Penetration Test

Pen Testing Toobox

RECONNAISSANCE

• For reconnaissance, use:
  • Nmap
  • Whois
  • Nslooup
  • Theharvester
  • Shodan
  • Recon-NG
  • Censys
  • Aircrack-NG
  • Kismet
  • WiFite
  • SET
  • Wireshark
  • Hping
  • Metasploit framework

ENUMERATION

• To list targets, use:
  • Nmap
  • Nslooup
  • Wireshark
  • Hping

VULNERABILITY SCANNING

• To scan for vulnerabilities, use:
  • Nmap
  • Nikto
  • OpenVAS
  • SQLmap
  • Nessus
  • W3AF
  • OWASP ZAP
  • Metasploit framework

CREDENTIAL ATTACKS

• For offline password cracking, use:
  • Hashcat
  • John the Riipper
  • Cain and Abel
  • Mimikatz
  • Aircrack-NG
• For brute-forcing services, use:
  • SQLmap
  • Medusa
  • Hydra
  • Cain and Abel
  • Mimikatz
  • Patator
  • W3AF
  • Aircark-NG

Persistence

• Once you have expoited a target, use these to make sure you can get back in:
  • SET
  • BeEF
  • SSH
  • NCAT
  • NETCAT
  • Drozer
  • Powersploit
  • Empire
  • Metasploit framework

Configuration Compliance

• To evaluate a configuration to determine if it's copliant with a stantdard or regulation, use:
  • Nmap
  • Nikto
  • OpenVAS
  • SQLmap
  • Nessus

Evasion

• To evade detection, use:
  • SET
  • Proxychains
  • Metaspoit framework

Decompilation

• To decompile executables, use:
  • Immunity debugger
  • APKX
  • APK studio

Penetration Testing Use Cases

• Forensics
  • To carry out digital forensics, use:
    • Immunity debugger
  • Debugging
    • To debug code, use:
      • OLLYDBG
      • Immunity debugger
      • GDB
      • WinDBG
      • IDA

Software Assurance

• For general software assurance, use:
  • Findsecbugs
  • SonarQube
  • YASCA
• For fuzzing, use:
  • Peach
  • AFL

SAST(Static Application Security Testing)

DAST(Dynamic Application Security Testing)

QUICK REVIEW

• Know what each of the tools listed in the objectives are commonly used for
• Some tools, such as nmap, can fit into multiple use cases
• It's more important to understand the purpose of a tool than to memorize categories