Top Penetration Testing Tools

What Are Some of the Best Penetration Testing Tools You Should be Using?

Alec Auer, Falanx Cyber, conducts various types of penetration and compliance testing, including web application, internal infrastructure, email phishing, and Cyber Essentials. He has also achieved the Offensive Security Certified Professional (OSCP) qualification and is a CREST Registered Tester. Alec shares some of his top penetration testing tools.

The number of penetration testing tools, both open-source and commercial, is vast. However, over the years I have narrowed them down to the necessary essentials which can be used for almost any penetration test.

Each tool can serve multiple purposes and have a variety of uses; however, they stand out in certain categories and are my first option for penetration tests as a result. While other options are available, these are the ones I’ve personally found effective and easy-to-use.

Port Scanning

The first stage of a penetration test is to determine the attack surface and for this I like to use the Nmap port scanner.

Not only can it perform different port scans, it has an added scripting engine that gives a significant amount of information about open services.

The output of scans is also in several useful formats that can be manipulated and combined with other tools, and since it’s quite popular there are lots of additional plugins that have been developed for increased functionality.

Vulnerability Scanning

To help make penetration tests more time-efficient, a vulnerability scanner is essential. I tend to choose Nessus as it is straightforward to use and has different vulnerability scans for an added level of flexibility, depending on the test.

The scan is quick, provides an easy-to-read output and also has a good coverage of vulnerability plugins. This, plus Nmap, will be my first stage of a penetration test to find some juicy targets ripe for exploitation.

Click to view all articles for the EPIC:
Or click to view the full company profile:
Facebook
Twitter
LinkedIn
Falanx Cyber Security

More articles like this

Falanx Cyber Security

NHS shoring up cyber security amid crisis

The NHS is encouraging hospitals to shore up cyber security and examining its supply chain resilience in the wake of the situation in Ukraine, the head of the service in England has said. The service is

Falanx Cyber Security

Putin could aim cyber attacks at Britain

British firms and public services should brace themselves for cyber attacks as tensions with Russia escalate over a potential invasion of Ukraine. In a stark warning, Home Secretary Priti Patel urged organisations to take ‘pre-emptive measures’

Falanx Cyber Security

Second cyber attack for Gloucester City Council

Local authorities across the UK are being targeted by sophisticated cyber attacks aimed at disrupting their computer systems. News emerged recently that Gloucester City Council has been the victim of an attack for the second time

Falanx Cyber Security

KP Snacks ransomware attack

What has happened?On Wednesday, the company KP Snacks who manufacture well-loved British crisps, sweets and nut-based snack brands, such as Hulu Hoops, Skips, Tyrell’s and McCoy’s revealed its networks had been compromised with ransomware after an

Falanx Cyber Security

Russia’s recent cyber attacks on the Ukraine

The National Cyber Security Centre (NCSC) has issued a warning to companies to bolster their defences in light of Russia’s recent cyber attacks on the Ukraine. Cyber attacks are a very useful offensive tool to use

Falanx Cyber Security

Changes to Cyber Essentials

From 24th January 2022, there is a price change to Cyber Essentials which is the first since the scheme was launched in 2014. It coincides with updates to the Cyber Essentials requirements in what is the

Falanx Cyber Security

Actions to take when the cyber threat is heightened

Balancing cyber risk and defence The threat an organisation faces may vary over time. At any point, there is a need to strike a balance between the current threat, the measures needed to defend against it,

Falanx Cyber Security

UK and Australia announce cyber-security partnership

The UK and Australia have announced a new partnership to tackle cyber-security threats from “malign actors” who seek to use technology to undermine liberal democracies. Britain’s Foreign Secretary Liz Truss met her Australian counterpart Marise Payne

Falanx Cyber Security

The state of cyber security in the UK charity sector

Earlier in 2021, Charity Digital released an episode of our podcast titled ‘Why don’t charities care about cyber security?’. Now, as we approach 2022, we can say firmly that they do. How do we know? Because

Falanx Cyber Security

The Log4j vulnerability and how it affects you

What has happened?A very significant vulnerability in the “Log4j” library was discovered on Friday 10th December. While the name log4j might not mean anything to most people, its code is used in a huge variety of

Falanx Cyber Security

UK Cyber Attacks 2021

It is no surprise that 2021 saw a vast number of cyber attacks targeting UK businesses. Although these attacks used some novel methods, the end goal is usually the same – generate as much income as

Falanx Cyber Security

Cyber attacks on the UK hit new record

A review by the National Cyber Security Centre, part of GCHQ, found that a number of the incidents were linked to hostile states, including Russia and China. Britain’s cyber security agency had to tackle a record

Falanx Cyber Security

Falanx Customer demand has grown significantly

Falanx Group Limited (LON:FLX), the global cyber security and intelligence services** provider, has announced its interim results for the six months ended 30 September 2021.   Highlights for six months to 30 September 2021 Cyber Security division (continuing

Falanx Cyber Security

UK business leaders expect ransomware threat spike in 2022

The majority of business leaders anticipate a rise in cyber-attacks in the coming year. Of those, 61% suggested ransomware in particular will pose a mounting threat. In 2017, a ransomware attack known as WannaCry impacted more