Top 5 PenTesting Tools - Tips for PenTesters

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

what are the top five tools i get the most mileage out of when performing a pen test it's a great question let's find out starting right now so number one with a bullet is going to be the tried and true everybody's favorite nmap right because nmap helps us understand what the state of affairs are in the environment it can and do that very well if you haven't looked at m out let's take a look at my computer i'll give you a little rundown of it if you just type in nmap if it is installed you'll get a lovely display of all sorts of wonderful options that you can employ and do have their place in a reconnaissance area of performing a pen test a lot of oldies and goodies in there just performing typical connection a type of scanning where is the port open what kind of services can i find there maybe even run a little bit of vulnerability assessment using nmap it's got a lot of functionality in it so i do find it really useful but almost invariably when i start working in a ctf or if i was doing an engagement i would most likely be breaking out nmap right at the front of that that piece of of testing because then i'm going to find out what parts and services are open maybe even some versioning and like i said even get a little mileage out of it when it comes to some vulnerability assessment as well so it's a really great tool and one that i highly recommend you get really familiarized with because of how many options and available things it can do just beyond scanning for ports and services it's a really great tool so check that one out i definitely would have to bring this one in as my number one number two's is going to be an interesting one it's called go buster it's a really great tool it's really fast does a wonderful job of directory fuzzing web applications i find myself working on web apps quite a bit so it is one of my go-to no pun intended tools for fuzzing out those directories that might have some really interesting pieces of information in there let's just take a look at it real quick and see what kind of options we have by just typing go buster there you go you get those wonderful uh available options for yourself to to hang out with some of the things i typically do is run this in the dur mode right as available commands it's got a couple of modes we've got some dns sub domain brute forcing mode obviously some help is is nice to have uh uses v host brute forcing mode so you can see it doesn't just do the one thing it has a couple of options to it this is just typically the one that i use with it the most which is that that directory or file brute forcing option and from there i can feed it word lists and hopefully if i have the right words in those word lists go buster will go after make connections with a web application and see hey does that file or directory exist if it does i'm going to report that back to my guy here and let him know you might want to take a look at that maybe you can find something really interesting and maybe even vulnerable to find your way into the internal workings of this web application so great tool go buster number three on my list is going to be uh well it's gotta have it you gotta love it it is burp suite i'm using the community version but there's also the pro version cost you a little bit of money it's not free by any stretch of the imagination but it's also not super out of the realm of possibilities expensive either so if you can go for that pro version it is worth the squeeze but burp suite community version will also do quite a bit of testing for you so let's take a look at what that looks like here it is i'm running a bit of an older version of it as of the recording of this episode that's because i've got a bit of a workflow going here but i am currently upgrading into the current version as we speak but for my workflow i like to stick with what i know at this point but you can look at things like targets these are the websites that i visited what this is a proxy i connect my web browser to this so i can connect anything that makes connections to the web or the internet and say hey any request that goes out there just grab it first take a look at it so that i can inspect it work with it maybe even modify and manipulate it in some way shape or form and from those modifications and manipulations i might be able to actually get some unauthorized access read files i shouldn't be able to read maybe see things inside of web apis that are going to be sensitive they shouldn't be leaking out into the to the world if you know how to use burp suite it's going to give you a lot of that mileage and again i can just come to things like the proxy area which shows us where that is i work a lot in the history area so i can actually see hey these are the sites and you can see i've been to github and there's api for github and in the bottom screen here if i just scroll this up you'll see the actual request that i made out to that website from here i can move this over to the repeater make manipulation so if i right click send a repeater i can jump over to repeater and start manipulating this information change things like my user agent from mozilla to maybe safari or something different see if i get a different type of response through those manipulations and that's why i really enjoy using burp suite for when i'm working with pen testing as far as a web application goes great tool my next tool is not something that you actually install on your system but it's a resource that's found on the internet it's a great resource so i highly recommend it's called gtfo bins it's found in github so let's take a look at what that looks like and we'll explain a little bit more about it so here's the site and you can see that gtfo bins is a curated list of unix binaries that can be used to bypass local security restrictions and misconfigured systems i typically run here when i'm trying to perform something like privilege escalation attacks i can take a look and see if any of the binaries that have something like suid set or guid which allows me to elevate my privileges while i'm running those those tools maybe i can manipulate that to gain more access to elevate my privileges to a higher level and you'll see that as you work through here you can see that they have something like uh there it is right there sued and it kind of explains that shows you the binaries that have sued permission issues that if you were able to have access to them through sued maybe you'll find yourself with a root shell and you can see it also gives you options like functions of file read abusing sudo uh gaining shell access so if you find yourself in a jail shell maybe i can break out of that shell using the ash command right so a really great repository of different binaries that have security vulnerabilities and how they map to what you can do with them especially when i'm looking for those privilege escalation vectors to get out of where i am currently trying to gain more access in the system i use this a lot so it's a great tool if you are working inside of system hacking or you found yourself inside of a system trying to gain more privilege all right the last tool on my list is going to be python is a great tool you might think oh that's a programming language it is a programming language but it's also a great way to build your own tools or to do things automatically or programmatically to helps increase efficiency and speed let me show you i'm talking about uh python a couple of tools i have here in my tools directory that i've created myself if i just do an ls pipe grip for pi it'll show so a lot of stuff with a dot pi extension which are tools that i've created some of them i'm very proud of are things like picat it's kind of a a network connectivity command system that i built myself so that i could fly under the radar from things like antivirus where net cap might get busted pi cat makes its way through loud and clear and doesn't give me any problems so i like that i also have this one like here this pie intruder this was a sequel injection tool that i looked that i created actually to look for sql injection issues with logins and different pages that might have that as a problem it'll throw a bunch of different types of sql injections at them and see if anything sticks and then alert me to when that occurs a lot of great stuff in here i found python like super helpful not only that but creating my own tools but using it as different types of tools if if i want to i can do python 3 and dash m http.server and i give it a port number and now i can serve up static web pages using python it's a great way to transfer files i can do things like ftp i can do web requests with it tons of great functionality just built into the python standard library and you never know what you're going to be able to do because it's got so much functionality to it so i love having the ability to work with python as that movable an elastic tool that can allow me to do just about anything i need so there you go my top five pen testing tools or at least the tools i get a lot of mileage out of when dealing with things like ctf and pen testing if you like what you saw or you're interested in cyber security training i'd love to see you over at itpro.tv where i have classes on cyber security and even pen testing itself so if you're interested in that you should come on over and check that out until then though have a great day

Info

Channel: ITProTV

Views: 8,915

Rating: 4.9572954 out of 5

Keywords: penetration testing with python, penetration testing tools, penetration testing cyber security, pentest, pentesting tools, pentesting basics, pentesting with python, network pentesting tools, best pentesting tools, pentesting tools 2020, pentesting tools 2021, best pentesting software, best pentest tools, top pentesting tools, top pentest tools 2021, best pentest tools 2021, best penetration testing tools, best penetration testing software, top penetration testing tools

Id: nF_SsbUTROA

Channel Id: undefined

Length: 9min 4sec (544 seconds)

Published: Fri Mar 19 2021