Scribd Logo
Upload

Welcome to Scribd!

  • 317 views

    Requirement For Creating A Pentest Lab

    Uploaded by

    Syed Ubaid Ali Jafri
    This document has been prepared in order to develop a good Penetration Testing and Vulnerability Assessment Lab. The document contains Hardware requirements, our manual & automated Software requirements, approaches for Performing Penetration testing. Further, this document is design to make a Penetration test LAB in order to simulate the vulnerabilities in the testing environment and to execute the vulnerability assessment & penetration testing from the LAB by providing the Static IP to the Client, ensuring that the test is being performed from a valid/legitimate link.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Requirement For Creating A Pentest Lab

    Uploaded by

    Syed Ubaid Ali Jafri
    317 views8 pages
    This document has been prepared in order to develop a good Penetration Testing and Vulnerability Assessment Lab. The document contains Hardware requirements, our manual & automated Software requirements, approaches for Performing Penetration testing. Further, this document is design to make a Penetration test LAB in order to simulate the vulnerabilities in the testing environment and to execute the vulnerability assessment & penetration testing from the LAB by providing the Static IP to the Client, ensuring that the test is being performed from a valid/legitimate link.

    Original Title

    Requirement for Creating a Pentest Lab

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document has been prepared in order to develop a good Penetration Testing and Vulnerability Assessment Lab. The document contains Hardware requirements, our manual & automated Software requirements, approaches for Performing Penetration testing. Further, this document is design to make a Penetration test LAB in order to simulate the vulnerabilities in the testing environment and to execute the vulnerability assessment & penetration testing from the LAB by providing the Static IP to the Client, ensuring that the test is being performed from a valid/legitimate link.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    317 views8 pages

    Requirement For Creating A Pentest Lab

    Uploaded by

    Syed Ubaid Ali Jafri
    This document has been prepared in order to develop a good Penetration Testing and Vulnerability Assessment Lab. The document contains Hardware requirements, our manual & automated Software requirements, approaches for Performing Penetration testing. Further, this document is design to make a Penetration test LAB in order to simulate the vulnerabilities in the testing environment and to execute the vulnerability assessment & penetration testing from the LAB by providing the Static IP to the Client, ensuring that the test is being performed from a valid/legitimate link.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    of 8

    REQUIREMENTS FOR CREATING A

    PENETRATION TESTING LAB

    Contributed By: Syed Ubaid Ali Jafri

    Virtual Security

    Virtual Security

    Contents
    REQUIREMENTS FOR CREATING A PENETRATION TESTING LAB..................................1
    Introduction................................................................................................................... 4
    Hardware Requirements?.............................................................................................. 4
    Software Requirements?............................................................................................... 4
    Operating System Requirements?.................................................................................5
    Network Diagram.......................................................................................................... 6
    Internet Connectivity Requirements:.............................................................................6
    Pre- Requisites For a LAB:............................................................................................. 6
    Specialized Software Requirements for Vulnerability Assessment & Penetration Testing
    ...................................................................................................................................... 7

    Virtual Security

    Introduction
    This document has been prepared in order to develop a good Penetration Testing and
    Vulnerability Assessment Lab. The document contains Hardware requirements, our
    manual & automated Software requirements, approaches for Performing Penetration
    testing.
    Further, this document is design to make a Penetration test LAB in order to simulate
    the vulnerabilities in the testing environment and to execute the vulnerability
    assessment & penetration testing from the LAB by providing the Static IP to the
    Client, ensuring that the test is being performed from a valid/legitimate link.
    This tools that are mentioned in this document are the proprietary of different
    vendors that are commercial and open source and our motive is not to advertise the
    software quality of a vendor, instead to providing the qualities of software we will
    share our good experience of different solutions, and also build custom script and
    tools for the specific tasks for example (Brute force attack, Dos Attack, Exploits etc).

    Hardware Requirements?
    The Minimum requirements for creating a Penetration Testing Lab are
    stated below:
    1. Minimum 5th Generation Server(s) with Quad Processor Technology.
    2. Minimum 16 GB of RAM.
    3. Minimum 500GB Hard Drive.
    4. 3 LAN Ports Initially required.
    5. 1 Switch of layer 2 Manageable is required.
    6. 1 Wi-Fi router is required for remote connectivity with the Server(s).
    7. 1 Router (2800, 2811) Cisco.
    8. 2 Firewalls are required for Securing the LAB Infrastructure.
    9. 3 LED based Monitors are required.
    10. 1 Rack at least 20U is required.
    11. 10 - 15 Bootable USB sticks are required
    12. Windows / Linux Operating System.

    Software Requirements?
    List of Minimum Customized Software requirements that are required
    on Windows based Operating System:
    1. Mozilla Firefox with minimum add-ons (Hack bar, Cookie Stealer, Temper Data, Request
    Header Modifier).
    2. Java for windows.
    3. Virtual Machine (VMware Pro, Oracle Virtual Box).
    4. Microsoft .Net Framework 4.5.
    5. Winrar.
    6. Visual Studio version 2010.

    Virtual Security

    7. Sys Internal Suite


    8. Adobe Acrobat Reader.
    9. Microsoft Office 2010.

    Operating System Requirements?


    List of Operating Systems that are required on Bootable USB Sticks
    1.
    2.
    3.
    4.
    5.
    6.

    Kali Linux Version 2.0.


