The world’s most scary pentest tools

The world’s most scary pentest tools

Henry Dalziel | Pentesting Tools | April 29, 2013

Mirror, mirror on the wall, which is the most evil pentest tools of them all?

This is a relatively odd post in that it is completely subjective and it’s difficult to define what exactly constitutes an ‘evil penetration testing tool‘, rather, this post is designed to spur debate and hopefully direct more ethical users to these excellent tools.

›› Cast your vote at the bottom of the post!

People that work in information security and information assurance; be they penetration testers, intrusion detection or forensic experts etc, must all use penetration testing tools. These tools are generally almost always used within a Linux Pentesting Distro – which can contain 300 or so tools – as is the case with Kali Linux for example. (Slight tangent – but for a list of our 2013 best pentesting distros click here).

Before we begin our top five baddest pentesting tools, let me just say this, (and all the pro-gun folk out there will love this) – that just as much as a gun is not dangerous, the person is – that old saying is actually very applicable to the way these security tools are used. Guns can be used for defensive protection, e.g. by peacekeepers, or for offensive reasons, e.g. by criminals and same thing applies for hacking tools.

We here at Concise Courses have covered a fair amount about pentesting tools with our 2013 review here, and our top 50 FireFox addons here, but of greater importance, or perhaps interest, has been our Hacker Hotshot interviews of popular and useful pentesting tools used by today’s infosec professionals. These include:

Penetration tool creators we have had on our Hacker Hotshot web show from 2012 – 2013:
Georgia Weidman “Smartphone Penetration Testing Framework” (basically a mobile pentesting toolkit)
Jordan Sissel “Open source log and event management” (not really a ‘hacking tool’ – more of a reference tool post hack
Zoltan Balazs “Zombie Browsers Spiced With Rootkit Extensions” (Fully functional malicious browser extension pack)
Nadeem Douba “Sploitego” Extends the capabilities of Maltego and provides extra functionality from pentester’s perspective.
Ryan Holeman “Passive Bluetooth Monitoring in Scapy” A tool to forge or decode packets of a wide number of protocols
Sergio ‘flacman’ Valderrama “Scylla and 1.0 Alpha” A tool to audit protocols and configs, built over a bruteforce core
Lavakumar Kuppan “IronWASP – Open Source Web Security Testing Platform” A web application tool for vulnerability testing
Andrew Gavin “OpenDLP” An agent, and agentless-based, centrally-managed, massively distributable data loss prevention tool.
Alejandro Caceres “PunkSPIDER” An Open Source, Scalable Distributed Fuzzing Project Targeting the Entire Internet

There are, at the last count, over 1,000 pentesting tools that actually do the job with varying degrees of success. Many of the tools do the same thing whilst others get disbanded or the creator(s) simply don’t have the time to update them (a good example is Ettercap which was not updated for a long time until recently with the latest version of BackTrack/ Kali Linux).

The world’s most scary pentest tools (in no particular order)
We complied this list mostly from the web’s most authoritative billboard charts for pentesting tools: aka SecTools.Org which lists the top 125 security Tools and a variety of other sources.

First on our list is SATAN. Yes, we put SATAN on the list because it deserves our respect due to its’ age (it’s been around since 1995!!) and also because it just sounds damn cool and full of malice.

SATAN actually stands for something! Indeed, God’s number one enemy is actually an abbreviation for: Security Administrator Tool for Analyzing Networks – aka SATAN. This tool was designed to help systems administrators automate the process of testing their systems for known vulnerabilities that hackers could then exploit. Written in Perl SATAN can gather large amounts of general network information, such as which hosts are connected to subnets, what types of machines they are and which services they offer. SATAN is an old man now and it seems hardly used in the industry. According to our research Nessus replaced SATAN. Their logo is top left of the image above, i.e. that black squiggly thing, to the left of SHODAN.

SHODAN is second on our list. No list in our (very humble) opinion would be complete without SHODAN.

SHODAN is basically a search engine that lets the ethical hacker, or nasty person, find specific computers (within networks, or connected to routers, servers, etc.) by deploying a variety of filters. Their homepage describes the tool as being a ‘public port scan directory or a search engine of banners.’ Whereas web search engines, such as Google and Yahoo, are excellent for indexing and categorizing gazillion amounts of data, what if you belong to the minority and only want to find vulnerabilities and exploits? Well – the answer is SHODAN. SHODAN finds specific data on all different types of publicly available data with which a pentester or hacker could use to plan an attack and determine an attack surface.

PunkSPIDER and PunkSCAN might come as a pretty interesting number three on our list but that’s because we think it’s great. We have the creator appearing on our infosec web show Hacker Hotshots next week May 2nd 2013 (hit the same link if you miss the live show – the recording will be on the same url). We have a more in-depth post regarding PunkSPIDER here, but in brief, the project was presented at ShmooCon 2013 and received considerable attention with some voicing disdain. We are the opposite, we think that it is great because to quote the creator: “We’re hoping this project brings a lot of new attention to the poor state of global web application security.” And we agree! Basically for those that don’t know PunkSPIDER is a vulnerability search engine powered by PunkSCAN which can handle tens of thousands of scans every day.

Nmap is fourth. We have blogged pretty extensively on nmap and heck, we even run nmap training so we feel that any conversation about pentest tools simply must include nmap. Yes, yes, yes we know that it featured in the Matrix, Judge Dredd, Bourne Ultimatum, Girl with the Dragon Tattoo, Battle Royale and also Walt Disney’s Seven Dwarfs but it is simply a superb tool. (The bit about Walt Disney is not true). Not much to add on nmap suffice to say that it can clearly be used for good and for bad like everything else in this post.

Metasploit Project is last but not least. The Metasploit Project is actually very similar to Spolitego, OpenDLP, Shodan and PunkSPIDER in that the program can scan for security vulnerabilities. As tools or programs go Metasploit is widely used since it works very well in helping penetration testing and establishing IDS signatures. The Metasploit side project: the Metasploit Framework, is also favored by forensic professionals.

So, which tool is the ‘worst’ – well – the answer is, we don’t know because to answer that would take vast amounts of our time and brain cycles so we thought to leave that to you to decide!

Please vote on the tool that you think could be potentially the most scary when in the wrong hands
We will parse out the results in six months time and declare a winner and send a bouquet of flowers to the creator. Are we missing a tool? Let us know in the comments below. With no disrespect we omitted things like Low Orbit Ion Cannon (LOIC), BackOrifice and Poison Ivy since they are generally just more flat-out bad guy tools or better said have been used by the more nefarious amongst us. This post is a list of pentesting tools that can be put to good AND to bad.

Voting is now closed! However – here is a screenshot of the results as at November 25th 2014

Leave a comment or reply below...thanks!