I’m now providing an updated Linux Penetration Testing Laptop Setup document to help install popular and useful vulnerability assessment tools for the Linux operating system. You can go and obtain Backtrack but I feel that you will have more understanding of the tools and Linux in general if you install the tools yourself. You will also have the most current version available. See Configuration Tutorials for the latest document.
Sep 082011
I created a tutorial on how to setup and configure the Nokia N810 Internet Tablet to conduct a wireless assessment or audit. The tools included in the tutorial include how to setup kismet (oldcore and newcore), aircrack-ng (airbase and aircrack), and btscanner. I’m still working on developing steps to install Metasploit and Karmetasploit for wireless client attacks. The tutorial also details using the internal GPS as well as adding an external wireless adapter. The latest version of the tutorial can be found here.
May 022011
I created Project RF to have a reporting framework that provides consistent reports for various vulnerability scanning tools. The project started with support for Nessus back when I would parse nbe files. I’ve since included reporting for eEye Retina, Nmap, HP WebInpect, AppScan AppDetective, Kismet, and GFI Languard. This project is still in its alpha stages as I’m not a top notch web program developer. Scan results are exported to XML which is then uploaded, parsed, and imported into a backend MySQL database. I have found this framework very useful in generating reports for my workpapers. I still continue to work on this project even though I’m no longer an auditor. Recently I stripped it down to just Nessus and I rewrote the Nessus portion to support the .nesses v2 xml output. Installation and setup instructions can be found here.
This framework supports many options for report generation and executive reporting.