Best of Linux

Top 10 tools for Penetration Testing on Linux

Previously, i have written an article which i suggested to learn certain tools a lot if you are in the penetration testing field. Those tools are used mostly by penetration testers, among other tools. Considering Kali Linux has over 600 pre-installed penetration testing tools, which could blow your head up. But, with those tools, each one does not cover for a unique attack, and yet some of the tools are having the same function. The article was TOP 25 BEST KALI LINUX TOOLS The tools listed in that article is a good starter for a beginner penetration tester.

Today, i would like to shorten and pick the top 10 best tools for penetration testing on linux. The consideration of choosing these tools is based on Common Types of Cybersecurity Attacks by Rapid7 and i also include several OWASP Top 10 Application Security Risks 2017. Based OWASP, “Injection flaws” such as SQL injection, OS command injection, and LDAP injection is in the first rank. Below are common types of cybersecurity attacks explained by Rapid7:

  1. Phishing Attacks
  2. SQL Injection Attacks (SQLi)
  3. Cross-Site Scripting (XSS)
  4. Man-in-the-Middle (MITM) Attacks
  5. Malware Attacks
  6. Denial-of-Service Attacks
  7. Brute-Force and Dictionary Attacks

Below are the top 10 tools for penetration testing on linux. Some of these tools ore preinstalled in most penetration testing OS, such Kali Linux. The latter, is installed by using a project on Github.

10. HTTrack

HTTrack is a tool to mirror web page by downloading all resources, directories, images, HTML file to our local storage. HTTrack commonly called website cloner. We can then use the copy of web page to inspect the file or to set fake website for phising attack. HTTrack comes preinstalled under most pentest OS. In terminal Kali Linux you can use HTTrack by typing:

~$ httrack

HTTrack then guide you to input the parameters it needs, like project name, base path, target URL, proxy, etc.

9. Wireshark

Wireshark was originally named Ethereal is foremost network packet analyzer. Wireshark let you sniff or capturing the network traffic, which is very helpful for network analysis, troubleshooting, vulnerable assessment. Wireshark comes with GUI and CLI version (called TShark).

TShark (non-GUI version) capturing network packets

Wireshark (GUI version) capturing network packets on wlan0

8. NMap

NMap (abbreviated from Network Mapper) is the best network auditing tool used for network discovery (host, port, service, OS fingerprinting and vulnerability detection).

NMap scanning service auditing against linuxhint.com using NSE -scripting engine

7.THC Hydra

Hydra is claimed to be the fastest network login info (username, password) cracker. Beside that, hydra supports numerous attack protocols, some of them are: FTP, HTTP(S), HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MySQL,  SNMP, SOCKS5, SSH, Telnet, VMware-Auth, VNC and XMPP.

Hydra comes with three versions, they are: hydra (CLI), hydra-wizard (CLI Wizard), and xhydra (GUI version). The deep insight of explanation on how to using THC Hydra is available on: https://linuxhint.com/crack-web-based-login-page-with-hydra-in-kali-linux/

xhydra (GUI version)

6. Aircrack-NG

Aircrack-ng is a complete network auditing suite to assess wireless network connection. There are four category in aircrack-ng suite, Capturing, Attacking, Testing and Cracking. All aircrack-ng suite tools are CLI (coomand line interface.) below are some of the most used tools:

aircrack-ng    : Cracking WEP, WPA/WPA2-PSK using dictionary attack

airmon-ng                : Activate or deactivate wireless card into monitor mode.

airodump-ng            : Sniff packet on the wireless traffic.

aireplay-ng   : Packet injection, use to DOS attacking the wireless target.

5. OWASP-ZAP

OWASP ZAP (Open Web Application Security Project – Zed Attack Proxy) is all in one Web applications security auditing tool. OWASP ZAP is written in Java and available in cross platform in GUI interactive. OWASP ZAP has so many features, such proxy server, AJAX web crawler, web scanner, and fuzzer. When OWASP ZAP used as proxy server, it then display all the files from traffic and let attacker to manipulate the data from the traffic.

OWASP ZAP run spider and scanning linuxhint.com

OWASP ZAP scanning progress

4. SQLiv and or SQLMap

SQLiv is small tool used to detect and find SQL injection vulnerability on world wide web using search engines dorking. SQLiv is not come preinstalled in your pentest OS. To install SQLiv open terminal and type:

~$ git clone https://github.com/Hadesy2k/sqliv.git
~$ cd sqliv && sudo python2 setup.py -i

To run SQLiv, type:

~$ sqliv -d [SQLi dork] -e [SEARCH ENGINE] -p 100

SQL injection vulnerability found !!!

SQLMap is a free tool to detect and exploit SQL injection vulnerability automatically. Once you find target URL with SQL injection vulnerability it is the time for SQLMap to execute the attack. Below are procedure (steps) to dump the data from exploited SQL in target URL.

1. Acquire databases list

~$ sqlmap -u "[TARGET URL]" --dbs

2. Acquire tables list

~$ sqlmap -u "[TARGET URL]" -D [DATABASE_NAME] --tables

3. Acquire columns list

~$ sqlmap -u "[TARGET URL]" -D [DATABASE_NAME] -T [TABLE_NAME] --columns

4. dump the data

~$ sqlmap -u "[TARGET URL]" -D [DATABASE_NAME] -T [TABLE_NAME] -C [COLUMN_NAME] --dump

SQLMap Injecting the target

SQLMap dump the credential data !!!

3. Fluxion

Fluxion is the best tool for doing Evil Twin Attack, it is free and available in Github. Fluxion works by set up twin access point as target AP, while continuously deauth all connections from or to target AP, fluxion waiting for target to connect into its fake AP, then redirected into portal web page which is asking the target to input the target AP (Wi-Fi) password with reason to continue the access. Once the user input the password, fluxion will does matching the password key and the handshake it captured earlier. If the password matches then the user will be told that he/she will be redirected and continue the internet access, which the actual is fluxion shuts the program and save the target info include the password into log file. Installing fluxion is quiet easy. Run the following command into terminal :

~$ git clone --recursive https://github.com/FluxionNetwork/fluxion.git
~$ cd fluxion

Run fluxion:

~$ ./fluxion.sh

On the first run, fluxion will check for dependency, and installs them automatically. After that go a long with the fluxion wizard instructions.

2. Bettercap

Do you familiar with popular MiTMA tool called Ettercap?. Now, you need to know another tool which does the same but better. It is bettercap. Bettercap does performing MITM attack on wireless network, ARP spoofing, manipulate HTTP(S) and TCP packet in realtime, sniff credentials, defeating SSL/HSTS, HSTS Preloaded.

1. Metasploit

Yet, metasploit is the most powerful tool among others. Metasploit framework has so many module against huge different cross platform, device, or service. Just for brief intro to metasploit framework. Metasploit has mainly four modules:

Exploit

It is the injection method or a way to attack compromised system target

Payload

Payload is what the exploit carry on and run after the exploit was succeed. By using payload the attacker is able to get data by interacting with target system.

Auxiliary

Let’s say auxiliary module is mainly aimed to test, scan or recon to target system. It does not inject payload, nor aimed to gain an access to victim machine.

Encoders

Encoder used when the attacker wanted to sent malicious program or called backdoor, the program is encoded to evade the victim machine protection such firewall or anti virus.

Post

Once the attacker has able to gain access to victim machine, what does he/she do next is installing backdoor to victim machine to get back connect for further action.

Summary

These are the top 10 best tools for penetration testing on linux.

About the author

BIMA FAJAR RAMADHAN

Penetration Tester with Kali Linux. Reach me on Facebook https://www.facebook.com/xbimando