SlideShare a Scribd company logo

Automated tools for penetration testing

Download as PPTX, PDF
D
devanshdubey7

Automated tools provide an effective way to perform penetration testing by running pre-designed exploits and tools with little experimentation required. They have robust, tested exploits that produce consistent results and customizable reports. Popular automated tools discussed include Shodan, a search engine for internet-connected devices, and OWASP ZAP, an open source web application security tool that can find vulnerabilities through passive and active scanning.

Technology
1 of 21
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Automated Tools For Penetration Testing Date:17 Feb 2019
whoami • Devansh Dubey • Infosec Enthusiast
Why use Automated Tools • Automated tools are predesigned tools in which we just have to run them. • Automated penetration testing tools provide effective exploit libraries and processes to detect network, as well as application vulnerabilities. • Automated penetration testing tools have robust, high-quality exploits that are tested and proven; the tools are also frequently augmented with additional exploits and ensure consistent results. • One can focus on the process rather than having to experiment with exploits, thus saving time. Further, the professional framework reduces the chances of testing false exploits over a particular application. • Reports are automatically produced and are customizable.
VARIOUS AUTOMATED TOOLS
SHODAN FOR PENTESTERS WHAT IS SHODAN?
SHODAN • SHODAN (https://www.shodan.io/home) is a computer search engine designed by web developer John Matherly • Allows users to search for publicly connected internet devices that have been seen by Shodan • Routers • Servers • Firewalls and other Security Devices • SCADA or other Control Systems… • This data can be searched for by IP/CIDR combo – • Open ports seen by Shodan – Hostname, OS, Geo-Location, etc… • Server Response
HOW SHODAN WORKS • SHODAN interrogates ports and grabs the resulting banners, then indexes the banners (rather than the web content) for searching • Rather than to locate specific content on a particular search term, SHODAN is designed to help the user find specific nodes (desktops, servers, routers, switches, etc.) with specific content in their banners
BASIC OPERATIONS • Search terms are entered into a text box (seen below) • Basic Operations: Login • Create and login using a SHODAN account; or • Login using one of several other options (Google, Twitter, Yahoo, AOL, Facebook, OpenID Login is not required, but country and net filters are not available unless you login • Export requires you to be logged in
SEARCH FILTERS • Basic Operations: Filters • country: filters results by two letter country code • hostname: filters results by specified text in the hostname or domain • net: filter results by a specific IP range or subnet • os: search for specific operating systems • port: narrow the search for specific services
Basic Operations: Country Filter • Filtering by country can be accomplished by clicking on the country map (available from the drop down menu) • Mouse over a country for the number of scanned hosts for a particular country
Basic Operations VERSION:
Basic Operations: Net / OS Filters • The net filter allows you to refine your searches by IP/CIDR notation The OS filter allows you to refine searches by operating system Find „iis-5.0‟ servers in the .edu domain
Basic Operations: Hostname Filter • Search results can be filtered using any portion of a hostname or domain name
OWASP ZAP FOR PENTESTERS • WHAT IS OWASP ZAP?
INTRODUCTION • An easy to use webapp pentest tool • Completely free and open source • OWASP Flagship project • Ideal for beginners • But also used by professionals • Ideal for devs, esp. for automated security tests
OWASP ZAP • The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help to automatically find security vulnerabilities in web applications while developing and testing applications. Its also a great tool for experienced pentesters to use for manual security testing. • https://github.com/zaproxy/zaproxy
Some Statistics • Released September 2010, fork of Paros • V 2.3.1 released May 2014, > 40k downloads • The most active OWASP Project • Highest activity category on Open Hub • 31 active developers • Over 90 translators • Being translated into over 20 languages • Paros code ~ 20% ZAP code ~80%
ZAP Features • Swing based UI for desktop mode • Comprehensive REST(ish) API for daemon mode • Plugin architecture (add-ons) • Online ‘marketplace’ (all free:) • Release, beta and alpha quality add-ons • Traditional and ajax spiders • Passive and active scanning • Highly configurable, eg scan policies • Highly scriptable
Quick Start Attack
Conclusion • ZAP is changing rapidly • Its the most active O/S web appsec security tool • Its great for people new to appsec and also for security pros • If you dont know its capabilities, how can you know you're using the most appropriate tool? • Its a community based tool –so get involved
THANK YOU

