus (dot) com [email concealed]
Subject: RE: Pen tester
Nessus is great for a mixed environment. Good reporting, understandable
and has references to other links for more info.
GFI LanGaurd is great for Windows environments and can do much more than
a scan, it can push updates, show installed apps, and a few other useful
things.
Metasploit is hard to understand, but great for deeper analysis and
actually attacking a machine ( my favorite )
You can also use WebScarBar for webservers. I just downloaded/installed
it but have not figured it out yet.... Seems a little advanced too, but
I'm going to work on it next month sometime....It's like a packet
capture ( before send ) so you can modify the gets,posts,etc before
sending to the server. This would be more for attempting to XXS or SQL
inj. Cool idea though. I can't wait to play.
Hope this helps :)
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of hkshimulbd (at) gmail (dot) com [email concealed]
Sent: Saturday, March 15, 2008 9:00 PM
To: security-basics (at) securityfocus (dot) com [email concealed]
Subject: Pen tester
Hi all,
I am working in a Telco as Assistant Manager, Information Security and
we want to use commercial scanner for pen testing (port scanning,
vulnerability scanning, exploit, password attack etc.).
Please provide me information what are the best pen testers and why?
Regards,
Md. Humayun Kabir (Shimul)
[CCSP,MCSE,MCDBA]
This email, its contents and attachments contain information from j2 Global
Communications, Inc. and/or its affiliates which may be privileged,
confidential or otherwise protected from disclosure. The information is
intended to be for the addressee(s) only. If you are not an addressee, any
disclosure, copy, distribution, or use of the contents of this message is
prohibited. If you have received this email in error please notify the
sender by reply e-mail and delete the original message and any copies. j2
Global Communications. 6922 Hollywood Blvd., Hollywood, CA 90028.
[ reply ]