What is penetration testing?

Penetration testing (or pentesting) is a simulated cyber attack where professional ethical hackers break into corporate networks to find weaknesses ... before attackers do.

It's like in the movie Sneakers, where hacker-consultants break into your corporate networks to find weaknesses before attackers do. It’s a simulated cyber attack where the pentester or ethical hacker uses the tools and techniques available to malicious hackers. What is  penetration testing ? 11 Best Tools for Penetration Testing

Why you need to do pentesting

Again, pentesting shows you where and how a malicious attacker might exploit your network.This allows you to mitigate any weaknesses before a real attack occurs.

According to recent research from Positive Technologies, pretty much every company has weaknesses that attackers can exploit. In 93% of cases, pentesters were able to breach the network perimeter and access the network. The average amount of time needed to do so was four days. At 71% of the companies, an unskilled hacker would have been able to penetrate the internal network. How to become a penetration tester?

Top pentesting tools

Back in ye olde days of yore, hacking was hard and required a lot of manual bit fiddling. Today, though, a full suite of automated testing tools turn hackers into cyborgs, computer-enhanced humans who can test far more than ever before.

Why use a horse and buggy to cross the country when you can fly in a jet plane? Here's a list of the supersonic tools that make a modern pentester's job faster, better, and smarter.

If you're not using Kali as your base pentesting operating system, you either have bleeding-edge knowledge and a specialized use case or you're doing it wrong. Formerly known as BackTrack Linux and maintained by the good folks at Offensive Security (OffSec, the same folks who run the OSCP certification), Kali is optimized in every way for offensive use as a penetration tester.

While you can run Kali on its own hardware, it's far more common to see pentesters using Kali virtual machines on OS X or Windows.

Kali ships with most of the tools mentioned here and is the default pentesting operating system for most use cases. Be warned, though--Kali is optimized for offense, not defense, and is easily exploited in turn. Don't keep your super-duper extra secret files in your Kali VM. Is 'Brute Force Attack' legal or illegal?

2. nmap

The granddaddy of port scanners, nmap--short for network mapper--is a tried-and-true pen testing tool few can live without. What ports are open? What's running on those ports? This is indispensable information for the pentester during recon phase, and nmap is often the best tool for the job.

Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services(application name and version) those hosts are offering, what operating systems (and OS versions)they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

Despite the occasional hysteria from a non-technical C-suite exec that some unknown party is port scanning the enterprise, nmap by itself is completely legal to use, and is akin to knocking on the front door of everyone in the neighborhood to see if someone is home.

Many legitimate organizations such as insurance agencies, internet cartographers like Shodan and Censys, and risk scorers like BitSight scan the entire IPv4 range regularly with specialized port-scanning software (usually nmap competitors masscan or zmap) to map the public security posture of enterprises both large and small. That said, attackers who mean malice also port scan, so it's something to log for future reference. How does the SQLMap penetration testing tool work?

3. Metasploit

Why exploit when you can meta-sploit? This appropriately named meta-software is like a crossbow: Aim at your target, pick your exploit, select a payload, and fire. Indispensable for most pentesters, metasploit automates vast amounts of previously tedious effort and is truly "the world's most used penetration testing framework," as its website trumpets. An open-source project with commercial support from Rapid7, Metasploit is a must-have for defenders to secure their systems from attackers. What are the best tools for testing IOT devices?

4. Wireshark

Wireshark doo doo doo doo doo doo... now that we've hacked your brain to hum that tune (see how easy that engagement was?), this network protocol analyzer will be more memorable. Wireshark is the ubiquitous tool to understand the traffic passing across your network. While commonly used to drill down into your everyday TCP/IP connection issues, Wireshark supports analysis of hundreds of protocols including real-time analysis and decryption support for many of those protocols. If you're new to pentesting, Wireshark is a must-learn tool.