A penetration test — often called a “pentest” for short — is a test that involves simulating an attack on the network, both internally and externally, in order to evaluate the effectiveness of its security system. Such a test can reveal vulnerabilities in the system, which can be attended to and fixed immediately. Six penetration testing tools — Nmap, Metasploit. Nessus, Wireshark, Aircrack-ng and Acunetix — will be described below.
Network Mapper (Nmap)
Initially written in 1997 as a utility exclusively for Linux, Nmap has been ported to several other platforms, including Microsoft Word, though Linux remains the most popular. It can adapt to latency (the amount of delay time experienced by a system) and other conditions of the network. Features of Nmap include host discovery (identifying the hosts on a network); operating system detection (determining which OS is being used by a network); port scanning (probing for open ports on a host or a server); scriptable interaction; and version detection (determining the version number and the application name of a service by listening in on a remote device). On its website may be found password crackers, sniffers that intercept traffic as it passes over a network, and vulnerability and web scanners. Out of all the tools, Nmap is one of the best penetration testing tools available.
Common uses for Nmap include identifying open ports, network inventory and mapping, and security auditing of devices and networks. Its newest version, Nmap 6.01, has eliminated the bugs in version 6.0.
The Metasploit Project is now in its tenth year of existence. It has four editions — Framework (the basic edition), Community, Express and Pro — each of which is more elaborate than the preceding, with Pro allowing VPN pivoting and web application scanning. Metasploit also includes two databases, Opcode and Shellcode, of which the former is a valuable tool for those who wish to write new exploits.
Metasploit software may be downloaded for free on the company website; both Windows and Linux 64-bit are available there. It can be used to:
- verify the security controls and defenses of your system
- audit web applications for vulnerabilities
- manage exposure to phishing scams
The company has even come up with solutions that enable you to “think like an attacker.”
The most popular vulnerability scanner and most noisy penetration testing tools in the world, according to surveys performed in 2000, 2003 and 2006 — it is also used by more than 75,000 companies — Nessus was originally created in 1998 to provide a free remote security scanner for Internet users, its license being changed to a proprietary one seven years later. It is also the largest collection of network security checks.
Nessus can scan for five types of vulnerabilities, not including some similar ones: default passwords (the kind that are often used to gain access to a device during its setup phase), denials of service (attempts to prevent the intended users of a machine or a network resource from being able to access it), misconfigurations such as open mail relays (which have become unpopular because spammers have so often exploited them), preparation for audits by the Payment Card Industry Data Security Standard (this can save companies from having to pay large sums of money in fines), and vulnerabilities that would allow hackers to gain access to and even control sensitive information. In its newest version, over 55,000 vulnerability checks are provided and the plugins are updated every day. Nessus even has auditing capacity for mobile devices, including detecting i0S phones that have been jailbroken.
Wireshark is a “packet sniffer” available from SecTools, as is Nmap (discussed above). Originally released under the name of Ethereal in about 1998, it adopted its present name in 2006 due to copyright reasons. It has won industry awards from PC Magazine, eWeek, InfoWorld and other magazines. You can download a free trial version of the software from Wireshark’s website for thirty days, during which time you may troubleshoot your network in a way that will save you hours of diagnosing application and network issues. This will give you more time to devote to those business activities that really require your attention. Packet analysis is likewise made easy, and if you need to dissect a protocol that has only recently been created, you can set up your own plugins. Wireshark is also capable of capturing raw USB traffic. The best thing about Wireshark is that it “understands,” as it were, the structures of diverse network protocols.
Aircrack is a suite of tools available from SecTools. Aircrack-ng (pronounced like “aircracking”), a “fork” of that project, is a network software suite designed specifically for 802.11 wireless LANs. Its essential purpose is to audit wireless networks and it consists of four parts:
- a packet sniffer for intercepting and logging traffic that passes through a network
- a detector
- a WPA (Wi Fi Protected Acess)/WPA2-PSK cracker and analysis tool
- WEP (Wired Equivalent Privacy) — a security algorithm
The suite includes a multiplicity of components, most of which have names that also end in “ng,” such as airdriver-ng and easside-ng, that serve a variety of purposes; airdriver-ng, for instance, helps manage wireless drivers. Once Aircrack-ng has captured enough data packets, lost keys can be recovered.
“Is your website hackable?” That is the question you see on the front page of the website of Acunetix, a “worldwide leader in web application security.” Website applications are the targets of seventy percent of all attacks by hackers—and when it comes to hacking, firewalls will offer you no protection, and neither will SSL (secure socket layers) or locked-down servers. Acunetix is one of the best website penetration testing tools you can find. If the website is that of a business, then shopping carts and dynamic content are most commonly attacked. That is why you need Acunetix to help you. This software can check for vulnerabilities such as cross-site scripting and SQL injection. A free trial is available from their website.