Tools I Use For Penetration Testing
What Is Penetration Testing?
Penetration testing, also known as pen testing, is a means securities experts break into corporate networks to find vulnerabilities, before attackers identify them.These experts, who are also known as white-hat hackers or ethical hackers.
1. NmapNmap, also known as“Network Mapper” It is a free and open source tool for scanning your systems or networks for What ports are open? What’s running on those ports?. Nmap can effectively scan both large as well as small networks. It is easy to use for beginners but also offers advanced features for experienced users.
- Interactive and graphical results viewing
- It summarizes details host, services, OS, packet filters/firewalls, etc.
A script that you can run in the background!
The main goal for this script is to automate all of the process of recon/enumeration that is run every time, and instead focus our attention on real pen testing.
This will ensure two things:
1) Automate nmap scans. 2) Always have some recon running in the background.
Once you find the inital ports in around 10 seconds, you then can start manually looking into those ports, and let the rest run in the background with no interaction from your side whatsoever.
Quick: Shows all open ports quickly (15 seconds)
Basic: Runs Quick Scan, then a runs more thorough scan on found ports (5 minutes)
UDP: Runs “Basic” on UDP ports (5 minutes)
Full: Runs a full range port scan, then runs a thorough scan on new ports (5-10 minutes)
Vulns: Runs CVE scan and nmap Vulns scan on all found ports (5-15 minutes)
Recon: Runs “Basic” scan “if not yet run”, then suggests recon commands “i.e. gobuster, nikto, smbmap” based on the found ports, then prompts to automatically run them
All: Runs all the scans consecutively (20-30 minutes)
2. WiresharkWireshark is a network protocol analyzer and network sniffer tool commonly used to drill down into your everyday TCP/IP connection issues, Wireshark supports numbers of protocols including real-time analysis and decryption support for many of those protocols. Capturing data packets will allow you to investigate the various characteristics of individual packets, such as where they are coming from and their destination, and which protocol used. With the information, you can easily identify security holes in your network.
- Provide Live capture and offline analysis
- Ability to investigate the smallest details for activities on a network.
- Capture files compressed with gzip can be decompressed on the fly
- We can export Output to XML, PostScript, CSV or plain text
3. BurpsuiteBurp Suite is a widely used for the assessment of web-based applications. It works on by intercepting proxy, web application scanning, crawling content and functionality etc. The tool is not free, but very cost-effective. Burp Suite has two versions: the free version and the professional version. The free version has the essential tools for carrying out scanning activities or you can go for the professional version if you need advanced web penetration testing.
- Inspect and modify traffic between the browser and the target application, using the intercepting Proxy.
- Crawl application content and functionality, with the application-aware Spider.
- Manipulate and resend individual requests, using the Repeater tool.
- Benefit from various other handy utilities for analyzing and decoding application data.
- Automatically probe for security flaws, with the state-of-the-art web application Scanner.
- Discover and exploit complex and unusual vulnerabilities, using the Intruder tool to deliver powerful customized attacks.
- Save your Burp session and resume working later.
- Benefit from numerous high-value features, including search, target analysis, content discovery, and task scheduling.
- Receive frequent product updates and earlier access to new releases.
4. OWASP Zed Attack Proxy (ZAP)OWASP’s Zed Attack Proxy or ZAP is part of the free OWASP community is a widely popular pen-testing tool for both web applications and mobile apps. This open-source tool is maintained by a dedicated international team of volunteers. Pen testers also use ZAP for Automation to find security vulnerabilities in your applications.
- Intercepting Proxy
- Active and Passive Scanners
- Traditional and Ajax Spiders
- Brute Force Scanner
- Port Scanner
- Web Sockets
5. MetasploitThis is the most popular and advanced Framework that can be used for penetration testing automation framework in the world. Aim at your target, pick your exploit, select a payload, and fire. It can be used on servers, online-based applications, networks, and several other places. It has a command-line interface and works on Linux, Apple Mac and Microsoft Windows OS.
- Basic command line interface
- Manual brute forcing
- website penetration testing
- A multi-function payload module
6. SqlmapSqlmap is an open source penetration testing tool. It automates the entire process of exploiting database servers, and SQL injection vulnerabilities. SQLmap is an SQL injection takeover tool for databases. Sqlmap supports all the usual targets, including MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, Informix, HSQLDB and H2.
- Full support for six SQL injection procedures: boolean-based blind, error-based, UNION query, time-based blind, stacked queries and out-of-band.
- Allows direct connection to the database without passing via a SQL injection
- Supports cracking password hash formats using a dictionary-based attack
- Support to enumerate users, password hashes, privileges, roles, databases, tables, and columns
- Automatic recognition of password given in hash formats and support for cracking them
- Support to dump database tables entirely or specific columns
- Support to search for specific database names, tables or specific columns across all databases and tables
7. John the RipperJTR is a very popular password cracking tool. Attackers may use passwords to steal credentials and enter sensitive systems. As such, password cracking is one of the critical aspects of penetration testing. It is a free tool that blends different password crackers into a single package, automatically identifies different types of password hashes, and comes with a customizable cracker.
- John the Ripper is free and Open Source software
- Automatically identifies different password hashes
- Proactive password strength checking module
- Support for many additional hash and cipher types
8. HydraWhen you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more than 50 protocols, including telnet, ftp, http, https, smb, several databases, and much more. Tools like Hydra are a reminder why rate-limiting password attempts and disconnecting users after a handful of login attempts can be successful defensive mitigations against attackers.
- It supports rainbow table of any hash algorithm
- Computation on multi-core processor support
- Runs on Windows and Linux operating systems
- Support GUI and Command line user interface
9. Aircrack-ngAircrack-ng is a comprehensive collection of utilities for analyzing the weaknesses in a WiFi network. The tool allows you to monitor the security of your WiFi network by capturing data packets and exporting them to text files for further analysis. It cracks vulnerable wireless connections. It is powered by WEP WPA and WPA 2 encryption Keys.
Cracking wifi today is often possible because of poor configuration, bad passwords, or outdated encryption protocols.
- More cards/drivers supported
- Support all types of OS and platforms
- You can use this tool to capture packets and export data
- Focuses on different areas of security such as attacking, monitoring, testing, and cracking
- Support for WEP dictionary attack
- Improved tracking speed
10. NessusNessus has been used as a security penetration testing tool. It is one of the most robust vulnerability identifier tools available. This tool scans for loopholes that attackers may exploit to cause damage to your IT infrastructure. Some of the vulnerabilities it identifies include misconfiguration errors, weak passwords, and open ports. It can also perform detailed website scans, sensitive data searches, IP scans and compliance checks.
- Up-to-date database that’s updated on a daily basis
- Can be used to expose scalability
- In addition to web application, mobile scanning, and cloud environment, the tool offers priority remediation.
- Customize reports to sort by vulnerability or host, create an executive summary or compare scan results to highlight changes