View RSS Feed


Top 7 “Things” Every Penetration Tester Should Use

Rating: 11 votes, 4.18 average.
After a long time pinning something down. Disclaimer: Views are mine, based on my experience and knowledge, suggestions to improvise would be appreciated.

So, Penetration testing, with information security getting closer to become the center of the world, pentesting has become integral part of our lives. The life of security folks. No matter how many times you secure the network, it manages to get back in jeopardy. Sometimes we just want it to stay secure. So the pentest to the rescue -

Name:  One.jpg
Views: 2252
Size:  19.5 KB

This write up is about top 7 “things” a pentester should use (in my opinion)… And why 7….. Because it’s the most magical number... Dint workout for Voldy but still it is.

1. PenTesting / exploiting Frameworks - Pentesting frameworks are tools designed to help you perform almost all of the pentesting related stuff from one console. Yes you could do host discovery as efficiently as firing up an exploit to penetrate and post exploitation as well. While the free/community editions for state-of-the-art frameworks like Metasploit are available, spending some money will get you all latest updates with proprietary exploits and all. Some of the good ones are Metasploit and core impact.

2. Web App Scanners –When pentesting, the best thing to attack is the web apps. Web apps will get you hell more chances of penetration than anything else. So have some web scanners in your arsenal. These scanners will scan the target applications for web related vulnerabilities. There are many good scanners available out there like Netsparker, ZAP, Acunetix, SQLmap, SQLninja, Arachni, Burp Scanner, IronWASP. The list will go on and on but the best part is, many of them are just free.

Name:  netsparker-50x50.jpg
Views: 1675
Size:  1.5 KB Name:  portswigger-logo.gif
Views: 1668
Size:  4.7 KB

3. Vulnerability Scanners – As the name suggests, vulnerability scanners scan targets for known vulnerabilities. Well… they are a little boring cause they take out the fun of hunting. However, timesavers for pentesters. Scanners may not give you direct access to anything but will help you find most of the known weaknesses that you can target or at least gain useful information to define plan of attack. Scanners like OpenVAS are awesome because they are absolutely free. While Nessus, Nexpose and Retina provide more stable and regular updates, community editions have some limitations we may not like. Again spending some money will give you benefits which shall help not only in scanning part but in the reporting part as well. Yes a pentester has to report.

Name:  04_old8.png
Views: 1862
Size:  12.6 KB Name:  Nessus.jpeg
Views: 1794
Size:  4.8 KB

4. Pentesting Distro - For now backtrack / Kali Linux are the only two names that come to my mind because those are the ones I have ever used. These distros are compilation of almost everything you will need while doing any security testing related work. Ranging from everyday vulnerability scanning to wireless cracking to password cracking to radio testing to hardware programming to exploitation to reverse engineering to social engineering to the end of the road. And these are not the only two out there. There is Knoppix STD, Blackbuntu, NodeZeore and many more. The reason they are all Linux is for one… well it’s undeniably awesome and second it gives you flexibility to do whatever you want with it. For beginners, these distros could help saving time of gathering, compiling and installing tools. But again where is fun in using something ready made. Having said that

5. Google / Shodan – I could have said search engines but that would be unfair. These two are like the clock of “visibility”. What can I say about Google. Google dorks lets you search for vulnerable targets and so does Shodan. With correct use of Google you may skip many steps of pentesting ranging from port scanning, vulnerability scanning to exploitation itself. I have seen cases of hackers/testers gaining access to critical machines by using information they discovered from Google alone. Austin and FB1H2S must have something to add here. So yes… Google is one of the Top things in my opinion that will help you perform PT every single time.

Name:  hackEr_google.jpg
Views: 2331
Size:  22.7 KB

6. Nmap and Netcat – I can bet that Batman has these two in his utility belt and Tony Stark has integrated these in Jarvis. Nmap… the best port scanner out there. Helps you do port scanning, banner grabbing, checking for some vulnerability signatures and lot more. The mighty of this king can be understood by the fact that there are entire video courses dedicated to teach usage of this one single tool. And netcat… while I see a smile on B0nd’s face, I would like to tell you all,, this tool... in time has proven to be the most power fool tool for hackers. The limits to its usage depend upon the creativity of user’s brain. There must be a reason why its called the Swiss knife of soldiers. Though it just allows connecting to a remote port and reading from / writing data to it, it has lot more capabilities. Read this if you don’t trust me – “From Boot to Remote Root

Name:  nmap.jpg
Views: 2336
Size:  64.5 KB

7. Brain – Yes you have to use it. Brainy has always been the new sexy. The reason why I had to put it in this list is because through my experience I have seen pentesters becoming slaves of tools. Running tools, getting results, firing exploits if available and done. Hacking is not just computes or science. It is art and hackers are artists. What makes them different is their way of thinking and thirst for learning. Unless you can think out of the box and keep learning, you cannot perform a pentest that “simulates” real life hack. So, do whatever you want, use whatever tool you want, make sure you are putting your thought in it. Everything is an attack vector so treat it like that. With your brain and probably nmap and netcat alone, one can hack into targets. There are hell lot of examples for this claim. But to be able to do so, learn, learn and keep learning.

I don't feel like putting any image for brain.. so here is a squirrel of Randall's from XKCD Name:  squirrel_2.png
Views: 5062
Size:  5.1 KB

One important thing, top stuff never completes the pyramid. So when you are performing a pentest, there will be hundred more things to look for and every tools and technique that’s not mentioned here may prove important at one or other time. So, as keep learning and keep sharing. And note that nmap and netcat are like infinity gems with infinite powers and so can be your power of thinking ....

Over and out


The_Empty_Parenthesis( )
Attached Thumbnails Attached Images   

Updated 08-17-2014 at 04:08 PM by the_empty




Total Trackbacks 0
Trackback URL: