It doesn't matter how many of the latest security products are deployed throughout an IT environment -- you need to know they are working as expected and effectively detect and stop cyber attacks.
This is why penetration testing remains such an important aspect of any cybersecurity strategy. Pen testing enables security teams to test security controls, expose gaps in defenses and identify exploitable vulnerabilities in networks, applications and IoT devices.
Once a test is completed, security teams can take preventative actions before bad actors discover the vulnerabilities. Pen testing is also important because it is mandated by various industry standards and regulations, such as GDPR, HIPAA, PCI DSS, Financial Industry Regulatory Authority and System and Organization Controls 2.
Pen testing can be a labor-intensive task, however. Many security teams don't have the time nor staff to complete the job manually. Fortunately, security teams can use automated pen testing tools to close the gap. But, with many pen testing tasks to perform and a variety of tools to choose from, getting the right tool set in place can be challenging.
Pen test teams should, at minimum, perform the following attacks:
No single pen test tool performs all these tasks or fits every use case. To complete a comprehensive pen test and simulate the classic steps of an attack, reconnaissance, exploitation, privilege escalation, and command and control, a combination of tools is needed.
A variety of simple and complex pen testing tools are available that conduct the aforementioned tasks. Many of them are open source, so any security team can use them to explore, attack and report on its IT environment.
Note, some previously open source scanning tools, such as Metasploit and Burp Suite, are now commercial products. Although they still do offer free versions, they have reduced functionality.
The following list of open source tools enables security teams to automate many of the above tasks and complete a thorough test. Most work on all major OSes, but always check compatibility with the systems and databases your organization uses.
For reconnaissance, Nmap is the go-to tool. It can quickly scan large networks and runs on all major OSes. It reports on the following:
Although Nmap offers a wide array of advanced features, the basic commands are quite easy to learn. The documentation is comprehensive, and plenty of tutorials are available that cover the command line and GUI versions.
Wireshark is a popular network protocol analyzer that runs on all the main OSes. Live capture, decryption support and offline analysis for every key network protocol are backed up by comprehensive documentation and video tutorials.
Legion is an extensible and semiautomated network penetration testing tool. The documentation is sparse, but the GUI has context menus and panels, making many tasks easy to complete. The modular functionality makes it customizable, and it automatically links discovered CVEs with exploits in the Exploit Database.
Another framework for network infrastructure and web pen testing is Jok3r. It is a compilation of more than 50 open source tools and scripts that can automatically run reconnaissance, CVE lookups, vulnerability scanning and exploitation attacks. Documentation is a work in progress, but its combination of modules makes it a powerful tool.
OWASP's Zed Attack Proxy (ZAP) scans web applications for vulnerabilities. Acting as a man-in-the-middle proxy between the tester's browser and the web application, it can intercept requests, modify contents and forward packets. It offers lots of features, and add-ons are freely available in the ZAP Marketplace. Versions are available for each major OS, as well as Docker.
Nikto2 is a scanner that can identify the most common faults found in web servers. Run from the command line, it is fast but not stealthy. The documentation is not particularly detailed yet, but it isn't difficult to use.
The OpenSCAP ecosystem is a collection of open source tools for implementing and enforcing Security Content Automation Protocol (SCAP), a U.S. standard maintained by NIST that focuses on continuous monitoring, vulnerability management and security policy compliance. The tools offer automated configuration, vulnerability and patch checking, and continuous infrastructure evaluation for security compliance. Each tool is accompanied by comprehensive documentation and guidance.
SQL injection is a common attack vector against data-driven web applications that accept dynamic user-provided values, so a tool like sqlmap -- which can automate the process of detecting and exploiting SQL injection flaws -- is a must-have. It runs on Windows and Linux/Unix systems and has useful examples in its extensive documentation. It supports multiple database types and includes pen testing features, such as password cracking, user privilege escalation and arbitrary command execution.
Scapy is a packet crafter program that has particularly good documentation. An in-depth knowledge of protocol packet structures and network layers is required to make the most of the tool. It can forge or decode a wide number of protocol packets and can easily handle tasks such as scanning, tracerouting, probing, unit tests, attacks and network discovery.
Quite a few free password crackers are available, but CrackStation is one of the fastest as it uses pre-computed lookup tables consisting of more than 15 billion entries taken from various online resources.
Aircrack-ng is a complete suite of tools for pen testing Wi-Fi networks. It can monitor, attack, crack and test Wi-Fi cards, drivers and protocols.
To choose between tools, assess how each scores on the following six points:
Whichever tool or tools are chosen, be sure they are still actively supported. It's also important to run more than just its basic commands and scans. While automating pen tests can ensure large networks are probed for low-hanging fruit, testers need to be creative -- just like a hacker -- and try different approaches to access networks, install malware and steal data. The most important thing, though, is to act on any findings that show vulnerabilities within the system and mitigate them as soon as possible.
For those security teams short on pen testing skills, the "Open Source Security Testing Methodology Manual" is a good place to start. It is a complete methodology for security and pen testing, security analysis and the measurement of operational security.
Part of: Automating penetration testing fundamentals
Automated penetration testing, which speeds up the process for companies and vendors, is maturing. Is it ready to close the time gap between vulnerability discovery and mitigation?
Automated penetration testing capabilities continue to improve, but how do they compare to manual pen testing? Get help finding which is a better fit for your organization.
From Nmap to Wireshark to Jok3r, these open source automated pen testing tools help companies determine how successful their security strategies are at protecting their networks.
Cisco CEO Chuck Robbins said companies could reduce spending but are unlikely to slash budgets because technology has become a ...
The latest addition to the cloud-based Cisco Meraki console expands the company's subscription-based pricing for network ...
SD-WAN and SASE have both seen widespread adoption throughout the networking industry, but service providers must work to address...
Experts debate whether antitrust law enforcement should go beyond promoting competition and focus on other factors.
During the American Antitrust Institute's annual conference, Sen. Richard Blumenthal spoke on the importance of antitrust law for...
CIOs face a tough challenge in 2022 as they balance the need for technology investment and growth amid a growing call for fiscal ...
While patching desktops has some universal aspects across systems, there are specific Linux best practices that Linux ...
These 12 tools approach patching from different perspectives. Understanding their various approaches can help you find the right ...
Although both patch and vulnerability management are intertwined, they differ in critical ways, and it's important to have tools ...
Replacing a legacy app with a SaaS alternative can be tedious. Create a checklist related to reliability, support and uptime to ...
Alfa Romeo F1 Team Orlen uses Zadara to store and access race and technical data so that it can improve race analysis and ...
FinOps practices can guide an organization toward more effective cloud cost management. How much do you know about key FinOps ...
Robotics and automation company teams with comms tech provider and leading Italian operator to deliver solutions for Industry 4.0...
Reorienting the tech sector around collaboration rather than competition and reassessing the industry’s conventional wisdom ...
Data gravity can attract increasing amounts of data, and brings with it onerous management overheads. We look at how to mitigate ...
All Rights Reserved, Copyright 2000 - 2022, TechTarget Privacy Policy Cookie Preferences Do Not Sell My Personal Info