👨‍🏫
Mosse CyberSec Institute.
  • Preface
  • 👩‍💻Internet Searching
    • Using Elicit, search through Academic Papers
    • Use Google To Identify Open FTP Servers That Hold Confidential Materials Available For Download
    • Use Bing To Find Cybersecurity Feeds In A Specific Language
    • Use Google's Cache Capability to Retrieve Deleted Web Pages
    • Use Web Archives to View Old Versions of Websites.
    • Use Advangle To Generate Complex Google Search Queries
  • 🧐Technical Concepts
    • Research The Top Penetration Testing Tools
    • Research The Cyber Kill Chain Model And The MITRE Matrix
      • Lockheed Martin Kill Chain
      • MITRE ATT&CK MATRIX
    • Research The Major Types Of Enterprise Security Software
    • Research The Most Common Network Protocols
  • 🕵️Passive Network Reconnaissance
    • Use Dnsdumpster.com To Passively Map An Organization's External Facing Assets
    • Use Shodan.io To Passively Map An Organization's External Facing Assets
    • Use Crt.Sh To Identify Domains And Sub-Domains That Belong To An Organization
    • Search For Information Leaks On Github Using Grep.App
  • 🧨Discovering Attack Campaigns
    • Detect Typo Squatting And Phishing With Dnstwist.it
    • Use Urlscan.Io To Identify Phishing And Spear-Phishing Websites
  • 🔐Security Tools
    • Use sslscan To Assess The SSL Configuration Settings Of HTTPS Websites
    • NMAP SCANS
    • Brute Force Web Directories And Files Using DIRB/WFUZZ
  • Penetration Testing with Tools
  • Digital Investigations
  • Malware Development
Powered by GitBook
On this page
  1. Technical Concepts

Research The Top Penetration Testing Tools

Penetration testing is the process of testing a computer system, network or web application for vulnerabilities. A Penetration Tester uses security tools to help identify security vulnerabilities in a

PreviousTechnical ConceptsNextResearch The Cyber Kill Chain Model And The MITRE Matrix

Last updated 2 years ago

Short for Network Mapping, this is an open source tool that is used for network exploration as well as security auditing. It is used to scan anything from a single host to a large network. It can give plenty of very important information such as open ports, services running on those ports, service versions, the Operating system, etc.

Metasploit is a very powerful tool used for penetration testing. It can do nearly anything you can think of relating to pen. testing. It can:

  • Discover networks through recon scans

  • Validate vulnerabilities

  • Exploit those vulnerabilities

  • Create payloads

  • Brute force attacks

  • Create Social Engineering Campaigns

  • Automate tasks

  • Create reports and Logs

  • Use MetaModules that allow testing

  • Etc.

Wireshark is a tool that can be used to visuallize network protocols and see packets that are being sent around the network. It creates network captures that gather packets and the information they are holding. Packets are able to be inspected and broken down all the way to their hex code.

The Burp Suite is a set of tools that are used for penetration testing of web applications. Similar to Metasploit, there are many, many different modules and tools in this tool kit which can be explored in the manual.

Hashcat is a tool used to crack hashes and recover passwords. It is able to decipher hashes that include:

  • Microsoft LM Hashes

  • MD4

  • MD5

  • SHA-family

  • Unix Crypt formats

  • MySQL

  • Cisco PIX

Nessus is a tool that is used to create security scans and discovers vulnerabilities. It is also largely adaptable and allows for the addition of multiple premade modules, or custom made scripts. It is also open source allowing for free use of the tool for anyone.

Hydra is a tool used for brute forcing password cracking. Hydra uses many different protocols and methods in order to do this brute forcing. Depending on what specifics are provided about the username/password, the scan can range from about a minute to a multiple-day long scan.

Short for Directory Buster, this tool does exactly as it says, it brute forces web and application servers in order to map the directories and files. This provides useful information to whoever is penetration testing the application.

🧐
Manual Page
Manual Page
Manual Page
Manual Page
Manual Page
Manual Page
Manual Page
Manual Page