More Related Content

What's hot (20)

PPTX
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
Black Duck by Synopsys
 
PPTX
INSECT | Security System Project | 2011
Rainer Arencibia
 
PDF
Secure Application Development in the Age of Continuous Delivery
Black Duck by Synopsys
 
PDF
Is Your Mobile App Secure?
Sam Bowne
 
PPTX
Automating security tests for Continuous Integration
Stephen de Vries
 
PDF
DevSecOps: What Why and How : Blackhat 2019
NotSoSecure Global Services
 
PDF
Security Automation using ZAP
Vaibhav Gupta
 
PPTX
Continuous Security Testing with Devops - OWASP EU 2014
Stephen de Vries
 
PPTX
SecDevOps: The New Black of IT
CloudPassage
 
PDF
BlueHat v18 || Go build a tool - best practices for building a robust & e...
BlueHat Security Conference
 
PPTX
DC612 Day - Hands on Penetration Testing 101
dc612
 
PDF
07182013 Hacking Appliances: Ironic exploits in security products
NCC Group
 
ODP
Zed Attack Proxy (ZAP) Quick Intro - TdT@Cluj #20
Tabăra de Testare
 
PDF
CNIT 129S: Ch 12: Attacking Users: Cross-Site Scripting
Sam Bowne
 
PDF
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Christian Schneider
 
ODP
Automating OWASP ZAP - DevCSecCon talk
Simon Bennetts
 
PPTX
Contain your risk: Deploy secure containers with trust and confidence
Black Duck by Synopsys
 
PDF
The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...
Denim Group
 
PPTX
InSpec - June 2018 at Open28.be
Mandi Walls
 
PDF
Inspec: Turn your compliance, security, and other policy requirements into au...
Kangaroot
 
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
Black Duck by Synopsys
 
INSECT | Security System Project | 2011
Rainer Arencibia
 
Secure Application Development in the Age of Continuous Delivery
Black Duck by Synopsys
 
Is Your Mobile App Secure?
Sam Bowne
 
Automating security tests for Continuous Integration
Stephen de Vries
 
DevSecOps: What Why and How : Blackhat 2019
NotSoSecure Global Services
 
Security Automation using ZAP
Vaibhav Gupta
 
Continuous Security Testing with Devops - OWASP EU 2014
Stephen de Vries
 
SecDevOps: The New Black of IT
CloudPassage
 
BlueHat v18 || Go build a tool - best practices for building a robust & e...
BlueHat Security Conference
 
DC612 Day - Hands on Penetration Testing 101
dc612
 
07182013 Hacking Appliances: Ironic exploits in security products
NCC Group
 
Zed Attack Proxy (ZAP) Quick Intro - TdT@Cluj #20
Tabăra de Testare
 
CNIT 129S: Ch 12: Attacking Users: Cross-Site Scripting
Sam Bowne
 
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Christian Schneider
 
Automating OWASP ZAP - DevCSecCon talk
Simon Bennetts
 
Contain your risk: Deploy secure containers with trust and confidence
Black Duck by Synopsys
 
The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...
Denim Group
 
InSpec - June 2018 at Open28.be
Mandi Walls
 
Inspec: Turn your compliance, security, and other policy requirements into au...
Kangaroot
 

Similar to Automated tools for penetration testing (20)

ODP
2014 ZAP Workshop 1: Getting Started
Simon Bennetts
 
PDF
Zed Attack Proxy (ZAP)
JAINAM KAPADIYA
 
PPTX
Playing with shodan
decode _dev
 
PDF
Null HYD Playing with shodan null
Raghunath G
 
PPTX
Owasp zap
penetration Tester
 
PDF
Owasp modern information gathering
KZA
 
ODP
JavaOne 2014 Security Testing for Developers using OWASP ZAP
Simon Bennetts
 
PPTX
Zed attack proxy [ What is ZAP(Zed Attack Proxy)? ]
raj upadhyay
 
ODP
BlackHat 2014 OWASP ZAP Turbo Talk
Simon Bennetts
 
ODP
OWASP 2013 APPSEC USA Talk - OWASP ZAP
Simon Bennetts
 
PDF
N Different Strategies to Automate OWASP ZAP - Cybersecurity WithTheBest - Oc...
gmaran23
 
