OSSTMM is a very comprehensive penetration testing manual. It has gained wide spread acceptance in the community. As a penetration tester myself, I found the methodology to be very much professional. But in my endeavours as a tester, there was a difficulty in choosing the right tools for the right task. I knew to abide by the methodology, but knew little of the tools used to assist me in my processes. I decided therefore to set on a project to make a penetration teter's tool's manual, which i have tentatively called ospttm(open source penetration testing tools manual). Now with the help of the community, and my professional experiences this project has reached its first version. It is hoped that ospttm can make life easier(a little bit) for the penetration tester.

This project should exist with the support of professional pen-testers. Their best practises and day-to-day "hacks" or work-arounds to accomplish the task of a professional pentesting assignment must be given due and undue importance ;). the security world is looking all the more important now because today computers is not just about the hacker and cracker; its about common people ; their day-today life. And it wouldnt be futuristic to imagine computers playing a crucial role in all the important parts of our world.

We are not here to replace any "methodology"; but if need be we will. Why we are is for documenting the best practises and those hacks we all do in our endeavors to compromise a target that is seemingly following most of the "standard" precautions. If we dont document this aspect of pen-testing, we will fail to unify our testing. The more we unify our testing the more better it is for the clients and the industry. Because, If one of us knows a way around a "standard" procedure, the possibility is that the attacker knows them too. So when our fellow tester misses out testing his target because he didnt know of that "smart" hack one of us used, he will leave the door open for a seasoned attacker.

Every one of us has to make a living. agreed. But the job we do is not a silly one to be selfish. We are not doing "business"; we are providing a service. A service to the industry, to the client and to billions around us who look upto computers for making(or breaking) their day. So you see, even if we share our knowledge and our expertise we are still doing service; service to our fellow testers, service to the community that gave us our bread and butter(and my favourite peanutbutter). Its my hope that this project will unify the penetration testers in the world. Lets make this world a safer place; as importantly, lets have fun finding the holes!!

ospttmdraft1.0.txt

Remember, this is a community effort so do feel free to drop in by to discuss and contribute to this project.

Join our mailing list : http://www.coollist.com/subscribe/subto.cgi?l=ospttm&C=80950