Sab saum toj 10 Penetration Testing Tools
1. Kali Linux
Kali tsis yog ib qho cuab yeej rau se. Nws yog qhov qhib-qhov kev faib tawm ntawm Linux operating system tsim rau ntaub ntawv kev ruaj ntseg cov hauj lwm xws li kev tshawb fawb kev ruaj ntseg, rov qab engineering, computer forensics, thiab, koj twv nws, kev ntsuam xyuas nkag.
Kali muaj ntau yam cuab yeej ntsuas kev nkag mus, qee qhov koj yuav pom ntawm daim ntawv teev npe no thaum koj nyeem. Cov cuab yeej no tuaj yeem ua tau yuav luag txhua yam koj xav tau thaum nws los txog rau kev ntsuas cwj mem. Koj puas xav ua tiav qhov kev txhaj tshuaj SQL, xa cov nyiaj them poob haujlwm, tawg tus password? Muaj cov cuab yeej rau qhov ntawd.
Nws tau raug hu ua Backtrack ua ntej nws lub npe tam sim no, Kali. Nws yog tam sim no tswj hwm los ntawm Kev Nyab Xeeb Kev Nyab Xeeb uas tso tawm qhov hloov tshiab rau OS ib ntus ntxiv rau cov cuab yeej tshiab, txhim kho kev sib raug zoo, thiab txhawb nqa ntau yam khoom siv.
Ib qho amazing tshaj plaws txog Kali yog qhov ntau ntawm cov platforms uas nws khiav. Koj tuaj yeem khiav Kali ntawm Mobile devices, Docker, ARM, Amazon Web Services, Windows Subsystem rau Linux, Virtual Machine, thiab liab qab hlau.
Ib qho kev coj ua ntawm cov cwj mem testers yog thauj cov raspberry pis nrog Kali vim lawv qhov me me. Qhov no ua rau nws yooj yim rau ntsaws rau hauv lub network ntawm lub hom phiaj lub cev qhov chaw. Txawm li cas los xij, feem ntau tus cwj mem testers siv Kali ntawm VM lossis tus ntiv tes xoo bootable.
Nco ntsoov tias Kali lub neej ntawd kev ruaj ntseg tsis muaj zog, yog li koj yuav tsum tau txhawb nqa nws ua ntej ua lossis khaws txhua yam tsis pub lwm tus paub ntawm nws.
2. Metaploit
Bypassing kev ruaj ntseg ntawm lub hom phiaj system tsis yog ib txwm muab. Cwj mem testers cia siab rau qhov tsis zoo nyob rau hauv lub hom phiaj kev siv thiab tau txais kev nkag los yog tswj. Raws li koj tuaj yeem xav, ntau txhiab qhov tsis zoo tau pom nyob rau ntau lub platforms ntau xyoo. Nws yog tsis yooj yim sua kom paub tag nrho cov vulnerabilities thiab lawv exploits, raws li lawv muaj ntau heev.
Qhov no yog qhov uas Metasploit tuaj rau hauv. Metasploit yog qhov qhib qhov chaw ruaj ntseg tsim los ntawm Rapid 7. Nws yog siv los luam theej duab computer systems, networks, thiab servers rau qhov tsis zoo los siv los yog sau lawv.
Metasploit muaj ntau tshaj li ob txhiab kev siv thoob plaws ntau lub platform, xws li Android, Cisco, Firefox, Java, JavaScript, Linux, NetWare, nodejs, macOS, PHP, Python, R, Ruby, Solaris, Unix, thiab tau kawg, Qhov rai.
Dhau li ntawm kev txheeb xyuas qhov tsis zoo, pentesters kuj tseem siv Metasploit rau kev siv kev txhim kho, xa khoom xa tuaj, sau cov ntaub ntawv, thiab tswj kev nkag mus rau ntawm qhov kev cuam tshuam.
Metasploit txhawb qee qhov Windows thiab Linux operating systems thiab nws yog ib qho ntawm pre-installed apps ntawm Kali.
