Difference between revisions of "Pentest"
Jump to navigation
Jump to search
m (→Intro) |
|||
Line 5: | Line 5: | ||
<br>Because I'm not doing pentests that often so when it happens, it's a bit unstructured. |
<br>Because I'm not doing pentests that often so when it happens, it's a bit unstructured. |
||
<br>Because I'm reading [http://www.ed-diamond.com/produit.php?produit=511 MISC HS 1] (in french) and I want to make some scrapbooking. |
<br>Because I'm reading [http://www.ed-diamond.com/produit.php?produit=511 MISC HS 1] (in french) and I want to make some scrapbooking. |
||
− | <br>So I'll try to write down anything I do on that matter since now... |
+ | <br>So I'll try to write down anything I do on that matter since now, starting with this HS1 and laying down everything I'm thinking about given my past experiences... |
+ | |||
==Logging== |
==Logging== |
||
* Write down what we've found, how and when |
* Write down what we've found, how and when |
Revision as of 11:52, 24 March 2008
Intro
Well a large subject...
You'll not find a howto here, more a checklist.
So why such a page?
Because I'm not doing pentests that often so when it happens, it's a bit unstructured.
Because I'm reading MISC HS 1 (in french) and I want to make some scrapbooking.
So I'll try to write down anything I do on that matter since now, starting with this HS1 and laying down everything I'm thinking about given my past experiences...
Logging
- Write down what we've found, how and when
- Consider just writing what you did no matter what you found, especially when it's about grabbing bits after bits on various search engines, you don't want to redo several times the same query or to forget about trying this new juicy bit in one of your favorite search engines ;-)
- You can end up with quite a lot of infos, especially e.g. when pentesting as an insider...
- A (protected) wiki page sounds nice but confidentiality requires sometimes stronger measures such as a local encrypted deposit (cf MiscCrypto)
- The results could be divided into several files:
- a TRACE, with all the possible infos, too long to be read but you know you can find back your info here
- a TRACEDIR, for the various tools which generate generous outputs, consider also saving a summary of the juicy bits in your TRACE & REPORT
- a REPORT, with the most interesting facts, probably divided into results on the target and results as side-effects because you'll never stop just because it's a bit out-of-focus ;-) (I audited the frontdoor as you asked but btw did you know the wall is in paper?)
- a TODO, with the parts you found that are calling for further investigation, pentesting is a lot about searching a tree and backtracking once you explored one branch as far as you could (technically or logistically if you've a deadline & priorities...)
Collecting information
This section is valid also for other domains than pure pentest, e.g. find a maximum of information on the person who bought a domain name under a pseudo...
- website
- postal address, about us,...
- robots.txt
- WayBack machine
http://web.archive.org/web/*/http://www.example.com from [1] - Google cache
http://209.85.135.104/search?q=cache:http://www.example.com - Coralize
http://www.example.com.nyud.net from [2] - traceroute
http://www.dnsstuff.com/tools/tracert.ch?ip=http://www.example.com from [3] - Other online DNS tools
- whois
http://whois.webhosting.info/example.com from [4] - Reverse IP (all known domains, not just reverse lookup)
http://whois.webhosting.info/11.22.33.44 from [5]
- Search engines
- Big list of the top 100 alternative search engines, see also [6]
- Alexa: traffic ranking & other infos
- Google + site: inurl: intext: filetype: etc