Category Archives: ethical hacking tools

GlobalHackNews Is The Popular Blog of IT Security, Cybersecurity, and Latest Hacking News Update. Read Regular News to Improve Your Security.

what is penetration testing | 12 best pentesting tools | pentesting methode

penetration testing                                                  

Penetration testing It is simulated a cyber attack against your computer system to check for vulnerabilities. In the meaning of web application security,  penetration test, also known as a pen test. and a penetration test can include the tried breaching of any number of the application system to reveal vulnerabilities.

PENETRATION TESTING STAGES

PENETRATION TESTING STAGES

Planning & Preparation

  • To identify the vulnerability and improve the security of the technical systems.
  • Have IT security confirmed by an external third party.
  • Increase the security of the organizational/personnel infrastructure.

Scanning

The next step is Scanning how the target application will respond to various intrusion attempts.

    • Static analysis – Inspecting an application’s code to estimate the way it behaves while running. These tools can scan the entirety of the code in a single pass.
    • Dynamic analysis – Inspecting an application’s code in a running state. This is a more practical way of scanning, as it provides a real-time view of an application’s performance.\

Gaining Access

In this step, tester analyzes and assesses the information gathered before the test steps for dynamically penetrating the system

  • The defined goals of the penetration test.
  • The potential risks to the system.
  • The estimated time required for evaluating potential security flaws for the subsequent active penetration testing.

Maintained Access

However, while documenting the final report, the following points needs to be considered −

  • Overall summary of penetration testing.
  • Details of each step and the information gathered during the pen testing.
  • Details of all the vulnerabilities and risks discovered.
  • Details of cleaning and fixing the systems.
  • Suggestions for future security

Analysis

The results of the penetration test are then compiled into a report detailing:

      • Specific vulnerabilities that were exploited
      • Sensitive data that was accessed
      • The amount of time the pen tester was able to remain in the system undetected

This information is analyzed by security personnel to help configure an enterprise’s WAF settings and other application security solutions to patch vulnerabilities and protect against future attacks.

Types of Pen Testing

  • Black Box Penetration Testing
  • White Box Penetration Testing
  • Grey Box Penetration Testing

    What is Penetration Testing Tools?

    The following table collects some of the most significant penetration tools and illustrates their features −

    Tool Name Purpose Portability Expected Cost
    Hping ort Scanning

    Remote OC fingerprinting

    Linux, NetBSD,

    FreeBSD,

    OpenBSD,

    Free
    Nmap Network Scanning

    Port Scanning

    OS Detection

    Linux, Windows, FreeBSD, OS X, HP-UX, NetBSD, Sun, OpenBSD, Solaris, IRIX, Mac, etc. Free
    SuperScan Runs queries including ping, whois, hostname lookups, etc.

    Detects open UDP/TCP ports and determines which services are running on those ports.

    Windows 2000/XP/Vista/7 Free
    p0f Os fingerprinting

    Firewall detection

    Linux, FreeBSD, NetBSD, OpenBSD, Mac OS X, Solaris, Windows, and AIX Free
    Xprobe Remote active OS fingerprinting

    Port Scanning

    TCP fingerprinting

    Linux Free
    Httprint Web server fingerprinting SSL detection

    Detect web-enabled devices (e.g., wireless access points, switches, modems, routers)

    Linux, Mac OS X, FreeBSD, Win32 (command line & GUI Free
    Nessus Detect vulnerabilities that allow remote cracker to control/access sensitive data Mac OS X, Linux, FreeBSD, Apple, Oracle Solaris, Windows Free to limited edition
    GFI LANguard Detect network vulnerabilities Windows Server 2003/2008, Windows 7 Ultimate/ Vista, Windows 2000 Professional, Business/XP, Sever 2000/2003/2008 Only Trial Version Free
    Iss Scanner Detect network vulnerabilities Windows 2000 Professional with SP4, Windows Server 2003 Standard with SO1, Windows XP Professional with SP1a Only Trial Version Free
    Shadow Security Scanner Detect network vulnerabilities, audit proxy and LDAP servers Windows but scan servers built on any platform Only Trial Version Free
    Metasploit Framework Develop and execute exploit code against a remote target

    Test vulnerability of computer systems

    All versions of Unix and Windows Free
    Brutus Telnet, ftp, and http password cracker Windows 9x/NT/2000 Free

 

linux commands for beginner

basics-linux-commandsIn this case, I will share some wonderful kali Linux command for a beginner so first Open the terminal, press Ctrl+Alt+T in Ubuntu, or press Alt+F2, type in gnome-terminal, and press enter. In Raspberry Pi, type in lxterminal. There is also a GUI way of taking it, but this is better!

Basic Commands:

1. pwd — The command “pwd” (print working directory), prints the current working directory with full path name from the terminal.

2. mkdir & rmdir — Use the mkdir command when you need to create a folder or a directory. For example, if you want to make a directory called “DIY”, then you can type “mkdir DIY”. Remember, as told before, if you want to create a directory named “DIY Hacking”, then you can type “mkdir DIY\ Hacking”.

3. rm — Use the rm command to delete files and directories. But rm cannot simply delete a directory. Use “rm -r” to delete a directory.

4. cp — Use the cp command to copy files through the command line. It takes two arguments: The first is the location of the file to be copied, the second is where to copy.

