Pentest has become "fashionable", since security has become a key factor for systems and is increasingly of concern. For those who do not know the term, it is a test or penetration test, where the computer system to be analyzed is attacked with the intention of finding weak points in security that can be exploited by criminals to enter the system.
We have already talked a lot in this blog about Linux distros specially designed for these tasks such as Kali Linux, Santoku, DEFT, etc., all of them focused on security issues and with endless built-in tools for ethical hackers (although I do not like this term, since hackers are ethical per se, but destructive industries such as Hollywood or the RAE itself have been in charge of "negative" the hacker concept) can perform these tasks.
In this article we will introduce 11 open source projects that can be used for these penetration tests:
- OWASP ZAP: tool to audit web page security.
- Zenmap: a graphical interface for nmap.
- Scapy: an interesting packet grabber or sniffer.
- BeEF: automation of XSS attacks.
- Firefox add-ons: an endless number of addons available for Mozilla Firefox that can help you with these tasks ...
- sqlmap: SQL injection.
- SET (Social-Engineer Toolkit): toolkit for social engineering.
- Kali Linux NetHunter: Kali Linux distribution oriented to mobile devices.
- wireshark: protocol analyzer.
- wa3f: a series of utilities to discover and exploit vulnerabilities.
- metasploit: set of tools to build and use exploits.