PDF
OSINT: Open Source Intelligence - Rohan Braganza
NSConclave
 
PDF
Computer security
Mohamed Abdo
 
PDF
OSINT for Attack and Defense
Andrew McNicol
 
PPTX
Tools and Methods for Effective Reconnaissance: A Comprehensive Report
Boston Institute of Analytics
 
ODP
BSides Manchester 2014 ZAP Advanced Features
Simon Bennetts
 
PPTX
Reconnaissance - For pentesting and user awareness
Leon Teale
 
DOCX
Security tools
Swapnil Srivastav PMP®
 
ODP
OWASP 2014 AppSec EU ZAP Advanced Features
Simon Bennetts
 
PPT
Open source intelligence
balakumaran779
 
2014 ZAP Workshop 1: Getting Started
Simon Bennetts
 
Zed Attack Proxy (ZAP)
JAINAM KAPADIYA
 
Playing with shodan
decode _dev
 
Null HYD Playing with shodan null
Raghunath G
 
Owasp zap
penetration Tester
 
Owasp modern information gathering
KZA
 
JavaOne 2014 Security Testing for Developers using OWASP ZAP
Simon Bennetts
 
Zed attack proxy [ What is ZAP(Zed Attack Proxy)? ]
raj upadhyay
 
BlackHat 2014 OWASP ZAP Turbo Talk
Simon Bennetts
 
OWASP 2013 APPSEC USA Talk - OWASP ZAP
Simon Bennetts
 
N Different Strategies to Automate OWASP ZAP - Cybersecurity WithTheBest - Oc...
gmaran23
 
OSINT: Open Source Intelligence - Rohan Braganza
NSConclave
 
Computer security
Mohamed Abdo
 
OSINT for Attack and Defense
Andrew McNicol
 
Tools and Methods for Effective Reconnaissance: A Comprehensive Report
Boston Institute of Analytics
 
BSides Manchester 2014 ZAP Advanced Features
Simon Bennetts
 
Reconnaissance - For pentesting and user awareness
Leon Teale
 
Security tools
Swapnil Srivastav PMP®
 
OWASP 2014 AppSec EU ZAP Advanced Features
Simon Bennetts
 
Open source intelligence
balakumaran779
 
Ad

Recently uploaded (20)

PDF
The Future of Mobile Is Context-Aware—Are You Ready?
iProgrammer Solutions Private Limited
 
PPTX
AVL ( audio, visuals or led ), technology.
Rajeshwri Panchal
 
PPTX
AI and Robotics for Human Well-being.pptx
JAYMIN SUTHAR
 
PPTX
Farrell_Programming Logic and Design slides_10e_ch02_PowerPoint.pptx
bashnahara11
 
PPTX
IT Runs Better with ThousandEyes AI-driven Assurance
ThousandEyes
 
PDF
State-Dependent Conformal Perception Bounds for Neuro-Symbolic Verification
Ivan Ruchkin
 
PDF
Presentation about Hardware and Software in Computer
snehamodhawadiya
 
PDF
Tea4chat - another LLM Project by Kerem Atam
a0m0rajab1
 
PDF
CIFDAQ's Market Wrap : Bears Back in Control?
CIFDAQ
 
PDF
OFFOFFBOX™ – A New Era for African Film | Startup Presentation
ambaicciwalkerbrian
 
PDF
RAT Builders - How to Catch Them All [DeepSec 2024]
malmoeb
 
PDF
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
PDF
Structs to JSON: How Go Powers REST APIs
Emily Achieng
 
PDF
TrustArc Webinar - Navigating Data Privacy in LATAM: Laws, Trends, and Compli...
TrustArc
 
PDF
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
PDF
Research-Fundamentals-and-Topic-Development.pdf
ayesha butalia
 
PDF
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
 
PPTX
Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...
AndreeaTom
 
PDF
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
 
PDF
introduction to computer hardware and sofeware
chauhanshraddha2007
 
The Future of Mobile Is Context-Aware—Are You Ready?
iProgrammer Solutions Private Limited
 
AVL ( audio, visuals or led ), technology.
Rajeshwri Panchal
 
AI and Robotics for Human Well-being.pptx
JAYMIN SUTHAR
 
Farrell_Programming Logic and Design slides_10e_ch02_PowerPoint.pptx
bashnahara11
 
