Upload
ranjan-raja
View
214
Download
0
Embed Size (px)
Citation preview
7/30/2019 penetresting tools used in ethical hacking
1/5
Penetration testing tools:-
A penetration test, occasionally pentest, is a method of evaluating the security of a computer system ornetwork by simulating an attack from malicious outsiders (who do not have an authorized means of
accessing the organization's systems) and malicious insiders (who have some level of authorized
access).
The process involves an active analysis of the system for any potential vulnerabilities that could
result from poor or improper system configuration, both known and unknown hardware or software flaws,or operational weaknesses in process or technical countermeasures. This analysis is carried out from the
position of a potential attacker and can involve active exploitation of security vulnerabilities.
Penetration tests are valuable for several reasons:-
1. Determining the feasibility of a particular set of attack vectors
2. Identifying higher-risk vulnerabilities that result from a combination of lower-risk vulnerabilities
exploited in a particular sequence3. Identifying vulnerabilities that may be difficult or impossible to detect with automated network or
application vulnerability scanning software4. Assessing the magnitude of potential business and operational impacts of successful attacks
5. Testing the ability of network defenders to successfully detect and respond to the attacks6. Providing evidence to support increased investments in security personnel and technology
Tools used for this:-
BackBox
BackTrack
Computer Security
IT risk
ITHC
Metasploit
Pentoo
Securax
Tiger team
w3af
1) Backbox:-
BackBox is an Ubuntu based Linux distribution penetration test and security assessment oriented providing
a network and informatic systems analysis toolkit. BackBox desktop environment includes a minimal yetcomplete set of tools required for ethical hacking and security testing.
7/30/2019 penetresting tools used in ethical hacking
2/5
2) BackTrack:-
BackTrackis a distribution based on the Debian GNU/Linux distribution aimed at digital forensics andpenetration testing use.It is named after backtracking, a search algorithm. The current version is
BackTrack 5 R3.,[ now based on Ubuntu 10.04 (Lucid) LTS, which is next to Debian.
3)Metasploit:-
The Metasploit Project is a computer security project which provides information about security
vulnerabilities and aids in penetration testing and IDS signature development.
4) Pentoo:-
Pentoo is a Live CD and Live USB designed for penetration testing and security assessment. Based on
Gentoo Linux, Pentoo is provided both as 32 and 64 bit livecd. It features packet injection patched wifi
drivers, GPGPU cracking software, and lots of tools for penetration testing and security assessment.
The Pentoo kernel includes grsecurity and PAX hardening and extra patches - with binaries compiledfrom a hardened toolchain with the latest nightly versions of some tools available.
http://en.wikipedia.org/wiki/Live_CDhttp://en.wikipedia.org/wiki/Gentoo_Linuxhttp://en.wikipedia.org/wiki/Live_CDhttp://en.wikipedia.org/wiki/Gentoo_Linux7/30/2019 penetresting tools used in ethical hacking
3/5
5) w3af:-
w3af (short for web application attack and audit framework) is an open-source web applicationsecurity scanner. The project provides a vulnerability scanner and exploitation tool for Web applications. It
provides information about security vulnerabilities and aids in penetration testing efforts.
6) Acunetix
Acunetix WVS automatically checks your web applications for SQL Injection, XSS & other webvulnerabilities.
7) Skipfish
Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the
targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then
annotated with the output from a number of active (but hopefully non-disruptive) security checks. The finalreport generated by the tool is meant to serve as a foundation for professional web application security
assessments.
7/30/2019 penetresting tools used in ethical hacking
4/5
8) Burp
Burp Suite is an integrated platform for performing security testing of web applications. Its various toolswork seamlessly together to support the entire testing process, from initial mapping and analysis of an
application's attack surface, through to finding and exploiting security vulnerabilities.
9. Netsparker
Netsparker confirms vulnerabilities by exploiting them in a safe manner. If a vulnerability is successfully
exploited it can't be a false-positive. Exploitation is carried out in a non-destructive way.
10. WebSurgery
WebSurgery is a suite of tools for security testing of web applications. It was designed for security auditors
to help them with the web application planning and exploitation. Currently, it uses an efficient, fast and
stable Web Crawler, File/Dir Bruteforcer and Fuzzer for advanced exploitation of known and unusualvulnerabilities such as SQL Injections, Cross site scripting (XSS), brute-force for login forms, identification
of firewall-filtered rules etc.
7/30/2019 penetresting tools used in ethical hacking
5/5
6.