10 Classic Tools That Can Penetrate Your Network
Penetration tests are a critical part of securing your technological estate. They simulate what a malicious actor would carry out when trying to access your systems. Such testing can identify vulnerabilities that need to be acted on to prevent attacks. Testing should be conducted frequently and after major changes to your network or applications. This article will discuss some of the classic tools that can be used to penetrate your network.
When carrying out any form of penetration or vulnerability testing on networks or applications, approval must be given from the application and network owners along with approval from any Cloud Provider that the application or network resides on.
1. Nmap
Nmap (Network Mapper) is a popular network mapping tool that is able to scan networks. After providing Nmap with an IP address or IP range, Nmap can scan networks, services and ports. The output of the scan can return
- Host details within the specified IP range
- Services running on ports
- Ports that are open, closed or being filtered
- OS versions
2. Metasploit
Metasploit is a framework maintained by Rapid7 that can be used to scan for vulnerabilities. It contains a large database of tools that can exploit systems. Once you have the details of a target, Metaspolit can be used to access it and carry out activities such as privilege escalation or creating a backdoor for future access.
3. Kali Linux
Kali Linux is a free, open source, Linux distribution that is preconfigured with more than 600 tools for penetration testing, including many of the tools listed in this article. These tools can be configured on any Linux distribution, but Kali provides the benefit of convenience of installation and pre-configuration.
4. Nessus
Nessus is a vulnerability assessment tool with a graphical web-based interface. There are a large number of plugins that can be incorporated into Nessus which contain the latest vulnerability information. Nessus can produce useful reports after completing vulnerability scans.
5. Burp Suite
PortSwigger’s Burp Suite is used for application security testing. It can be used to test solution endpoints. Burp Suite can perform many types of testing and can be used to proxy traffic being sent to the endpoint. It can be used to intercept and manipulate application requests. This allows you to see the content of the request or to change it to produce a response that would not normally be available.
6. ZAP
OWASP’s ZAP (Zed Attack Proxy) is a web application security tool. It is similar to Burp Suite in that it can be used as a proxy to capture and modify traffic being sent to web applications. There is a ZAP marketplace that contributors can share plugins on.
7. John the Ripper
Openwall’s John the Ripper is a password cracking tool. It can be used to discover or recover passwords by using either of
- Dictionary attack — using a list of predefined list of words or passwords
- Rainbow table — using a predefined list of password hashes
- Brute force — being able to iterate over and try passwords by changing a few characters at a time
8. Hydra
Hydra is another login cracking tool similar to John the Ripper. Some of its features include supporting the use of multiple protocols. It is “parallelized” which means that it is able to carry out multiple different login attempts at the same time.
9. Nikto
Nikto is another web application scanning tool that can scan web servers for vulnerabilities and outdated software. It performs in excess of 6000 tests against a target web application.
10. Social Engineering
Arguably the most useful tool in the toolbox would be to gather information via social engineering. Social engineering is the act of tricking people into giving away confidential information which can lead to the compromise of systems. There are many social engineering techniques such as:
- Phishing — emails being sent to people that contain links to either download malware or to gather information
- Social Media — the gathering of information from a person’s social media foot print
- Pretexting —pretending to be a colleague or a customer to gain trust and extract information
The Social-Engineer Toolkit (SET) is an open-source toolkit that can help in social engineering attempts by setting up phishing attacks, setting up fake phone numbers and much more.
There are thousands of such tools available to facilitate testing of networks and applications for vulnerabilities. Most of the tools listed above are readily available for free on the internet. Anyone interesting in penetration testing or cybersecurity can download and experiment with these tools to gain a deeper understanding. When experimenting with such tools it’s important to have the authorisation to do so. It would be recommended to try your skills on sites such as VulnHub or Hack The Box which provides fully isolated environments where tests can be carried out safely.
About the Author
Sat Gainda is a Cloud Solutions Architect at Version 1, working on enterprise-level engagements that utilise innovative Cloud systems. Stay tuned to Version 1 on Medium for more Cloud-focused posts from Sat.
