Pen-Testing is boring – logging requirements

Pen-testing as a job is quite boring compared to learning it or doing it for fun. Why is that? You have to be meticulous about logging every packet that goes between your machine and your client’s. You have to keep logs of everything you’ve tried and what worked and what didn’t. So, when the client comes back and says you crashed their servers, you can show them why/how you crashed them, or you can show that you weren’t doing anything that should have crashed their servers (aka, their servers are broke). You can also use those logs to find things that didn’t stick out at you initially. When you’re doing it for fun, you don’t have to worry about this kind of stuff – and it certainly adds to the time it takes to do things.

There are many tools you can use to get these logs. Almost all pen-testing tools have such logging built in, because the developers knew you’d need that functionality. If the tool doesn’t have logging built in, you can use a few command line tools (for command line testing tools) to record everything. ttyrecord and date are two of my favorites. ttyrecord records (like a video) in binary format all typing, commands, and responses that you type into a tty (aka terminal). It covers anytime you’ve logged in remotely to another system as well. It comes with ttyplay to play that information back and to make it human readable again. Typing date before and after any commands also shows your system’s clock so you can precisely time what you did when.

On GUI systems, the easiest is screencasting software, even if it’s large and uses way too much space. On Windows – screenshots are about the only option you’ve got as an alternative to screencasting, but then you have to remember to take screenshots, then order/reorder them according to what you did and what time it was.

Any other tools that you can use to capture these kinds of logs?