717 total views
Pentesting (also known as penetration testing) is one of the preferred tasks for IT security professionals. Basically, it consists of attacking a system or network, with the aim of identifying possible errors, configuration faults or vulnerabilities, so that by correcting them, external attacks can be prevented.
Pentatesters are also known as “ethical hackers” as they usually put their knowledge at the service of companies, which are increasingly demanding this type of professional profile. Astra Security is giving best pentesting price which you can book for your company’s security.
To carry out their work, they use all types of tools: port scanners, web traffic interceptors, code injectors, etc. In this special article we talk about ten of the most known and popular ones.
This is not the first time we talk about Kali Linux in Very Secure. We already told you that more than an intrusion tool, what Kali Linux offers us is a complete Linux distribution oriented to computer security auditing and ethical hacking. It is not the only one of course (there are examples like Parrot OS) but it is certainly the best known.
In its latest version, Kali Linux includes new features such as the update of the Linux 4.19 kernel and the Metasploit 5.0 pentesting suite, as well as specific improvements to the ARM edition and specific devices such as Raspberry Pi. Beyond the above, the set of tools it offers is truly complete.
In its “out of the box” version, Kali Linux offers users more than 300 pentatesting and security tools, although it is more designed to attack rather than defend a computer network.
Nmap (network mapper) is one of the great veterans of the sector. This port scanner is one of those tools that are part of the ABC of any system auditor. Some of the answers it provides are the following: what port is open on a machine? What is behind those ports?
Accessing that information is key in the early stages of any pentatester’s work. Using it is the equivalent of knocking on the door of a machine that interests us and asking…is there someone there? who is it? In this sense, it has support for ping calls, is able to detect service protocols and versions of applications behind each port or access a device ID.
Metaploit is another of those Swiss Army Knives that any self-respecting pentathlete must have at hand. Its goal could not be simpler: to find security holes in all types of networks, applications and devices.
To do this, the tool first allows you to load the code (or destination) that you want to “exploit” and then submit it to one or more of the more than 900 known exploits registered in its database.
The use of Metasploit usually follows that of nmap (or similar), once the researcher has accessed more information about the type of operating system, application or hardware device that is “on the other side”. If you want to defend a corporate network, the use of Metasploit can be critical in understanding where the weakest links are.
Wireshark is probably the most widely used network traffic and protocol analyzer in the world. The tool captures real-time traffic and analyzes at a “microscopic” level what is happening.
Although pentathesters use it primarily to analyze traffic at the TCP/IP level, the tool is capable of analyzing hundreds of protocols, so that the researcher can know exactly what is moving within a network.
There is nothing that “feels better” to a database than an injection of SQL code. And to prove that we are right, there is nothing better than using sqlmap. If this tool is so interesting it is because it automates the process of detecting and exploiting bugs and security holes in SQL-based DB servers. That is, almost all of them.
In this sense, sqlmap has support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, Informix, HSQLDB and H2.
John the Ripper
If you want to decrypt that file that has “mysteriously” come into your hands, a good way to start is with John the Ripper.
Although it will always depend on the power of your GPU, this open-source project shouldn’t have too many problems when it comes to “breaking” most of the “popular passwords”, performing a “brute force” attack that can be extended to infinity if you have patience. Obviously, this is not ideal for complex passwords or if the file has been encrypted with a good tool.
While John de Ripper is trying to figure out the password to that file that you have somehow obtained, Hydra does the same with any online service. To do this, it has support for protocols such as SSH, FTP, IMAP, IRC, among others.
To get it to work properly we must select the service we want to “crack”, put the username and upload a file containing the passwords we want to test.
Do you know how secure the company’s wireless network is? If you want to find out and detect if it has any vulnerability, nothing better than trying the aircrack-ng tool.
In many cases you will discover that the main vulnerabilities are found in a poor configuration of the network, the use of weak passwords or the lack of updating the firmware of the devices.
No collection of pentatesting tools is complete without Burp Suite, one of the most comprehensive web vulnerability scanners. Unlike the tools we have talked about so far, Burp Suite is neither an open source project nor free.
Quite the opposite. It is an expensive tool (?3,999) per year, and only available to those who make a security audit their livelihood. It is true that there is also a free version of the suite (the so-called community edition), but it lacks most of the services that make Burp Suite a really interesting product.
If it’s so expensive, there’s a really good reason. All you have to do is point at a web page and when you drop the “artillery” you’ll find out in a few seconds if it’s vulnerable to any of the attacks that have been reported.
Zed Attack Proxy
Those who do not have or do not want to invest $4,000 per year in Burp Suite, can “settle” with the free Zed Attack Proxy (ZAP). It’s not as complete or as easy to use, but it has tools that make it an equally effective intrusion weapon.
ZAP is configured as a “man in the middle” that sits between your browser and the website you want to inspect, capturing the traffic, so that you can then inspect or modify it if you discover it reports a vulnerability.