Showing results for 
Search instead for 
Did you mean: 

Penetration Testing

Imran Ahmad
Level 2
Level 2

Hello experts,     

Im a CCIE, but Im totally new to the penetration-testing world, i dont know anything about pen-testing. some one (an external company) has asked me to do a penetration-testing on their  netwrok through internet. Can anyone advise me what to do ? is it just easy to download those penetration-testing tools like- nessus, nmap, metasploit and  start to do the testing on thier network???

I dont have any knowledge of Linux aswell,  please tell me what are the possible tools on windows to do the testing ?             

1 Reply 1

James Leinweber
Level 4
Level 4

The specific tools you mentioned mostly run on Windows as well as Linux, and are a starting point.  However, until you gain some familiarity with Linux, more extensive toolsets such as "Kali Linux" will remain out of reach.  An implication from your posting is that the budget is small, so tools like "Core impact" or engagements with firms that routinely do pentests are presumably out of reach?

You will need a written agreement with the testee covering the scope of work and authorizing it; otherwise you are liable to run afoul of the computer abuse laws of whatever jurisdiction you are working in.  Are you allowed to inject data into web interfaces of production systems?  Seed the organizations parking lot with USB drives full of spear-phishing links?  Phone their service desk and attempt to get passwords reset for you?

-- Jim Leinweber, WI State Lab of Hygiene

Review Cisco Networking for a $25 gift card