Techniques for Pentesting 2024

Penetration testing, also known as pen testing, is a simulated cyber attack against a computer system, network, or web application to identify and exploit vulnerabilities. The goal of penetration testing is to assess the security posture of the system and uncover weaknesses that could be exploited by attackers.

  1. Reconnaissance (Information Gathering)

Description: 

  • passive (gathering information without interacting with the target); 
  • active (direct interaction with the target).
  • WHOIS: For obtaining domain registration information.
  • Maltego: data mining tool for collecting and connecting information to visualize relationships between entities.
  • theHarvester: tool for gathering emails, subdomains, hosts, employee names, open ports, and more from different public sources like search engines and PGP key servers.

Demonstration:

whois
  1. Scanning and Enumeration
  • Nmap: powerful network scanning tool used to discover hosts and services on a computer network.
  • Nessus: comprehensive vulnerability scanner that identifies security vulnerabilities in systems and applications.
  • OpenVAS: open-source vulnerability scanner and management tool.
nmap
  1. Vulnerability Analysis
  • Metasploit: framework for developing, testing, and executing exploits against a target system.
  • Burp Suite: web vulnerability scanner for identifying issues like SQL injection, cross-site scripting (XSS), and other web application vulnerabilities.
  • Nexpose: vulnerability scanner that helps identify, assess, and manage security vulnerabilities.
Burp Suite
  1. Exploitation
  • Metasploit: provides a wide range of exploits and payloads for different vulnerabilities.
  • Core Impact: penetration testing tool that offers advanced exploits and automated exploitation capabilities.
  • Custom Scripts: Tailored exploits created specifically for unique vulnerabilities discovered during testing.
Metasploit
  1. Post-Exploitation
  • Meterpreter: post-exploitation tool that provides a wide range of capabilities, including file system manipulation, process execution, and network pivoting.
  • Empire: post-exploitation framework for Windows that provides PowerShell and Python agents.
  • Cobalt Strike: adversary simulation tool for advanced post-exploitation and threat emulation.
Meterpreter
  1. Social Engineering
  • Social-Engineer Toolkit (SET): A framework for automating social engineering attacks, including phishing and spear-phishing.
  • Phishing Frameworks: Tools like Gophish for creating and managing phishing campaigns.
  • Custom Scripts: Specific scripts designed for tailored social engineering attacks.
Social Engineer Toolkit (SET)
  1. Password Attacks
  • Hydra: fast and flexible login cracker for various protocols.
  • John the Ripper: popular password cracker that can detect weak passwords.
  • Hashcat: advanced password recovery tool that supports a wide range of hashing algorithms.
hashcat
  1. Web Application Testing
  • Burp Suite: comprehensive tool for testing web application security.
  • OWASP ZAP: open-source web application security scanner.
  • SQLmap: automated tool for detecting and exploiting SQL injection vulnerabilities.
OWASP ZAP
  1. Wireless Network Testing
  • Aircrack-ng: suite of tools for assessing the security of wireless networks.
  • Kismet: network detector, sniffer, and intrusion detection system for wireless networks.
  • Wireshark: network protocol analyzer that can capture and analyze network traffic.
wireshark
  1. Reporting and Documentation
  • Dradis: tool for collaboration and reporting in penetration tests.
  • CherryTree: flexible, hierarchical note-taking and documentation, especially for individual use or smaller projects
  • Faraday: integrated multi-user penetration testing environment for managing the lifecycle of penetration tests.
Cherry tree