Penetration test suggestion

Wanna to keep systems (e.g. windows servers) and network devices in security. Is there any good penetration test\ software recommend?
litmicAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
Quite a broad question. You probably received a bunch of tools. You may want to be explicit in the test case that you will want to prioritise on as the test coverage is wide. See this long list of categories
https://github.com/enaqx/awesome-pentest/blob/master/README.md
Do note the penetration test is not about just running tools. The basis for penetration testing execution covers mainly:
-Pre-engagement Interactions
-Intelligence Gathering
-Threat Modeling
-Vulnerability Analysis
-Exploitation
-Post Exploitation
-Reporting
The detailed technical list can be found here http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Radhakrishnan RSenior Technical LeadCommented:
Hi,

Since you are looking for specific pen test for Windows based servers, you could tighten the application security (Your AV), security devices (hardware firewall) etc. Have a look at this link and see if you can capture the information what you were looking at https://www.coresecurity.com/content/penetration-testing


I was doing pen test for all of my web based servers (IIS) sometimes ago using https://www.ssllabs.com/

Hope this helps.
0
btanExec ConsultantCommented:
Most common test case is to check for yhe server hygiene level e.g. Patch level of security update, any services running esp those of SMB service (file shares) port 137,139, 445, any remote access service such as 389 and any application based services such as webdav, web servers, sharepoint, directory services etc. These are avenues to penetrate through using poorly protected account (using simple or no passwords).
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

DP230Network AdministratorCommented:
Just give me your public IP address and your domain, I can perform some tests and report back to you :)
0
masnrockCommented:
You could use tools within Kali Linux
1
btanExec ConsultantCommented:
For author advice
0
btanExec ConsultantCommented:
For consideration since no further user inputs.
0
litmicAuthor Commented:
Thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.