The newest and best eight penetration testing tools

Source: Internet
Author: User
Tags new set sql injection attack kali linux owasp zap

The penetration testing tools described in this article include: Metasploit, nessus security vulnerability scanner, Nmap, burp Suite, OWASP ZAP, Sqlmap, Kali Linux and Jawfish (Evan Saez is one of the developers of the Jawfish project).

We interviewed the Penetration Test Tool designer/programmer/enthusiast Evan Saez, a cyber threat intelligence analyst with the New York Digital forensics and cyber Security Intelligence company Lifars, Ask him to talk about the latest and best penetration testing tools and how to use such tools.

existing penetration testing tools on the market

metasploit is a framework that has a large group of programmers enthusiasts, and a vast number of programmers have added custom modules that test tools can test for security vulnerabilities in many operating systems and applications. People publish these custom modules on GitHub and BitBucket. Like GitHub, BitBucket is also an online software library for programming projects. Saez said: "Metasploit is the most popular penetration testing tool. "

RELATED links: http://www.metasploit.com

nessus vulnerability Scanner is a popular, feature-based tool that can be used to find security vulnerabilities. "Nessus can only compare scan results to databases with known security vulnerability features," Saez said. "

RELATED links: http://www.tenable.com/products/ Nessus-vulnerability-scanner

NMAP network scanner enables penetration testers to determine the types of computers, servers, and hardware that an enterprise has on its network. These machines can be identified by these external probes, which in itself is a security breach. Attackers use this information to lay the groundwork for an attack.

RELATED links: https://nmap.org

burp Suite is another popular Web application penetration testing tool. According to Burp Suite Web security appliance maker Portswigger, it can plot and analyze Web applications to find and exploit security vulnerabilities.

RELATED links: http://portswigger.net/burp/

owasp ZAP (Zed attack agent) is a Web application penetration testing tool from a nonprofit organization OWASP (open Web Application Security Project). ZAP provides automated and manual Web application scanning capabilities to serve inexperienced and experienced professional penetration testers. Zap is an open-source tool now on GitHub.

RELATED links: https://www.owasp.org/index.php/owasp_ Zed_attack_proxy_project

sqlmap can automatically find SQL injection attack vulnerabilities. It then leverages those security vulnerabilities to take full control of the database and the underlying server.

RELATED links: http://sqlmap.org

kali Linux is an all-in-one tool that includes a dedicated set of pre-installed tests (as well as security and forensic analysis) tools. "It has tools for people who know nothing about safety," Saez said. "

RELATED links: https://www.kali.org

Unlike most tools based on features, Jawfish is a penetration testing tool that uses genetic algorithms. "Genetic algorithms will look for targets based on search results," Saez says. "Based on the search criteria, as Jawfish gets closer to the target it is looking for, here is the security hole, and it can find the results." Jawfish does not require a feature database.

RELATED links: https://jawfish.io

metasploit, nessus Security vulnerability scanner, Nmap, burp Suite, OWASP ZAP, Sqlmap, Kali Linux and Jawfish each have their own uses. Most businesses require a variety of tools. Metasploit provides both the Ruby interface and the CLI, so your penetration testers can choose one, depending on what task you want to accomplish. "Ruby interfaces are good for testing very large networks because running commands in the CLI is too tedious for such a test task," Saez said. "

nessus security vulnerability Scanner can check your computer and firewall for open ports and software that may be vulnerable. Garrett Payer, chief technology expert at ICF International, a large technology solutions provider, said: "For penetration testing, this tool is not very useful because it is not precise enough to enter through the front door and communicate with the operating system to determine security vulnerabilities." This tool is typically used for compliance work and is used solely to determine if the patch is the latest version. "

nmap can be used to search for hosts, open ports, software versions, operating systems, hardware versions, and security vulnerabilities, usually plotting the attack surface of the network. It is useful at every stage of penetration testing, as long as you have a new set of hosts, ports, and other resources to identify, such as when entering a new network segment. "This tool has scripting capabilities for enumerating user access," says payer. "

burp Suite can be used in conjunction with your Web browser to plot the Web application. The tools inside the Burp suite can uncover application functionality and security vulnerabilities, and then launch specific attacks. Burp Suite can automate repetitive functions and retain choices for users where penetration testers need to control individual options for testing. "This is a very rich tool that uses proxies to explore and analyze cross-site scripting and other security vulnerabilities," says payer. It provides transparency to let people know what data the site actually sends to the server. "

owasp Zap can perform numerous scans and tests, including port scanning, brute force scanning, and fuzzy testing to identify unsafe code. Penetration testers Use an intuitive GUI that resembles a GUI of a Microsoft application or some Web design tool (such as Arachnophilia). Once you've browsed and executed your activity on the site, you can go to zap again and you'll be able to see the code, and what data is leaking during those activities. After being set up as a proxy server, OWASP ZAP controls the network traffic it handles. Payer said: "This tool is more innovative than burp suite, the function is not the same rich, but is free open source." It provides a small batch of features and a GUI that is useful for people who have just come into contact with Web application penetration testing. "

After installing Kali Linux, you can open any of the 10 + penetration test/exploit tools bundled with it. Saez said: "Kali Linux comes with a lot of user documentation. "

Http://www.networkworld.com/article/2944811/network-security/8-penetration-testing-tools-that-will-do-the-job.html

The newest and best eight penetration testing tools

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.