Penetration testing on the cheap and not so cheap

Admins charged with assessing network security can choose from solid open source offerings and enterprise-grade tools

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

I've been doing a lot of vulnerability and penetration testing for a customer who wants to see various simulated attacks and possible outcomes. I've been a penetration tester going on 10 years, and it is easily the most enjoyable task I can be asked to perform. Breaking in is fun -- and far easier to pull off when you use one of the many handy vulnerability-testing tools available today.

Overall, breaking in to a company isn't that hard once you know what you're doing. I've yet to find a company with perfect patching or with all the traditional security features from the last 20 years enabled sufficiently. Still, when you're asked to do it on a deadline in a particular way, it can take work. It isn't like the movies where pen testers can guess master passwords in 60 seconds before the bad guys arrive.

That's where vulnerability testing tools come in handy. I've long been a fan of the freeware program Cain & Abel. No tool makes it easier to perform ARP poisoning, password sniffing, man-in-the-middle attacks, or digital certificate spoofing. It doesn't get updated as frequently as many other tools, but what it can do is laudable.

Like any budget-minded pen tester, I love free Metasploit. It comes with hundreds of exploits and payloads, and it is available in a GUI and a command-line version. HD Moore, Metasploit's main original contributor, always garners the largest packed rooms at Las Vegas Black Hat conferences.

When it comes to professional penetration testing, using a professional-grade tool is always a smart choice. They simply do more and work better than free tools. Although there are dozens and dozens of professional testing tools, I've messed with only a handful. One day I need to do a thorough test review again.

Among them is Rapid7's commercial offerings, which boast features and functionality you can't get in the free versions of Metasploit. Immunity Canvas is, and has always been, a top vulnerability testing tool. Dave Aitel, Immunity's founder and hacker extraordinaire, and the DailyDave community will always keep Canvas on the top of every penetration tester's wish list.

To continue reading this article register now

NEW! Download the Winter 2018 issue of Security Smart