[AusNOG] Pen Testing Tools

[Peter Adkins]

Hey there,

What exactly is the scope of the testing that is being performed by
the third-party / firm? As in, is everything inside of their
organisation in scope, or is it being targeted towards a subset of
their services / infrastructure? I ask as an engagement targeting an
internet facing web application is going to be a lot different than a
penetration test against a corporate network, etc :)

To echo the sentiment of those on the list, I doubt you'd want to find
out you have a few SQLi vulnerabilities in $application by
accidentally dropping a table or two, or successfully exploiting a
denial of service against your domain controllers in the middle of the
day. I've heard some amazing stories about IP connected industrial
control systems crashing and shutting down manufacturing processes due
to a simple SYN scan, so be careful!

If you can provide some additional information about the scope of the
test (if any), it'd assist with recommending a few tools that might
help! :)

Cheers,
Peter


On Tue, Nov 29, 2016 at 11:40 PM, Shane Chrisp <shane at 2000cn.com.au> wrote:
> Hi All,
>
>  I have a client who will be undergoing auditing and Pen Testing in a number
> of months time, who would like to perform some basic tests themselves to
> find as much stuff as possible before engaging a professional services group
> to perform more thorough tests leading up to the main audit. Does anyone
> have any suggestions of tools, preferably free or very low cost to do these
> initial tests with?
>
> Happy to receive on or off list replies.
>
>
> --
> Regards
>  Shane Chrisp
> 2000 Computers & Networks Pty Ltd
> Suite 8, 19-21 Outram St, West Perth, WA 6005
> Ph 08 6298 7391 Fx 08 6298 7393
> Mb 0412 409 856
> Email shane at 2000cn.com.au
> Web http://www.2000cn.com.au
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog



-- 
Regards,
Peter Adkins