A craftsman requires the appropriate skills and tools to work in tandem in order to create a masterpiece. While tools are an important enabler in the process of creating the best piece of work possible, the process also requires relevant experience and expertise on the part of the craftsman.
Much like a craftsman’s toolbox, a pen tester’s toolbox has a wide variety of tools to work with based on the business objective.
Here, we’ll analyze some of the best free tools available for pen testers. It’s important to note that there is no direct comparison between these tools. The use of these tools depends on the type of assessment a pen tester is performing. Instead of competing against one another, these tools work to complement each other and aid the pen tester in performing a holistic security assessment.
Automated Security Tools Are Changing the Game
Automated tools have completely changed the landscape of pen testing with improved efficacy and turnaround time. There has been continuous research and development to make more reliable and user-friendly tools. These tools do not fix the underlying security vulnerabilities. Instead, they are effective in finding common security vulnerabilities and providing suggestions for fixing those vulnerabilities. Before you begin looking for these free hacking tools online, it is imperative for you to evaluate the background of the assessment. This will shape your tool selection process.
Here are 10 tools that are available for free online that we highly recommend:
Category: Proxy server application
Fiddler is a freeware web proxy tool that is browser and platform agnostic. It has several features that can help a pen tester. It allows users to debug web traffic from any system (works with almost all operating systems on PCs), smartphone, or tablet. From a pen test standpoint, Fiddler is primarily used to intercept and decrypt HTTPS traffic. As the name suggests, users can fiddle with and inspect that traffic to identify vulnerabilities in the application at hand.
Category: Port scanner
Nmap is an abbreviation for ‘Network Mapper.’ It is an open source, free application used for network scanning. It makes use of IP packets for auditing the network. Nmap offers a multitude of options to scan a single IP, port, or host to a range of IPs, ports, and hosts. It can also be used to scan a subnet, identify the services that are running on hosts, determine the OS versions in which the remote hosts are running, and discover vulnerabilities and security holes. It is a very powerful tool. The output and information can serve as a precursor to penetration testing efforts.
Category: Web vulnerability scanner
Wireshark is an industry standard network protocol analysis tool. The tool essentially captures data packets moving within a network and displays them back to the end-user in a human-readable form. Wireshark allows users to capture data via ethernet, Wi-Fi, NpCap adapter, bluetooth, and token rings, to name a few. It even allows users to capture data from USB-attached network interfaces through USBPCAP. Wireshark even comes with a console version, named ‘tshark.’
Category: Vulnerability exploitation framework
The Metasploit framework provides a series of tools to perform penetration testing on a system. This multi-purpose hacking framework is widely used by pen testers to unearth vulnerabilities on different platforms, collect information on the existing vulnerabilities, and retest the remediation defenses in place. The Metasploit framework is an open-source project backed by more than 200,000 contributors, making it a robust framework for penetration testing, executing exploit strategies, testing against the remediation defenses put in place, conducting research, and contributing to an active database of vulnerabilities.
Category: Web vulnerability scanner
Nikto is another tool that is quite famous within the pen testing community. It is an open-source tool available under GPL. Nikto offers multiple options within its interface to run against a host. It probes a host to find potential vulnerabilities such as server misconfiguration, insecure host files and programs, out-of-date programs that might pose risks, and version-specific issues that might risk the server. Nikto is available on OS X and provided by MacNikto.
6. John the Ripper
Category: Password cracking
John the Ripper (often referred to as ‘John’ or JTR) is a very popular password cracking tool. JTR is primarily used to perform dictionary attacks to identify weak password vulnerabilities in a network. JTR is an offline password cracker that can be invoked locally or remotely. It also supports brute force and rainbow crack attacks.
7. Burp Suite
Category: Net Scanner
One primary use of the Burp Suite is to intercept all requests and responses between the browser and the target application. The free version is also useful for generating a proof-of-concept cross-site request forgery (CSRF) attack for a given request. There’s also the application-aware crawler that can be used to map out application contents. A paid version unlocks even more features.
Category: Vulnerability scanner
OpenVAS is a vulnerability scanner that was forked from the last free version of Nessus after that tool went proprietary in 2005. The free version of Nessus today only works in non-enterprise environments. For security audit purposes, Nessus remains a popular vulnerability scanner, however, enterprise scans now require a license fee of about $2,000 a year. With OpenVAS, a user can perform a number of vulnerability scans and create exportable reports highlighting comprehensive scans to create security strategies.
Category: Password cracking
Aircrack-ng is a suite of wireless password cracking tools for the 802.11a/b/g family of wireless networks that supports raw monitoring (rfmon) mode. It captures network traffic in monitor mode and once enough data is captured it runs cracking algorithms to recover WEP and WPA keys. The Aircrack-ng suite consists of various tools such as Airodump-ng (a packet capturing program), Airsnort-ng (an encryption key cracker), Aireplay-ng (for traffic generation), and Airdecap-ng (a captured file decryption tool).
Category: Packet sniffer
With increasing instances of wireless LAN hacking, Kismet has become an important tool for detecting intrusion and packet sniffing on the 802.11 a/b/g family of WLAN that supports raw monitoring (rfmon) mode. Kismet is an outstanding lightweight tool that works in passive mode to identify the access points and client SSIDs over wireless networks. These SSIDs and access points can be mapped to each other to identify any hidden networks or non-beaconing networks. Kismet also allows you to log traffic in a Wireshark-compatible format for further analysis.
These tools simplify what is otherwise a drawn-out process of manual review. They make it relatively fast and accurate as well. Performing a cogent penetration testing assessment does not simply mean selecting one of the tools from the list. Rather, it means evaluating the organization and assessing the information, requirements, and stakeholders involved. This process will help to frame an ideal strategy which includes the use of tools to identify and resolve security vulnerabilities, both effectively and efficiently.
To understand the context and the business goals, these tools have to be complemented with human expertise. Unlike tools, it is a human who wears the white hat and drives these tools to do the job.