| certifications | security - Erik Mikac
12 Pen Testing Tools for 2022
According to some professionals, global cybercrime damage is expected to rocket past 10 trillion dollars by 2025. Not only can malicious hacking affect your bottom line, but employees' personal lives through doxxing, identity theft, and ransomware.
With security breaches occurring so often, your organization cannot afford to treat cybersecurity attacks as an abstract concept. They happen every day. With that in mind, let's walk through 12 penetration test (pen test) tools.
What is a Pen Test?
A pen test is a form of ethical hacking during which a security professional tries to find vulnerabilities in your organization. They will proactively attempt to hack into your organization and report both strengths and weaknesses of the security system. There are a variety of pen-testing tools that professionals use, which we will now explore.
1. Invicti Security Scanner
Invicti Security Scanner is an advanced pen testing suite designed for large-scale organizations. Invicti comes with predefined scripts to allow for easy and automated pen testing without requiring in-depth hacking knowledge. However, if you do have in-depth hacking knowledge that's great — because it also allows you to write tailor-made scripts to fit your organization's needs.
It is also a SaaS, so does not require an existing infrastructure to maintain. Lastly, Invicti has a UI dashboard that displays all of your network's strengths and vulnerabilities.
2. John the Ripper
No list of pentesting tools would be complete without John the Ripper (JtR). While its name may sound macabre, it's actually a useful tool for ethical hackers. JtR allows hackers to quickly and effectively crack a password. JtR has three modes: Single Crack Mode, Incremental Mode, and Wordlist Mode. Each mode represents a different approach to determining a password.
For example, Single Crack Mode accesses Unix shadow files in the etc/shadow directory to determine possible passwords. This directory can hold data about the user such as address, full name, and date of birth. JtR will mangle this data in an attempt to guess the password.
Often your computer will warn against accessing sensitive data on a public Wi-Fi network. This is because someone could be using WireShark to sniff out information about your organization.
WireShark is a packet analyzer (A.K.A a pack sniffer) that can show which IP addresses a user is sending data to and from. These packets of data can hold important metadata a hacker can use to determine your identity and more. For example, VoIP data can be sniffed out using WireShark. If it can be decoded, the VoIP conversation can even be played.
4. Kali Linux
Kali Linux is a Debian-based Linux distribution created specifically for pentesting and security auditing. It includes more than 600 pen testing applications. Tools such as NMAP, WireShark, and TCH Hydra are pre-installed to fit your needs.
Kali Linux comes with all the necessary kernel patches to easily conduct wireless security assessments. Also, network services are disabled by default on Kali Linux. This allows these tools to be used safely in a controlled environment — without the fear of being hacked yourself. And if all that isn't great already, Kali Linux is completely free.
5. Burp Suite
We would be remiss to exclude Burp Suite from this list. Burp Suite is a tried and true tool used by most pen testers everywhere. One of the most useful tools in Burp Suite is Spider. Spider crawls through your organization's network and maps out all of the different endpoints. This greatly increases your security surface area, allowing an ethical hacker to know exactly which urls to test.
Burp Suite also comes with the Intruder application. Intruder allows the ethical hacker to automatically test input fields like form inputs or REST endpoints. The inputs given by Intruder can detect XSS attacks, SQL Injection vulnerabilities, and more.
6. Social Engineering Toolkit
It is important to note that hacking isn't all just ones and zeros. There is a human aspect to it as well. For example, phishing scams and assuming someone’s identity, are all considered forms of hacking. This is why the Social Engineering Toolkit (SET) needs to be added to this list of useful pen testing apps.
SET provides templates to create convincing phishing emails. It also makes it easy to create cross-site scripting attacks to steal a user's password. For example, a user clicks on a link in a malicious email they received. It then sends them to a web address that looks like their organization's reset password screen. Then the hacker is able to steal their password.
7. PowerShell Suite
PowerShell Suite is a little more bare bones than GUI apps such as Burp Suite and Invicti. It is a collection of scripts created to be executed on the Windows PowerShell Command-line Interface.
PowerShell Suite is designed specifically for Windows, which can be a breath of fresh air for many professionals, considering how much ethical hacking is designed for Unix. PowerShell suite's preconfigured scripts can help an ethical hacker bring an organization’s network infrastructure to light. It will show who has access to certain endpoints, how network access control is determined, and which ports are currently open to be exploited.
IDA is an excellent pen testing tool used by all the heavy hitters. Google, the FBI, and the DoD are avid users of it just to name a few. IDA can be used as a digital forensics tool, intellectual property analyzer, and of course pen testing.
IDA has been used to reverse-engineer the firmware in a self-driving jeep, allowing the users to control the car remotely. IDA is expensive and has a steep learning curve, but it is used by the best and the brightest to perform its testing.
So far we have focused a lot of time on gaining access to a network. However, it is just as bad, if not worse, when a hacker gains access to the database. Data is the heart of any organization.
SQLMap is a simple tool in which you provide a URL to test. It then determines whether or not it is possible to manipulate the database that the URL leads to. After all, we do not want hackers deleting, retrieving, or inserting unauthorized data. SQLmap is as useful as it is simple; it is just a CLI.
According to Kinsta, WordPress makes up 43% of the entire internet. With such a huge market on the web, WPScan was created to help ensure its security and reliability. WPScan can be used on any WordPress site to audit its plugins, crack passwords, and find publicly accessible DB dumps.
WPScan has already detected 28,000+ WordPress vulnerabilities. So if you are being asked to pen test a WordPress site, there would be no better place to start than WPScan.
Earlier when discussing Kali Linux, NMAP was mentioned. However, it is such a useful tool it is worth diving a bit deeper into. In fact, it is so useful it has been named "Security Tool of the Year" by numerous organizations.
NMAP is not a Swiss army knife-like Burp Suite or Invicti. It has a singular job: to find vulnerabilities related to exposed ports. However, it does that job very well. NMAP can be used to scan an organization's ports to find one that is exposed. When a port is exposed, hackers can attempt to use it as an entry point into the network. Port scanning is just the tip of the iceberg with regards to NMAP—visit their site to learn more.
SkipFish is considered a cyber reconnaissance tool. It is run initially to find vulnerabilities on a network. It specializes in scanning content management systems such as Joomla or WordPress.
After a scan is completed, all the flaws are displayed as lows, mediums, and highs. A "High" would be discovering an endpoint that allows an unauthorized user to send data, or integer overflow vulnerability.
While all of these tools are interesting and useful, refrain from using them in a misguided manner. Many of the tools are considered to be used illegally if you attempt to pen test an organization without their permission.
In this post, we discussed a dozen different pen testing tools. Some of the tools like Burp Suite or Kali Linux provide an ecosystem for hackers to work within. Others are specialized tools used for singular purposes. No matter the case, all of these tools can be used effectively on their own — or as a group of pen testing tools.