ethical hacking toolsHacking Tools

what is penetration testing | 12 best pentesting tools | pentesting methode

penetration testing |12 Pentesting Tools and Techniques| pentesting methode|PENETRATION TESTING STAGES

penetration testing                                                    what is penetration testing | 12 best pentesting tools | pentesting methode

Penetration testing It is simulated a cyber attack against your computer system to check for vulnerabilities. In the meaning of web application security,  penetration test, also known as a pen test. and a penetration test can include the tried breaching of any number of the application system to reveal vulnerabilities.

PENETRATION TESTING STAGES

PENETRATION TESTING STAGES

Planning & Preparation

  • To identify the vulnerability and improve the security of the technical systems.
  • Have IT security confirmed by an external third party.
  • Increase the security of the organizational/personnel infrastructure.

Scanning

The next step is Scanning how the target application will respond to various intrusion attempts.

    • Static analysis – Inspecting an application’s code to estimate the way it behaves while running. These tools can scan the entirety of the code in a single pass.
    • Dynamic analysis – Inspecting an application’s code in a running state. This is a more practical way of scanning, as it provides a real-time view of an application’s performance.\

Gaining Access

In this step, tester analyzes and assesses the information gathered before the test steps for dynamically penetrating the system

  • The defined goals of the penetration test.
  • The potential risks to the system.
  • The estimated time required for evaluating potential security flaws for the subsequent active penetration testing.

Maintained Access

However, while documenting the final report, the following points needs to be considered −

  • Overall summary of penetration testing.
  • Details of each step and the information gathered during the pen testing.
  • Details of all the vulnerabilities and risks discovered.
  • Details of cleaning and fixing the systems.
  • Suggestions for future security

Analysis

The results of the penetration test are then compiled into a report detailing:

      • Specific vulnerabilities that were exploited
      • Sensitive data that was accessed
      • The amount of time the pen tester was able to remain in the system undetected

This information is analyzed by security personnel to help configure an enterprise’s WAF settings and other application security solutions to patch vulnerabilities and protect against future attacks.

Types of Pen Testing

  • Black Box Penetration Testing
  • White Box Penetration Testing
  • Grey Box Penetration Testing

    What is Penetration Testing Tools?

    The following table collects some of the most significant penetration tools and illustrates their features −

    Tool NamePurposePortabilityExpected Cost
    Hpingort Scanning

    Remote OC fingerprinting

    Linux, NetBSD,

    FreeBSD,

    OpenBSD,

    Free
    NmapNetwork Scanning

    Port Scanning

    OS Detection

    Linux, Windows, FreeBSD, OS X, HP-UX, NetBSD, Sun, OpenBSD, Solaris, IRIX, Mac, etc.Free
    SuperScanRuns queries including ping, whois, hostname lookups, etc.

    Detects open UDP/TCP ports and determines which services are running on those ports.

    Windows 2000/XP/Vista/7Free
    p0fOs fingerprinting

    Firewall detection

    Linux, FreeBSD, NetBSD, OpenBSD, Mac OS X, Solaris, Windows, and AIXFree
    XprobeRemote active OS fingerprinting

    Port Scanning

    TCP fingerprinting

    LinuxFree
    HttprintWeb server fingerprinting SSL detection

    Detect web-enabled devices (e.g., wireless access points, switches, modems, routers)

    Linux, Mac OS X, FreeBSD, Win32 (command line & GUIFree
    NessusDetect vulnerabilities that allow remote cracker to control/access sensitive dataMac OS X, Linux, FreeBSD, Apple, Oracle Solaris, WindowsFree to limited edition
    GFI LANguardDetect network vulnerabilitiesWindows Server 2003/2008, Windows 7 Ultimate/ Vista, Windows 2000 Professional, Business/XP, Sever 2000/2003/2008Only Trial Version Free
    Iss ScannerDetect network vulnerabilitiesWindows 2000 Professional with SP4, Windows Server 2003 Standard with SO1, Windows XP Professional with SP1aOnly Trial Version Free
    Shadow Security ScannerDetect network vulnerabilities, audit proxy and LDAP serversWindows but scan servers built on any platformOnly Trial Version Free
    Metasploit FrameworkDevelop and execute exploit code against a remote target

    Test vulnerability of computer systems

    All versions of Unix and WindowsFree
    BrutusTelnet, ftp, and http password crackerWindows 9x/NT/2000Free

 

Osman

Speaker, Founder, and CEO — Global hack News | Latest Hacking News, IT Security News, and Cyber Security

Leave a Reply