Penetration Testing with Opensource Tools

Penetration Testing with Opensource Tools Wiswat Aswamenakul CITEC Evolution Co., Ltd.

CITEC Evolution Co., Ltd. • Mobile Application Development • Security Consult • Penetration Testing • Incident Response • Secure Application Development

Me • Bsc, Com Eng, Kasetsart University • Master, Digital Forensics, Edith Cowan University • Everything ab0ut s3curity (*0*) • Penetration Tester • Incident Response • Malware Analysis • Blog: http://thaicomsec.citec.us

What is security ?

Hacker Motivation • Money !!!! • Fun (www.zone-h.org)

Glossary • Vulnerability • Exploit

Security Testing Process • Information Gathering • Search Engine • Social Network • Scanning • Service Scanning (Nmap) • Vulnerability Scanning (Openvas & NSE) • Exploitation (Metasploit) • POST Exploitation (John the ripper)

Legal Issue

Nmap • Created by Fyodor • www.nmap.org

Scanning Types • Connect Scan • SYN Scan • Ping Scan • ACK Scan • UDP Scan • Idle Scan • FTP Bounce Scan

Openvas • Vulnerability Scanner • www.openvas.org • Sponsored by Greenbone Networks

Nmap Scripting Engine • Nmap Scripting Engine (NSE) • Bring nmap to level 7 scanning • LUA language

Vulnerability Database • The Open Source Vulnerability Database (www.osvdb.org) • Common Vulnerabilities and Exposures (cve.mitre.org) • Exploits Database (www.exploit-db.com) • National Vulnerability Database (nvd.nist.gov)

Metasploit • Created by HD Moore • Acquired by Rapid7 • www.metasploit.com

msfconsole • msfupdate

John The Ripper • Created by “Alexander Peslyak” (Solar Designer) • www.openwall.com

Web App Audit ?? • Personally not recommend for automated auditing • Assessment Tools • wpscan (http://code.google.com/p/wpscan/) • OWASP Joomla Vulnerability Scanner • Created by Aung Khant From YGN Ethical Hacker Group • Nikto (http://cirt.net/nikto2) • OWASP • My Favorite • Firefox with add-ons • Live HTTP Header • Advanced Cookie Manager • Tamper Data • Python

Backtrack • Backtrack 5 R2 • www.backtrack-linux.org

Web Pentest & Incident Response http://citecclub.org/th/course/PTIR

Q & AThank you

Penetration Testing with Opensource Tools

Penetration Testing with Opensource Tools

Presentation Transcript

Network Penetration Testing

Penetration Testing

Penetration Testing

PENETRATION TESTING

Penetration Testing

Penetration testing Security Analysis and Advanced Tools:

Security Penetration Testing

Penetration Testing Security Analysis and Advanced Tools:

Penetration testing

Penetration Testing

Penetration Testing

Handy Penetration Testing tools

Penetration Testing

Free Hacking Tools for Penetration Testing

Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Training | Edureka

Top 5 Best Web Penetration Testing Tools

Penetration Testing

Penetration Testing

Penetration Testing Consulting

Penetration Testing

Top 10 Penetration Testing Tools Online

Web Application Penetration Testing: Steps, Methods & Tools