3. Wireshark
Ua ntej sim hla kev ruaj ntseg ntawm ib qho system, pentesters sim sau cov ntaub ntawv ntau npaum li lawv tuaj yeem ua tau txog lawv lub hom phiaj. Ua qhov no tso cai rau lawv txiav txim siab txog txoj hauv kev zoo tshaj plaws los ntsuas qhov system. Ib qho ntawm cov cuab yeej pentesters siv thaum tus txheej txheem no yog Wireshark.
Wireshark yog lub network raws tu qauv ntsuas siv los ua kom nkag siab txog kev khiav mus los ntawm lub network. Cov kws tshaj lij network feem ntau siv nws los daws teeb meem TCP / IP kev sib txuas teeb meem xws li teeb meem latency, poob pob ntawv, thiab kev ua phem.
Txawm li cas los xij, pentesters siv nws los ntsuam xyuas cov tes hauj lwm rau qhov tsis zoo. Dhau li ntawm kev kawm paub siv lub cuab yeej nws tus kheej, koj kuj yuav tsum paub txog qee lub tswv yim sib txuas lus xws li TCP / IP pawg, nyeem ntawv thiab txhais cov pob ntawv headers, nkag siab txog kev xa mus, chaw nres nkoj xa mus, thiab DHCP ua haujlwm kom siv tau zoo.
Qee qhov ntawm nws qhov tseem ceeb yog:
- Muaj peev xwm txheeb xyuas cov ntaub ntawv loj.
- Kev them nyiaj yug rau kev tsom xam thiab decryption ntawm ntau pua tus txheej txheem.
- Real-time thiab offline tsom xam ntawm tes hauj lwm.
- Muaj zog ntes thiab tso saib cov ntxaij lim dej.
Wireshark muaj nyob rau ntawm Windows, macOS, Linux, Solaris, FreeBSD, NetBSD, thiab ntau lwm lub platform.
Cov ntsiab lus txhawb nqa:
4. Nmap
Pentesters siv Nmap los sau cov ntaub ntawv thiab tshawb xyuas qhov tsis zoo ntawm lub network. Nmap, luv luv rau network mapper, yog qhov chaw nres nkoj scanner siv rau kev tshawb pom network. Nmap tau tsim los luam theej duab loj nrog ntau pua txhiab lub tshuab, nrawm.
Cov kev tshuaj ntsuam no feem ntau tau txais cov ntaub ntawv xws li hom hosts ntawm lub network, cov kev pabcuam (npe daim ntawv thov thiab version) lawv muab, lub npe thiab version ntawm OS tus tswv tab tom khiav, pob ntawv lim thiab firewalls siv, thiab ntau lwm yam ntxwv.
Nws yog los ntawm Nmap scans uas pentesters nrhiav tau tus tswv siv tau. Nmap kuj tso cai rau koj saib xyuas tus tswv tsev thiab kev pabcuam uptime ntawm lub network.
Nmap khiav ntawm cov haujlwm loj xws li Linux, Microsoft Windows, Mac OS X, FreeBSD, OpenBSD, thiab Solaris. Nws kuj tuaj yeem teeb tsa ua ntej ntawm Kali zoo li cov cuab yeej ntsuas kev nkag mus saum toj no.
5. Aircrack-ng
WiFi tes hauj lwm tej zaum yog ib qho ntawm thawj lub tshuab uas koj xav kom koj tuaj yeem hack. Tom qab tag nrho, leej twg yuav tsis xav "dawb" WiFi? Raws li ib tug pentester, koj yuav tsum muaj ib lub cuab tam rau kev ntsuam xyuas WiFi kev ruaj ntseg nyob rau hauv koj cov cuab yeej. Thiab dab tsi zoo dua cov cuab yeej siv dua li Aircrack-ng?
Aircrack-ng yog qhov qhib-qhov cuab yeej pentesters siv los cuam tshuam nrog wireless networks. Nws muaj ib lub suite ntawm cov cuab yeej siv los ntsuas lub wireless network rau qhov tsis zoo.