    DEFT (Digital Evidence Forensics Toolkit).
    Backtrack 5 R3.
    Windows 7 Bootable USB
    Wifi Slax
    Kali Linux Version 1.0.6

    Virtual Security

    Network Diagram

    Internet Connectivity Requirements:


    The Connectivity for the internet requires:
    1. Static (Dedicated IP Address) from the service provider
    2. Minimum 8-10 MB Internet connection Pipe is required.

    Pre- Requisites For a LAB:


    1. Lab resource must have minimum 2 years of Networking/Information Security background
    I.T related organization.
    2. Professional Hands on Command on Windows and Linux Based Operating systems
    3. Basic programming on C, C++, VB is required,.
    4. Lab resource must have good knowledge about Routing, Switching, Network /System
    Administration.

    Note:

    The Requirements are initially mark up to reach the initial level but are not limited to the above,
    it may changed depends on subject matter.

    Virtual Security

    Specialized Software Requirements for Vulnerability


    Assessment & Penetration Testing

    N M A P (O p e n S o u rc e )
    R e c o n a is a n c e / In f o r m a t io n G a t h e rin g
    F o c a b y E le v l P a th s (O p e n S o u rc e )
    F o c a b y E le v l P a t h s ( O p e n S o u r c e )
    A n g ry IP S c a n e r ( O p e n S o u rc e )
    S m a rt W h o is (O p e n S o u rc e )
    W ir e s h a r k ( O p e n S o u r c e )
    M a g ic N e t T r a c e ( C o m e rc ia l)
    N M A P (O p e n S o u rc e )
    R e c o n - g (O p e n S o u rc e )
    NW eirteSsphaarrkker (O(Cpoemn Soeurcrciael)) - Nexpose by Rapid7 (Com ercial) Magic Net Trace (Com ercial)
    WSeeabrcChrDuiisgerty (Com (OeprecnialS)ource) - Network Miner (Com ercial) Search Dig ty (Open Source)
    R
    e
    c
    o
    n
    g
    (
    O
    p
    e
    n
    S
    o
    u
    r
    c
    e
    )
    AOnwgaryspIPZSAcPan er (O(OppeennSSoouurcrec)e) - Ratina Scan er (Com ercial) Maltego (Open Source)
    MAaplteSgcoan by IBM (O(Cpoemn Soeurcrciael)) - Lan Guard by GFI (Com ercial) Sm art W hois (Open Source)
    CSNopraterIlkamepract by Core(SCeocmuriteerscia(l()CCoomm eurnciitayl)) - Open VAS (Open Source) Recon ais ance / Inform ation Gathering
    CXeonr tImix pact by Core(OSepcunriStoeusrce(C)om ercial) - NTO Spider (Com ercial)
    AWrembitIangspe ct by HP (Com (OeprcinalS)ource) - Acunetix (Com ercial)
    M e t a s p lo it P r o ( C o m e rc ia l)
    Configuration Review
    NEgipr esroStudio by Titania (Com eurncitayl)
    N e s u s P ro ( C o m e rc ia l)
    NECgAreTs or (OCpoemn Suonirtcye)
    NCipATer Studio by Titania (OCpoemn Seouricael)

    In t e r n a l/ W e b B a s e d V u ln e r a b il t y A s e s m e n t
    A p S c a n b y IB M ( C o m e r c i a l) - L a n G u a r d b y G F I ( C o m e r c ia l)
    N e s u s P r o b y Te n a b l e ( C o m e r c i a l ) - W e b S u r g e r y ( C o m u n i t y )
    N S t a l k e r ( C o m e r c i a l) - O p e n V A S ( O p e n S o u r c e )
    W e b C r u is e r ( C o m e r c ia l ) - N e t w o r k M i n e r ( C o m e r c ia l )
    W e b I n s p e c t b y H P ( C o m e r c ia l ) - A c u n e t ix ( C o m e r c i a l)
    O w a s p Z A P ( O p e n S o u r c e ) - R a t in a S c a n e r ( C o m e r c ia l )
    N e t S p a r k e r ( C o m e r c i a l) - N e x p o s e b y R a p i d 7 ( C o m e r c ia l)
    Xenotix Inter(Onapel/nWSeoubrcBea)sed Vulnera-bNilTOtySApsiders m ent (Com ercial)
    N e s u s P r o b y Te n a b l e ( C o m e r c i a l ) - W e b S u r g e r y ( C o m u n i t y )

    I n t e r n a l / W e b B a s e d P e n e t r a t io n T e s t i n g
    E x p lo it P a c k ( C o m e rc ia l)
    M e t a s p lo i t P r o ( C o m e r c ia l)
    B r u p S u ite 1 .6 P ro ( C o m e rc ia l)
    IntHeranvaijlP/rWo eb Based Penet(CraotmioneTrceisatl)ing
    ABrrmupitaSgueite 1.6 Pro ((OCpoemn Seorucricael))
    SpaErxtaploit Pack (Com(Comerciuanl)ity)
    H a v ij P r o ( C o m e rc ia l)

    Virtual Security

    AVipsuaSlcCaondeSoGuracpe beyr IBM (COopmen Seoruciale)


    OApWAScPaLnASPouErc+e by IBM (OCopmen Seoruciale)
    VOiWsuAaSlCPoLdAePSGEra+p er (Open Source)

    S o u r c e C o d e R e v ie w

    Note: This document is a initial level document for designing and performing a vulnerability
    Assessment & penetration testing LAB, other requirements of penetration testing could vary
    upon organizational requirements.

    Virtual Security

    You might also like

    pFad - Phonifier reborn

    Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

    Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


    Alternative Proxies:

    Alternative Proxy

    pFad Proxy

    pFad v3 Proxy

    pFad v4 Proxy