Cyber security researchers and professionals perform penetration testing to find vulnerabilities in a system before an attacker exploit it. Penetration testing (Pentesting) is an attack on a computer system that looks for security weaknesses, potentially gaining access to the computer’s features and data.
There are many Operating Systems that cyber security researchers used for penetration testing purpose. In which, Kali Linux, Pentoo, Whax are the most popular. Such distributions typically contain a pre-packaged and pre-configured set of tools.
A number of Linux distributions include known OS and Application vulnerabilities, and can be deployed as targets. Such systems help new security professionals try the latest security tools in a lab environment. Examples include Damn Vulnerable Linux (DVL), the OWASP Web Testing Environment (WTW), and Metasploitable.
Popular penetration testing OS distribution includes:
- Kali Linux (which replaced BackTrack) based on Debian Linux
- Pentoo based on Gentoo Linux
- WHAX based on Slackware Linux
- BackBox Linux
- BackTrack 5r3
Kali Linux is a Debian-based Linux distribution designed for digital forensics and penetration testing. Kali Linux is preinstalled with over 300 penetration-testing applications and tools. These tools include Armitage (a graphical cyber-attack management tool), nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), Aircrack-ng (a software suite for penetration-testing wireless LANs), Burp Suite, OWASP ZAP (both web application security scanners) and many more.
Kali Linux is by far the best known and most widely used security focused operating system that supports ARM and can be used on a variety of devices, from Raspberry Pi and much more.
Pentoo is designed for penetration testing and security assessment that is based on Gentoo Linux. Pentoo is available in 32-bit and 64-bit versions and built on hardened Linux, including a hardened kernel with extra patches and toolchain.
It includes the required environment to crack passwords using GPGPU with OpenCL and CUDA configured ‘out of the box.’ There are various tools included in Pentoo to perform penetration testing more effectively and widely. The category of tools include:
Pentoo support for full disk encryption with LUKs if installed on HDD. Although the latest official release was 2009, there are still regular contributions and updates to the overlay to keep the distribution up to date for pen-testers.
WHAX is a new name of what used to be called Whoppix, a security and penetration testing live CD. With the latest tools and exploits, it is a must for every penetration tester and security auditor.
WHAX includes several exploit archives, such as Securityfocus, Packetstorm, SecurityForest, and Milw0rm, as well as a wide variety of updated security tools and the new custom kernel also allow better WIFI support.
Backtrack is a Linux distribution that focused on security based on the Knoppix Linux distribution aimed at digital forensics and penetration testing use. It provides users with easy access to a comprehensive and the large collection of security-related tools ranging from port scanners to Security Audit.
Backtrack includes many well-known security tools including:
- Metasploit for integration
- Wi-Fi drivers supporting monitor mode (rfmon mode) and packet injection
- Gerix Wifi Cracker
Backtrack has been used for many categories of penetration testing, information gathering and audit purposes that include:
- Information gathering
- Vulnerability assessment
- Exploitation tools
- Privilege escalation
- Maintaining access
- Reverse engineering
- RFID tools
- Stress testing
- Reporting tools
Backtrack is the most popular Linux based Operating System that is known by its supporting tools and features for penetration testing.
Other than these security and penetration testing dedicated operating systems, there are many other tools and framework that are well known in the field of Pentesting. Which includes:
- Metasploit Project
- OWASP ZAP
- Burp Suite
The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. The Metasploit Project is well known for its anti-forensic and evasion tools, some of which are built into the Metasploit Framework, which is a tool for developing and executing exploit code against a remote target machine.
Ethical Hacking Training – Resources (InfoSec)
Nmap (Network Mapper) is a security scanner used to discover hosts and services on a computer network. The software provides a number of features for probing computer networks, including host discovery and service and operating system detection. These features are extensible by scripts that provide more advanced service detection, vulnerability detection and other features that include:
- Host discovery
- Port scanning
- Version detection
- OS detection
- Auditing the security of a device or firewall
- Identifying open ports
- Network mapping
The W3af (web application attack and audit framework) is an open-source web application security scanner that provides vulnerability scanner and exploitation tool for Web applications. W3af supports both graphical user interface and command line interface.
The W3af is divided into two main parts, the core, and the plug-ins. The core coordinates the process and provides features that are consumed by the plug-ins, which find the vulnerabilities and exploit them. The plug-ins are connected and share information with each other using a knowledge base. Plug-ins can be categorized as Discovery, Audit, Grep, Attack, Output, Mangle, Evasion or Bruteforce.
It is a Java-based software platform of tools for performing security testing of web applications. The Burp Suite can be used to combine automated and manual testing techniques and consists of some different tools, such as a proxy server, a web spider, scanner, intruder, repeater, sequencer, decoder, collaborator, and extender.
Burp Suite is a famous tool, used by many cyber security professionals for Pentesting/security testing of web applications and other purposes.
Social Engineering for Reconnaissance:
Social engineering is an attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. For example, the attacker might pretend to be a co-worker who has some kind of urgent problem that requires access to additional network resources.
There are two main phases of a social engineering (SE) attack. The first phase is the reconnaissance phase where the SE will gather intelligence on their target. This helps them gain confidence in their target that the SE is who they claim to be and the target will trust the SE. The second phase is the attack phase where the SE will call the target up and start the attack.
Social engineering is highly used for reconnaissance purposes and also known as Open Source Intelligence Gathering. Many penetrating testing OS provides social engineering toolkit for information gathering purpose.
The following is a list of some of the Social Engineering tools used and provided by OS to gather OSINT:
Maltego is made by Paterva and is a powerful tool to gather, combine and analyze OSINT on a target. It provides a way to import or add data. It’s an excellent platform to gather and analyze OSINT.
Whois is used to find who owns a domain. If a company is being targeted, the administrator for the company domain is frequently listed with their telephone number or a number for the IT department.
Social Engineering Toolkit:
The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. The attacks built into the toolkit are designed to be targeted and focused attacks against a person or organization used during a penetration test.
Other commonly used sources include Google, Facebook, Twitter, LinkedIn, Google Images and Social media websites. These are just some of the OSINT tools that social engineers use to gather data on a target, there are many more websites that can be used for reconnaissance purpose.
Penetration testing is widely used by professionals to test the applications and information systems for potential security flaws and vulnerabilities. There are many other tools and framework that helps this process to work more effectively that we have discussed above. Security professionals are working towards introducing more tools that can supplement the operating system, tools and framework to perform high-end advanced penetration testing.