Top Five Tools for Penetration Testing
Blog / Top Five Tools for Penetration Testing
With cyber-attacks always on the rise, with an astounding 93 percent increase in ransomware attacks alone for the first half of 2021 compared to the same point in time last year, it’s more vital than ever for companies to be able to test the robustness of their systems and software, otherwise the likelihood of an organisation releasing software with easy exploits increases exponentially.
With how devastating a cyber event can be, companies definitely don’t want to commit known mistakes that are avoidable and end up with a ransomware attack or a data breach as a consequence.
This is where penetration testers can come in to do their part for cybersecurity threat detection.
But, how do you go about a penetration test? What tools does a penetration tester need before they sign a contract with a company and start to go routing about in their corporate systems?
Below are five top tools that white-hat hackers use to pass their CEH (Certified Ethical Hacker) and conduct effective penetration tests.
Kali Linux is a staple for hackers, ethical white hat, grey hat and black hat alike. And, for good reason, with over seven hundred tools designed for a deluge of information security tasks. This variety of tools, to name a few, includes tools for:
- Security research
- Penetration testing
- Forensics and reverse engineering.
Kali Linux also has fantastic tools for sandboxing, where you try various, different methods of research in a safe, secure environment that is isolated from the rest of the network and mimics end-user operating environments, where, utilising a custom kernel, you can patch to any level and do things like rootkit analysis.
Having at least a few virtual machines of Kali Linux is an excellent way to practice attacks without causing any real harm.
Nmap is a popular and free, open-source network scanner and a great tool for ethical hackers to do penetration testing. In cybersecurity, often one of the most important things is to have a diagram of the network you’re going to be messing around with. You need to know where the windows and doors are, and unethical and ethical hackers alike again like this tool and ones like it very much.
- Use IP packets to discover devices on a network.
- Discover hosts and services on computer networks.
- Passively attack a network by sending Nmap to eavesdrop on router data packets being distributed to the network.
- Create a map of which servers are a part of the network.
- Actively scan for open, closed and firewall-protected ports by sending raw packets at them.
John the Ripper
John the Ripper is a bit of an oldie, but it is still quite popular even today. This is a free, open-source password-cracking tool, one historically known for detecting and cracking weak Unix passwords back in the day although nowadays it can run on over fifteen different platforms, including, of course, Linux, Windows and MAC.
John the Ripper requires that you have a dump of a password file or an encrypted file that you want to decrypt for an attack.
You can use this tool in a variety of ways, such as:
- Performing a dictionary attack, which is trying all sorts of possibilities from a list of dictionary words or commonly-used passwords.
- Brute-forced techniques in general.
- Ripping passwords onto a shadow file.
- Using rainbow tables, which is where stored password hashes are compared against a dump list to discover the plaintext password.
As you can see, this is an excellent tool for penetration testers to find out if a network and system are vulnerable due to bad password practices or, even, past data breaches a company may have suffered.
The successor to Ethereal, Wireshark is a packet analyser, and it or others like it are a must for penetration tests. This is the tool which will tell you what it's going on in the network by catching data packets coming from the organisation.
Wireshark is cross-platform, so you don’t have to worry about whether it’s compatible with Linux, Windows or Mac. Organisations may often send penetration testers a data dump to analyse, so it’s always a good idea to have this installed, ready to go.
Metasploit is actually already included in Kali Linux, but we felt that it deserves more mention in its own right because it’s just that good. Metasploit is a repository of different, diverse, pre-made attacks you can essentially run and launch at a target server depending on the architecture.
An example of this could be if, after doing some reconnaissance, you’ve discovered the operating system or the apps version have an unpatched File Transfer Protocol (FTP) vulnerability. You’d very likely be able to find an attack on the Metasploit app and launch it at the target server to exploit it.
Now, where to practice penetration testing with these tools?
Now we’ve got all these tools, but what if we need some practice before we start messing around with a system that someone actually cares about. It would be very embarrassing to forget the basics after already signing onto the contract with a company to route about in their system.
This is where we cheat a little. Hack The Box isn’t a tool like the ones we’ve just discussed. It describes itself as more of a hacking playground, a legal means to get that extra practice in using these tools we’ve discussed before you sign a contract with a next week report deadline. Hack the box is a non-profit organization that creates Linux and Windows boxes for you to try to hack, and it’s completely free to work on them.
There’s also places like HackThisSite and bWapp as well to legally test your skills online, among a number of others.
Not a fix all
Of course, penetration testing is just one method and often won’t discover every flaw in your network. It’s important, but it isn’t the cybersecurity fix all that people can often perceive it to be. Furthermore, most companies will either do pen testing annually or when there’s a significant upgrade.
However, you need to be able to monitor and safeguard you and your company every day of the year against cyber threats, so penetration testing can’t be the only cybersecurity threat detection method that you employ.
Securiwiser is a non-invasive, cybersecurity monitoring tool that evaluates your company’s cybersecurity posture 24/7 and flags up vulnerabilities that malicious actors can exploit. It also checks things like the security of your network and cloud, suspicious port activity, CMS vulnerabilities and much more. Give yourself a free scan today!
How secure is
How secure is