Penetration testing (pen testing) is a practice undertaken by professional hackers to find the vulnerabilities in your systems — before the attackers do. It requires clever thinking, patience, and a little bit of luck. In addition, most professional hackers will need a few specific tools to help get the job done.
CSO recently spoke to a few security experts – some who are full-time red team operators and developers themselves – and asked them to share their favorite tools.
The tools below are the ones that have helped during simple assessments, complex engagements, or they've made the list because they're something that gets used all the time in the field. Some of the tools in this list are free, while others will require license payments, but all are worth a look.
Nmap turned 20 years old on September 1, 2017. Since it was first released, Nmap has been the go-to tool for network discovery and attack surface mapping. From host discovery and port scanning, to OS detection and IDS evasion / spoofing, Nmap is an essential tool for gigs both large and small.
Like Nmap, Aircrack-ng is one of those tools that pen testers not only know, if they're assessing a wireless network, they're using it on a regular basis. Aircrack-ng is a full suite of wireless assessment tools, covering packet capture and attacking (including cracking WPA and WEP).
Wifiphisher is a rogue access point tool, enabling automated phishing attacks against Wi-Fi networks. Assessments using Wifiphisher can lead to credential harvesting or actual infection, depending on the scope of the job. A full overview is available in the documentation section on the Wifiphisher website.
4. Burp Suite
Used with a web browser to map applications, Burp Suite can discover a given app's functionality and security issues. From there, it's possible to launch custom attacks.
Currently, the free version is pretty limited, but the paid version ($349 per user) offers full crawling and scanning (supporting more than 100 vulnerabilities – including all of the OWASP Top 10); multiple attack points, and scope-based configurations). One of the most common remarks we heard about this tool is that it can be used to automate repetitive functions, and offers a decent view of what the app is doing with the server.
5. OWASP ZAP
OWASP Zed Attack Proxy (ZAP) was another application testing tool mentioned alongside Burp Suite. The general view is that ZAP is good for those that are just starting out with application security, while Burp Suite is the go to hardcore assessment tool. Those who are concerned about price lean towards ZAP because it is open source. OWASP recommends ZAP for application testing, and they've published a number of tutorials for making it work in a long-term security project.
Sign up for CIO Asia eNewsletters.