Hey looks its a Red Team!
Here they come with a few hours of work & a report that will hopefully provide more valuable information than “Here is what Nessus Found”.
A simple way to test any Red Team’s worth is with a good trolling and disinformation effort once the engagement is underway. Good testers will be able to bypass the scripties with some manual testing and validations for any findings, and lazy testers will waste a lot of time spinning their wheels on a wild goose chase.
With this in mind we created a few ‘Anti-Pen’ test tools if you will. The entire toolkit is called the Crimson Kool-Aid Toolkit. The other tools in the toolkit will be released with later articles.
So for now here is the first tool:
‘Rusty Web Server: a simple python script to spoof web server versions’
Get it @ https://github.com/thesecuritypimp/rustyweb