RE: documentation/snapshot tool for pentest

From: Benjamin Tomhave (falcon@cybersecret.com)
Date: Mon Apr 08 2002 - 23:44:30 EDT

• Next message: alex@geoquark.com: "SQL Insertion"
• Previous message: Dario N. Ciccarone: "Re: IDS evasion && testing"
• In reply to: Drew: "Re: documentation/snapshot tool for pentest"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I can see value in some sort of checksum/file list "snapshot" tool for quick
assessments, since some scans attempt to place or manipulate files and it
can be time-consuming to go back and check a large number of systems for
"proof of vulnerability", especially if one were working for, say, a Big 5
consulting firm that insisted on cutting the number of hours for the annual
audit each year. :) Is there a whole lot of value in this? Maybe not.
But, it would at least provide a less time-consuming method for validating
vuln. scans using automagical tools.

Perhaps some derivation of tripwire/sim. would do the trick? Something that
could do a very fast indexing of specific key directories (\\winnt, IIS
home, apache home, etc) and create checksums for later comparison.

-----Original Message-----
From: Drew [mailto:simonis@myself.com]
Sent: Monday, April 08, 2002 7:49 AM
To: 'pen-test@securityfocus.com'
Subject: Re: documentation/snapshot tool for pentest

Siebenkaes Stefan wrote:
>
> Hi,
>
> I am doing a lot of "pen tests" (in better words: port scans),
> mostly on web-servers. The tests are not very deep, but I
> have to scan a lot of servers. I do that with nessus and a
> host list.
> Actually I am looking for a tool to do a snapshot of any webserver
> before and after the scans, including the browser-frames and menus,
> as an enduser view (NOT my idea). I am scripting a lot and it
> gives me a pain...
>
> Is there any documentation tool for
> "here is the hostlist, take a webbrowser-snapshot and put
> it into a filesystem/database/..." ???

I would look into rolling your own with something like Perl and
the LWP family of modules, but I find it hard to imagine a need
to look at the static content of a website. Much more interesting,
as you probably know, is the behavior of the dynamic stuff in the
site. Seems you may have misguided management. It might be more
beneficial to spend the energy level setting as opposed to bowing
to such odd requests.

> Well, the reports with an actual snapshot of a tested website
> really look cool and give you a great lobby in meetings with
> management, I underestimated that for a long time...
> (INCLUDING the "was it still OK after the scan"-question :-)
>
> Any hints appreciated,
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: alex@geoquark.com: "SQL Insertion"
• Previous message: Dario N. Ciccarone: "Re: IDS evasion && testing"
• In reply to: Drew: "Re: documentation/snapshot tool for pentest"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:20 EDT