Tools For Penetration Testing

Can anyone suggest me the best Tools For Penetration Testing with their practice?

Thanks in advance

Well @theweborion , this is a question that comes up a lot and has many different answers depending on whom you ask. The one thing that applies to any of those answers, however, is that a tool is only as effective as the hacker behind it. That said, at Comodo Dragon Labs, where we offer advanced penetration testing for high security environments, we use the ‘least tool possible’ approach. We do this for several reasons. It should be noted here that we are all OSCPs and thus bring considerable skill to the equation. Years ago, in the #offsec IRC channel someone asked

“What do you say to a client who asks what tools you use for your penetration tests?”

to which someone else replied “BASH and GCC.”

Their point was that anyone with solid *nix and coding skills (considered prerequisites for any serious pen-tester) as well as good to excellent knowledge of network protocols, particularly those higher in the stack, can perform most penetration testing tasks with little more than a command line and possibly a compiler. We take this approach for several reasons.

As a penetration testing firm, we like to showcase our skills rather than tools. With that as a foundation, we also want to make the tasks we perform as easy for administrators or developers to reproduce when it comes time to mitigate the vulnerabilities we detect and exploit. For example, we wouldn’t want a client’s web developer to have to install BurpSuite or some very large, robust application just to fix a XSS or SQLi vulnerability in a web application, especially when all that’s really necessary is a specially crafted HTTP request in plain text format POSTed to the server using telnet, netcat, or openssl s_client. We assume that in 2020 almost any client will have access to some sort of Linux installation so we strive to do as much as possible with native Linux commands, distribution non-specific if possible.

This brings us to our second point (and back to your question) which is that, as skilled assessors, we’re orders of magnitude more efficient when we have to take our hands off of the keyboard as infrequently as possible so we do as much as possible from the command line. We do this not only for efficiency but also for reporting purposes. Using comments in the shell, we can simultaneously perform our tasks and explain them to the admin or dev who will eventually have to use the report. In addition, in the *nix world, processing of plain text is far more efficient than any other output formats. When we need to use the output from one command in another, making the necessary adjustments via unix text processing commands like sed, awk, sort, uniq, tr etc. is always faster than dealing with XML and the like.

At this point you’re probably saying “Yeah, all this sounds great for you elite pen-testers out there but what do I use to do the pen-test my boss wants me to perform against our network when I’ve never done one before?”

The initial answer to that question is the best tool for the task at hand. What does that mean? Well, your question is extremely general and penetration tests are very specific. Depending on the task at hand, there are always a number of tools that can be used. There are different tools for every phase of a penetration test; for passive reconnaissance, active intelligence gathering, network, host, and service enumeration, vulnerability detection (although humans are the best at that one), vulnerability exploitation, privilege escalation, access maintenance, and even reporting. There are also countless target-specific tools for various platforms and known vulnerable softwares (wp-scan for WordPress, for example). The key is choosing the right one at the right time.

All of this having been said, there is a place where you can find almost all of the aforementioned tools as well as just about everything you’ll ever need to perform a penetration test and that’s Kali Linux. By orders of magnitude the most advanced penetration testing tool-set ever developed, it’s free to download and has absolutely every tool you’ll ever need. It does have a considerable learning curve however the ROI is extremely high. As for task-specific recommendations, we really can’t offer any however there are numerous IRC channels where hackers and pen-testers discuss which tools they use for particular tasks but almost all of them will be included or can be compiled on Kali.

Hope this helps.



Thanks for explaining the things.