Alex - stock.adobe.com
In A History of Western Philosophy, Bertrand Russell said: "Facts have to be discovered by observation, not by reasoning." His argument is that establishing something as a fact can only be done empirically. Direct observation is the most expedient way to figure out what is going on.
The same is true in the cybersecurity realm. If you want to understand the degree to which your networks, applications, hosts and employees are protected, the best way is empirical testing. This involves conducting a penetration test designed to simulate an attacker's tools, techniques and procedures.
While many organizations outsource pen testing, it can be valuable for practitioners to understand the testing tools used throughout the process. This lets you negotiate more effectively with testing providers when you understand how the sausage is made. Even though you might not be an expert, testing things yourself can help you knock low-hanging fruit off your list.
A few quick caveats: All the open source security testing tools listed can be used both lawfully and unlawfully. Make sure that you stay on the right side of the law. If you're not sure whether a given usage is legal or not, talk to a lawyer. If you're still not sure after that, don't do it. Also, when using applications or systems in unexpected ways, sometimes, downtime can occur. Have a plan in case something important goes offline. Lastly, testing well requires a lot of training and practice. Don't expect internal efforts to have the same results as a specialist.
That said, let's look at 10 security testing tools routinely used by testers. Since it isn't possible to cover the thousands of tools out there, the focus here is on tools that do the following:
Kali is a full Linux distribution composed of hundreds of tools. Other pen testing distributions worth considering are Parrot and BlackArch. Kali, due to its popularity, has the advantage of ubiquity and a large user base. As such, there are numerous instructional videos, usage guides, user communities and other information available to help users.
One of the reasons why Kali and these other distributions are listed first is that many of the individual tools here are included. This means that, if you want to experiment, they'll help get you up and running quickly.
When it comes to interfacing with exploits, there is perhaps no better-known and more accessible tool than Metasploit Framework. Metasploit provides a consistent method to use, package, and even write and distribute exploits. For those who wish to test their susceptibility to well-known exploits, Metasploit can be a readily and rapidly accessible path to doing so. There are a number of included exploits and payloads to mix and match from for specific test conditions, as well as auxiliary modules that provide functionality without a defined payload.
Testing an application is different than host and network-level testing. One essential tool for testing applications is a proxy that enables you to intercept, view, modify, replay and automate web application -- i.e., HTTP and HTTPS -- requests. OWASP's Zed Attack Proxy (ZAP) does exactly this.
At its most basic usage, ZAP acts as an HTTP forward proxy that sits in between your browser and the site you're testing. The main difference between it and any other HTTP forward proxy, such as Squid in Explicit mode, is it terminates and proxies -- rather than letting the browser tunnel -- TLS connections.
More advanced features include automated spidering, WebSocket monitoring and control, automated detection of issues and fuzzing.
Depending on the type of test, subterfuge against users may not be in scope. If the user population is in scope, you need a way to get your traffic from outside the network to the inside. One option is Browser Exploitation Framework (BeEF), which enables testers to employ a user's browser as a launchpad for attacks. BeEF lets you establish a hook on the user's browser -- for example, by tricking them into clicking a link you control -- and then provides capabilities to you, such as control over their browser tabs, ability to tunnel traffic through their browser, etc. If you don't already have access to the internal network, this can help get you there.
Sometimes, you just need to crack a password: Windows passwords, Linux and Unix passwords, SSH passwords, application passwords, etc. A number of password crackers are available. A few to consider are the following:
Mimikatz is designed to extract secrets from Windows memory. If you find yourself with access to a Windows host, you may desire to extract secret information from it for use elsewhere -- for example, to accomplish the following:
The Wireshark network protocol analyzer is a terrific way to understand exactly what is going on traffic-wise between your device and the remote location. If you need to snoop on network traffic in a remote location -- for example, after you've established a beachhead on internal systems -- TShark and tcpdump enable you to capture packets via the command line.
It's helpful to have specialized tools to help detect SQL injection issues. Sqlmap is a command-line utility that helps automate the SQL injection process. It can determine which parameters, headers or data elements are susceptible to SQL injection, as well as which types of exploits are possible.
Most websites are built based on APIs that implement functionality and business logic in a stateless, often asynchronous way. While that's great for flexible site design and modularization, it means the security of underlying APIs is intrinsic to the security of the overall site. How do you test the security of APIs? Application testing tools can help, but having an API-specific testing tool can be beneficial.
SoapUI provides an interface for testing of APIs. It lets you intercept and modify requests in flight, supports techniques such as parameter fuzzing and natively understands different data formats -- e.g., JSON and GraphQL.
Testing a mobile application is heavily dependent on testing the online services -- webpages and APIs -- used by the application. But getting more information about the mobile application itself can be advantageous. Some examples are the following:
Apktool lets you deconstruct and unpack Android mobile binaries, and Mobile Security Framework, or MobSF, enables you to perform analysis on an Android or iOS mobile application.
Part of: Introduction to penetration testing
Penetration testing helps organizations find security vulnerabilities before hackers do. Uncover details about pen testing steps, methodologies, frameworks and standards.
Confused by the differences between pen tests and vulnerability scans? You're not alone. Learn the key differences between the two and when each should be used.
From Kali Linux to Mimikatz to Metasploit, learn about 10 open source penetration testing tools organizations can use to determine how secure their network is.
Distributed IT environments increasingly require automated networks, and AIOps can provide the answer for network operations ...
Vendors are offering private 5G in a box -- a condensed and streamlined form of standalone 5G -- to simplify the complexity of ...
With help from AI and machine learning, Wi-Fi sensing detects movement in the Wi-Fi environment. While it sounds promising, the ...
Digitization and digital transformation sound similar, but they couldn't be more different in what they demand from CIOs, ...
Communities of practice, agile methods, cross-functional teams and platform strategies rank among the methods IT leaders use to ...
Companies preparing to send employees to tech conferences should have a COVID-19 safety plan and prepare for the possibility that...
While the four most common browsers -- Chrome, Edge, Firefox and Safari -- have largely the same feature sets, there are subtle ...
Many user tasks rely on the browser used, but not all browsers are well suited to these tasks. Learn the strengths and weaknesses...
While there are plenty of similarities across web browsers, the processes that they consume RAM with can greatly differ. This may...
Microsoft's Azure Advisor service offers recommendations based on five categories. Learn these categories and the roles they play...
Microsoft Azure revenue extended its rocket rise in the latest quarter -- but a variety of industry and geopolitical issues put a...
Logs can reveal important information about your systems, such as patterns and errors. Learn how to search logs with CloudWatch ...
The Digital Shadows Photon Research Team has been investigating a pro-Ukraine cyber criminal forum called Dumps, which appears to...
The government has launched a review to look at the problem of discrimination in medical devices and decision-making software
UK’s third largest infrastructure provider continues with its cross-UK gigabit fibre rollout in Lancashire town to benefit ...
All Rights Reserved, Copyright 2000 - 2022, TechTarget Privacy Policy Cookie Preferences Do Not Sell My Personal Info