Five Pentest Tools for you

boh

Nmap-behind-31c3

A pentest, short-name for penetration test, is a software attack which looks for security weaknesses in a system. Penetration tests are a component of a full security audit. For example, the Payment Card Industry Data Security Standard requires penetration testing on a regular schedule, and after system changes.

In this article, we will talk about five open source pentest tools, but remember that their use against systems not owned by you could lead to legal troubles. Keep it in mind!

OSWAP ZAP

OSWAP ZAP can help a system administrator find malicious codes embedded in a Web application. This software lets an admin choose between automated and manual scanning. When starting the session for the first time, admin will be asked whether he wants the session to be persisted.

Zenmap

Maybe you already know Nmap, a security scanner used to discover hosts and services on a computer network. Commands given to this program are processed sequentially. This makes more difficult for the administrator to track which commands were erroneously entered in previous steps. Zenmap tries to solve this problem, implementing a GUI, and an interface for saving profiles and creating sets of Nmap commands.

Scapy

Scapy is a tool which permits to interactively decode and inject packets and get answers. Scapy module can also be imported inside a Python program. There are also optional packages for plotting, 3D graphics, WEP encryption and Web application fingerprinting.

BeEF

BeEF (Browser Exploitation Framework) it’s a GUI-based open source tool, which examines how someone could use the Web browser to exploit vulnerabilities. It can hook one or more Web browsers and use them as beachheads for launching further attacks against the system

sqlmap

sqlmap is a CLI software designed for automating the process of detecting and exploiting SQL injection flaws and taking over of database servers. It as full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB and HSQLDB database management systems.

  • Brunelian IT

    nice one. good introduction. Will explore more about these tools. Thanks for sharing

  • [email protected]

    I got paid 104,000 bucks last year by freelancing from my house a­­n­­d I manage that by w­o­r­k­i­n­g in my own time for several hours on daily basis. I used an earning opportunity I was introduced by this website i found online and I am thrilled that i made so much extra income. It’s so newbie-friendly and I’m just so blessed that i found this. Here’s what I do… STATICTAB.COM/astkxim

  • [email protected]

    I was paid $104k in last 12 months by doing an online job a­n­d I did it by wor­king part time f­o­r 3 or sometimes more hrs /day. I used work opportunity I stumbled upon from company that i found online and I am thrilled that i made such great money. It’s so newbie friendly a­­n­­d I’m just so happy that i found it. Here is what i did… http://itreplaceitall­.­com