Penetration testing toolsPosted by admin on Sep 14, 2012 in Security Blog • No comments
There are a large amount of penetration testing tools to choose from on the market. The tools below have been selected to cover a range of testing techniques from web based testing to network mapping, but the list is by no means complete, as there are hundreds of different tools to use for specific tests.
Acunetix are experts in web application security. Their web vulnerability scanner is regarded as one of the best on the market. Capable of identifying a variety of different types of web vulnerabilities, such as SQL Injection and XSS exploits. With built in crawlers, http editors and fuzzers, it providers a large set of useful diagnostic tools to help validate and verify flaws. This is one of the best website penetration testing tools around today.
Metasploit Framework is a key penetration testing tool when it comes to exploit development, host vulnerability validation and exploit execution. The Metasploit Framework is an opensource project that was created by HD Moore in 2003, and has grown in popularity ever since. The Metasploit Framework comes with over 800 exploits for Windows, Linux and Mac Operating Systems, with a very simple to use modular system for loading the desired payload. Metasploit also provides the option of encoding the payload in a variety of different formats to help bypass intrusion detection systems, prior to execution. This is a a very powerful penetration testing tool and is one of the most popular for exploit development and testing with huge community backing.
Nmap is one of the most common tools in a penetration testers arsenal. The tool allows fast host discovery, port mapping, service/operating system identification and enumeration to assist in gathering as much potential basic information about the network and alive hosts. Nmap was developed by Fyodor (online alias) and was originally an open source project for use on Linux/BSD, which has now developed to work on platforms such as Windows and Mac. A relatively new GUI version of Nmap, ‘Zenmap’ was released to work in Windows along side the CLI version.
Wireshark is an opensource packet analyser (network sniffer), which will capture and dump network activity sniffed on active wireless or wired LAN cards. You can capture data and save it as a .pcap file watch the network traffic in real-time. Wireshark is able to now capture through USB showing what a great and versatile tool it is when it comes to analysis of data traffic. The tool is very useful when trying to monitor network resources, worm activity or general network abuse. Currently the the penetration testing tool is available on Windows, Mac and Linux platforms.
Cain and Abel
Cain and Abel is a Windows based password recovery / cracking tool. Cain for short – the software is one of the most versatile password recovery tools available, currently supporting Windows password hash recovery, wireless passwords, MSSQL Passwords, Kerberos, Cisco, VNC, Radius and many more. Cain has been developed to crack passwords using brute force dictionary attacks, cryptanalysis and rainbow tables.