How to understand that a project is vulnerable? We have collected 12 popular tools that are widely used by pentesters around the world to help them find security holes and fix them in a timely manner. For convenience, we have divided them into 4 categories: complex tools, brute-forcing, network scanners and traffic analyzers. Some of these tools are preinstalled in Kali Linux, and some are available for download.
These are programs that are characterized by broad functionality and provide a comprehensive check for possible vulnerabilities.
A popular web application security testing platform that is available on Kali Linux out of the box. In essence, it is a set of interconnected components that provide a complete security audit.
The functionality is not limited to searching for files, displaying application content, guessing passwords, fuzzing, intercepting and modifying requests. In the BApp Store you can find additional extensions for Burp Suite that can increase the functionality of the program.
You can choose one of the three available plans .
An open source, cross-platform tool that is supported by security professionals around the world and has a lot in common with the Burp Suite. OWASP ZAP is easy to use. The interface consists of several windows. There is support for 13 languages, including English.
Allows you to automatically find security vulnerabilities in web applications during development and testing. Thus, the program will be useful not only for pentesters, but also for web developers themselves.
The Metasploit Framework is a popular open source platform for creating and debugging exploits for various operating systems. Includes a huge database of opcodes and allows you to hide attacks from IDS / IPS systems. Thanks to this, testing for vulnerabilities is as close as possible to real scenarios.
At the time of this writing, the project has over 700 contributors . The Metasploit Framework runs on Windows, Linux, and other UNIX-like systems.
It is brute-forcing that helps to get unauthorized access to accounts, websites, computer systems by searching combinations of various characters. Someone might say that brute force is outdated. But this type of hacking is relevant, and the number of brute-force attacks has only increased with the transfer of the whole world to a remote mode of operation.
John the Ripper
An open source cross-platform tool that is used to audit weak passwords. Despite such a flashy name, John the Ripper has established himself well in the field of penetration testing. The program supports several attack options at once:
- dictionary search;
- full bust (brute force);
- in a hybrid way.
An easy-to-use multifunctional password brute-force that has gained popularity among pentesters around the world. Hydra supports a wide range of services, is fast, reliable and open source. Works through a command line interface using dictionaries.
A popular hash cracker that is characterized by a high speed of work. It differs from many brute-force attacks in the way of cracking: instead of a brute force enumeration of combinations with the calculation and comparison of the hash with the desired value, RainbowCrack compares the hash with the values from the pre-calculated table. That is, time is spent only on comparison, which contributes to a quick result.
On the official website of the program, you can find demo and ready-made rainbow tables for hashing algorithms LM, NTLM, MD5 and SHA1.
]Such programs are designed to scan local and external networks in order to draw up their maps and search for possible vulnerabilities.
Free utility for scanning and auditing network security. The tool is widely used to scan hosts, get a list of open ports, scan running services, and identify hosts on the network. Network Mapper supports various ways of hiding the scanning process, parallel scanning, bypassing IDS systems and firewalls.
The product has a Zenmap cross-platform GUI .
ZMap is fast. This tool was originally created as a faster alternative to Nmap for scanning the entire network, rather than individual fragments. To achieve a speed of 1.4 million packets per second, a regular computer with a gigabit connection is enough.
The question arises: why do we need Nmap in this case? The fact is that ZMap has a significant drawback: a very high load that can damage network equipment. Therefore, for point scans and small networks, Nmap is preferred.
Another massive asynchronous scanner that operates at a speed of up to 25 million packets per second. Useful for scanning huge networks like the Internet. Masscan’s syntax is similar to Nmap and is faster than ZMap. But the main drawback is the same as that of the latter: a huge load on the network.
These are programs that allow you to intercept your own or someone else’s traffic with its further analysis. Traffic analyzers, also known as sniffers, are used to diagnose the network and hijack passwords.
tcpdump is a command line sniffer with which you can see what packets are passing through the network card at the moment. Most often used for network debugging and for educational purposes, but the utility’s capabilities also allow you to conduct network attacks and identify host scans.
During the existence of this tool, the format of its reports has become a kind of standard for other analyzers, so tcpdump works without problems in tandem with other programs.
Wireshark is a cross-platform network protocol analyzer that provides real-time capture of network packets, viewing their contents, sorting and filtering the received information, displaying network load statistics and much more. Its capabilities are similar to those of tcpdump, but Wireshark benefits from a user-friendly interface, sorting, and filters. Open source tool.
The analyzer is widely used in government and educational institutions, in commercial and non-commercial enterprises.
Console utility for debugging, testing, privacy assessment and penetration testing. With mitmproxy, you can intercept, inspect, modify and replay a stream of HTTP traffic. Due to this functionality, the utility is widely used not only by hackers and penetration testers , but also by developers of web applications for their timely debugging.
Even individually, these programs are effective. If you use at least one tool from each category, you will provide a comprehensive analysis of vulnerabilities and thereby increase the level of information security.