Vulnerability Assesment and Penetration Testing
There are hundreds of free security tools available on internet.Here I will try to give a comprehensive list of set of security tools which can serve the complete puropse of Vulnerability Assesment and Penetration Testing.Vulnerability assesment involves finding the known/unknown vulnerabilities in a computer systems or a network.Penetration Testing invloves trying to exploit the vulnerbilities that we have found.So VAPT involves information gathering about the victim,enumeration about users, services and application running on the system,finding out the vulnerabilities in the system,trying to gain root privileges, and breaking into the system, and finally preparation of a detailed report.
1.Information Gathering
Information can be gathered about a victim by finding personal details about the victim such as his date of birth, etc,his favourite food,mother's name etc,Generally a victim can keep his password as date of birth, or even his mothers name.
Most easy way to find information is through social networking sites like facebook,linkedin etc or people search engines like www.pipl.com. Then you can trick a person to make him reveal his personal information(social engineering).
The details about when domain can be registered can be found out using whois. http://www.softpedia.com/get/Network-Tools/Traceroute-Whois-Tools/Whois.shtml
(Whois tool can be found out here).Whois tool tells about the owner of domain(the name in which domain is registered).The date on which domain was registered etc.
NsLookup is a tool which is used for Domain name Server Lookup.NSLookup tool can also be used to find mail servers associated with a particular domain.
2.Enumeration
Enumeration can involve user enumeration(finding out what all users are using a particular service),finding out what all services are running on the system or a network.Finger protocol is generally used to find out which users are logged on to the system.
SMTP enumeration is used to find out the details of the users that use the mailserver to send mails.
3.Scanning
Scanning may include scanning of the system/network to find out open ports.NMap is one tool which does that.Nmap offers features like TCP,UDP Port Scanning etc.Other features also include OS fingerprinting.
4.Finding Vulnerabilities
Vulnerabilities can be found out using tools like Nessus.Nessus used to completely free earlier.Nowadays, the free version gets the feed delayed by 7 days.The cost of acquiring Nessus for a year is around $1200/year.Nessus is strong vulnerability scanner with many plugins which enhance its features.You can also write your own plugin using NASL.Similar function done by Nessus can be performed by Nikto.
Visit the Homepage www.nessus.org for more Information or Download it by Clicking here.
5.Gaining access
After finding vulnerabilities we need to gain access to the system.One of the methods of gaining access to the system is by password cracking.Brutus is one of the tools which helps in password cracking.Other tools are Hydra.Cain and Abel is one of rare only windows based password cracking tool available.There are 3 modes of password cracking.Dictionary Attack,Brute Force Attack,Cryptanalysis Attack.
6.Preparation of Report
After all this done, a report is prepared containing all the details about the vulnerabilities and the penetration tests conducted and report is sent to the stakeholders.
Backtrack is the operating system that is suitable for penetration testing.Metasploit is one of the most popular tools that ships in with backtrack that offers set of tools to do a complete VAPT on a system.
