HomesecurityThe penetration tools used by professionals

The penetration tools used by professionals

Penetration testing (or pentesting) is a simulated cyber attack, where professional hackers enter corporate networks to find their vulnerabilities before intruders do.

This is a simulated cyber attack, where the moral hacker uses the tools and techniques available to malicious hackers.


The need for penetration testing

Pentesting shows where and how a malicious intruder can take advantage of your network. This allows you to mitigate any weaknesses before a real attack occurs.

According to a recent study by Positive Technologies, almost every company has vulnerabilities that intruders can exploit. In 93% of cases, pentesters managed to violate its perimeter network and have access to network. The average time required to do this was four days. In 71% of companies, an unskilled hacker could break into the internal network.

Top tools

In the past, hacking was difficult and required a lot of manual bit fiddling. Today, however, a full range of automated penetration tools helps them hackers test networks faster and easier than ever.

The following is a list of tools that make the job of a modern pentester faster, better and smarter.

1.Kali Linux

If you do not use Kali as your main operating system system, whether you have superficial knowledge or you are doing something wrong. Formerly known as BackTrack Linux, Kali is optimized in every way for aggressive use as a penetration tester.

Although you can run Kali on your own hardware, it is much more common to see pentesters using Kali virtual machines in OS X or Windows.

Kali comes with most of the tools you will see below and is the default operating pentesting system for most cases. But beware - Kali is optimized for attack, not for defense, and is easily used in turn. Do not keep your top secret files in Kali VM.

2. nmap

Nmap is a tried and true tool that if you try it you can not get rid of it. Which doors are open? What is running on these ports? This is essential information for the pentester during the recon phase and nmap is often the best tool for this job.

Many legitimate organizations, such as insurance agencies, internet charterers such as Shodan and Censys, and risk raters such as BitSight, regularly scan the entire IPv4 range with specialized scanning software. doors to map the public safety attitude of companies.

3. Metasploit

Why exploit when you can do meta-sploit? This meta-software looks like a crossbow so you: Aim at your target, select your exploit, select payload and activate. Essential for most pentesters, metasploit automates huge amounts of previous tedious endeavors and is truly "the most widespread penetration testing framework in the world." A play open source With commercial support from Rapid7, Metasploit is essential for those who want to protect their systems from attackers.

4. Wireshark

Wireshark is the ubiquitous tool for understanding the traffic going through your network. Although commonly used to analyze everyday TCP / IP connection problems, Wireshark supports analysis of hundreds of protocols, including real-time analysis and decryption support for many of these protocols. If you are new to penetration testing, Wireshark is an essential tool.

5. John the Ripper

John the Ripper breaks encryption as fast as you can imagine. This application is open source and is intended for breaking offline passwords. John can use a list of possible password words and mutate them to replace "a" with "@" and "s" with "5" and so on, or he can run indefinitely with hardware until a password is found. Given that the vast majority of people use low-complexity passwords, John often succeeds in breaking the encryption and in fact in a short time.

6. Hashcat

The self-proclaimed "fastest and most advanced password recovery utility in the world" may not be perfect, but the people of hashcat certainly know its value. Hashcat is the pentesting tool that breaks hashes, and hashcat supports many types of brute force attacks that guess passwords.

Pentesting usually involves deleting hashed passwords, and exploiting these credentials means disabling a program like offline hashcat in the hopes of guessing or brute-forcing at least some of these passwords.

Hashcat works best on a modern GPU. Legacy hashcat still supports hash cracking on the CPU, but warns users that it is significantly slower than harnessing the processing power of your graphics card.

7. Hydra

Hydra comes into play when you need to crack an online password, such as SSH or FTP login, IMAP, IRC, RDP and more. Note Hydra as a very good and easy-to-use tool. Tools such as Hydra are a reminder why password reduction efforts and logging out users after a few login attempts can be successful defenses against intruders.

8. Burp Suite

No discussion of pentesting tools is complete without mentioning the Burp Suite web vulnerability scanner, which, unlike other tools mentioned so far, is not free, but it is an expensive one. tool used by professionals. There is a version of Burp Suite that does not have much of the functionality and the corporate version of Burp Suite costs € 3,499 per year.

Burp Suite is a highly effective web vulnerability scanner. Put it on the web you want to test and activate it when it's ready. Competitor Burp Nessus offers a similarly effective product (and at a similar price).

9. Zed Attack Proxy

Those who do not have the cash to pay for a copy of Burp Suite should opt for Zed Attack Proxy (ZAP) of OWASP offered for free. As the name implies, ZAP sits between your browser and the site you are testing and allows you to track traffic for inspection and modification. It does not have many of the features of Burp, but open source licensing makes it easy and cheap to scale and makes it a great tool for beginners.

10. sqlmap

This incredibly effective SQL injection tool is open source and "automates the process of detecting and exploiting SQL injection defects and retrieving databases," he says on his website. Sqlmap supports all common targets, such as MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, Informix, HSQLDB and H2.

11. aircrack-ng

How secure is your customer's Wi-Fi - or your home Wi-Fi? Learn with Aircrack-ng. This Wi-Fi security check tool is free. Wi-Fi breakdown is often possible today due to poor configuration, bad passwords or outdated encryption protocols. Aircrack-ng is a very good choice.

Teo Ehc
Be the limited edition.