Tools for Penetration Testing

Tools For Your Defenses

At some point the c-Champions will need to provide technical resources to the network engineers and stakeholder managers. This section of the Toolkit provides a listing of various cyber threat hunting tools for the technical analysts within stakeholder organizations. Below are a series of hotlinks and short descriptions of what the website offers.“w3af is an open source web application security scanner which helps developers and penetration testers identify and exploit vulnerabilities in their web applications.” (A. (2016). Andresriancho/w3af. Retrieved December 26, 2016, from“BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.” (B. (2016). Beefproject/beef. Retrieved December 26, 2016, from“Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.” (Burp Suite. (n.d.). Retrieved December 26, 2016, from“Aircrack-ng is a complete suite of tools to assess WiFi network security.  All tools are command line which allows for heavy scripting.” (Aircrack-ng. (n.d.). Retrieved December 26, 2016, from“Mimikatz can extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash, pass-the-ticket or build Golden tickets.” (G. (2016). Gentilkiwi/mimikatz. Retrieved December 26, 2016, from“Ophcrack is a Windows password cracker based on a time-memory trade-off using rainbow tables. This is a new variant of Hellman’s original trade-off, with better performance. It recovers 99.9% of alphanumeric passwords in seconds.” (Ophcrack. (n.d.). Retrieved December 26, 2016, from“With Proxifier you can work through a chain of proxy servers. Connection to a remote host will be performed sequentially from one proxy server to another.” (Proxy Chains. (n.d.). Retrieved December 26, 2016, from“This script will monitor the logs from Responder, loads NTLMv1 and NTLMv2 on the fly and crack them with your instance of Hashcat. Locally.” (S. (2015). Sensepost/autoresponder. Retrieved December 26, 2016, from“The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly.” (T. (2016). Trustedsec/social-engineer-toolkit. Retrieved December 26, 2016, from“SprayWMI is an easy way to get mass shells on systems that support WMI. Much more effective than PSEXEC as it does not leave remnants on a system.” (T. (2015). Trustedsec/spraywmi. Retrieved December 26, 2016, from” Fluxion is a easy to use wifi cracker, to test your own network ” (D. (2016). Deltaxflux/fluxion. Retrieved December 26, 2016, from– Common User Passwords Profiler (CUPP) (M. (2016). Mebus/cupp. Retrieved December 26, 2016, from – Function Identification and Recovery Signature Tool. (V. (2016). Vrtadmin/FIRST. Retrieved December 26, 2016, from– Full range of Pen-testing programs that can be used for various things. (R. (2016). Rapid7/metasploit-framework. Retrieved December 26, 2016, from“CyberChef is a simple, intuitive web app for carrying out all manner of “cyber” operations within a web browser.” (G. (2016). Gchq/CyberChef. Retrieved December 26, 2016, from