August 27th, 2002, 09:07 PM
Penetration Testing....for free?
I was wondering if anyone knows of a site out there that could do some penetration testing other than grc.com. I'm not too sure if pentration testing is the right phrase I should really be using. Maybe scanning would be more appropriate. I just brought up a firewall with a web server sitting behind it, and would like to see how it holds up.
August 27th, 2002, 09:12 PM
scan.sygatetech.com offers a scanning service with lots more options than GRC.
Do what you want with the girl, but leave me alone!
August 27th, 2002, 09:13 PM
Go ask an underground security firm. Hell, even people on this site might do it. but send an email to people at the cult of the dead cow ( http://www.cultdeadcow.com ) or attrition ( http://www.attrition.org ) , tell them what you are looking for and see if they direct you. NOTE: If you send an email to attrition, try NOT to sound like a jackass, they kindof "frown" upon that. And check this post, I'm sure you'll find some takers who are looking to flex their muscle.
OR you could do what Vladamir Putin did: Claim that NOBODY can hack your website and sit back and WAIT for it.
Hic ego barbarus, sum quillo non intelligor illis.
Because they do not understand me, I am a barbarian.
August 27th, 2002, 09:15 PM
The stuff that grc.com does is NOT penetration testing, it just does a port scan of your system (or at least that is all I have seen it do). I definitely have not ever seen it try exploits. A simple thing you can do if you just want to test one system is to grab something like nessus and run it from behind your firewall against your webserver. Nessus is free and it pretty much is automatic and gives you at worst cryptic information on how to fix the vulnerability (although it can be somewhat of a pain to setup)...
IMHO, it is better to scan behind a firewall rather than through one, that way you get a truer idea of just how vulnerable your server is (especially from something like an insider threat), rather than allowing your firewall to give you a false sense of security. If your server can hold its own by itself you are much better off than relying on another device for your security...
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
August 27th, 2002, 09:26 PM
The company I work for, SecureCore, does penetration testing. PM me for info.
August 27th, 2002, 09:43 PM
try pcflank.com. THERE itīs possible to let your connection to be scanned from port 0 to 65xxx
with or without fragmented packets.
August 27th, 2002, 10:00 PM
August 28th, 2002, 12:26 AM
Http://www.Blackcode.com scans ports 100 at a time,but I dont know that its any better than GRC.....
August 28th, 2002, 12:47 AM
if you just wanna scan ports why dont you just get NMap? :/
August 28th, 2002, 02:51 AM
www.dslreports.com has a decent set of scanning tools and a couple of good ones to optimize your connections too. It may not be EXACTLY what you're looking for, but it's worth the time to visit.
It isn't paranoia when you KNOW they're out to get you...