Penetration
Testing (Pen Test) is a method of identifying security weaknesses in software
systems and broke into them.
Some of the
multiple tools to consider:
1.
Wireshark: Network Protocol Analyzer, may be used on Windows,
Linux, Solaris, OS X and many other systems.
2.
Kali Linux: open-source project from Offensive Security.
3.
Metasploit: one of the most popular frameworks based on the “exploit”
concept. Can be used on web applications, servers, networks etc. Has a free
limited trial.
4.
Breachlock: RATA (Reliable Attack Testing Automation) web
application vulnerability scanner. Can be used without previous security experience.
5.
Intruder: vulnerability scanner which finds weaknesses and
explains related risks. Includes identification of missing patched,
misconfigurations, SQL injection, cross-site scripting etc.
6.
Acunetix: fully automated
web vulnerability scanner. Report includes more than 4500 web app
vulnarabilities.
7.
Zed Attack
Proxy (ZAP): free scanner for web applications.
8.
SQLmap:
open-source penetration tool mostly for detecting and exploiting SQL injections
and DB servers hacking.
9.
Canvas: popular
tool for web application and networks Pen Test. It’s not free.
10.
Nmap: must have
tool for ethical hackers.
11.
W3af: web
application and audit framework. Contains three plugins: discovery, audit and
attack.
12.
Samurai
framework: open-source free took, contains preconfigure wiki to store
information during the testing.
13.
BeEF: the Browser
Exploitation Framework, tool mostly focused in the web browser.
14.
IronWASP: another
open-source took for web application vulnerability testing. Powerful and easy
to use software.
15.
Websecurify: powerful
and simple security testing environment.
No comments:
Post a Comment