top of page

PENETRATION TESTING TOOLS - WHAT EVERY NOOB SHOULD LEARN

Internally, we have a motto for all new hire ethical hackers and testers who join the team - “Don’t get left behind.”


As time elapses, so does technology. What may be the latest and greatest today will always be replaced by something better (sometimes). But some security tools are mandatory learning and have been around since the beginning. So, what ethical hacking security tools should you be well versed in as a noob, or an aspiring noob with an interest in information security? Just about all of them as every penetration test and ethical hacker have different goals and/or objectives. Below is a short list of common ethical hacking tools every aspiring IT folk should be familiar with.


What You’ll Learn About

  • NMAP

  • Wireshark

  • Burp Suite (Free Edition)

  • Nikto

  • Firefox

  • SSLSCAN

  • DirBuster

NMAP


Most, if not all, information technology folks should have heard of and/or used a version of NMAP, the holy grail of large network mapping and auditing tools. NMAP is an open-sourced, freely available security tool that runs on most OS flavors including Microsoft Windows! No excuses, the developers even made it GUI based for those of you who cannot stand a terminal screen, complete with your choice of font and colors, that you manually type your commands out. Yes, the color-coded terminals make you look cooler, but if that is not your cup of tea, the Zenmap GUI help guides you on how to run your custom scans via a drop-down and/or checkbox selection for the IP address(es) in range. NMAP is just more than what meets the eye, check out the NMAP scripts, they will transform your penetration test. As is, NMAP may just do about everything and anything, and yes, it can be dangerous.


For more information regarding NMAP, visit https://nmap.org/


Disclaimer: Obtain permission before performing or attempting any type of scans against public-facing or external IP addresses, even if you do have the best intentions in mind, or even if you’re testing against a domain you own, or your company owns. Internet Service Providers, web hosting companies and law enforcement don’t always respond well to “good intentions”.


Wireshark


Wireshark is another network tool that’s free and open source for all OS platforms including mac OS. It is common to Information Technology folks with a networking background, but you may be wondering why Wireshark for ethical hacking? Before I attempt to shed light on that question, first let us define what Wireshark is for those who may not know. Wireshark is a packet analyzer commonly used for network troubleshooting as well as analyzing client/software communications. It captures network traffic (i.e. packets) as they traverse the network from one system to another. Now that we have a better understanding of what Wireshark is, let’s attempt to answer that earlier question - Wireshark for ethical hacking? Why not? How is that for an answer? Seriously now, with all kidding aside, setting up Wireshark is easy. Just download, install, ensure you have a hardwire connection to your network, and go start listening to all your network traffic and even capture them and save it off to a file for viewing at a later time. When starting to dig through your packet capture, you may be surprised at what flies through your network unencrypted and in plain-text format. A simple way to filter through your network traffic is to use http.request.method==”POST”. Take a gander after running Wireshark for a couple hours. If packet capture storage space is not an issue, consider running a capture for the day.


For more information regarding Wireshark, visit https://www.wireshark.org/


Disclaimer: Obtain permission before performing any type of packet capturing. Network sniffing as it’s more commonly called is often considered unauthorized behavior in some companies. Simply having Wireshark downloaded or installed may land you in hot water as well.


Burp Suite (free edition)


Burp Suite Community Edition (Free), is a web application security vulnerabilities scanner with limited (community edition) options, but it’s loaded with a handful of manual tools/options for testing. For noobs, Burp Suite Community edition would be a fantastic starting point on how to configure proxies, capture your HTTP/HTTPS traffic for your web browser and/or applications, spider/crawl website, supports passive scan and active scan websites, manipulate header/body data and view how your data is being passed from client to server/services, or for just performing a point and click scan for a quick vulnerability assessment. There is plenty of online material, books, and videos about how to use Burp Suite. Bear in mind, Burp Suite could be a passive tool and/or a very loud tool that an IDS/IPS will catch depending on your behavior. For optimal results, the Pro edition can be purchased that enables other functions and features necessary for web application testing. The benefit is that the Pro edition can be had relatively cheaply, less than $500 for a license.


Free online training for Burp Suite provided - https://hackademy.aetherlab.net/p/burp-suite


For more information on Burp Suite, https://portswigger.net/


Disclaimer: Please use Burp Suite against internal web applications you own, or obtain permission prior to testing elsewhere.


Nikto


Nikto is an open source, free, automated web server security vulnerability scanner – starting to see a trend yet? But in my opinion, it’s a fantastic information gathering tool. Nikto is packed with many options such as authenticated scans, CGI scans, directory scanner, URL/IP lookup, web crawler and much more. These features are well documented within Nikto’s site located in the link below. Bear in mind, Nikto is a very loud tool, so you may not be flying under the radar and slowed down or halted by an IDS/IPS. Do not worry, at the end of the Nikto scan, it will tell ethical hackers how many requests were made and how many were reported to the external server you ran the scan against.

Nikto itself is easy to use on Kali Linux (It is a pre-installed tool within Kali – Kali Linux is a free penetration testing operating system that is the gold standard used in the industry). Simply pass the following syntax via command line filling in the variables:

nikto -h (domain or IP) -p (port # the web service is running) -o (output .xml or .txt)


For more information on Nikto visit - https://cirt.net/nikto2-docs/


Disclaimer: Obtain permission before performing any of web services scanning.


SSLSCAN


Unsure what SSL services you have in your environment or even externally facing? SSLScan is a free tool, native on Kali Linux, that performs a wide variety of SSL protocol checks. Unsure what to check for? No problem, SSLScan could check all ciphers, protocols, key strengths and much more and report all that are safe and unsafe services. SSLScan is perfect for mitigation purposes as well for self-checks. Some key vulnerabilities that SSLScan checks for are: Heartbleed, SSLV2, SSLV3, low bit ciphers, unsupported ciphers as well as certificates.


Give it a try with the following syntax within a Kali instance:

sslscan domain/IP:port#


For more information on SSLScan and its options, check out https://github.com/DinoTools/sslscan


Disclaimer: Obtain permission before performing any type of scanning even if you do have the best intentions in mind.


DirBuster


So, you hid some directories and application pages thinking you’d be clever and avoid attack that way? Are you sure they cannot be found? Like Pokémon, you gotta catch them all! Unsure now? Well DirBuster may be able to help you and your developers out. DirBuster is a fantastic tool that searches for hidden pages and directories on a web server that are commonly known, and you can even add to that list to tailor it to your specification. DirBuster is not the quickest tool in the bunch, but hey, hackers have all the time to look for your vulnerabilities, so slow is purely relative! DirBuster is GUI based and straight-forward, enter the target’s details and view the results as they come across.


For more information on DirBuster, check out: https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project


Disclaimer: Obtain permission before performing any type of scanning even if you do have the best intentions in mind.


Final Thoughts (just like Jerry Springer)


There are plenty of tools out there, some old, some new, some that may never fail you. This short list of tools is geared to educate noobs and even seasoned IT folks who love to dabble around. These tools are fantastic for information gathering, for pre-exploitation, or for just performing self-checks where you may be vulnerable. Use them to help pinpoint where you could self-improve, or even help educate yourself or others on remediation efforts.


Remember, “Don’t get left behind.”


Interested in our services and what we have to offer? Check us out at - https://www.emagined.com/


Have any questions, concerns or need further information, just let us know – info@emagined.com

131 views
bottom of page