Jump to content
Invision Community
ANTIVIRUS & SPAM Antivirus Anti Spam Anti Spyware Free Virus Scanner Antivirus Comparison Antivirus for Android Antivirus for Mac Anti Spam for Android Anti Spyware for Android
Sign in to follow this  

Pen Test (Penetration Testing) 3

Recommended Posts

Penetration testing tools
Pen testers often use automated tools to uncover standard application vulnerabilities. Penetration tools scan code in order to identity malicious code in applications that could result in a security breach. Pen testing tools examine data encryption techniques and can identify hard-coded values, such as usernames and passwords, to verify security vulnerabilities in the system.

Penetration testing tools should:

be easy to deploy, configure and use;
scan a system easily;
categorize vulnerabilities based on severity, i.e., those that need to be fixed immediately;
be capable of automating the verification of vulnerabilities;
re-verify previous exploits; and
generate detailed vulnerability reports and logs.

Many of the most popular penetration testing tools are free or open source software; this gives pen testers the ability to modify or otherwise adapt the code for their own needs. Some of the most widely used free or open source pen testing tools include:

The Metasploit Project is an open source project owned by the security company Rapid7, which licenses full-featured versions of the Metasploit software. It collects popular penetration testing tools that can be used on servers, online-based applications and networks. Metasploit can be used to uncover security issues, to verify vulnerability mitigations and to manage security processes.

Nmap, short for "network mapper," is a port scanner that scans systems and networks for vulnerabilities linked to open ports. Nmap is directed to the IP address or addresses on which the system or network to be scanned is located and then tests those systems for open ports; in addition, Nmap can be used to monitor host or service uptime and map network attack surfaces.

Wireshark is a tool for profiling network traffic and for analyzing network packets. Wireshark enables organizations to see the smaller details of the network activities taking place in their networks. This penetration tool is a network analyzer/network sniffer/network protocol analyzer that assesses vulnerabilities in network traffic in real time. Wireshark is often used to scrutinize the details of network traffic at various levels.

John the Ripper incorporates different password crackers into one package, automatically identifies different types of password hashes and determines a customizable cracker. Pen testers typically use the tool to launch attacks to find password weaknesses in systems or databases.

Penetration testers use many of the same tools that black hat hackers use, in part because those tools are well-documented and widely available, but also because it helps the pen testers to better understand how those tools can be wielded against their organizations.

Share this post

Link to post
Share on other sites
MALWARE & PROVIDER Anti Malware Hosting Shared Hosting Windows Hosting VOIP Phone Register Domain Website Builder Dedicated Server Fiber Optics Provider

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Create New...