Monday, 17 February 2014

7 "S!ns" t00ls I use in every W3b @pp Testing

Hola! amigos ...

Today i am going to post some of my work on penetration testing. And thanks for all the  feedback, which keeps me motivating  to improve my posts in my blog.

So the tools which i use in every web application tests are :


  1. Metasploit 
  2. BurpSuit
  3. Nessus
  4. Acunetix
  5. Nmap/Zenmap
  6. SQLmap
  7. sslScan


1. Metasploit Framework 
Metasploit was created by HD Moore in 2003 as a portable network tool using Perl. By 2007, the Metasploit Framework had been completely rewritten in Ruby. On October 21, 2009, the Metasploit Project announced that it had been acquired by Rapid7, a security company that provides unified vulnerability management solutions.


The basic steps for exploiting a system using the Framework include:
  • Choosing and configuring an exploit (code that enters a target system by taking advantage of one of its bugs; about 900 different exploits for Windows, Unix/Linux and Mac OS X systems are included);
  • Optionally checking whether the intended target system is susceptible to the chosen exploit;
  • Choosing and configuring a payload (code that will be executed on the target system upon successful entry; for instance, a remote shell or a VNC server);
  • Choosing the encoding technique so that the intrusion-prevention system (IPS) ignores the encoded payload;
  • Executing the exploit.
This modular approach – allowing the combination of any exploit with any payload – is the major advantage of the Framework. It facilitates the tasks of attackers, exploit writers and payload writers.

Metasploit runs on Unix (including Linux and Mac OS X) and on Windows. It includes two command-line interfaces, a web-based interface and a native GUI. The web interface is intended to be run from the attacker's computer. The Metasploit Framework can be extended to use add-ons in multiple languages.

To choose an exploit and payload, some information about the target system is needed, such as operating system version and installed network services. This information can be gleaned with port scanning and OS fingerprinting tools such as Nmap. Vulnerability scanners such as Nessus can detect target system vulnerabilities. Metasploit can import vulnerability scan data and compare the identified vulnerabilities to existing exploit modules for accurate exploitation.


2. Burp Suit
Burpsuit is the main tool I use, simply put it’s the best one to use. It has loads of features and if you have the pro version you can sometimes identify low hanging fruit. It allows you to scan the site, intercept requests and modify paramaters. You can use tampa data to modify requests but burpsuit has many more features that really does make life easier.

3. Nessus
Nessus is a remote security scanning tool, which scans a computer and raises an alert if it discovers any vulnerabilities that malicious hackers could use to gain access to any computer you have connected to a network.  It does this by running over 1200 checks on a given computer, testing to see if any of these attacks could be used to break into the computer or otherwise harm it.

4. Acunetix
Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.

5. Nmap/Zenmap
Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap)

6. SQLmap
The next tool is sqlmap. I use this then when I need it, mainly if I identify an sql injection point. This allows me to easy dump the database without knowing every sql statement off by heart.

7. sslScan

Last but not least sslscan, this is great to determine the ciphers that are supported on a website. It identifes if it’s using sslv1 or sslv2 as well as if it is using encryption equal too or greater than 128bits.

These are the tools which i use most for commiting the 'S!nS'.

If you want to explore more penetration tools better you install BackTrack5 or Kali OS on your workstation and try out pentesting.

Note: But i suggest you not to depend on these tools, as some of the tools won't help you much. Based on scenarios  create your own tools in Python, ruby etc in which you are comfortable.

Check this some of the sites, which may help you better in understanding security concepts

www.securitytube.net
&
Off course My blog ...

**************************** Waiting for your feedback ********************************
  Thank you for your support ... Enjoy Pentesting

This post is for educational purpose only 

No comments:

Post a Comment