Being CEH : Certified Ethical Hacker V8

1.    After CCCSP,,my efforts to clear a EC-Council exam finally paid off....and today I passed my CEH V8 exam....the feeling of being a CEH is yet to set in...but yess!!!it feels good to clear a exam which has good repu in the security world....one thing I would like to share is that though the exam covers nearly all domains and spheres of security and hacking but still ,end of course does not mean that a guy can hack into any site and create havoc...but yess it does make you understand the nuts and bolts of how one can do it...and more importantly from a CEH point of view...what and where are the vulnerabilities?

2.  CEH is all about offensive hacking.The amount of tools that are available today in the open source world is mind boggling...and the best part is the course ware that the student gets...its great!!!!I can just say that...it all comes with a set of 6 CDs which have thousands of PDFs and tools.If one starts doing each and every practical aspect of this course-ware it will take more than a year to assimilate and do it on a VM platform...so that is definitely going to keep me busy.The best part is that all this is explained with screen shots and step by step instructions.

3.   As i keep doing these practicals on my VM...will try certainly uploading and sharing with you guys!!!!will get my hard copy of the certificate in a few weeks from now...anxiously waiting!!!!

ARACHNI Web Scanner

1.    When we start finding vulnerabilities in a web application,either we have a option to do it manually by putting in hours of patience and grilling or we generally hear the commonly used tools like Acunetix and few other online scanners...or for may be afford a luxury like IBM - Proventia Network Enterprise Scanner ..but there is an open source tool option to Acunetix. Takes lil bit of time but the amount of options that it offers are huge...and gives a great report that is exhaustive.

2. Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, it trains itself by learning from the HTTP responses it receives during the audit process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify false-positives. It is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform.

3.   Arachni is a fully automated system which tries to enforce the fire and forget principle. As soon as a scan is started it will not bother you for anything nor require further user interaction.Upon completion, you will be able to export the scan results to several different formats (HTML, Plain Text, XML, etc.).Few useful pointers about details of this good scanner : 

Download from         -  http://www.arachni-scanner.com/download/

Homepage                 - http://arachni-scanner.com

Blog                          - http://arachni-scanner.com/blog

Documentation          - https://github.com/Arachni/arachni/wiki

Support                     - http://support.arachni-scanner.com

GitHub page              - http://github.com/Arachni/arachni

Code Documentation - http://rubydoc.info/github/Arachni/arachni

Author                     - Tasos "Zapotek" Laskos (http://twitter.com/Zap0tek)

Twitter                    - http://twitter.com/ArachniScanner

4.    To use Arachni run the executables under "bin/".

To launch the Web interface:

   cd bin

   ./arachni_web in a separate terminal

and ./arachni_rpcd in a separate terminal

Default account details:

    Administrator:

        E-mail address: admin@admin.admin

        Password:       administrator

    User:

        E-mail address: user@user.user

        Password:       regular_user

5.    For a quick scan: via the command-line interface:

    bin/arachni http://test.com

6.     For detailed documentation see:        http://arachni-scanner.com/wiki/User-guide