A Penetration Test, popularly known as a “Pen Test,” is often performed by a security consultant and simulates the behavior of a real cyber-criminal. According to Comtact Security in 2018, it uncovers the critical security vulnerabilities of your systems, documenting how these vulnerabilities are exploited, as well as providing steps or recommendations on how to remediate the vulnerabilities identified. Based on the level of intrusion provided by the client, the most relevant type of penetration test is used to assess the target system. There are five main types of a penetration test:
- Social Engineering
- Network Penetration Test
- Client-Side Penetration Test
- Web Application Penetration Test
- Wireless Network Penetration Test
A Social Engineering test involves attempting to get confidential or proprietary information by purposely tricking an employee of the corporation to reveal such items. According to the Infosecinstitute in a post in 2019, there are two types of Social Engineering tests:
- Remote Testing. This form of Social Engineering involves tricking an employee into revealing sensitive information through electronic means, which is usually done by launching phishing campaigns. Tools used when conducting this form of Social Engineering includes:
- Maltego - This tool, made by Paterva (www.paterva.com). Maltego is an information-gathering tool that enables you to perform dozens of searches specific to a domain, IP address, or even a person.
- Social Engineer Toolkit (SET) – Written by Dave Kennedy, the founder of TrustedSec, this tool performs advanced attacks such as website cloning for phishing attacks against the human element.
- Physical Testing. In Physical testing, physical means or presence is used to gather sensitive information. Examples of this form of Social Engineering include dumpster diving or Impersonation. Tools used when conducting this form of Social Engineering includes:
- Cameras – Cameras can be a useful tool for social engineers when it is necessary to capture information quickly.
- Lock Picks – Used to get into restricted areas if need be.
- GPS Trackers – Social engineers often want to track targets before or after they leave the office. What stops the target makes on the way to the office can tell a lot about him. Compiling and analyzing this information can help to develop a proper pretext or good questions to use to elicit the right response from the target.
- RFID Card Readers / Cloners – Used to clone access cards for restricted areas.
A network penetration test is the most common type of penetration test. A network pen test aims to discover vulnerabilities and gaps in the network infrastructure. Because a network usually has access points internally and externally, it is necessary to run tests locally at the client site (Internal Pen Test) and remotely from outside of the network (External Pen Test). According to Gupta in 2010, Five tools used in a Network Penetration Test to secure networks are:
- Metasploit - Powered by the PERL platform and supports hundreds of exploits and standard payloads, Metasploit is used to assess and exploit known vulnerabilities on a network.
- Wireshark - This tool is an actual network protocol and a data packet analyzer that analyze the Security weaknesses of the traffic. This data can be collected from:
- IEEE 802.11
- Token Ring
- Frame Relay
The goal of a Client-Side Penetration Test is to pinpoint security threats that emerge locally. For example, there could be a flaw in a software application running on the user’s workstation, which a hacker can easily exploit, a client-side penetration test, would identify this issue. Client-side tests can identify specific cyber-attacks, including:
- Cross-Site Scripting Attacks
- Clickjacking Attacks
- Cors-Origin Resource Sharing (CORS)
- Form Hijacking
- HTML Injection
- Open Redirection
- Malware Infection
According to The Open Web Application Security Project (OWASP), in 2014, a web application penetration test involves an active analysis of web applications for any weaknesses, technical flaws, or vulnerabilities. The Open Web Application Security Project is an international nonprofit organization dedicated to web application security. They regularly update an “OWASP Top 10” report, which outlines the top 10 critical security concerns for web application security. These include:
- Broken Authentication
- Sensitive Data Exposure
- XML External Entities (XXE)
- Broken Access Control
- Security Misconfigurations
- Cross-Site Scripting (XSS)
- Insecure Deserialization
- Using Components with Known Vulnerabilities
- Insufficient Logging & Monitoring
There are several tools used to assess these top 10 critical areas outlined by OWASP. A few examples of such tools are:
- ZAP - A tool designed by OWASP, The Zed Attack Proxy (ZAP), provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
- Burp Proxy - Burp Proxy allows for the intercepting and modifying of all HTTP(S) traffic passing in both directions, to client from server and vice versa.
- SQLMAP - sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
- Wfuzz - Wfuzz is a tool designed for brute-forcing Web Applications. It can find resources not linked (directories, servlets, scripts), brute force GET, and POST parameters for checking different kinds of injections (SQL, XSS, LDAP), brute force Forms parameters (User/Password), Fuzzing.
These penetration tests involve discovering a target’s physical environment to find unauthorized wireless access points with security weaknesses.
- Aircrack - Aircrack is one of the most popular Wi-Fi pen testing tools for cracking both WEP and WPA Wi-Fi passwords. Once it has gathered enough packets, it uses them to try and recover the Wi-Fi password by implementing an optimized FMS attack.
- Reaver - This Wi-Fi hacking tool also uses a brute force attack to crack Wi-Fi passwords for WPA/WPA2 wireless networks.
- Airsnort - Airsnort is a free Wi-Fi pen-testing tool used for cracking Wi-Fi passwords for WEP networks. It works by gathering network packets, examining them, and then using them for composing the encryption key once enough packets obtained.
- Cain & Abel - Cain and Abel are one of the top wireless penetration testing tools for cracking WEP Wi-Fi passwords, particularly for the Windows platform. Apart from cracking passwords, you can also use this Wi-Fi hacking tools to record VoIP conversations, get cache data as well as to get hold of routing protocols for ethical hacking.