5. mv — Use the mv command to move files through the command line. We can also use the mv command to rename a file. For example, if we want to rename the file “text” to “new”, we can use “mv text new”. It takes the two arguments, just like the cp command.

Intermediate Commands :

1.echo — The “echo” command helps us move some data, usually text into a file. For example, if you want to create a new text file or add to an already made text file, you just need to type in, “echo hello, my name is Alok >> new.txt”.

2. cat — Use the cat command to display the contents of a file. It is usually used to easily view programs.

3. sudo — A widely used command in the Linux command line, sudo stands for “SuperUser Do”

4. zip, unzip — Use zip to compress files into a zip archive and unzip to extract files from a zip archive.

13. ping — Use ping to check your connection to a server. Wikipedia says, “Pingis a computer network administration software utility used to test the reachability of a host on an Internet Protocol (IP) network”.

File Operations:

pwd                        Print Name Of Current/Working Directory

The pwd is an acronym for print working directory. The pwd command is considered as one of the most frequently used commands on Linux, AIX, HP-UX, *BSD, and other UNIX like operating systems along with the ls, and cd commands. It can be used for the following purposes under Apple OS X or UNIX or Linux operating systems:
=> Find the full path to the current directory.
=> Store the full path to the current directory in the shell variable.
=> Verify the absolute path.
=> Verify the physical path i.e exclude.

cd                            Changing The Working Directory
cp                            Copy Files Or Directory
rm                            Remove Files And Directory
ls                              List Of Directory Contents
mkdir                       Make Directory
cat                            Concatenate Files And Print On Standard Output
mv                            Move Files
chmod                      Change Files Permissions

Know Your System
uname                      Print System Information
who                         Show Who Is Logged On
cal                           Displays Calculator
date                         Print System Date And Time
df                            Report File System Disk Space Usage
du                            Estimate File Space Usage
ps                            Displays Information Of Current Active Processes
kill                          Allows To Kills Process
clear                        Clear The Terminal Screen
cat /proc/cpuinfo          Cpuinfo Display CPU Information
cat /proc/meminfo          Display Memory Information

Compression
tar                        Store and Extract Files From An Archive File
gzip                       Compress Or Decompress Named Files

Network
ifconfig                   To Config Network Interface
ping                       Check Other System are reachable from The Host System
wget                       Download Files From Network
ssh                        Remote Login Program
ftp                        Download/Upload Files From/To Remote System
last                       Displays List Of Last Logged In User
telnet                     Used To Communicate With Another Host Using THe Telnet Protocol

Searching Files
grep                       Search Files(s) For Specific Text
find                       Search For Files In A Directory Hierarchy
locate                     Find Files By Name

Kali Linux 2018.2 Released with Fixes for Spectre with New Security Features

Kali Linux 2018.2 Release On April 30th, 2018

kali Linux 2018.2 has been pushed as the second release. So, let’s tell about its new features in brie, It is the first distribution to the Linux 4.15 kernel, which contains the most expected patches for Spectre and Meltdown vulnerabilities.

Offencive Security pushed the first release snapshot of Kali Linux for the year 2018. The Kali developers have already shifted their release model to rolling but they keep releasing these snapshots from time to time to provide a fresh ISOs to new users.

Package Updates to Kali Linux 2018.2

Kali Linux also adds a new feature like support for AMD GPUs and AMD Secure Encrypted Virtualization which allows for encrypting virtual machine representation such that even the hypervisor can’t access it. Additionally, the updated packages include Bloodhound and more.  you can check out the Kali Changelog  to view the full list of changes,

Download Kali Linux 2018.2 ISO and Torrent files

In case you’re already working on a Kali machine, it doesn’t make sense to download the new media. Just open the terminal and run the following command to upgrade:

To get the required images for a fresh installation, just follow this link to grab the 64-bit and 32-bit ISO and torrent files. The download page also lists different desktop environment as well, so decide accordingly.

Easier Metasploit Script Access – Kali Linux 2018.2

For exploit writers, the good news is that starting from Metasploit-framework_4.16.34-0 kali2,With the previous version, it was hidden under /usr/share/metasploit-framework/tools/exploit/ and cannot be called directly using msf-.

root@kali:~# msf-<tab>
msf-egghunter          msf-java_deserializer  msf-nasm_shell
msf-exe2vba            msf-jsobfu             msf-pattern_create
msf-exe2vbs            msf-makeiplist         msf-pattern_offset
msf-find_badchars      msf-md5_lookup         msf-pdf2xdp
msf-halflm_second      msf-metasm_shell       msf-virustotal
msf-hmac_sha1_crack    msf-msf_irb_shellroot@kali:~#
root@kali:~# msf-pattern_create -l 50 -s ABC,123
A1A2A3B1B2B3C1C2C3A1A2A3B1B2B3C1C2C3A1A2A3B1B2B3C1
root@kali:~#

How to update – Kali Linux 2018.2

apt update
&& apt full-upgrade
apt dist-upgrade
reboot

root@kali:~# apt update && apt full-upgrade

New kickass torrents is back of the group of original stuff
New Strain of ATM Jackpotting Malware
Ex-Hacker Adrian Lamo dies aged 37
HotSpot Shield, ZenMate&PureVPN leaking users real IP addresses