How to Pen-Test without loosing reputation/credibility of ip-address, domain-name or ssl certificate
4 views
Skip to first unread message
Pedram Ganjeh Hadidi
4:51 AM (6 hours ago) 4:51 AM
to ZAP User Group
Short History/Background for my Question:
Once upon a time, as I was newbie to ZAP, I started to run Pen-Tests on my own bare matal server at home behind random ISP's router, where my web-server was connected to and reached by DynDNS.
The Nightmare began the next day, when at work (out of home) I wanted to reach my web apps: the FW+IDS+AV system at work die warn me about the "malicious ip address/domain-name" and did not let me visit any host/vhost on my server!
The Solution was a long and intensive time consuming process to get my domain-name and ip out of some FW/IDS/AV producer's databases!
Since then I start pen-tests on a kali notebook which cannot access WAN/Internet (prohibited by router + no gateway + no dns + all websites/apache-vhosts are registered with local ip adresses in hosts file + ...)
My Problem:
ZAP calls `zapCallBackUrl` while pen-tests but cannot reach the zap server.
My Questions:
Once upon a time, as I was newbie to ZAP, I started to run Pen-Tests on my own bare matal server at home behind random ISP's router, where my web-server was connected to and reached by DynDNS.
The Nightmare began the next day, when at work (out of home) I wanted to reach my web apps: the FW+IDS+AV system at work die warn me about the "malicious ip address/domain-name" and did not let me visit any host/vhost on my server!
The Solution was a long and intensive time consuming process to get my domain-name and ip out of some FW/IDS/AV producer's databases!
Since then I start pen-tests on a kali notebook which cannot access WAN/Internet (prohibited by router + no gateway + no dns + all websites/apache-vhosts are registered with local ip adresses in hosts file + ...)
My Problem:
ZAP calls `zapCallBackUrl` while pen-tests but cannot reach the zap server.
My Questions:
- Are there any other services/links which ZAP tries to connect to while pen-tests? If yes -> which?
- Does anyone have or know any to-do-list for doing pen-test from LAN without spoil the reputation of my domain-name (DynDNS), ip address and/or ssl cert?
- Is there anything else I should care about to have a thoroughly pen-test without ruin the mentioned reputations (in context of landing on FS/IDS/AV databases/black-lists)?
Thank you in advance and pardon me for my long letter.
Kind regards
Pedram G.H.
Kind regards
Pedram G.H.
Reply all
Reply to author
Forward
0 new messages