Penetration testing is the procedure of imposing an attacker to find out the vulnerabilities in a system that can be used to gain access to the system for malicious use.
Penetration testing tools are used as a part of a penetration test to automate certain tasks, improve efficiency and discover issues that might be difficult to find using manual analysis technique alone.
Penetration testing offers many benefits. First, it identifies vulnerabilities in the system. Regular pen testing results in a drastic reduction of security incidents, which leads to an increased trust in an organization’s security policy. Pen testing also results in an organization meeting its compliance and security requirements as might be necessary under state and federal regulations.
Different approaches can be taken when choosing what toolsets can be used for performing individual phases of the penetration test. There are plenty of tools and toolsets for penetration testing that can test various types of products and conduct diverse types of attacks. This subject is far too broad to cover every tool available for every type of test. On the other hand, the tools listed below are ones you should get to know well.
1. Network Scanning
Network scanning involves using a port scanner to identify all the active hosts, open ports, switches, and routers in the address range. Popular tools in this category include:
- Nmap: Port scanning tool used to discover active hosts and scan for open ports
- OpenVas: Open Vulnerability Assessment System is an open-source software framework for vulnerability management and scanning.
- Dmitry: Command-line port scanner that scans both TCP and UDP ports.
- Unicornscan: Port scanner that scans TCP scanning tools
- Sparta: GUI port mapper that scans networks to identify available hosts on the network.
- Netcat: Popularly known as the swiss army utility of a security engineer, it is a port scanner used in reading and writing data across the network.
- SolarWinds Port Scanner: Scanning tool that generates a list of open-closed and filtered ports for an IP address.
- Angry IP Scanner: Scanning tool that scans ports and IP addresses and is compatible with Linux, Windows, and MAC OS X.
- ManageEngine OpUtils: Port scanning tool that also provides network address monitoring and tools for administration.
2. Password Cracking
Password cracking is used to identify weak passwords. Password Cracking tools are also called Credential Testing Tools. Popular tools in this category include:
- John the Ripper: Password recovery tool available for Linux, Unix (11 Versions), DOS, Win32, and OpenVMS.
- IMP 2.0: NetWare password cracking tool that facilitates a user to get passwords through various attack methods.
- L0pht Crack: Password cracking tool compatible with Windows NT, Windows 2000, and Windows XP.
- Crack 5: Unix password cracker used to identify weak passwords in Unix.
- Cain and Abel: Password recovery tool compatible with Windows
3. Vulnerability assessment
Also known as Vulnerability scanning tools, they scan for vulnerabilities. They differ from network scanning tools in that, unlike network scanners, they do not require a human to interpret the results of scanning to discover vulnerabilities.
- Nessus: Vulnerability scanner that scans for vulnerabilities, misconfigurations, default passwords, and susceptibility to DoS or Denial of Service attacks.
- Nmap: Traditionally developed as a host discovery and port scanner to “map” out the network, it is now used for host fingerprinting, service detection, and vulnerability scanning.
- Codenomicon: A toolkit for automated penetration testing that revolutionizes penetration testing processes by eliminating unnecessary ad-hoc manual testing.
- Burp Suite: A versatile tool for automating custom attacks, including resource enumeration, data extraction, and fuzzing for common vulnerabilities.
- Netcat: Referred to as the swiss army knife of the network, Netcat can be used for terminal connectivity, chat sessions, file transfers, port redirection, and as well as for launching forward and reverse shells on connect.
- SQLMap: a full-blown automatic database takeover tool used to identify SQL injection vulnerabilities and then exploit them to download entire databases, launch commands remotely, and spawn a remote OS shell.
- Invicti: A web application security scanner used to automatically identify security issues such as SQL injection and Cross-Site Scripting (XSS) in websites, web applications, and web services.
- Acunetix: A web vulnerability scanner that automatically scans any website and detects over 4500 web vulnerabilities, including all variants of SQL injection, XSS, and Host Header Injection.
- Intruder: A powerful, automated penetration testing tool that discovers security weaknesses across the IT environment.
- Indusface: A manual penetration testing and automated scanning to detect and report vulnerabilities based on the OWASP top 10 and SANS top 25.
4. Miscellaneous Tools
- Wireshark: Open-source network protocol analyzer used to sniff and monitor traffic on a network.
- Metasploit Framework: Pen testing framework that is command-line based and is used to find and exploit vulnerabilities.
- Recon-ng: Web reconnaissance tool compatible with Kali Linux and used to automate
- OSINT: It can be used to file search, identify hosts, geolocation, search password hashes and look for VPNs.
- Peach: It provides dynamic application security testing or DAST for pen testing, an automated testing tool that helps avoid zero-day attacks.
