Penetration testing is a critical IT security practice for scanning systems, networks and applications for vulnerabilities and security holes that could lead to breaches and exploits. Pen tests are often performed by third parties, but as these outside tests can be expensive and become dated quickly, many organizations perform their own tests with pen testing tools.
Some of these tools scan ports or Wi-Fi, some test applications, and others focus on the web and web-facing applications as the biggest avenue for encroachment. Many of them work from lists of known vulnerabilities and potential problems and then attempt to penetrate an organization's defenses. These tools are also used to audit organizations for security compliance, and to unearth problems lurking within the enterprise.
There can sometimes be confusion between vulnerability scanning and pen testing. The former is about finding potential vulnerabilities whereas the latter attempts to exploit them. However, these days, many of the tools and suites addressing this area perform both functions (see our picks for top vulnerability scanning tools).
Penetration testing, though, is far from a one-tool-fits-all proposition. Few organizations rely on one tool only. Some use one for scanning and another to attempt penetration. Some use collections of tools, each dealing with a different aspect of security, such as port scanning, web application scanning, Wi-fi or direct penetration of the network. The reality is that most security professionals develop a kit of various tools they keep handy for penetration testing.
Top pen testing tools
Some pen test tools are proprietary, and others are freeware. Many security professionals use both. As a result, this guide provides a balance of paid and open source products. Here are some of the top ones cited by cybersecurity experts at KnowBe4 and Adrian Sanabria at Thinkst Applied Research.
Burp by Portswigger Web Security is a top-rated web vulnerability scanner used in a great many organizations around the world. It is found in most penetration testing toolkits, though its strength is more on the scanning side than on penetration. Although there is a free version available, it is limited in functionality, with no automation capabilities. Those interested in the complete package for enterprise-wide scalability and automation should be prepared to pay well. Security professionals needing only a good automated vulnerability scanner for testing of code can make do with the Professional version, which is a lot cheaper.https://o1.qnsr.com/log/p.gif?;n=203;c=204660767;s=9477;x=7936;f=201812281314300;u=j;z=TIMESTAMP;a=20392941;e=i
Read user reviews of Burp
Metasploit covers the scanning and testing of vulnerabilities. Backed by a huge open-source database of known exploits, it provides IT security teams with an analysis of pen testing results so remediation steps can be done efficiently. However, it doesn't scale up to enterprise level and some users say it is difficult to use at first.
Read user reviews of Metasploit
Nessus is a widely used paid vulnerability assessment tool. It is probably best for experienced security teams, as its interface can be a little tricky to master at first. It should be used in conjunction with pen testing tools, providing them with areas to target and potential weaknesses to exploit.
Read user reviews of Nessus
Fiddler is a useful collection of manual tools for dealing with web debugging, web session manipulation, and security/performance testing. However, it is probably most useful for those deploying the paid version on the .NET framework, as that comes with many automation features.
Nmap is a port scanner more than a penetration testing tool. But it aids pen testing by flagging the best areas to target in an attack. That is useful for ethical hackers in determining network weaknesses. As it's open source, it's free. That makes it handy for those familiar with the open-source world, but it may be a challenge for someone new to such applications. Although it runs on all major OSes, Linux users will find it more familiar.
Read user reviews of Nmap
Wireshark is often found in the security toolkit. Pen testers use it to point out what is happening with the network and assess traffic for vulnerabilities in real time. By reviewing connection-level information as well as the constituents of data packets, it highlights their characteristics, origin, destination, and more. While it flags potential weaknesses, a pen testing tool is still required to exploit them.
Read user reviews of Wireshark
Aircrack-ng is the go-to tool for analysis and cracking of wireless networks. All the various tools within it use a command line interface and are set up for scripting. This is good news for veteran security professionals, but an open-source Linux orientation may challenge those more used to proprietary tools running on Windows platforms.
John the Ripper
John the Ripper is a fine tool for anyone seeking to check on password vulnerability. It should be viewed, however, as being more of a supplemental tool than the primary one in the penetration arsenal. As it combines several approaches to password cracking into one, it is well worth trying out.