top of page

PENETRATION TESTING TOOLS - WHAT EVERY NOOB SHOULD LEARN

Internally, we have a motto for all new hire ethical hackers and testers who join the team - “Don’t get left behind.”


As time elapses, so does technology. What may be the latest and greatest today will always be replaced by something better (sometimes). But some security tools are mandatory learning and have been around since the beginning. So, what ethical hacking security tools should you be well versed in as a noob, or an aspiring noob with an interest in information security? Just about all of them as every penetration test and ethical hacker have different goals and/or objectives. Below is a short list of common ethical hacking tools every aspiring IT folk should be familiar with.


What You’ll Learn About

  • NMAP

  • Wireshark

  • Burp Suite (Free Edition)

  • Nikto

  • Firefox

  • SSLSCAN

  • DirBuster

NMAP


Most, if not all, information technology folks should have heard of and/or used a version of NMAP, the holy grail of large network mapping and auditing tools. NMAP is an open-sourced, freely available security tool that runs on most OS flavors including Microsoft Windows! No excuses, the developers even made it GUI based for those of you who cannot stand a terminal screen, complete with your choice of font and colors, that you manually type your commands out. Yes, the color-coded terminals make you look cooler, but if that is not your cup of tea, the Zenmap GUI help guides you on how to run your custom scans via a drop-down and/or checkbox selection for the IP address(es) in range. NMAP is just more than what meets the eye, check out the NMAP scripts, they will transform your penetration test. As is, NMAP may just do about everything and anything, and yes, it can be dangerous.


For more information regarding NMAP, visit https://nmap.org/


Disclaimer: Obtain permission before performing or attempting any type of scans against public-facing or external IP addresses, even if you do have the best intentions in mind, or even if you’re testing against a domain you own, or your company owns. Internet Service Providers, web hosting companies and law enforcement don’t always respond well to “good intentions”.


Wireshark


Wireshark is another network tool that’s free and open source for all OS platforms including mac OS. It is common to Information Technology folks with a networking background, but you may be wondering why Wireshark for ethical hacking? Before I attempt to shed light on that question, first let us define what Wireshark is for those who may not know. Wireshark is a packet analyzer commonly used for network troubleshooting as well as analyzing client/software communications. It captures network traffic (i.e. packets) as they traverse the network from one system to another. Now that we have a better understanding of what Wireshark is, let’s attempt to answer that earlier question - Wireshark for ethical hacking? Why not? How is that for an answer? Seriously now, with all kidding aside, setting up Wireshark is easy. Just download, install, ensure you have a hardwire connection to your network, and go start listening to all your network traffic and even capture them and save it off to a file for viewing at a later time. When starting to dig through your packet capture, you may be surprised at what flies through your network unencrypted and in plain-text format. A simple way to filter through your network traffic is to use http.request.method==”POST”. Take a gander after running Wireshark for a couple hours. If packet capture storage space is not an issue, consider running a capture for the day.


For more information regarding Wireshark, visit https://www.wireshark.org/


Disclaimer: Obtain permission before performing any type of packet capturing. Network sniffing as it’s more commonly called is often considered unauthorized behavior in some companies. Simply having Wireshark downloaded or installed may land you in hot water as well.


Burp Suite (free edition)


Burp Suite Community Edition (Free), is a web application security vulnerabilities scanner with limited (community edition) options, but it’s loaded with a handful of manual tools/options for testing. For noobs, Burp Suite Community edition would be a fantastic starting point on how to configure proxies, capture your HTTP/HTTPS traffic for your web browser and/or applications, spider/crawl website, supports passive scan and active scan websites, manipulate header/body data and view how your data is being passed from client to server/services, or for just performing a point and click scan for a quick vulnerability assessment. There is plenty of online material, books, and videos about how to use Burp Suite. Bear in mind, Burp Suite could be a passive tool and/or a very loud tool that an IDS/IPS will catch depending on your behavior. For optimal results, the Pro edition can be purchased that enables other functions and features necessary for web application testing. The benefit is that the Pro edition can be had relatively cheaply, less than $500 for a license.


Free online training for Burp Suite provided - https://hackademy.aetherlab.net/p/burp-suite


For m