From: JTH (jth@visi.com)
Date: Tue Mar 16 2004 - 17:27:01 EST
All, two things.
First, I'm working on trying to find a solution of some sort that I can
use to collect & hold information and results from scans performed for
different clients. Ideally, the end result would allow me to pull up
previously delivered deliverables for comparison. The generated
deliverable would pull info from nmap, nessus, superscan, phonesweep, and
any other tools that I use in my assessment. I'd like to get as close as
possible to a point-n-click report setup. I would then take this and clean
it up, add an executive summary, my recommendations, etc. and be done,
rather than having to gather & reformat all of this information (which is
what I'm doing right now.)
An obvious answer is either to dump everything into a database or use
XSLT/XML with all of this data, but I don't [yet] know enough about this
stuff to do this, nor do I know what an ideal design would look like.
Aside from this, I'd much rather use or modify an existing tool than
engineer one, if I can.
I know topics like this have come up, but several searches on the archive
didn't come up with much except for tool-specific solutions (i.e.
nmap-only). Does anyone know of or use an all-in-one type program to save
and tie this information together?
Second, and more or less unrelated, when you perform a penetration test,
how do you track your progress? Do you use a spreadsheet/workbook, an
audit-style checklist, notebook, etc?
Thanks, jth.
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:50 EDT