【EPenetrating Specialized Systems (Toolkit 3.0) - FreeBuf Cybersecurity Industry Portal】¶
Penetrating Specialized Systems (Toolkit 3.0) - FreeBuf Cybersecurity Industry Portal¶
💻Collection search tools + analysis🔧¶
Penetration testing is an operation performed by professional security personnel to find vulnerabilities in the system. If a worker wants to do his job well, he must first sharpen his tools. Today I will introduce to you 7 convenient and fast penetration testing tools. Penetration testing is an operation performed by professional security personnel to find vulnerabilities in the system. If a worker wants to do his job well, he must first sharpen his tools. Today I will introduce to you 7 convenient and fast penetration testing tools.
- Metasploit
Metasploit is the first choice for network security professionals and white hat hackers, and many masters publish their knowledge on these platforms. It has a collection of many penetration testing tools, powered by PERL, that can be used to simulate any type of penetration testing required. So the biggest advantage is being able to keep up with evolving changes. Moreover, Metasploit supports customization with only 4 steps, which is very convenient to use.
- Netsparker Security Scanner
It is a web automation application tool used for penetration testing. It can identify what penetration testers need to know and make correct judgments, from SQL injection to cross-site scripting, so it can be used to handle the entire website, including web services and Web application. Moreover, it can scan 1,000 web applications at the same time, and also allows users to customize security scans, which is very powerful and efficient.
3.BeEF
The BeEF tool benefits mobile customers because it can be used to inspect web browsers and combat web attacks. BeEF uses GitHub to find bugs, which explore flaws beyond the boundaries of the web and client systems. Importantly, it is specifically targeted at web browsers, with the ability to view vulnerabilities within the context of a single source.
4.Wireshark
Wireshark is a network protocol and packet analyzer that eliminates security vulnerabilities in real time. It is suitable if you want to analyze the security risks inherent in information and data posted to forms on web-based applications. It can collect real-time data from Bluetooth, Frame Relay, IPsec, Kerberos, IEEE 802.11, any connection based on Ethernet, etc. The best feature is the way the analysis results are generated, and it is easy to understand. Penetration testers can use it for color coding to investigate more deeply and isolate important individual packets.
- John the Ripper
This is a popular password cracking tool and a necessary addition to a penetration tester’s toolkit. It can be used to identify unknown weaknesses in a database by taking a text string sample from a list of complex and popular words found in a traditional dictionary and encrypting it in the same format as the password being generated.
6.w3af
The goal of the w3af penetration testing suite is to find, analyze and exploit any security vulnerabilities that may exist in web-based applications. It contains user agent forgery, custom headers of requests, DNS cache poisoning or DNS spoofing and many other attack types. Using W3AF, parameters and variables can be quickly saved to the session manager file, which means they can be quickly reconfigured and used for other penetration tests on the web application, saving time. And the test results are displayed in graphical and text format, which is also easy to understand.
7.Acunetix Scanner
This automated tool can help complete penetration testing quickly, it can audit complex management reports and issues, handle many network vulnerabilities, and can also contain out-of-band vulnerabilities. It has a high detection rate and covers over 4500 vulnerabilities. In addition, this tool includes AcuSensor technology, manual penetration tools and built-in vulnerability testing to quickly crawl thousands of web pages and can also be run locally or through a cloud solution.
Editor in charge: Hua Xuan