IT and Information Security are highly practical and hands-on fields. As a result, Penetration Testers of all levels should be familiar with the tools needed to be successful in their work. But what exactly are those tools?
In part one of this two part blog series, we’ve compiled a short list of the top tools every Penetration Tester should know, and when to use them.
It is important to note that a thorough penetration test is composed of six crucial phases: Engagement, Information Gathering, Footprinting and Scanning, Vulnerability Assessment, Exploitation, and Reporting. Each step is equally important, and all require the right tools.
Let’s go over the different phases, what they mean, and the necessary tools Penetration Testers need to know in order to perform them.
In this initial phase, all the details about the penetration test are established. This includes a sound and targeted proposal to the client, the scope of the engagement, incident handling possibilities, as well as the legal responsibilities of each party involved.
Tools of the trade:
- No tool necessary for this phase
The Information Gathering phase is the first, and one of the most important phases, of any successful penetration test.
During this phase, you can search for all sorts of data such as the name and email addresses of the board of directors, investors, managers, employees, etc. This will prove useful if social engineering techniques are involved.
Additionally, it’s important to understand your client’s infrastructure and what data is at risk should an attack on their systems be successful (IP addresses, domains, servers, OS used, DNS information, etc.).
Tools used for gathering intelligence:
- LinkedIn and other social media channels
- Client’s site/s
Footprinting & Scanning
The Footprinting & Scanning phase is where you can deepen your knowledge of the in-scope servers and services. For example, footprinting the Operating System of a host will help you determine what type of OS runs on the system while helping you narrow down the potential vulnerabilities to check in the next phases. A scan of live hosts can determine what ports are open on a remote system. Imagine what a malicious hacker can do with that!
Tools used for footprinting and scanning hosts/ports:
Be sure to stay tuned for part 2 of this blog series!