From the course: CompTIA PenTest+ (PT0-002) Cert Prep

Pen testing toolbox

From the course: CompTIA PenTest+ (PT0-002) Cert Prep

Start my 1-month free trial Buy for my team

Pen testing toolbox

- Every pen tester needs a toolbox. And that toolbox is really just a collection of the tools that you'll need in order to carry out your penetration tests. Now, every pen tester's toolbox is different and there's no place you can go to download a single collection that has everything in it. We've focused a lot on Kali Linux only because it's easily available, it's accessible, and it's something that you can use in different ways. You could use it as a boot device or on a boot device. You can use it as a virtual machine. Lots of different ways to implement this, but Kali is not the only game in town. In fact, there are other alternatives to Kali. Some are commercial, some are open source. Everything in Kali we've shown you is open source so you can easily get ahold of it. So let's talk through a little bit about what should be in your basic toolbox. And again, if you have a tool that you prefer to use, then put it in your toolbox and don't use the one that we're going to talk about. The toolbox should change over time. When you find something new you need, you get it, you put it in the toolbox and it's there for later use. Also, we want to kind of categorize the toolbox based on use cases. For the Pen Test exam, you will be asked to identify which tool or tools fit a specific use case. So let's first off, go through these use cases. And a use case is, here's a situation, what tool would apply to that? That would be kind of like in a physical toolbox, if you run up on a situation where there is a Phillips screw that you need to remove, well, what kind of tool do you use for that? A hammer, of course not. That's not going to do it unless you hit it really, really hard. You're going to need a Phillips screwdriver. So the use case would be remove a Phillips screw, you know what tool to choose. That's what we're going to cover here. So the first use case is reconnaissance. You need to conduct reconnaissance. What tool or tools from the list that we're going to cover on the Pen Test exam would best suit that? Well, you could use Nmap, you could use Whois, you could use Nslookup, Theharvester, Shodan, Recon-NG, Censys. Aircrack-NG, Kismet, WiFite. SET, which you'll recall is the Social Engineering Toolkit. Wireshark, Hping, and Metasploit framework. Now you may identify some other tools to go in this reconnaissance use case, but that's just a general grouping of tools that would satisfy this particular use case. Let's move on. What about enumeration? When I need to enumerate my potential targets, I could use Nmap, Nslookup, Wireshark, and Hping. For vulnerability scanning, the tools that most suit or best fit in this category or use case would be Nmap, Nikto, OpenVAS, SQLmap, Nessus, W3AF, OWASP ZAP, and also the Metasploit framework. What about credential attacks? I now know I want to reach out to a target environment and I want to compromise the credentials. If I want to use offline password cracking, then Hashcat, John the Ripper, Cain and Abel, Mimikatz, and Aircrack-NG will do the job for me. If I want to brute force or follow an online approach, I could use SQLmap, Medusa, Hydra, Cane and Abel, Mimikatz, Patator, W3AF, and Aircrack-NG. For persistence, to make sure that once you have exploited a particular target, you want to make sure you can get back in that you have a persistent footprint there. We can use SET, BeEF, SSH, NCAT or NETCAT, Drozer, Powersploit, Empire, and again the trusty Metasploit framework. The configuration compliance use case basically means that we are evaluating a configuration to determine whether it is compliant with some standard or regulation. Those tools that help us ensure this compliance could be Nmap, Nikto, OpenVAS, SQLmap, and Nessus. In order to evade detection, we can use the SET tool, Proxychains, and the Metasploit framework. If we have executables and we want to decompile them to determine what's going on, we could use the immunity debugger, APKX, and the APK studio. If we want to carry out specific digital forensics, the immunity debugger helps us there. If we just want to debug code, we can use OLLYDBG, the immunity debugger again, GDB, WinDBG, and IDA. And lastly in our use case smorgasbord, we have software assurance. For general software assurance, we can use Findsecbugs, SonarQube, and YASCA. If we're interested in fuzzing, Peach and AFL will do that for us. And the last two points that I want to make are SASS and DAST. They're really approaches to implementing these tools that we just covered. SAST refers to Static Application Security Testing and DAST refers to Dynamic Application Security Testing. SAST basically means looking at an executable and seeing what the instructions are inside it, whereas DAST is dynamic. It means interacting with software as it's running, and you can interact, pass data in and get data back out. So you can use the tools we covered for either static or dynamic analysis. So that summarizes what your initial pen testing toolbox should look like based on the uses that you'll need to apply these tools to. Again, your toolbox will change over time. It'll probably grow and you'll tweak it so that it works just the way that you want it. Make sure you've got the tools to do what you need and you'll find that your tests are going to be more efficient and more effective.

Contents