Penetration testing

The top 5 pentesting tools you will ever need [updated 2021]

January 11, 2021 by Howard Poston

A penetration test or “pentest” is a human-driven assessment of an organization’s security. One or more pentesters will be engaged by an organization to identify and exploit vulnerabilities within the organization’s network environment. Often, these engagements will have a set of objectives used to determine the difference between a successful test and an unsuccessful one.

Penetration tests can be performed for a variety of different reasons. Some of the most common goals of a penetration test include:

  • Regulatory compliance: Many data protection regulations require an organization to properly protect certain types of sensitive data against compromise. These regulations may explicitly or implicitly require an organization to perform periodic penetration tests to ensure compliance.
  • Security assessment: Beyond the desire for regulatory compliance, organizations also pursue stronger cybersecurity to help protect their operations and their customers. A penetration test helps to identify weaknesses and vulnerabilities within an organization’s cyber defenses.
  • Defense development: As organizations’ environments evolve and cyber threats change, existing defenses may be inadequate for protecting against modern threats. Penetration testing provides valuable data about what an organization is capable of detecting and protecting against and enables defenses to be added or modified to increase their effectiveness.

The value of a penetration test is dependent upon a number of different factors. One of these is the experience and knowledge of the penetration tester(s). If the pentesters cannot accurately simulate a real-world attack, then the value of the exercise is limited.

Another important factor that impacts the value of a pentest is the tools used by a tester. Without the right tools, a penetration tester may overlook vulnerabilities or weaknesses in the target system or be unable to effectively exploit them. As a result, the report submitted at the end of the pentest would be incomplete and give the customer a false sense of security.

The tools to be used in a successful pentest

A penetration tester’s toolkit should include a wide range of different tools, and the tools required often depend on the particulars of a penetration testing engagement. Certain types of tools are widely applicable:

  • Port scanners: Port scanners identify open ports on a system, which can help to identify the operating system and the applications currently running on it with network access. These tools are used for reconnaissance and to provide data regarding potential attack vectors.
  • Vulnerability scanners: Vulnerability scanners go a step further than port scanners and attempt to identify applications with known vulnerabilities running on a system and for any configuration errors. The reports provided by vulnerability scanners can help a penetration tester select a vulnerability to exploit for initial access (if one is available).
  • Network sniffer: Network sniffers collect the traffic that is flowing over a network and dissect it for analysis. This enables a penetration tester to more passively identify active applications on a network and search for exposed credentials or other sensitive data flowing over the network.
  • Web proxy: A web proxy allows a penetration tester to intercept and modify traffic between their browser and an organization’s web server. This enables the tester to search for hidden form fields and other HTML features and to identify and exploit vulnerabilities within the application (such as cross-site scripting or cross-site request forgery).
  • Password cracker: Password hashes are a common target for attackers and a means for expanding or elevating an attacker’s access on a target system or network. A password cracker enables a penetration tester to determine if an organization’s employees are using weak passwords that place them at risk of exploitation.

This is far from an exhaustive list of the types of tools that a penetration tester can expect to use as part of an engagement. However, gaining familiarity and confidence in using these types of tools provides a foundational skill set for a penetration tester.

The top pentesting tools today

For each of these five core types of penetration testing tools, multiple different tools are available. Some of the top options for each are as follows.

1. Nmap

The Network Mapper (Nmap) is a tool for exploring a target network or system. Nmap has a great deal of built-in knowledge in the form of a wide variety of different scan types. These different types of scans are designed to evade defenses or detect unique features that can be used to identify particular operating systems or applications.

Nmap balances usability and configurability. For novice users, the Zenmap GUI provides a point-and-click interface for performing simple scans. However, both Nmap and Zenmap also allow more advanced users to apply a range of flags to precisely configure the details of their network scan.

Nmap and Zenmap both provide a running commentary on the state of the scan and the tests performed. At the end, both a text-based and visual (in Zenmap) result is presented that outlines the detected systems, ports and protocols identified by the scan.

Nmap and Zenmap are available here.

2. Nessus

Nessus is the only commercial tool on this list. It is available from Tenable under multiple different licensing models. A free version limits the number of IPs that can be scanned, while paid licenses allow unlimited scans and deployment of multiple scanners.

Nessus is the most popular vulnerability scanner due to its extensive library of vulnerability signatures. A Nessus scan will examine the target machine, identify running services and provide a list of detected vulnerabilities along with additional information for exploitation and remediation. These scans provide a penetration tester with a list of potential attack vectors for gaining access to a target network or system.

Nessus is available from Tenable’s website here.

3. Wireshark

For network sniffing, Wireshark is by far the best tool available. Wireshark provides a large number of built-in protocol dissectors, enabling it to identify a range of different types of network traffic and break them down into an easily readable format. The Wireshark GUI labels each field of a network packet and provides built-in traffic coloring, filtering and connection following to help with identifying packets of interest.

Under the hood, Wireshark is much more than just a pretty packet dissector. It includes a great deal of built-in functionality for network traffic analysis and is extensible to allow analysis of custom traffic. This makes it invaluable for penetration testing, since it allows testers to easily and rapidly extract features of interest from a network traffic capture.

Wireshark can be downloaded here.

4. Burp Suite

Burp Suite is a collection of application security testing tools developed by Portswigger. Of these tools, the most famous is likely Burp Proxy, their web proxy.

Burp Proxy makes it possible for a penetration tester to perform a man-in-the-middle (MitM) attack, sitting between a webserver and a browser (their own or someone else’s). This enables them to examine and modify network traffic en route, making it possible to detect and exploit vulnerabilities or data leakages within a web application.

Burp Proxy — and the rest of Burp Suite — can be found here.

5. John the Ripper

John the Ripper is a well-known and widely-used password cracking tool. It is designed primarily for use on CPUs, but it also supports GPUs for faster cracking.

John the Ripper supports all of the most common cracking techniques (brute-force, dictionary and hybrid) and has a large library of supported hash formats. It is also a highly-flexible and configurable tool, allowing users to specify unique combinations of hash functions and generate custom candidate password formats for dictionary attacks.

To learn more about and download John the Ripper, visit here.

Conclusion

This article outlines some of the most common and popular tools used by penetration testers; however, it is not an exhaustive list. Most of the tools specified here are freely available (with the exception of Nessus), making them easy to add to a penetration tester’s toolkit. Additionally, most of these — and many other — tools are built into Kali Linux and similar security-focused Linux distributions, making them easy to install and test out.

Posted: January 11, 2021
Articles Author
Howard Poston
View Profile

Howard Poston is a cybersecurity researcher with a background in cryptography and malware analysis. He has a Master’s degree in Cyber Operations from the Air Force Institute of Technology and two years of experience in cybersecurity R&D at Sandia National Labs. He currently provides consulting and technical content writing for cybersecurity, cryptocurrency, and blockchain.