Move your VMware and KVM applications to the cloud without making any changes

  • January 18, 2016

Five most popular penetration testing tools

Ethical hackers are embracing public cloud for penetration testing. Using Ravello on AWS and Google cloud, enterprises are creating high-fidelity replicas of their production environments – and using it for penetration testing to find and fix vulnerabilities in their network, web and applications before a hacker does. This article looks at five most popular tools used by ethical hackers for penetration testing –

1. Kali Linux – Kali is one of the most popular suite of open-source penetration testing tools out there. It is essentially a Debian Linux based distro with 300+ pre-installed security & forensic tools all ready to go. The most frequently used tools are -

    1. Burp Suite - for web applications pentesting. Burp Suite can be used for initial mapping and analysis of an application's attack surface, finding and exploiting security vulnerabilities. It contains a proxy, spider, scanner, intruder, repeater, and sequencer tool.
    2. Wireshark - network protocol analyzer that needs no introduction
    3. Hydra - tool for online brute-forcing of passwords
    4. Maltego - a tool for intelligence gathering
    5. Aircrack-ng - wireless cracking tool
    6. John - offline password cracking tool
    7. Owasp-zap - for finding vulnerabilities in web applications. Owasp-zap contains a web application security scanner with an intercepting proxy, automated scanner, passive scanner, brute force scanner, fuzzer, port scanner etc.
    8. Nmap - for network scanning. Nmap is a security scanner and contains features for probing computer networks, including host discovery and service and operating system detection – generally mapping the network’s attack surface. Nmap features are extensible by scripts that provide more advanced service detection and vulnerability detection.
    9. Sqlmap - for exploiting sql injection vulnerabilities

One can download Kali Linux from Kali website and install the ISO on an empty VM on Ravello with a couple of clicks.

2. Metasploit Community – Metasploit framework enables one to develop and exploit code against remote target machines. Metasploit has a large programmer fan base that adds custom modules, test tools that can test for weaknesses in operating systems and applications. While open-source Metasploit framework is built into the Kali Linux the more feature rich versions – Metasploit community edition and Metasploit Pro are available from Rapid7 and highly recommended. Metasploit Pro comes with additional functionality such as Smart Exploitation (that automatically selects exploits suitable for discovered target), VPN pivoting (that allows one to run any network based tools through a compromised host), dynamic payloads to evade anti-virus / anti-malware detection, collaboration framework that helps sharing information as a part of the red-team effectively.  

3. CORE Impact – Core Impact is equally appealing to newbies as it is to experts.  It provides a penetration testing framework that includes discovery tools, exploit code to exercise remote & local vulnerabilities, and remote agents for exploring and exploiting a network. CORE Impact works by injecting shell-code into the vulnerable process and installing remove agent in the memory that can be controlled by the attacker. Local exploit can then be used to elevate privileges and this exploited host can them be used to look for other hosts to attack in a similar manner. CORE Impact’s easy to use interface (just point and attack!), flexible agents, regular updates to exploits and built-in automation makes it a popular choice for enterprises. But good things don’t come cheap – CORE Impact comes with a very expensive price tag.

4. Canvas –  Canvas expects users to have a considerable knowledge of pentesting, exploits, system insecurity and focuses on exploitation aspects of penetration testing. It doesn’t perform any discovery, but allows one to manually add hosts to interface and initiate a port scan & OS detection. This discovered information becomes a part of host’s ‘knowledge’ and ethical hacker needs to select the appropriate exploits based on this knowledge. If the exploit is successful a new node signaling an agent populates on the node-tree on canvas. Nodes can be chained together through hosts (much like CORE Impact) so that attacks can percolate deeper into the networks. Although Canvas is a commercial tool (just like CORE Impact), it is roughly one-tenth the price of CORE Impact.

5. Nessus – Nessus is a vulnerability scanner and very popular amongst security professionals. It comes with a huge library of vulnerabilities & tests to identify them. Nessus relies on response from target hosts to identify the holes, and the ethical hacker may use an exploitation tool (e.g. Metasploit)  in conjunction to verify that reported holes are indeed exploitable.

So which is the best penetration testing tool out there? There is no one correct answer. It depends on the target, scope and ethical hacker’s proficiency with pentesting.

Interested in checking the effectiveness of your favorite pentesting tool? Just open a Ravello trial account, upload your VMs to recreate a high fidelity replica of environment you want to pentest, and point your favourite pentest tool at it. Since Ravello runs on public cloud with access to data-center-like networking, a growing number of enterprises are using it to create realistic pentesting environment to scale.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.