7/30/2019 penetresting tools used in ethical hacking

1/5

Penetration testing tools:-

A penetration test, occasionally pentest, is a method of evaluating the security of a computer system ornetwork by simulating an attack from malicious outsiders (who do not have an authorized means of

accessing the organization's systems) and malicious insiders (who have some level of authorized

access).

The process involves an active analysis of the system for any potential vulnerabilities that could

result from poor or improper system configuration, both known and unknown hardware or software flaws,or operational weaknesses in process or technical countermeasures. This analysis is carried out from the

position of a potential attacker and can involve active exploitation of security vulnerabilities.

Penetration tests are valuable for several reasons:-

1. Determining the feasibility of a particular set of attack vectors

2. Identifying higher-risk vulnerabilities that result from a combination of lower-risk vulnerabilities

exploited in a particular sequence3. Identifying vulnerabilities that may be difficult or impossible to detect with automated network or

application vulnerability scanning software4. Assessing the magnitude of potential business and operational impacts of successful attacks

5. Testing the ability of network defenders to successfully detect and respond to the attacks6. Providing evidence to support increased investments in security personnel and technology

Tools used for this:-

BackBox

BackTrack

Computer Security

IT risk

ITHC

Metasploit

Pentoo

Securax

Tiger team

w3af

1) Backbox:-

BackBox is an Ubuntu based Linux distribution penetration test and security assessment oriented providing

a network and informatic systems analysis toolkit. BackBox desktop environment includes a minimal yetcomplete set of tools required for ethical hacking and security testing.

7/30/2019 penetresting tools used in ethical hacking

2/5

2) BackTrack:-

BackTrackis a distribution based on the Debian GNU/Linux distribution aimed at digital forensics andpenetration testing use.It is named after backtracking, a search algorithm. The current version is

BackTrack 5 R3.,[ now based on Ubuntu 10.04 (Lucid) LTS, which is next to Debian.

3)Metasploit:-

The Metasploit Project is a computer security project which provides information about security

vulnerabilities and aids in penetration testing and IDS signature development.

4) Pentoo:-

Pentoo is a Live CD and Live USB designed for penetration testing and security assessment. Based on

Gentoo Linux, Pentoo is provided both as 32 and 64 bit livecd. It features packet injection patched wifi

drivers, GPGPU cracking software, and lots of tools for penetration testing and security assessment.

The Pentoo kernel includes grsecurity and PAX hardening and extra patches - with binaries compiledfrom a hardened toolchain with the latest nightly versions of some tools available.

http://en.wikipedia.org/wiki/Live_CDhttp://en.wikipedia.org/wiki/Gentoo_Linuxhttp://en.wikipedia.org/wiki/Live_CDhttp://en.wikipedia.org/wiki/Gentoo_Linux

7/30/2019 penetresting tools used in ethical hacking

3/5

5) w3af:-

w3af (short for web application attack and audit framework) is an open-source web applicationsecurity scanner. The project provides a vulnerability scanner and exploitation tool for Web applications. It

provides information about security vulnerabilities and aids in penetration testing efforts.

6) Acunetix

Acunetix WVS automatically checks your web applications for SQL Injection, XSS & other webvulnerabilities.

7) Skipfish

Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the

targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then

annotated with the output from a number of active (but hopefully non-disruptive) security checks. The finalreport generated by the tool is meant to serve as a foundation for professional web application security

assessments.

7/30/2019 penetresting tools used in ethical hacking

4/5

8) Burp

Burp Suite is an integrated platform for performing security testing of web applications. Its various toolswork seamlessly together to support the entire testing process, from initial mapping and analysis of an

application's attack surface, through to finding and exploiting security vulnerabilities.

9. Netsparker

Netsparker confirms vulnerabilities by exploiting them in a safe manner. If a vulnerability is successfully

exploited it can't be a false-positive. Exploitation is carried out in a non-destructive way.

10. WebSurgery

WebSurgery is a suite of tools for security testing of web applications. It was designed for security auditors

to help them with the web application planning and exploitation. Currently, it uses an efficient, fast and

stable Web Crawler, File/Dir Bruteforcer and Fuzzer for advanced exploitation of known and unusualvulnerabilities such as SQL Injections, Cross site scripting (XSS), brute-force for login forms, identification

of firewall-filtered rules etc.

7/30/2019 penetresting tools used in ethical hacking

5/5

6.