I have access to the best commercial security test tools in the market including Mu Security's Security Analyzer and Core Security Technologies Core Impact. For a long time, however I've been a fan of open source security tool kits including STD. A couple days ago I became aware of Backtrack 2 when I was thumbing through one of the stacks of computer security books sitting on my bookshelf. (The book is Penetration Tester's Open Source Toolkit and you can read Richard Bejtlich damning and very informative review here (you have to scroll down a bit to get to Richard's post, but read some of the other reviews to get the full flavor of his American Idol reference.) But, I digress. I'm working my way through Backtrack2 in my lab testing, so I'll start at the top and say this looks like an excellent collection of no cost, penetration test tools. Going through some reconnaissance on eweeklabs.com I found that we needed to pay attention to the renewal date. (Further to this, my fellow labbie Andrew Garcia, whose always interesting blog can be read here suggested looking up pcweeklab.com. It was available! In the ensuing race between Andrew and myself to see who could get to their domain registrar of choice first to buy the name, Andrew won. I was going to use the site as a PCWeek (predecessor to eWEEK) alumni site. Oh well, you can always catch up with the way back machine on PCWeek here. But still I digress. Starting at the top, I've been exploring my test network starting with the information gathering tools. ASS, revealed information about my Cisco switch that I knew, such as its name, the number of vlans and the switchport to which my Backtrack machine was connected. Dmitry found some open ports on my router that didn't need to be open, so I closed them. There are a whole host of additional tools that I'll be blogging as I go through them. I get help from Labs Executive Editor and open source expert Jason Brooks whenever I monkey around with the magic of Linux power tools. Any useful tips I get from him I'll try to remember to blog here for all of your enjoyment. If you have Backtrack2 stories, or recommendations for other pen test or reconnaissance toolkits, please feel free to leave a comment.
Backtrack2 pen testing toolset is very cool
I have access to the best commercial security test tools in the market including Mu Security's Security Analyzer and Core Security Technologies Core Impact. For a long time, however I've been a fan of open source security tool kits including STD. A couple days ago I became aware of Backtrack