Fine Tuning Automation for Network Penetration Test
By Shritam Bhowmick Web Application Penetration Tester LinkedIn: https://www.linkedin.com/profile/view?id=281014248&trk=nav_responsive_tab_profile Academia: https://independent.academia.edu/ShritamBhowmick Facebook: https://www.facebook.com/coded32
Network Penetration Testing
A lot has been discussed earlier related to network penetration test in forums, IRC’s and security conferences but everyone looked for some automated approach to keep network penetration test related task going fast. The fast approach is desired for mass IP scans and lot of IP ranges which have to be tested in a short time. Most of these network nodes have services open which could be further investigated if these services were well known to be exploited in the wild.
There are various Network Penetration testing which could be referenced below:
- External Network Penetration Testing
- Internal Network Penetration Testing
- Wireless Network Penetration Testing
Now as most of you had already assumed, there could be automated approach to all of them; this however seems easy but is harder if taken from a wide security view-point. The art of choosing a set tools at your disposal for Network Security Audit lies beyond the scope defined since lot of these tools send malicious packets which could deliver stress to the web-server or critical production server costing the clients financially off their services. As a penetration tester I have learned this art from my own lesson and experiences and this would be my own personal methodology for a Network penetration test. Some of the questions which should be asked before-hand to the client before beginning with an engagement would be the major feedback on how one should be preparing for the penetration test.