Security Ripcord

After a recent stint of performing authorized penetration testing I have come to realize that information is king. Of course, I already knew this, but the information on the Internet has made me an overnight “script kiddie.” Needless to say I know that I have more skill than a “script kiddie.” I know this because I have self control, I can talk to my superiors and customers in a manner that is not condescending and at times very helpful, and I can write up my findings in a thoughtful and informative matter without releasing my findings to the local IRC channel or news list.

That said, I also realize that everything I did during this penetration test was leaverage the knowledge and know how of many smart (or at least dedicated) individuals and groups. These people have posted their hard work, findings, and development for the public to use and learn from while securing their assets. The following is a list of resources that I found extremely helpful in the past few weeks.

Plenty of sites provide information about vulnerabilities and their exploits. They even provide scripts that perform the exploit. This is why the term “script kiddie” was invented. These scripts are available for anybody to download and use. Each of these sites and most of the scripts come with disclaimers stating that they are only intended for educational and non-malicious use only. The following sites fall into this category.
Packet Storm Security
Milw0rm
SecuriTeam
FrSIRT
Government Security.org

Still other sites are devoted to the smooth usage of exploits. They provide interfaces called “frameworks” that evaluates a target once the user provides the required information (i.e. IP address, port, secure or unsecure connection, type of exploit, etc). Metasploit is by far the most advanced of the open source tools. Security Forest has just started providing their framework but they contain a large collection of the exploits that are available.
Security Forest
Metasploit

There are several commercial tools that expand on this type of functionality. Although I have not used any of these tools, my understanding is that they combine scanning tools, vulnerability assessment tools, and exploitation tools into one package. This would prove to be very helpful for new penetration technicians and teams that want to streamline their efforts. Unfortunately, these tools tend to be too expensive for persons and companies that do these assessments periodically.
Canvas
BiDiBLAH
Core Impact

The next category contains sites that provide unique tools for assessment of targets. Obviously this list is not a complete list of all the tools that are out there. This is just a list of tools that recently came in handy for me.
Foundstone – provides a wealth of tools to evaluate sites and targets. Superscan 4 is a great tool for scanning the network, grabbing banners, and enumerating Windows hosts. There are many tools that will evaluate Windows host for specific vulnerabilities mainly due to missing Patches and Hot Fixes.
PAROS – This proxy is very handy for spidering websites and then evaluating them for vulnerabilities such as Cross Site Scripting and SQL Injection. It will also let you perform “Man-in-the-Middle” attacks on form data that is evaluated client side and not server side. Unfortunately there are a few features of this program that proved to be a bit flaky. The most annoying (to me) was the fact that saving sessions was very unstable. This is an important fault because of the need to maintain a trail of evidence.
OWASP – This project is one of the best for web developers. They provide a website framework that is designed for teaching the web developers and evaluators. They also provide a proxy that provides much the same functionality as PAROS with a few extras.
phenoelit – This site provides a wealth of well thought out tools.
Brutus – THE tool for brute forcing virtually any type of authentication. Be wared, it takes a while to understand how to actually use this tool properly. In the mean time there will be many failed attempts and it can be frustrating. But once you understand how to use it there are very few tools that can compete with it. Additionally, the word list generator is simple but extremely useful. User only need to evaluate the site they are evaluating and gleen a few key terms from it. Once these key terms are entered into Brutus’ word generator and detailed list can be generated or added to very quickly. This tool has been around for a while and development has stopped. But because it was designed so well in the beginning there are very few modifications that could be added to it. However, one feature that would be nice is the ability to restart if a scan was interrupted. Unfortunately, I do not have time to help with this one shortcoming.
Sam Spade – A cool tool for web evaluation. One feature that came in handy was its ability pull E-mail addresses from a spidered site. The great thing about this is that it only takes a quick edit to create a user list that can be used in any brute force tools when an account name is required for access.
Auditor Security Collection – Of course I would not have gotten anywhere without the tools in this collection. I would often find myself researching an application, locating a tools for evaluation, and then discovering that it was already installed in this collection. This allowed me to immediate start using the tool instead of downloading and installing, or in some cases, compiling and then installing. Although doing so would not have been too much trouble, when you combine all of the time I would have spent on the separate tools it really starts adding up.

It is very obvious that this is just a short list of all of the resources that are available on the Internet. For a more detailed list goto the
Security Forest Link Tree and scan the collection they have provided for the community. It makes my effort here pale in comparison. But, then again, you may not have found it on your own.

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported.

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.