Tag nrho cov cuab yeej Aircrack-ng yog cov cuab yeej hais kom ua. Qhov no ua rau nws yooj yim rau pentesters los tsim kev cai scripts rau kev siv siab heev. Qee qhov ntawm nws qhov tseem ceeb yog:
- Saib xyuas cov pob ntawv network.
- Tawm tsam ntawm pob ntawv txhaj tshuaj.
- Kev sim WiFi thiab kev muaj peev xwm tsav tsheb.
- Cracking WiFi tes hauj lwm nrog WEP thiab WPA PSK (WPA 1 thiab 2) encryption raws tu qauv.
- Muaj peev xwm ntes thiab xa cov ntaub ntawv pob ntawv rau kev tshuaj xyuas ntxiv los ntawm cov cuab yeej thib peb.
Aircrack-ng ua haujlwm feem ntau ntawm Linux (los nrog Kali) tab sis nws kuj muaj nyob rau ntawm Windows, macOS, FreeBSD, OpenBSD, NetBSD, Solaris, thiab eComStation 2.
6. Sqlmap
Ib qho kev tswj hwm database tsis ruaj ntseg yog kev tawm tsam vector pentesters feem ntau siv los nkag rau hauv qhov system. Databases yog qhov tseem ceeb ntawm cov ntawv thov niaj hnub, uas txhais tau tias lawv nyob txhua qhov chaw. Nws kuj txhais tau hais tias pentesters tuaj yeem nkag mus rau hauv ntau lub tshuab los ntawm DBMSs tsis ruaj ntseg.
Sqlmap yog ib qho cuab yeej SQL txhaj tshuaj uas ua kom muaj kev tshawb nrhiav thiab kev siv SQL txhaj tshuaj tsis haum txhawm rau txhawm rau txhawm rau khaws cov ntaub ntawv. Ua ntej Sqlmap, pentesters khiav SQL txhaj tshuaj manually. Qhov no txhais tau tias kev ua tiav cov txheej txheem yuav tsum tau paub ua ntej.
Tam sim no, txawm tias cov neeg pib tshiab tuaj yeem siv ib qho ntawm rau SQL kev txhaj tshuaj txhawb nqa los ntawm Sqlmap (boolean-raws li qhov muag tsis pom, lub sij hawm-raws li qhov muag tsis pom, yuam kev-raws li, UNION query-based, stacked queries, thiab out-of-band) sim nkag mus rau hauv ib database.
Sqlmap tuaj yeem nqa tawm kev tawm tsam ntawm ntau yam ntawm DBMSs xws li MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, thiab SQLite. Mus saib lub vev xaib kom paub cov npe tag nrho.
Qee qhov ntawm nws cov nta saum toj kawg nkaus suav nrog:
- Ua tiav cov lus txib ntawm OS ntawm lub hom phiaj tshuab, ntawm kev sib txuas tawm ntawm pawg.
- Nkag mus rau hauv qab cov ntaub ntawv system ntawm lub hom phiaj tshuab.
- Nws tuaj yeem paub tus password hash hom, thiab tawg lawv siv phau ntawv txhais lus nres.
- Yuav tsim kom muaj kev sib txuas ntawm lub tshuab tua neeg thiab lub hauv paus OS ntawm database server, tso cai rau nws tso tawm lub davhlau ya nyob twg, kev sib tham Meterpreter, lossis kev sib tham GUI ntawm VNC.
- Kev them nyiaj yug rau cov neeg siv txoj cai nce ntxiv ntawm Metasploit's Meterpreter.
Sqlmap yog tsim nrog Python, uas txhais tau tias nws tuaj yeem khiav ntawm txhua lub platform uas muaj tus neeg txhais lus Python ntsia.
Cov ntsiab lus txhawb nqa:
7. Hydra
Nws yog qhov zoo kawg li qhov tsis muaj zog ntawm cov neeg feem coob tus password. Kev tshuaj xyuas ntawm cov passwords nrov tshaj plaws siv los ntawm cov neeg siv LinkedIn hauv xyoo 2012 tau qhia tias Ntau tshaj 700,000 cov neeg siv tau '123456' raws li lawv cov passwords!
Cov cuab yeej zoo li Hydra ua rau nws yooj yim los xyuas cov passwords tsis muaj zog ntawm online platforms los ntawm kev sim tawg lawv. Hydra yog ib qho kev sib txuas sib txuas sib txuas sib txuas tus password cracker (zoo, uas yog lub ncauj lus) siv los tawg passwords online.
Hydra feem ntau yog siv nrog cov neeg thib peb cov npe khoom siv xws li Crunch thiab Cupp, vim nws tsis tsim cov ntawv teev lus nws tus kheej. Txhawm rau siv Hydra, txhua yam koj yuav tsum tau ua yog qhia lub hom phiaj koj yuav tsum xeem tus cwj mem, hla hauv cov npe, thiab khiav.
Hydra txhawb nqa cov npe ntev ntawm cov platforms thiab network raws tu qauv xws li Cisco auth, Cisco enable, FTP, HTTP(S)-(FORM-GET, FORM-POST, GET, HEAD), HTTP-Proxy, MS-SQL, MySQL, Oracle Mloog, Oracle SID, POP3, PostgreSQL, SMTP, SOCKS5, SSH (v1 thiab v2), Subversion, Telnet, VMware-Auth, VNC, thiab XMPP.
Txawm hais tias Hydra los ua ntej nruab rau ntawm Kali, nws tau raug "sim ua kom huv si ntawm Linux, Windows / Cygwin, Solaris, FreeBSD / OpenBSD, QNX (Blackberry 10) thiab MacOS", raws li nws cov neeg tsim khoom.
8. John The Ripper
Lub npe txawv txawv, John The Ripper yog qhov nrawm, qhib qhov chaw, offline password cracker. Nws muaj ntau tus password crackers thiab tseem cia koj tsim ib qho kev cai cracker.
John The Ripper txhawb ntau lo lus zais hash thiab cipher hom ua rau nws muaj ntau yam cuab yeej. Tus password cracker txhawb CPUs, GPUs, nrog rau FPGAs los ntawm Openwall, tus tsim tawm ntawm tus password cracker.
Txhawm rau siv John The Ripper koj xaiv los ntawm plaub hom sib txawv: lo lus sau hom, hom tawg ib leeg, hom nce ntxiv, thiab hom sab nraud. Txhua hom muaj txoj hauv kev tawg passwords uas ua rau nws haum rau qee qhov xwm txheej. John Lub Ripper tawm tsam feem ntau yog los ntawm brute quab yuam thiab phau ntawv txhais lus tawm tsam.
Txawm hais tias John The Ripper yog qhib qhov chaw, tsis muaj cov neeg ua haujlwm tsim muaj (dawb). Koj tuaj yeem tau txais qhov ntawd los ntawm kev tso npe rau Pro version, uas kuj suav nrog ntau yam xws li kev txhawb nqa rau ntau hom hash.
John The Ripper muaj nyob rau ntawm 15 operating systems (thaum lub sijhawm sau ntawv no) suav nrog macOS, Linux, Windows, thiab txawm tias Android.
9. Pub Suite
Txog tam sim no, peb tau tham txog kev sim tes hauj lwm, databases, WiFi, thiab kev khiav hauj lwm systems, tab sis dab tsi txog lub web apps? Qhov nce ntawm SaaS tau ua rau ntau lub vev xaib apps tau tshwm sim ntau xyoo.
Kev ruaj ntseg ntawm cov apps no tsuas yog ib qho tseem ceeb, yog tias tsis yog ntau dua li lwm lub platforms peb tau tshuaj xyuas, xav txog ntau lub tuam txhab tam sim no tsim cov web apps tsis yog desktop apps.
Thaum nws los txog rau kev ntsuam xyuas cov cuab yeej rau lub vev xaib, Burp Suite yog qhov zoo tshaj plaws nyob rau ntawd. Burp Suite tsis zoo li ib qho ntawm cov cuab yeej ntawm daim ntawv teev npe no, nrog nws cov neeg siv khoom zoo nkauj thiab tus nqi hnyav.
