Quick Post – Pentest Framework

So, being the infophile i am, i stumbled across this site:

http://www.vulnerabilityassessment.co.uk

I have to give MAJOR thanks to this site. Its PTF (PenTest Framework)is SUPERB, and will save a lot of people a lot of time outlining tools. They don’t skimp either, they include physical access and social engineering scripts. Great stuff.

2 thoughts on “Quick Post – Pentest Framework

  1. A lot of this was pulled from other sources including the ISSAF and WirelessDefence.org.

    Some of my friends like these sorts of pen-test frameworks, but I think they are not very real world.

    I often view network pen-testing as
    1) the ability to identify or get full-knowledge information on the actual pieces of the puzzle (footprint and fingerprint)
    2) the ability to replicate that environment exactly, including as many original software artifacts as possible (especially code in the form of binaries or source)
    3) the ability to test and inspect the replicated environment instead of the one that you’d rather not break (i.e. the production one)

    since nobody else looks at it that way, i think that this industry is due for a revolution. even the OSSTMM 3.0 (the full version I’m talking about here) stands to take some concepts from the three point model that I just proposed

  2. This is indeed a good model to go by. The reason I love these pentest frameworks is that they provide a good reference. Entering the security field is daunting, and they provide a decent ground for the tools and structure a pentester or ethical hacker should be following. They are not best things since sliced bread, but they are handy and good to have bookmarked =)

Leave a Reply

Your email address will not be published. Required fields are marked *