In this photo story segment we cover the brief overview of internal security audit tools. These tools are ranging from port scanners to exploit development frameworks, be it web applications or network components, this segment shows you some of the must have tools for a successful security audit.
- 1. Maltego:
Following the well defined hacker cycle, lets start off with Reconnaissance tools. Maltego is a very well known tool for information gathering. The tool comes with Personal reconnaissance and Infrastructural reconnaissance. In the personal reconnaissance a person is able to obtain person’s who’s who from the email address, name or phone number using the search engines. The maltego framework comes in two versions – a commercial version and a community edition. Registration is mandatory for using this tool. In the infrastructural reconnaissance a person can get information related to subdomains and servers of a network. These information are gathered using what we call as transformations in maltego. Various transformation gives results depending on the interaction with the search engine.
- 2. FOCA:
Next to the Maltego framework we come to another important reconnaissance based framework called as the FOCA. The tag – “Fear the Foca” is very apt because it can draw very juicy information from the target. Its called as the Network infrastructure mapping tool. It analyses metadata from various file formats like MS word, PDF etc. It can also enumerate files/folders, softwares used to create the file and also the Operating systems. Now, you know why they say, Fear the FOCA! 😉
- 3. NMAP:
From the reconnaissance phase we move on to Port scanners. The most sought after framework is the NMAP, free and extremely powerful. The tool can be used for Port scans, banner grabbing, service identification, status of ports on the target system. It can also be used to sweep the network on the basis of ranged IP input. Its an open source tool and comes in very handy in the vulnerability assessment by understand the port services and status, and also, by understanding the operating systems on the target.
- 4. Metasploit:
Following this, we move on to the exploitation tools. The most used exploit development framework is the Metasploit framework by Rapid 7. Initially developed as a game it has evolved into one of the most powerful exploit development framework. It allows using custom exploits by using something called as “porting of exploits”. The tool can also be used for generating offsets, writing exploits, penetrating target of any framework like windows, linux, solaris, etc. It has various modules and exploits under each framework. The GUI version of this tool is called as the armitage comes very handy for the beginners. Backdooring executables can be carried out by a module named as msfpayload. This can be used in social engineering and checking the employee awareness regarding security policies and standards.
- 5. Burp suite:
Burp suite is a collection of tools for testing web application security. The toolkit provided includes repeater, sequencer, and proxy server, spider to crawl web sites, comparer and intruder. Each of these has its own specialty in testing of web applications. This tool comes in two editions :- Commercial and Community. The tool allows us to combine our human imagination with state of the art automation to make things easier and fast.
- 6. Nessus:
Initially a free and open source scanner, which was made close-source and is charged reasonably for the tools in its class. It provides a free home feed for strictly home users and is limited. This was designed particularly for UNIX systems, but now its available for windows as well. It mainly checks for presence of default passwords, most commonly used passwords from the dictionary, any forms of mis-configuration, crafty packets within the networks and DoS attacks. Thus this tool comes in very handy for performing an audit and assessing the Vulnerability ratio of the network.
- 7. Social Engineering toolkit:
This tool is in-built present in Backtrack. The tool presents the social engineering attacks in state of art automation. Be it encoding of scripts, binding Trojans to legitimate files, creating fake pages, harvesting credentials this tool is a one stop shop for all these requirements. It has the ability to use metasploit based payloads in the attack making the framework all the more lethal with all professional exploits from the metasploit framework.
- 8. BeEF:
BeEF is a short form for Browser exploitation Framework. It focuses on client side attack vectors and leveraging of browser security to expose the target system in the wild. It implements inter-protocol Communication, Manipulation of FTP commands, XSS viruses including Myspace XSS virus in 2005. Using the web browser as the central point the tool, starts exploiting the system by launching attacks from the central point. The intelligence within BeEF is responsible for launching attacks against the target. It demonstrates the impact of browser vulnerabilities and XSS in real time.
- 9. Nagios
Formerly known as Netsaint, Nagios is a recursive acronym to Nagios Aint Gonna Insist on Sainthood. It is a very famous Industry standard IT network traffic monitoring application. It needs the user to specify the hosts and services that needs to be monitored. It shall report when things go from good to bad or, when things improve on the wire. It acts as an Intrusion detection system by alerting about any forms of security breaches. It enables sharing of reports with the stake holders of the organization.
- 10. W3af – Web application attack and audit framework
This project can be called as a version of metasploit with respect to web application. W3af is used to exploit web applications and it presents information regarding the vulnerabilities and supports in the penetration testing process. Mainly divided in to two parts: core and plugins. Currently its partnered with Rapid7 the team that maintains the Metasploit framework. There is a provision of saving scan reports to text file for later reference. The plugins can be customly written , and the Inter Plugin communication is taken care by the knowledge base.
We have seen TEN most commonly used Security Audit tools in this photostory segment. We have tried to cover tools ranging from reconnaissance to exploitation giving the reader a complete reference to the required security audit tools.