Penetration Main types of pen testing are Network
Penetration Testing: Comparison Of Open Source Tools
January 26, 2018
Instructor: Professor Edlira Martiri
The aim of this paper is to make a comparison of
different open source tools which are used to conduct an efficient pen testing.
It includes an overview of main open source tools like Nmap, Kali Linux ,
Metasploit Framework and Nmap.
This paper presents their characteristics
pointing out an weighted estimation of advantages and special features they have. The idea is to create a better
understanding why each program is used for and figure out their strong points.
Practical examples are given to have more concrete sight.
Key Words: Open source tools ,Pen testing ,
Nmap, Kali Linux , Metasploit Framework.
Methodology : I have
gathered scientific publications and other information from official websites
,online encyclopedia and asked information from experts. I have reorganized
them filtering the most important and basic information.
Security of any
system in the world depends from its
weakest link .Being aware of it
,monitoring and fixing it is a key duty for system overall wellbeing and
security concerns. But when the topic comes to IT infrastructure, web
application or computer system ,
penetration test is the “man” who does this job.
Governments, private companies, and other national and
international organizations used
installation of defensive layers such as access control ,cryptography ,ips and
firewalls to find and eliminate the vulnerabilities. But with the new
technologies incomings and adoptions this is not enough .
That’s why penetration testing is very important for
accessing the security of more delicate parts of the system, ensuring the
availability of the system and to manage the risks smarter. Pen testing will
not only monitor the security of your
system but protect also your partners ,clients and third parties.
Pen testing Is an
authorized simulated attack in order to exploit vulnerabilities which exist in
OS ,services application flaws ,improper configuration or risky end-user
behavior.1 Methods of conducting pen test are similar with those
used from hostile intruders or other hackers.
Main types of pen testing are Network Penetration Testing , Application Penetration Testing , Website Penetration Testing , Physical
Penetration Testing , Cloud Penetration Testing , Social Engineering.
This paper start with a description of Kali Linux as the core program for penetration testing , to
treat then some of the most popular open source tools like Metasploit,
Wireshark, Nmap. Followed with a general and specific description and analysis
of each of these open source tools.
The first thing you will deal with when starting to google
or ask about security auditing or penetration testing is definitely Kali Linux.
Kali is a linux distribuition ,open source , that is used for deep penetration
testing. Kali linux is free of charge and free to learn and has an wonderful community
It comes with more
than 600 preinstalled penetration testing programs .The most important ones
Armitage is graphical
cyber attack management tool , John the ripper password cracker and Aircrack-ng
that is a software for pen testing wiresless LANs. Kali Linux include also tools like Nmap, Wireshark and
Metasplot Framework and you can launch and use
You can download from their official website tenth of tools
for Information gathering, Vulnerability analysis, Wireless attack web
applications ,Exploitation tools, Stress testing ,Sniffing and spoofing tools,
password attack and hardware hacking .
Kali linux is very powerful to exploit and report Sql
injection ,Cross-site scripting and testing for local file inclusion. Which are
core problems before going further for more advanced examination or pen testing
Kali has got a costum-built kernel that is patched for
wireless injections. It is developed under a secure and safe environment with
only a small number of people allowed to commit packages. Other functional
advantages of kali linux is Fhs compliant that allows user to easily locate
binaries, support files and other
libraries and a very wide range of wireless device support.
I will give below an example for illustrative purposes how
easy is to launch Metasplot framework from kali linux.
First launch Postgre SQl as It is the database of
Metasploit. Run command ss –ant and
check if port is 5432 , now Initialise the Metasploit PostgreSQL Database msfdb
init. After that run msfconsole and veruify database with
msf > db_status, that’s all .
Wireshark is the best and most popular open source packet
analyzer . You can download it for free and it works on linux and windows .
Wireshark is used for network troubleshooting ,examining
security problems and debugging protocol implementation. Wireshark is also a
great learning tool and is very useful for those are writing
Its GUI is easy and very practical and
includes features which make sifting through packets easier. Once the interface
is selected, Wireshark will start capturing all packets arriving and leaving
the selected network interface.
Wireshark is very rich of features .It has the ability of
powerful inspection of hundreds of network protocols and has the ability access
data in different layers.
It captures packet data within great details and so you can
analyze every last bit flowing through a network interface making it go further
than other tools to conceptualize problem.
