I have done this in the past, and i suggest you also put up as much hax0r and system related info into some directory, accessable only by you, as a good library (just a failsafe in case the client blocks certain sites where you would get info/exploits, and for improved archiving - most security sites are so full of info, it is sometimes hard to find what you need). Also, write web frontends to some usefull apps, like traceroute, nmap, etc. Basically, make that site your base of operations on the net, in case you have to conduct an audit on a system which is almost completely locked out from the internet, and wont let you save downloaded files or access to anything besides a web browser, stuff like that (you can do pentests from internet cafes and libraries this way : ). hope this helps, max On Wed, 20 Jun 2001, Nicolas Gregoire wrote: > Hi all, > > I plan to make a website just for my pen-tests. > > This website grabs as much as possible info from the visitors (IP, > browser, proxy, etc ..), tries to exploit some common vulns of browsers > (Guninski's page is a good start for this) and hosts a passive > fingerprinting app. > The victims are "spammed" with some misc. content (p0rn, free CD/DVD, > jokes) linking (or redirecting) to the site. > > Has anybody ever do that ? > > Nicob >
This archive was generated by hypermail 2b30 : Thu Jun 21 2001 - 11:40:44 PDT