Penetration Tester’s ToolkitPosted: January 11, 2013
BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. The manuals section provides you with simple information in order to get up and running with Back|Track and help with some additional features unique to the suite.
Nmap –free open source tool for network analysis and security audits.
nmap -A -T4 localhost
-A to identify operating system, trace and scan with scripts
-T4 configure time parameters (scale 0 to 5, higher the number – higher the speed)
localhost — target host
You can use “slow comprehensive scan” to get more detailed information pertaining target system
nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO –script all localhost
For more information please refer to Nmap Reference Guide
Hydra is a flexible and fast password auditing tool which supports numerous protocols and parallelization.
Nikto – Open Source (GPL) web-scanner. This tool can help you find undeleted scripts (such as test.php, index_.php, etc), database administration utilities ((/phpmyadmin/, /pma, etc) and many more typical errors on target website.
To use simply start with:
/nikto.pl -host localhost
Acunetix – very easy to use web vulnerability scanner. Free version still has great functionality and can help checking web applications for SQL Injection, XSS & other web vulnerabilities
Nessus – very powerful free for home use web-scanner, which helps security auditors identify available running services on target system, check for potential security misconfiguration and many more
It is possible to use Nmap to analyze ports, identify services and Metasploit to exploit vulnerabilities depending on service (ssh, ftp, etc.)
Armitage – tool that can help you test network for vulnerabilities. Basically, it is a GUI for Metasploit Framework and Nmap. It visualizes targets, collects data and makes whole process of penetration testing easier
And to test all of these for those of you, who interested in vulnerability analysis, reverse engineering, debugging,, exploit development and privilege escalation, you can refer to Linux hacking challenges. This project has several virtual machines, exercises and manuals to help you improve your skills.
Here are some additional TOP lists of tools for penetration testing
Top 100 Network Security Tools
Top 10 Web Vulnerability Scanners
Top 10 Vulnerability Scanners
OWASP Top 10 Tools and Tactics
Web-based Application Security Scanners
Web Application Security Scanner List by WebAppSec