Like every other profession, penetration testers use many different methodologies and tools, each for different reasons. Although what's listed below is not the complete list of pen testing tools, they are tools penetration testers should be comfortable with when they start conducting pen tests.
Every pen test toolkit should include Kali Linux. Pen testers use Kali Linux as their base pen testing OS in large part because it includes a broad range of pen testing utilities and is optimized for use in pen testing engagements. While Kali Linux can run on its own hardware, it's far more common to see pen testers using Kali VMs running on Windows or OS X.
In addition to Kali, pen testers' toolkits may vary a bit depending on whether the focus is on wireless network pen testing, general network pen testing or web application pen testing.
Wireless penetration testing toolkit
Pen testers working on engagements that include testing for one or more wireless access points will find the following tools especially useful:
- ALFA Network's external wireless adapters are among the best for use with Kali Linux. Unlike internal Wi-Fi adapters available on most systems, external adapters can be used with VMs, and they can be used to execute Wi-Fi injection attacks as well.
- Aircrack-ng is a suite of testing tools that pen testers can use to monitor, attack, test and crack wireless networks.
- Kismet is a tool that pen testers can use to discover hidden wireless networks and for other wardriving activities.
- Cain & Abel is a tool used for sniffing wireless networks to detect encrypted passwords and then cracking those passwords.
- Reaver is used to brute force Wi-Fi Protected Setup registration PINs in order to get access to Wi-Fi Protected Access and WPA2 passphrases.
Network pen test toolkit
Traditional network pen testing calls for a different set of tools than wireless pen testing. The primary tools pen testers use for network pen testing include the following:
- Nmap is a tool that pen testers use to perform security scans in order to identify what services a system is running, as well as to fingerprint the OS, applications and type of firewall a host is using and to do a quick inventory of devices on a local network.
- Arpspoof is used by pen testers to execute Address Resolution Protocol (ARP) spoofing attacks. These attacks enable testers to send false ARP messages over a LAN, which can result in the linking of the pen tester's MAC address with the IP address of a legitimate computer or server on the target network. This technique can be used to hijack traffic intended for a legitimate system.
- Responder is a tool used by pen testers to poison network name resolution services. For example, Responder is effective when used against Link-Local Multicast Name Resolution, NetBIOS Name Service and the Multicast DNS protocols. Responder can also respond to file server requests for SMB services.
- Wireshark is a tool pen testers use to capture or monitor network packets in order to map out how to attack systems and networks.
Web application pen testing
A different set of tools and skills constitute a web application pen test toolkit, mostly because it targets specific servers rather than the networks over which server traffic is carried. The primary tools for web application pen testing include the following:
- Browser extensions for Firefox and Chrome give pen testers powerful tools to wield against web application servers. Three of the most important include the following:
- FoxyProxy is an extension that enables a pen tester to switch internet connections across one or more proxy servers.
- Tamper Data is an extension for viewing and modifying GET requests, HTTP/HTTPS headers and POST parameters before the request gets sent to its destination.
- Burp Suite Professional is a platform that integrates several testing tools, including a web app scanner, spidering tools, intercepting proxy and analysis tools for session tokens.
- SoapUI is used to do functional testing and rapidly create functional test cases of Simple Object Access Protocol and REST web services.
- The Browser Exploitation Framework (BeEF) tool enables pen testers to assess the security posture of an environment using client-side attacks. BeEF can hook into a target web browser and enable a tester to launch commands and attacks from within the web browser.