Most Popular Penetration Testing Tools
People that are new to penetration testing often ask me what are the best penetration testing tools and which tools should they should use for penetration testing. Not a strange question considering the fact that there are so many different hacking tools around and also a question I always like to answer. Getting started with the right toolset makes penetration testing much more fun and approachable for newcomers. A full install of a penetration testing OS, such as Kali Linux, will have you looking at a pile of 300+ tools. This can be quiet intimidating when you’re making your first steps into penetration testing.
To be successful in a penetration test it is without doubt that you need a good tool set. Some stages of penetration testing, such as enumeration and vulnerability identification, are pretty formulaic and often require the same few tools. For this reason many penetration testers will use the same specific set of tools for enumeration and vulnerability assessments on every similar occasion. This also applies to the exploitation process to some extend.
Penetration Testing Tools List
Without intending to prescribe a fixed list of penetration testing tools to use I want to recommend a few that I believe to be a good foundation for many penetration testing occasions. Regardless if that occasion is a real penetration test or in an online lab environment such as the Virtual Hacking Labs. The VHL penetration testing course is designed to be a very practical training and includes access to online hacking labs for training practical skills. For this reason we will cover many useful hacking tools in the courseware from which some are listed in this article. Let’s start with first hacking tool on the list and a personal favourite: Nmap.
Nmap stands for Network Mapper and is very popular tool for network discovery and security auditing. It is probably one of the most important penetration testing tools on this list. This tool is largely used by system administrators and penetration testers. Penetration testers generally use Nmap for a wide range of tasks such as host discovery, port scanning and to determine the targets OS and running services. Other great benefits of Nmap are the NSE scripting engine, the very comprehensive documentation and of course the fact that it’s free and open source.
The following screenshot is an example of an Nmap port scan with version detection:
The VHL penetration testing covers the most important use of Nmap and teaches how to discover live host, scan for open ports and how to use the Nmap scripting engine.
The Metasploit Framework is a complete penetration testing platform and very popular among penetration tester and other cyber security professionals. Metasploit contains a lot of functionality and is primarily used for exploiting vulnerabilities in software, services, operating systems and web applications. The framework provides the infrastructure, exploits and tools to exploit about any known vulnerability present. If the exploit is not available today, it will probably be tomorrow. Metasploit is also a very easy tool to use because the exploit process for each vulnerability is practically the same. This process generally consists of: selecting the right exploit, arming it with a payload, entering the required details and execute it. Successful exploitation generally gives the attacker command line control over the target.
The following screenshot shows the successful exploitation of Eternalblue on a Windows 7 target where we can see that the attacker has command line control over the target.
During the VHL penetration testing course you will learn how to use Metasploit and how to exploit vulnerabilities with this tool. The Virtual Hacking Labs provide the environment to practice on real vulnerable hosts, including hosts that are vulnerable to Eternalblue.
Nikto is an open source web server vulnerability scanner and is used to perform tests against web servers and web applications. This web vulnerability scanner not only checks for known vulnerabilities but also for webserver (mis)configurations and outdated server components. This information can be very useful in the enumeration phase. Finally Nikto also checks for web applications that are running on the web server. This often reveals new attack vectors on the target that can be further investigated. The following screenshot displays some vulnerabilities found by Nikto on Metasploitable 3:
The Virtual Hacking Labs contain many hosts that are running vulnerable web applications. Sometimes it is not very clear which web applications are running on the target and how they can be accessed. This is where Nikto comes in handy by locating these web applications and log the URL’s in the output.
John the Ripper
What would a hacking toolkit be without a tool that is able to crack passwords using wordlists. John the Ripper, or simply John, is a popular tool to perform offline dictionary attacks on passwords. It is designed to be feature-rich, fully configurable and very fast. John supports and detects a wide range of password hash types including Windows NTLM, MD5, SHA1 and a lot more.
The following screenshots shows a successful dictionary attack on a password that is MD5 hashed:
Where John is the password cracker of choice for offline passwords, THC-Hydra is a password cracker tool used for brute forcing authentication systems of many different network protocols. Hydra is able to perform dictionary attacks with great speed on web application login forms, SQL servers, mail servers, RDP, SSH, Telnet NVC and many more protocols.
During the penetration testing course you will learn how to crack both offline and online password using John and THC-Hydra. In the hacking labs you will encounter different scenarios that require you to use these tools to get access to various systems and web applications.
Burp Suite is a platform for assessing the security of web applications. There is a free edition available with limited functionality and a paid professional edition. For many penetration testers Burp Suite is the platform of choice when it comes to web application penetration testing tools. The reason that it’s called a platform and not a tool is because Burp Suite is a collection of different tools, each with their own graphical interface as we can see on the following screenshot:
All Burp Suite tools serve a specific purpose and can be used together. The proxy tool is used to intercept and modify traffic between the client and server. The intruder tool is used to perform customized attacks on the web application. Both tools will be covered in the VHL penetration testing course to attack web applications.
So far we’ve looked at some the most popular penetration testing tools that are used in general penetration testing. Of course this list is my no means exhaustive in any way. There are many more tools and scripts around that are worth their weight in gold. Finally there’s also a few other important type of tools that are not listed in this article. This tools are automated vulnerability scanners and tools for documenting penetration tests. Both type of tools will be covered in the next article on the Virtual Hacking Labs blog.