blog
Pentester Tools to Know & ...
18 June 21

Pentester Tools to Know & When To Use Them: Part 1

Posted byINE
facebooktwitterlinkedin
news-featured

IT and Information Security are highly practical and hands-on fields. As a result, Penetration Testers of all levels should be familiar with the tools needed to be successful in their work. But what exactly are those tools?

In part one of this two part blog series, we’ve compiled a short list of the top tools every Penetration Tester should know, and when to use them.

It is important to note that a thorough penetration test is composed of six crucial phases: Engagement, Information Gathering, Footprinting and Scanning, Vulnerability Assessment, Exploitation, and Reporting. Each step is equally important, and all require the right tools.

Let’s go over the different phases, what they mean, and the necessary tools Penetration Testers need to know in order to perform them.

Engagement
In this initial phase, all the details about the penetration test are established. This includes a sound and targeted proposal to the client, the scope of the engagement, incident handling possibilities, as well as the legal responsibilities of each party involved.

Tools of the trade:

  • No tool necessary for this phase

Information Gathering
The Information Gathering phase is the first, and one of the most important phases, of any successful penetration test.

During this phase, you can search for all sorts of data such as the name and email addresses of the board of directors, investors, managers, employees, etc. This will prove useful if social engineering techniques are involved.

Additionally, it’s important to understand your client’s infrastructure and what data is at risk should an attack on their systems be successful (IP addresses, domains, servers, OS used, DNS information, etc.).

Tools used for gathering intelligence:

  • LinkedIn and other social media channels
  • Crunchbase
  • Whois
  • Client’s site/s


Footprinting & Scanning
The Footprinting & Scanning phase is where you can deepen your knowledge of the in-scope servers and services. For example, footprinting the Operating System of a host will help you determine what type of OS runs on the system while helping you narrow down the potential vulnerabilities to check in the next phases. A scan of live hosts can determine what ports are open on a remote system. Imagine what a malicious hacker can do with that!

Tools used for footprinting and scanning hosts/ports:

  • Nmap
  • FPing

Be sure to stay tuned for part 2 of this blog series!

Need training for your entire team?

Schedule a Demo

Hey! Don’t miss anything - subscribe to our newsletter!

© 2022 INE. All Rights Reserved. All logos, trademarks and registered trademarks are the property of their respective owners.
Terms of servicePrivacy policy
instagram Logofacebook Logotwitter Logolinkedin Logoyoutube Logo