Penetration Testing....for free?
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Penetration Testing....for free?

  1. #1
    Senior Member
    Join Date
    Feb 2002

    Penetration Testing....for free?

    I was wondering if anyone knows of a site out there that could do some penetration testing other than I'm not too sure if pentration testing is the right phrase I should really be using. Maybe scanning would be more appropriate. I just brought up a firewall with a web server sitting behind it, and would like to see how it holds up.

    Any ideas?


  2. #2
    Senior Member problemchild's Avatar
    Join Date
    Jul 2002
    551 offers a scanning service with lots more options than GRC.
    Do what you want with the girl, but leave me alone!

  3. #3
    Go ask an underground security firm. Hell, even people on this site might do it. but send an email to people at the cult of the dead cow ( ) or attrition ( ) , tell them what you are looking for and see if they direct you. NOTE: If you send an email to attrition, try NOT to sound like a jackass, they kindof "frown" upon that. And check this post, I'm sure you'll find some takers who are looking to flex their muscle.

    OR you could do what Vladamir Putin did: Claim that NOBODY can hack your website and sit back and WAIT for it.
    Hic ego barbarus, sum quillo non intelligor illis.
    Because they do not understand me, I am a barbarian.

  4. #4
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    The stuff that does is NOT penetration testing, it just does a port scan of your system (or at least that is all I have seen it do). I definitely have not ever seen it try exploits. A simple thing you can do if you just want to test one system is to grab something like nessus and run it from behind your firewall against your webserver. Nessus is free and it pretty much is automatic and gives you at worst cryptic information on how to fix the vulnerability (although it can be somewhat of a pain to setup)...

    IMHO, it is better to scan behind a firewall rather than through one, that way you get a truer idea of just how vulnerable your server is (especially from something like an insider threat), rather than allowing your firewall to give you a false sense of security. If your server can hold its own by itself you are much better off than relying on another device for your security...

    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  5. #5
    The company I work for, SecureCore, does penetration testing. PM me for info.

  6. #6
    Join Date
    Jun 2002
    try THERE itīs possible to let your connection to be scanned from port 0 to 65xxx
    with or without fragmented packets.

  7. #7

  8. #8
    Http:// scans ports 100 at a time,but I dont know that its any better than GRC.....

  9. #9
    if you just wanna scan ports why dont you just get NMap? :/
    .::nataS is WaTchiNg::.

  10. #10
    Old Fart
    Join Date
    Jun 2002
    1,658 has a decent set of scanning tools and a couple of good ones to optimize your connections too. It may not be EXACTLY what you're looking for, but it's worth the time to visit.
    It isn't paranoia when you KNOW they're out to get you...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts