Intrusion tests, known as "Penetration Analysis" or "Ethical Hacking", are now a common practice to know the level of security a website has.
These tests assess the type and extent of system and network vulnerabilities in terms of confidentiality and integrity. They check the security of the network and empirically verify the resistance of applications and services to misuse.
The so-called Ethical Hacking tests constitute an evaluation of the security and vulnerability of the web, in which the analyst actually tries to compromise the target machines or networks.
The ethical hacker may use various tools and techniques. Each of these techniques has its own steps, methodology and software used.
Even Google is used by hackers and attackers to perform something called 'Google hacking': by using basic search techniques with advanced operators, it can become a powerful tool to search for vulnerabilities.
Using advanced operators shown in the image, in combination with some specific terms, Google can be used to discover a lot of sensitive information that should not be revealed.
Searching for information with Google is not in itself an 'unethical' action, but using the information or certain vulnerabilities found without the permission of the owner of the page or document for malicious purposes is.
Today we propose a list of 15 useful tools to test the vulnerability of your website.
1. Nmap
Nmap ("Network Mapper") is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X.
2. Wireshark
Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions. Wireshark development thrives thanks to the volunteer contributions of networking experts around the globe and is the continuation of a project started by Gerald Combs in 1998.
3. Metasploit Community edition
Virtual machines full of intentional security vulnerabilities. Exploit at will! Metasploitable is essentially a penetration testing lab in a box created by the Rapid7 Metasploit team.
4. Nikto2
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.
5. John the Ripper
John the Ripper (“JtR”) is one of those indispensable tools. It’s a fast password cracker, available for Windows, and many flavours of Linux. It’s incredibly versatile and can crack pretty well anything you throw at it.
6. ettercap
Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.
7. NexPose Community edition
Rapid7 offers two core vulnerability management products to help you do this: InsightVM and Nexpose.
It's a cloud-based solution, that combines InsightVM and the power of Rapid7’s Insight platform along with the core capabilities of Nexpose to provide a fully available, scalable, and efficient way to collect your vulnerability data, turn it into answers, and minimize your risk.
8. Ncat
Ncat is a feature-packed networking utility which reads and writes data across networks from the command line. Ncat was written for the Nmap Project as a much-improved reimplementation of the venerable Netcat. It uses both TCP and UDP for communication and is designed to be a reliable back-end tool to instantly provide network connectivity to other applications and users. Ncat will not only work with IPv4 and IPv6 but provides the user with a virtually limitless number of potential uses.
9. Kismet
Kismet is a wireless network and device detector, sniffer, wardriving tool, and WIDS (wireless intrusion detection) framework.
Kismet works with Wi-Fi interfaces, Bluetooth interfaces, some SDR (software defined radio) hardware like the RTLSDR, and other specialized capture hardware.
10. w3af
w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.
11. hping
hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn't only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.
12. burpsuite
Burp or Burp Suite is a set of tools used for penetration testing of web applications. It is developed by the company named Portswigger, which is also the alias of its founder Dafydd Stuttard. BurpSuite aims to be an all in one set of tools and its capabilities can be enhanced by installing add-ons that are called BApps.
It is the most popular tool among professional web app security researchers and bug bounty hunters.
13. THC-Hydra
THC Hydra is a free hacking tool licensed under AGPL v3.0, widely used by those who need to brute force crack remote authentication services.
As it supports up to more than 50 protocols, it’s one of the best tools for testing your password security levels in any type of server environment.
It also provides support for most popular operating systems like Windows, Linux, Free BSD, Solaris and OS X.
14. sqlmap
SQLmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection failures and takes over database servers. It comes with a powerful detection engine, many niche features for the latest penetration tester, and a wide range of switches that last from fingerprinting to database data collection, access to the underlying file system, and command execution on the operating system.
15. webscarab
WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and therefore is portable to many platforms. WebScarab has several modes of operation, implemented by various plug-ins. In its most common use, WebScarab functions as an intercepting proxy, allowing the operator to review and modify requests created by the browser before sending them to the server, and to review and modify responses returned by the server before the browser receives them. . WebScarab can intercept both HTTP and HTTPS communications. The operator can also review the conversations (requests and responses) that passed through WebScarab.