eLearnSecurity Blog

Top Tools Every Pentester Should Know & When To Use Them

IT Security is a highly practical field, which means Penetration Testers of all levels need to own their tools. Just starting out? No worries, here’s a short list of the (top) tools every Penetration Tester should know, and when to use them.

As you may (or may not) know, a thorough Penetration Test is composed of six key and crucial phases: Engagement, Information Gathering, Footprinting and Scanning, Vulnerability Assessment, Exploitation, and Reporting. Each of those steps is equally important, and all require the right tools.

Let’s go over the different phases, what they mean, and the necessary tools Penetration Testers need to know in order to perform them.

ENGAGEMENT

In this initial phase, all the details about the penetration test are established. This includes a sound and targeted proposal to the client, the scope of the engagement, incident handling possibilities, as well as the legal responsibilities of each party involved.

Tools of the trade:

  • No tool necessary for this phase.

INFORMATION GATHERING

The Information Gathering phase is the first, and one of the most important phases, of any successful penetration test.

During this phase, you can search for all sorts of data such as the name and email addresses of the board of directors, investors, managers, employees, etc. This will prove extremely useful especially if Social Engineering tests are allowed.

Additionally, it’s important to not only collect general information but also understand your client’s infrastructure and what data is at risk should an attack on their systems is successful (IP addresses, domains, servers, OS used, DNS information, etc.).

Tools used for gathering intelligence:

  • LinkedIn and other social media channels

  • Crunchbase

  • Whois

  • Client’s site/s.
FOOTPRINTING & SCANNING

The Footprinting and Scanning phase is where you can deepen your knowledge of the in-scope servers and services. For example, footprinting the Operating System of a host will help you determine what type of OS runs on the system but also helps you narrow down the potential vulnerabilities to check in the next phases. A scan of live hosts can determine what ports are open on a remote system. Imagine what a malicious hacker can do with that!

Tools used for footprinting and scanning hosts/ports:

  • Nmap

  • FPing

VULNERABILITY ASSESSMENT

The Vulnerability Assessment phase is aimed at building a list of all vulnerabilities present on a target system. In this phase, you will have to carry a vulnerability assessment for each and every target found in the previous step. You can carry a vulnerability assessment both manually or via automated tools.

Keep in mind that the purpose of a penetration test is to mimic the effects of a black hat hacker, which means you have to learn how to think like a cyber criminal. You have to understand your client’s infrastructure and the vulnerabilities that it presents in order to know exactly how to take advantage of them.

Tools used for performing vulnerability assessments:

  • Nessus

  • OpenVAS

  • Nexpose

  • GFI LAN Guard

EXPLOITATION

In the Exploitation phase, you will have to verify if all vulnerabilities really exist by exploiting all vulnerabilities found during your vulnerability assessment phase.

A penetration test is a cyclic process. This process only ends when there is no more systems and services, in scope, to exploit.

Remember: A penetration test’s goal is not to get root, it’s to find any and all vulnerabilities.

Tools used for exploiting vulnerabilities:

  • Netcat
  • SQLMap
  • John The Ripper
  • Ophcrack
  • Hydra
  • Metasploit
REPORTING

The Reporting phase is as important as the entire Penetration Test itself because it is your way to officially deliver and communicate your results with executives, IT staff, development teams, etc.

Most of the time, your client will judge your work as a Pentester based on the quality of your report. For this reason, having good writing and presentation skills come in handy. A complete pentest report must address the following key points:

  • Techniques used
  • Vulnerabilities found and exploited
  • Exploits used
  • Impact and risk analysis (for each vulnerability)
  • Remediation tips

Tools used for reporting:

  • Microsoft Suite

  • eLearnSecurity’s Pentest Reporting Guide 😉 

Aspiring to become a Penetration Tester?

Learn the accepted methodology and today’s most common tools used during network and webapp penetration testing with our newly launched PTSv4 training course.

This course and associated certification will give you the confidence you need to handle the technical portions of a job interview and the hands-on, practical experience to land a position as a Jr. Penetration Tester

On the occasion of the PTSv4 launch, we’re offering you 20% off the current course fees until May 31! Enroll below before it’s too late:

oENROLL NOWo

Not yet sure PTSv4 is the right training course for you? Get your free trial before enrolling.

Connect with us on Social Media:

Twitter | Facebook | LinkedIn | Instagram

Tags: , , , , ,

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Go to top of page