Hacking used to be difficult and involved a great deal of manual work. Today, however, a comprehensive suite of automated penetration testing tools transforms hackers into cyborgs, artificially enhanced humans capable of testing far more than ever before. After all, why cross the country by horse and buggy when you can fly in a jet plane? The following are the penetration testing tools that make the job of a modern pen tester easier, faster, and smarter.
1. Kali Linux
4. Burp Suite
If you are not using Kali Linux as your primary penetration testing operating system, you either have cutting-edge knowledge and a unique use case, or you are doing it incorrectly. Previously known as BackTrack Linux and maintained by the good people at Offensive Security (OffSec, the same people who run the OSCP certification), Kali is optimized for offensive penetration testing in every way.While Kali can be run on its own hardware, pen testers are far more likely to use Kali virtual machines on OS X or Windows.Kali comes pre-installed with the majority of the penetration testing tools mentioned here and is the recommended penetration testing operating system for the majority of use cases. However, be warned—Kali is designed for offense, not defense, and is thus easily exploited. Keep no super-secret files in your Kali VM.
Nmap—short for network mapper—is the grandfather of port scanners. It is a tried-and-true penetration testing tool that few can live without. Which ports are currently open? What is the purpose of those ports? This is critical data for the pen tester to have during the recon phase, and nmap is frequently the best tool for the job.
Despite the occasional hysteria from a non-technical C-suite executive that an unknown party is port scanning the enterprise, using nmap alone is perfectly legal, and is akin to knocking on everyone's front door to see if anyone is home.
Numerous legitimate organizations, including insurance companies, internet cartographers such as Shodan and Censys, and risk assessors such as BitSight, regularly scan the entire IPv4 range using specialized port-scanning software (typically nmap competitors masscan or zmap) to map the public security posture of large and small enterprises. Having said that, attackers with malice scan ports as well, so it's worth noting for future reference.
[/fusion_text][fusion_text rule_style="default" hide_on_mobile="small-visibility,medium-visibility,large-visibility" sticky_display="normal,sticky" animation_direction="left" animation_speed="0.3"]
This software operates similarly to a cannon: Aim at your target, select an exploit, choose a payload, and fire. Metasploit is indispensable for the majority of penetration testers because it automates large amounts of previously tedious work and is truly the "world's most used penetration testing framework," as its website proclaims. Metasploit, an open-source project backed by Rapid7, is a must-have for defenders looking to secure their systems from attackers.
Wireshark is a ubiquitous penetration testing tool for deciphering network traffic. While Wireshark is frequently used to debug common TCP/IP connection problems, it also supports the analysis of hundreds of protocols, including real-time analysis and decryption for many of those protocols. Wireshark is a must-learn tool for anyone new to pen testing.
No discussion of penetration testing tools would be complete without mentioning the web vulnerability scanner BurpSuite, which, in contrast to the other tools mentioned thus far, is neither free nor libre, but is a premium tool used by professionals. While there is a Burp Suite community edition, it lacks a significant amount of functionality, and the Burp Suite enterprise edition costs a cool $3,999 per year (that psychological pricing doesn't make it appear any cheaper, guys).However, there is a reason they can charge such exorbitant prices. BurpSuite is a powerful web vulnerability scanner. It should be pointed at the web property you wish to test and fired when complete. Nessus, a Burp competitor, offers a product that is similarly effective (and similarly priced).