Tools or sites for pentesting

Hello, has anybody got links for sites with online testing tools or are there any tools and practices available in order to test respectively verify against vulnerabilities or backdoors?

Would be glad for tips; either via PM or in the forum. Thank you!

Hi,

unless I misunderstood it, this is a very generic question.

For advanced penetration testing, I’d recommend “Advanced Penetration Testing” by Wil Allsopp (Wiley 2017), but since I am not sure if this is what you are searching for: Could you please give us more details on what you want to pentest? What is your scope/tools/…?

Either way, since this does not seem to be related to IPFire, I will move it into “uncategorized”. :slight_smile:

Thanks, and best regards,
Peter Müller

Good evening Peter,

thank you for your response. As I did a lot of (re)work on these things here since years I am often a bit uncertain if the security is “good enough”. So I use the following sites to test the iPFire gateway, e.g.

observatory.mozilla.org
www.immuniweb.com
heise.de

and decent other ones on a regular base. Of course, e.g, in order to test network traffic, I’d need wireshark but that’s very down below, so I’ve got a different solution for e.g. wireless traffic implemented but I don’t like to talk about that in detail as I assume, all of my good technical friends around here could try to overcome that massively.

I know nmap has also got tools, it’s test suites work quite well in order to test e.g. NAS network ports or so.

I do look on traffic on regular basis on the different machines and use DPI on some occasions in order to get an overview which kind of traffic on which network appears.

Thank you for your hints so far!

Hi,

unfortunately, I still did not get what you are trying to do.

As I did a lot of (re)work on these things here since years I am
often a bit uncertain if the security is “good enough”.

Well, this depends on more things than I can list here. Although I use to hate
them for reasons mentioned here, a risk analysis might help to identify where
to start in first place. After having eliminated the most urgent threats, you
can (and should) continue raising the bar step by step.

Anyway, I assume “the security” refers to the security level of an IPFire machine
itself, without including systems located behind or before it.

So I use the following sites to test the iPFire gateway, e.g.

observatory.mozilla.org
www.immuniweb.com
heise.de

The latter is an IT news portal and does not “test” anything except for one simple
port scanning service they offer here.

Of course, e.g, in order to test network traffic, I’d need wireshark but
that’s very down below, so I’ve got a different solution for e.g. wireless
traffic implemented but I don’t like to talk about that in detail as
I assume, all of my good technical friends around here could try to
overcome that massively.

I have no idea what you are talking about here.

Using wireshark is more looking at network traffic emitted, rather than “testing” anything.

I do look on traffic on regular basis on the different machines and use DPI on
some occasions in order to get an overview which kind of traffic on which network appears.

Again: What are you trying to achieve?

If you do something “on some occasions”, how can you assure an attacker is not
simply waiting until that occasion is over?

Thanks, and best regards,
Peter Müller

Hi Peter,

basically I’d like to know if any tools are available which might help to identify “dissolving” traffic, perhaps those with small byte amounts like key strokes covered in the “white noise” of the traffic’s junks, sent via different intranet IP to unsuspicious external domains, such as large cloud providers already used by existing set top boxes, servers, printers or workstations within the network.

When looking into a network in general, there is usually more than one attack vector, to name it, these points could be at least:

  • Capture a device within DMZ
  • Capture WLAN AP’s, especially when they’re stationary
  • Capture mobile devices in public on wireless ports and let them be brought home
  • Some cases where the sky falls back on your head in form of coupled entities
  • TV sticks with both WLAN and LAN attached, closed source, and undocumented API’s
  • Set top boxes with closed source firmware
  • Install input drivers from OEM’s (e.g. keyboard drivers communicating with servers)
    … and so on.

What I’d ask for is the possibility to check which kind of traffic going “out” might be unwanted/suspicious based upon its stochastical behavoir.

However, I don’t know if this is reasonable, as e.g. mobile phones with e.g. AI apps have often both WLAN and GSM/LTE enabled at the same time; so I wonder if it makes sense to take much care on security on BLUE, because, if someone’d attack on your mobile in the very highest, improbable and unimportant case, you have not really got control over the closed source firmware and how the apps then act within those two networks and so on. I mean, especially cell providers do not offer the same amount of detailed traffic information for their non commercial customers as your own firewall does, I assume.

I even don’t exactly know how much a cell provider update could change the behaviour of your mobile device. So, for iPhones, I do allow just RED over proxy, with 17.0.0.0/8 whitelisted for the at least necessary service ports, and so on.

Might be a bit silly, these thoughts, but it’s just of interest for me where to put the focus on these occasions.

So I understand there is no “golden answer” on my questions. It’s just a gut feeling leading me to these kind of questions.

Cheers!

P.S. As final point: in case of e.g. Microsoft Windows, they’d say

> DISM.exe /Online /Cleanup-Image /RestoreHealth
> sfc /scannow

would be good enough for checking the OS’s integrity. In case the solution tells:

Systemsuche wird gestartet. Dieser Vorgang kann einige Zeit dauern.

Überprüfungsphase der Systemsuche wird gestartet.
Überprüfung 100 % abgeschlossen.

Der Windows-Ressourcenschutz hat keine Integritätsverletzungen gefunden.

I’d assume propable leakages not within the core of the Windows OS. Me, as a hobbyist, would really be glad to have some kind of checksum tool for the iPFire installation, just to make sure the system’s integrity stays valid over time.

P.P.S. If I’d be really interested to gather data from someone else without logging, I’d experiment with a laser interferometer, pointing upon the glass of that window where your keyboard resides behind, record the sound patterns of the keyboard clicks and compare these with a small sound database in order to recover the keystrokes back to characters.

But who the fuck would really do something like that?

Hi,

I guess you might find some helpful bits and pieces here:

Personally, I do not consider Windows to be a trustworthy operating system, and from my experience, aiming to secure it basically is just wasted time.

P.P.S. If I’d be really interested to gather data from someone else without logging, I’d experiment with a laser interometer, pointing upon the glass of that window where your keyboard resides, record the sound patterns of the keyboard clicks and compare these with a small sound database in order to recover the keystrokes back to characters.

But who the fuck would really do something like that?

There were some papers by the Ben Gurion university covering similar side channel attacks; if I recall one of them correctly, determining which key has been pressed on a keyboard by its sound has been evaluated and discussed.

If you do not happen to live or work within a high-security building, defense against such attacks is next to impossible. Focusing on more basic security threats might be more effective and less depressing.

Thanks, and best regards,
Peter Müller

1 Like

I would recommend KALI Linux distribution as “base camp” for further expeditions into the unknown territory of pentestng. Try to find some tutorials or books how to use the Tools and Software.

The best Hacking Tool is still a good SLR camera with Tele and visual on the admins’ kyboard in an office. As alternative an very small 4K recording cam duct-taped on the window recording the morning hours when everybody comes into the office, tuning the computer on and logging in.

https://www.kali.org/