Penetration testing is also known as Pen testing. Many people call it ethical hacking. Techtarget article says “Penetration tests are also sometimes called white hat attacks because in a pen test, the good guys are attempting to break in.” Penetration testing is done by security researchers on a computer system, network, or web application. A security researcher does this to find any possible vulnerability in Computer system, network or web application that an unethical attacker can exploit, make harm to those computer system, network or web application.
Penetration testing process is automated process with software application. It also can be done manually.
In penetration testing a security researcher first gathers information about the target computer system, network or web application. It is done before going through any testing process. Security researchers try to find how to break the computer system, network or web application. They try to find any entry points through which they can break the computer system, network or web application.
Many organizations do penetration testing on their computer system, network or web application to find weakness in their computer system, network or web application, so that the organization can identify and respond to any mischievous security incidents happening to the organization by any unethical mind attacker.
Penetration Testing Tools
Kali Linux
Kali Linux is a Debian-derived Linux distribution. Kali Linux was designed to perform digital forensic and penetration testing. It was first released on 13 March, 2013. Kali Linux is an Open Source Project. Kali Linux is maintained and funded by Offensive Security Ltd. Kali Linux has the following security tools to exploit any network, application, scanning a target IP address, discovering network and penetration testing.
Aircrack-ng
Armitage
Burp suite
Cisco Global Exploiter
Ettercap
John the Ripper
Kismet
Maltego
Metasploit framework
Nmap
OWASP ZAP
Social engineering tools.
Sqlmap
Wireshark
Hydra
Reverse Engineering tools
Binwalk
Foremost
Volatility
To download Kali Linux go to the official website at https://www.kali.org/
Netsparker
Netsparker is an automated scanner. It automatically finds vulnerabilities and security flaw in web applications and web services. With Netsparker you can verify vulnerabilities with their Proof-Based Scanning technology. Netsparker official website says “It’s not possible to truly scale up and manage thousands of web applications if you have to manually verify the results of vulnerability assessments. Netsparker uses their proprietary Proof-Based-ScanningTM technology to automatically verify false positives and save you hundreds of man hours. Scale up your efforts without scaling up your team.” Netsparker stated their services as Automated, United and Scalable
Netsparker is not an open source project. So you have to spend money in case you need to perform any vulnerability or penetration testing. Go to their pricing page https://www.netsparker.com/pricing/ for their pricing details. Netsparker is available as Desktop Software Application and also as an Online Web Security Scanning Service. Go to https://www.netsparker.com/ for more information.
Wireshark
Wireshark is a packet analyzer utility. It is an open source project. Wireshark basically does network protocol analyzing. Wireshark was released on 1998. It’s original author was Gerald Combs. Wireshark is maintained by The Wireshark team. According to softwaretestinghelp report “popular for providing the minutest details about your network protocols, packet information, decryption etc. It can be used on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many other systems. The information that is retrieved via this tool can be viewed through a GUI or the TTY-mode TShark utility. You can get your own free version of the tool from the link below.”
To know more about Wireshark please the office site of Wireshark at https://www.wireshark.org/
Metasploit
Metasploit is a framework that is used to find information about security vulnerabilities, to perform penetration testing and IDS signature development. “It is based on the concept of ‘exploit’ which is a code that can surpass the security measures and enter a certain system. If entered, it runs a ‘payload’, a code that performs operations on a target machine, thus creating a perfect framework for penetration testing.” Softwaretestinghelp reports.
Metasploit works on Linux, Apple Mac OS X and Microsoft Windows. Metasploit is used to perform penetration testing on Web applications as well as network and also servers.
To know more about metasploit please visit Metasploit official website at https://www.metasploit.com/