Another feature is it can capture and
decompress gzip files on the fly. Wireshark
has VoIP features which can analyze voice data and reveal information of
their time , who initiated who started
who stopped and can replay a captured
VoIp call for a select codec .
The Metasploit Framework is an open source
program and sub-project developed by Metasploit LLC. It is used to exploit modules and is a great
penetration testing system.
Metasploit framework is an open source
tool that is used to research security vulnerabilities and also isused to
develop executing exploit code
against target machine that help the one who does it to identify security risks
. Metasploit only executes vulnerabilities you tell it to.
Like other applications there is an agenda how it does the
job. First step is information gathering than we start by scanning
vulnerabilities. After these we start to exploit in depth and at the end we
have post exploitation and reporting.
Before targeting the exploit or payload we need
some extra information of the target operation system or other installed
network applications or services. To do that we can use port scanning and OS fingerprinting.
To obtain them we need the help of programs that scan for vulnerabilities like
nessus or OpenVAS. This process is included into information gathering.
Most used interfaces in Metasploit framework is Msfconsole that is used because of its flexibility,
richness in features and tool supporting. Other used interfaces are Msfcli
,Msfweb and MsfGUI. Their difference is the approach of providing access to the
Here are some important commands:
msfd – Provides an instance of
msfconsole that remote clients can connect to.
msfrpc – Connects to an RPC
instance of Metasploit
msfrpcd – Provides an RPC
interface to Metasploit
msfvenom – Standalone
Metasploit payload generator
msfdb – Manages the Metasploit
Below I am going to illustrate a simple
example of how to use metasploit framework
4-Exploit-run the selected modules .
Msf> -show exploits ,Msf>-show auxiliary, Msf>-show
options,Msf>-show payloads,Msf>-show targets
Nmap (network mapper) is an open source security scanner
tool .It is very helpful for network mapping and port scanning. It can scan a
range of IP addresses and choose which systems are active or not . In
addition it can identify whether the
ports are opened and find the operating system.
Nmap has got rich features for exploring computer networks,
like host discovering and operation-system detection. For example Nmap user
selects a range of ports so it can allow him to see what services the
identified system is running. After that it will examine the system based on
the responses to unusual packets so that it can find what operating system is
used to his target.
The attacker carefully runs a successful series of nmap
scans gathering information on what systems are active and what exploits he
should pay attention.
Another advantage of Nmap is that it can adapt to network
conditions including latency and congestion during a scan.
Nmap operates with Random scan that is when SYN packets are
sent pots at a certain range of values. Which end up with a several packets to
a large number of tcp and udp ports. Or the second type of traffic is called
Exploit plus. It is similar with the random scan but the difference is the
exclusion of the random destination ports in favor of a well known service
Nmap is a very powerful tool as the thing that a hacker
would do after he gains access to your network is reconnaissance, which is performed with a
network scan through the Nmap. All this information is very important for the administrator of the
The latest version of Nmap has 171 new scripts and 20
libraries. Below are some of its most used NSE.
vulnerabilities in firewall which are used from helpers to dynamically open
ports for ftp protocol.
File oracle-brute-stealth- It is used when we
want to initiate an authentication attempts a valid user . In this case the
servers responds with a session key and salt. After they are received the
script will disconnect so that It
doesn’t record other login attempting.
File dns-ip6-arpa-scan-Script for
host discovery-it performs a dns lookup by using a technique which analyzes dns
servers response code. This technique works by adding octet(byte) to a given ip
prefix.If the added octet is correct the server returns no error else returns
that no domain is found.
And File rpc-grind-Fingerprints
the target RPC port to extract the target service, RPC number and version.
As we mentioned pen testing is a very important
process for system security. It is a process in which you use advanced tools
similar with those of a hacker so that you can find vulnerabilities and correct
them before a hacker does the attack, which would be a catastrophic with high
monetary costs sometimes causing system breakdown.
All of above mentioned programs are the most
popular and effective tools to find vulnerabilities, assist risks and
conduct a successful penetration testing. Which means that any system
administrator or interested person In pen testing must learn all of them.
Being open source and free you can download
them and you have access to a wide range
of information and contribute or learn from the community. Their usage
curve in time is solid and very optimistic which imply that these
programs have a strong background and
premises to remain the top open source tools.
Roger A. Grimes is a security consultant and
writer on techtarget.com
Definition by https://www.coresecurity.com/penetration-testing 1