- slide 1 of 5
The Right Tools for the Job
Just like other specialized jobs, you could use simple, manual tools, but automatic tools specifically designed for the tasks at hand will accomplish far more, far better, in much less time. Scanning ranges of IP addresses, selecting groups of tests to run, automatically running additional tests based on the results of a first pass, and automatic compiling of reports are all features that pen testing tools have, changing an otherwise herculean & mind-numbingly repetitive set of tasks into a useful and powerful diagnostic arsenal. Let's look my top five picks to see what they can offer and why they're great.
- slide 2 of 5
Types of Tools
Best of all, the tools I've selected are free! This article doesn't consider port scanners, vulnerability scanners, or sniffers separately, as they are all required for comprehensive penetration testing and anlalysis. We need all of these tools to find, understand, and document the vulnerabilities possible and present in our networks and systems. Knowing what your findings mean and how to solve the problems found involves much more than selecting a product and pressing a button. They're listed below in alphabetical order.
- slide 3 of 5
The Top Five
Metasploit - Metasploit is an open source platform for developing and testing exploits. It's available for both Unix and Windows systems. This is a far more advanced tool than the others on this list, and requires more programming knowlege to run and use. The advantage is that a specific exploit can be fully demonstrated to exist, rather than noted as a potential vulnerability. This platform runs payloads, shellcode, and remote shells--you will actually penetrate the target. Servers can and will crash!
Nessus -Tenable Network Security offers Nessus as a free scanner for non-commercial use, with a subscription license required for commercial organizations. Nessus has long been my favorite vulnerability scanner, due to its speed, accuracy, and depth. Large vulnerability libraries can mean long times for scans. Currently there are over 28K plugins available, with automatic updates possible for new plugins. Nessus 4 is one of the fastest scanners I've used.
Nikto - Nikto is an Open Source web server security scanning tool. Currently at version 2.03, can scan for over 3500 potential vulnerabilities, with the option for custom scans by classes of vulnerability. Logical, customizable testing options, and host selection from nmap output, and other features make this a great tool.
Nmap - Nmap is my Swiss Army Knife for network scanning, port mapping, and OS & application discovery. Somehow it's both the simplest and most flexible tool in my arsenal. Whether you want to find and identify every host on a large network, or port map and discover every application running on a single host, nmap excels.
Wireshark - Wireshark is my replacement for Ethereal when sniffing and capturing network traffic and examining protocols and sessions in depth. Whether you need to capture wireless ethernet traffic, or examine (and even decrypt) specific protocols in depth, this is an indispensable tool. Wireshark runs on many platforms, and supports many capture file formats.
- slide 4 of 5
If you're wanting more information, take a look at my Beginners Guide To Pen Testing, Top 5 Free Port Scanners, and Top 5 Free Wireless Security Tools articles. Sometimes penetration testing can be as much an art as a science. I always use more than one tool or suite of tools when testing. If there is a specific, manual tool or test for the particular vulnerability, I'll use that as well to prove or verify the weakness. An experienced tester will see vulnerabilities and possible avenues for penetration that even the best tools can't. In time, you'll find the suite of tools that works best for you--and find that new and improved tools are created all the time.
- slide 5 of 5