Pen Testing Toobox
RECONNAISSANCE
- For reconnaissance, use:
- Nmap
- Whois
- Nslooup
- Theharvester
- Shodan
- Recon-NG
- Censys
- Aircrack-NG
- Kismet
- WiFite
- SET
- Wireshark
- Hping
- Metasploit framework
ENUMERATION
- To list targets, use:
- Nmap
- Nslooup
- Wireshark
- Hping
VULNERABILITY SCANNING
- To scan for vulnerabilities, use:
- Nmap
- Nikto
- OpenVAS
- SQLmap
- Nessus
- W3AF
- OWASP ZAP
- Metasploit framework
CREDENTIAL ATTACKS
- For offline password cracking, use:
- Hashcat
- John the Riipper
- Cain and Abel
- Mimikatz
- Aircrack-NG
- For brute-forcing services, use:
- SQLmap
- Medusa
- Hydra
- Cain and Abel
- Mimikatz
- Patator
- W3AF
- Aircark-NG
Persistence
- Once you have expoited a target, use these to make sure you can get back in:
- SET
- BeEF
- SSH
- NCAT
- NETCAT
- Drozer
- Powersploit
- Empire
- Metasploit framework
Configuration Compliance
- To evaluate a configuration to determine if it's copliant with a stantdard or regulation, use:
- Nmap
- Nikto
- OpenVAS
- SQLmap
- Nessus
Evasion
- To evade detection, use:
- SET
- Proxychains
- Metaspoit framework
Decompilation
- To decompile executables, use:
- Immunity debugger
- APKX
- APK studio
Penetration Testing Use Cases
- Forensics
- To carry out digital forensics, use:
- Immunity debugger
- Debugging
- To debug code, use:
- OLLYDBG
- Immunity debugger
- GDB
- WinDBG
- IDA
- To debug code, use:
- To carry out digital forensics, use:
Software Assurance
- For general software assurance, use:
- Findsecbugs
- SonarQube
- YASCA
- For fuzzing, use:
- Peach
- AFL
SAST(Static Application Security Testing)
DAST(Dynamic Application Security Testing)
QUICK REVIEW
- Know what each of the tools listed in the objectives are commonly used for
- Some tools, such as nmap, can fit into multiple use cases
- It's more important to understand the purpose of a tool than to memorize categories