Pentest is done to collect information about our own site or the target site you will infiltrate, to find vulnerabilities. In general, site owners have or have their sites built so that malicious people do not damage their sites. Before malicious people damage their site, it is done to close the vulnerabilities on the site and protect it from malicious people. Pentest is very important for the protection of your website. Since the pentest prices are a bit high, medium and low sized site owners usually prefer to do the pentest themselves.
What are the Pentest (Penetration - Infiltration) Test Types?
In general, Pentest (Peak Test) Types are as follows;
- Web Application Pentest
- Network Pentest
- Mobile Pentest
- Cloud Pentest
- Code Review
- DDoS Pentest
- Wireless Pentest
- Voip Pentest
In general, Web Application Pentest is mostly used. Web Application Pentest is associated with most types of pentests. Web Application Pentest is very important to gather information about the target system.
What are the Pentest Stages?
1- Information Gathering
2- Network Mapping
3- Vulnerability Scan
4- System Infiltration "Running Exploit"
5- Authority Upgrade
6- Penetrate Other Networks
7- Protecting Access
8- Cleaning the Traces
9- Reporting
Now let's move on to which tools are used at these stages and which tool does what.
In general, most programs are used in multiple phases. A program has multiple tasks and features. Therefore, it would be wrong to say that advanced programs are only used there. Because it is used in multiple places. But we can say these for tools that do not have simple features, tools that are produced only to do a job. Many of the information collection tools are examples of these. In general, they are vehicles that do not have many features and are produced for a single purpose.
Information Gathering Tools:
- Whois Informations
- Nslookup
- Dnsenum
- Dnsmap
- Dnsrecon
- Fierce
- Webshag
- TheHarvester
- URLCrayz
- Netcraft
- Centralops
- Dmitry
There are too many tools. There are many other tools out there. You can find them by searching on github. Data collection is also divided into two parts.
Passive Information Gathering:
These are the methods of collecting information without contacting the relevant system and without leaving a trace on the relevant system. Passive Information Collection method is used in security research where confidentiality is important. It will be advantageous to use the Passive Information Collection method in order to prevent your IP address or various information from going to the relevant system during the security research and information collection phase in web environments. With this method, information is collected without communicating with the system.
Active Information Gathering:
Unlike the passive method, it is a method that collects information about the relevant system by interacting with the relevant system. The information that cannot be obtained in passive information collection is tried to be obtained in the Active Information collection method. The more traces left on the system, the better, as it interacts with the relevant system.
To perform an open, vulnerability scan on the target site. This stage is more important than any other stage. You can use a lot of tools at this stage. You can use pre-installed programs on systems such as Kali linux etc. In addition, you can use the programs made by coders from external sites such as github etc. . By using these tools, you can handle all the operations without the need for other tools.
Important Tools Used While Performing Pentest:
**** NMAP: ****
Nmap is an indispensable tool for pentesting. The most important among them is the tool. Many people think that nmap is only used to scan open ports on the target site, but with nmap a stand-alone pentest is done. It has many features in it. You can do anything you want with the scripts in it. You can do a lot of things you can think of with nmap. It is the most important tool among the tools.
Met-asploit:
It is used to penetrate the site from the vulnerabilities found in the target site. We can enter the system from open ports, etc., and do whatever we want on the system. When we find the appropriate exploit for the system, we can easily penetrate the system with the met-asploit tool. It is an indispensable tool when doing pentest on this tool.
Vega:
It is an effective and important tool to scan for exploits on the target site. It can easily detect many vulnerabilities on the site and give us a report. It is an advanced tool with many vulnerability scanning features. It is a more effective tool than other open browsers.
Nessus:
It is a very advanced vulnerability scanning program. It is a very useful tool, especially in the reporting phase. It has many features. According to what we want, we can choose according to which of these features we want to scan. It is one of the important tools used in pentesting.
Maltego:
Maltego is also a very important tool for information gathering. It offers us ip addresses, dns servers, mx servers, e-mails, phone numbers about our target site. It is a essential tool when pentesting. It is not only used for this purpose, it is also used in the field of cyber intelligence. It is a very advanced tool. It has so many features.
I have described the most used tools above. In addition to these, there are many tools (tools). You can find them on the internet, by searching the github site. In addition to these, I present to you some tools that are effective even though they are not as useful as the ones above.
Nikto
Wig
Katana
Sn1per
Yuki
Red-Hawk
D-TECT
Striker
Uniscan
W3af
Joomscan
Wpseku
Golismero
Wpscan
SQLVİ
Golom
These were just a few examples, you can find more. . There are many more software tools. But in general these tools are used. Especially nmap is very important. I recommend that you learn Nmap well. In addition to these, I would like to give you some documents about these tools.
Documentation on Using Nmap:
Nmap Kullanım Kitapçığı
Nmap Kullanım Kitapçığı - Download as a PDF or view online for free
www.slideshare.net
Nmap101 Eğitim Sunumu - Nmap Kullanım Kılavuzu
Nmap101 Eğitim Sunumu - Nmap Kullanım Kılavuzu - Download as a PDF or view online for free
www.slideshare.net
Documentation on Using Met-asploit:
https://www.beyaz.net/tr/guvenlik/makaleler/sizma_testlerinde_****sploit_kullanimi.html"]https://www.beyaz.net/tr/guvenlik/makaleler/sizma_testlerinde_****sploit_kullanimi.html
Örneklerle Metasploit Framework Kullanımı - PDF Free Download"]Örneklerle Metasploit Framework Kullanımı - PDF Free Download
Other Documents:
Nessus Kullanım Kitapçığı
Nessus Kullanım Kitapçığı - Download as a PDF or view online for free
www.slideshare.net
Güvenlik Testlerinde Bilgi Toplama
Güvenlik Testlerinde Bilgi Toplama - Download as a PDF or view online for free
www.slideshare.net
SIZMA TESTLERİNDE BİLGİ TOPLAMA
SIZMA TESTLERİNDE BİLGİ TOPLAMA - Download as a PDF or view online for free
www.slideshare.net
PORT TARAMA ve KEŞİF ÇALIŞMALARI
PORT TARAMA ve KEŞİF ÇALIŞMALARI - Download as a PDF or view online for free
www.slideshare.net
