A penetration test, colloquially known as a pen test, is an authorized simulated attack on a computer system, performed to evaluate the security of the system. The test is performed to identify both weaknesses (also referred to as vulnerabilities), including the potential for unauthorized parties to gain access to the system’s features and data, as well as strengths, enabling a full risk assessment to be completed.
Every security experts have different kinds of tools that they love. Some tools are publicly available for free, while others require payment. On this post, I’m going to list top 17 must-have tools for Penetration Tester.
Aircrack-ng is a complete suite of tools to assess WiFi network security. It focuses on different areas of WiFi security:Monitoring: Packet capture and export of data to text files for further processing by third-party tools.
Attacking: Replay attacks, deauthentication, fake access points and others via packet injection.
Testing: Checking WiFi cards and driver capabilities (capture and injection).
Cracking: WEP and WPA PSK (WPA 1 and 2).
All tools are command line which allows for heavy scripting. A lot of GUIs have taken advantage of this feature. It works primarily Linux but also Windows, OS X, FreeBSD, OpenBSD, NetBSD, as well as Solaris and even eComStation 2.Website: http://www.aircrack-ng.org/
- BeEF (Browser Exploits Framework)
BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and a client system and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.Website: http://beefproject.com/
- Burp SuiteBurp Suite is an integrated platform for performing security testing of web applications. It’s various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. Burp Suite contains the following key components:
• An intercepting Proxy, which lets you inspect and modify traffic between your browser and the target application.
• An application-aware Spider, for crawling content and functionality.
• An advanced web application Scanner, for automating the detection of numerous types of vulnerability.
• An Intruder tool, for performing powerful customized attacks to find and exploit unusual vulnerabilities.
• A Repeater tool, for manipulating and resending individual requests.
• A Sequencer tool, for testing the randomness of session tokens.
• The ability to save your work and resume working later.
• Extensibility, allowing you to easily write your own plugins, to perform complex and highly customized tasks within Burp.
- CrackMapExecCrackMapExec (a.k.a CME) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks. Built with stealth in mind, CME follows the concept of “Living off the Land”: abusing built-in Active Directory features/protocols to achieve it’s functionality and allowing it to evade most endpoint protection/IDS/IPS solutions.
- EmpireEmpire is a post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent. It is the merge of the previous PowerShell Empire and Python EmPyre projects. The framework offers cryptologically-secure communications and flexible architecture. On the PowerShell side, Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from keyloggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework. PowerShell Empire premiered at BSidesLV in 2015 and Python EmPyre premiered at HackMiami 2016.
- Immunity Debugger Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry’s first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.Website: https://www.immunityinc.com
- ImpacketImpacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (for instance NMB, SMB1-3, and MS-DCERPC) the protocol implementation itself. Packets can be constructed from scratch, as well as parsed from raw data, and the object-oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library.
- LuckystrikeLuckystrike is a menu-driven (SET style) PowerShell-based generator of malicious .xls and .doc documents. All your payloads are saved into a database for easy retrieval & embedding into a new or existing document. Luckystrike provides you several infection methods designed to get your payloads to execute without tripping AV. See the “Installation” section below for instructions on getting started.
- MetasploitThe Metasploit Project is a computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
Metasploit Pro, an open-core commercial Metasploit edition for penetration testers. Metasploit Pro includes all features of Metasploit Express and adds web application scanning and exploitation, social engineering campaigns, and VPN pivoting.
- Nmapnmap is certainly THE scanner to know. Thanks to its numerous parameters, it is a swiss army knife
in all situations where network identification is needed. It enables among other things to list network hosts and
scan their ports.
- PowerSploitPowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts: CodeExecution, ScriptModification, Persistence, AntivirusBypass, Exfiltration, Mayhem, Privesc and Recon.
- OWASP ZAPThe OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It’s also a great tool for experienced pentesters to use for manual security testing.
- SQLmapsqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
- Social Engineering Toolkit (SET)The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET was designed to be released with the http://www.social-engineer.org launch and has quickly become a standard tool in a penetration testers arsenal. SET is written by David Kennedy (ReL1K) and with a lot of help from the community, it has incorporated attacks never before seen in an exploitation toolset. The attacks built into the toolkit are designed to be focused attacks against a person or organization used during a penetration test.
- SecListsSecLists is the security tester’s companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.
- THC-HydraNumber one of the biggest security holes is passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system.
Wifiphisher is a security tool that mounts automated phishing attacks against Wi-Fi networks in order to obtain credentials or infect the victims with malwares. It is a social engineering attack that can be used to obtain WPA/WPA2 secret passphrases and unlike other methods, it does not include any brute forcing. It is an easy way for obtaining credentials from social networks or other third party login pages. After achieving a man-in-the-middle position using the Evil Twin attack, Wifiphisher redirects all HTTP requests to an attacker-controlled phishing page.Website: https://wifiphisher.org/
hashcat is the world’s fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS, and has facilities to help enable distributed password cracking.Website: https://hashcat.net/hashcat/