Burp Suite yog lub vev xaib tsis muaj qhov tsis zoo scanner tsim los ntawm Portswigger Web Security los tiv thaiv cov ntawv thov web los ntawm kev tshem tawm qhov tsis zoo thiab qhov tsis zoo. Txawm hais tias nws muaj kev tshaj tawm hauv zej zog dawb, nws tsis muaj qhov loj ntawm nws cov yam ntxwv tseem ceeb.
Burp Suite muaj Pro version thiab kev lag luam version. Cov yam ntxwv ntawm tus kws tshaj lij version tuaj yeem muab faib ua peb pawg; Kev ntsuas kev nkag mus ntawm phau ntawv qhia, qib siab / kev cai automated tawm tsam, thiab automated vulnerability scanning.
Lub tuam txhab version suav nrog tag nrho cov Pro nta thiab qee qhov nta xws li kev sib koom ua ke CI, kev teem sijhawm luam ntawv, kev lag luam thoob plaws kev lag luam. Nws raug nqi ntau ntxiv thiab ntawm $ 6,995, thaum Pro version raug nqi tsuas yog $ 399.
Burp Suite muaj nyob rau ntawm Windows, Linux, thiab macOS.
Cov ntsiab lus txhawb nqa:
10. MobSF
Ntau tshaj 80% ntawm cov neeg nyob hauv lub ntiaj teb niaj hnub no muaj cov smartphones, yog li nws yog ib txoj hauv kev txhim khu kev qha cybercriminals mus tua neeg. Ib qho kev tawm tsam ntau tshaj plaws uas lawv siv yog cov apps uas muaj qhov tsis zoo.
MobSF los yog Mobile Security Framework yog ib qho kev ntsuam xyuas kev ruaj ntseg ntawm lub xov tooj ntawm tes uas tsim los ua kom muaj kev soj ntsuam malware, ntsuas cwj mem, thiab kev soj ntsuam zoo li qub & dynamic ntawm mobile apps.
MobSF tuaj yeem siv los txheeb xyuas Android, iOS, thiab Windows (mobile) app cov ntaub ntawv. Thaum cov ntaub ntawv app raug tshuaj xyuas, MobSF npaj ib daim ntawv qhia txog kev ua haujlwm ntawm lub app, nrog rau kev piav qhia txog cov teeb meem uas tuaj yeem tso cai nkag mus rau cov ntaub ntawv hauv xov tooj ntawm tes tsis raug cai.
MobSF ua ob hom kev tshuaj ntsuam ntawm mobile apps: zoo li qub (rov qab engineering) thiab dynamic. Thaum lub sij hawm soj ntsuam zoo li qub, lub xov tooj ntawm tes yog thawj zaug decompiled. Nws cov ntaub ntawv yog tom qab ntawd muab rho tawm thiab tshuaj xyuas rau qhov muaj peev xwm tsis zoo.
Dynamic tsom xam yog ua los ntawm kev khiav lub app ntawm ib tug emulator los yog ib tug tiag tiag ntaus ntawv thiab tom qab ntawd soj ntsuam nws rau rhiab cov ntaub ntawv nkag mus, tsis zoo thov, thiab hardcoded cov ntsiab lus. MobSF kuj suav nrog Web API fuzzer uas siv los ntawm CappFuzz.
MobSF khiav ntawm Ubuntu / Debian-based Linux, macOS, thiab Windows. Nws kuj tseem muaj cov duab Docker ua ntej.
Hauv Xaus…
Yog tias koj twb tau nruab Kali Linux ua ntej tam sim no, koj yuav tau pom cov cuab yeej feem ntau ntawm cov npe no. Tus so koj tuaj yeem nruab ntawm koj tus kheej). Thaum koj ua tiav kev txhim kho cov cuab yeej koj xav tau, cov kauj ruam tom ntej yog kawm paub siv lawv li cas. Feem ntau ntawm cov cuab yeej siv tau yooj yim zoo nkauj, thiab ua ntej koj paub nws, koj yuav nyob ntawm koj txoj hauv kev los txhim kho koj cov neeg siv khoom ruaj ntseg nrog cov kev txawj tshiab.
