Ethical hackers are embracing public cloud for penetration testing. Using Ravello on AWS and Google cloud, enterprises are creating high-fidelity replicas of their production environments – and using it for penetration testing to find and fix vulnerabilities in their network, web and applications before a hacker does. This article looks at five most popular tools used by ethical hackers for penetration testing –
1. Kali Linux – Kali is one of the most popular suite of open-source penetration testing tools out there. It is essentially a Debian Linux based distro with 300+ pre-installed security & forensic tools all ready to go. The most frequently used tools are -
2. Metasploit Community – Metasploit framework enables one to develop and exploit code against remote target machines. Metasploit has a large programmer fan base that adds custom modules, test tools that can test for weaknesses in operating systems and applications. While open-source Metasploit framework is built into the Kali Linux the more feature rich versions – Metasploit community edition and Metasploit Pro are available from Rapid7 and highly recommended. Metasploit Pro comes with additional functionality such as Smart Exploitation (that automatically selects exploits suitable for discovered target), VPN pivoting (that allows one to run any network based tools through a compromised host), dynamic payloads to evade anti-virus / anti-malware detection, collaboration framework that helps sharing information as a part of the red-team effectively.
3. CORE Impact – Core Impact is equally appealing to newbies as it is to experts. It provides a penetration testing framework that includes discovery tools, exploit code to exercise remote & local vulnerabilities, and remote agents for exploring and exploiting a network. CORE Impact works by injecting shell-code into the vulnerable process and installing remove agent in the memory that can be controlled by the attacker. Local exploit can then be used to elevate privileges and this exploited host can them be used to look for other hosts to attack in a similar manner. CORE Impact’s easy to use interface (just point and attack!), flexible agents, regular updates to exploits and built-in automation makes it a popular choice for enterprises. But good things don’t come cheap – CORE Impact comes with a very expensive price tag.
4. Canvas – Canvas expects users to have a considerable knowledge of pentesting, exploits, system insecurity and focuses on exploitation aspects of penetration testing. It doesn’t perform any discovery, but allows one to manually add hosts to interface and initiate a port scan & OS detection. This discovered information becomes a part of host’s ‘knowledge’ and ethical hacker needs to select the appropriate exploits based on this knowledge. If the exploit is successful a new node signaling an agent populates on the node-tree on canvas. Nodes can be chained together through hosts (much like CORE Impact) so that attacks can percolate deeper into the networks. Although Canvas is a commercial tool (just like CORE Impact), it is roughly one-tenth the price of CORE Impact.
5. Nessus – Nessus is a vulnerability scanner and very popular amongst security professionals. It comes with a huge library of vulnerabilities & tests to identify them. Nessus relies on response from target hosts to identify the holes, and the ethical hacker may use an exploitation tool (e.g. Metasploit) in conjunction to verify that reported holes are indeed exploitable.
So which is the best penetration testing tool out there? There is no one correct answer. It depends on the target, scope and ethical hacker’s proficiency with pentesting.
Interested in checking the effectiveness of your favorite pentesting tool? Just open a Ravello trial account, upload your VMs to recreate a high fidelity replica of environment you want to pentest, and point your favourite pentest tool at it. Since Ravello runs on public cloud with access to data-center-like networking, a growing number of enterprises are using it to create realistic pentesting environment to scale.