IT Runs Better with ThousandEyes AI-driven Assurance
ThousandEyes
 
State-Dependent Conformal Perception Bounds for Neuro-Symbolic Verification
Ivan Ruchkin
 
Presentation about Hardware and Software in Computer
snehamodhawadiya
 
Tea4chat - another LLM Project by Kerem Atam
a0m0rajab1
 
CIFDAQ's Market Wrap : Bears Back in Control?
CIFDAQ
 
OFFOFFBOX™ – A New Era for African Film | Startup Presentation
ambaicciwalkerbrian
 
RAT Builders - How to Catch Them All [DeepSec 2024]
malmoeb
 
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
Structs to JSON: How Go Powers REST APIs
Emily Achieng
 
TrustArc Webinar - Navigating Data Privacy in LATAM: Laws, Trends, and Compli...
TrustArc
 
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
Research-Fundamentals-and-Topic-Development.pdf
ayesha butalia
 
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
 
Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...
AndreeaTom
 
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
 
introduction to computer hardware and sofeware
chauhanshraddha2007
 
Ad

Automated tools for penetration testing

  • 1. Automated Tools For Penetration Testing Date:17 Feb 2019
  • 2. whoami • Devansh Dubey • Infosec Enthusiast
  • 3. Why use Automated Tools • Automated tools are predesigned tools in which we just have to run them. • Automated penetration testing tools provide effective exploit libraries and processes to detect network, as well as application vulnerabilities. • Automated penetration testing tools have robust, high-quality exploits that are tested and proven; the tools are also frequently augmented with additional exploits and ensure consistent results. • One can focus on the process rather than having to experiment with exploits, thus saving time. Further, the professional framework reduces the chances of testing false exploits over a particular application. • Reports are automatically produced and are customizable.
  • 6. SHODAN • SHODAN (https://www.shodan.io/home) is a computer search engine designed by web developer John Matherly • Allows users to search for publicly connected internet devices that have been seen by Shodan • Routers • Servers • Firewalls and other Security Devices • SCADA or other Control Systems… • This data can be searched for by IP/CIDR combo – • Open ports seen by Shodan – Hostname, OS, Geo-Location, etc… • Server Response
  • 7. HOW SHODAN WORKS • SHODAN interrogates ports and grabs the resulting banners, then indexes the banners (rather than the web content) for searching • Rather than to locate specific content on a particular search term, SHODAN is designed to help the user find specific nodes (desktops, servers, routers, switches, etc.) with specific content in their banners
  • 8. BASIC OPERATIONS • Search terms are entered into a text box (seen below) • Basic Operations: Login • Create and login using a SHODAN account; or • Login using one of several other options (Google, Twitter, Yahoo, AOL, Facebook, OpenID Login is not required, but country and net filters are not available unless you login • Export requires you to be logged in
  • 9. SEARCH FILTERS • Basic Operations: Filters • country: filters results by two letter country code • hostname: filters results by specified text in the hostname or domain • net: filter results by a specific IP range or subnet • os: search for specific operating systems • port: narrow the search for specific services
  • 10. Basic Operations: Country Filter • Filtering by country can be accomplished by clicking on the country map (available from the drop down menu) • Mouse over a country for the number of scanned hosts for a particular country
  • 12. Basic Operations: Net / OS Filters • The net filter allows you to refine your searches by IP/CIDR notation The OS filter allows you to refine searches by operating system Find „iis-5.0‟ servers in the .edu domain
  • 13. Basic Operations: Hostname Filter • Search results can be filtered using any portion of a hostname or domain name
  • 14. OWASP ZAP FOR PENTESTERS • WHAT IS OWASP ZAP?
  • 15. INTRODUCTION • An easy to use webapp pentest tool • Completely free and open source • OWASP Flagship project • Ideal for beginners • But also used by professionals • Ideal for devs, esp. for automated security tests
  • 16. OWASP ZAP • The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help to automatically find security vulnerabilities in web applications while developing and testing applications. Its also a great tool for experienced pentesters to use for manual security testing. • https://github.com/zaproxy/zaproxy
  • 17. Some Statistics • Released September 2010, fork of Paros • V 2.3.1 released May 2014, > 40k downloads • The most active OWASP Project • Highest activity category on Open Hub • 31 active developers • Over 90 translators • Being translated into over 20 languages • Paros code ~ 20% ZAP code ~80%
  • 18. ZAP Features • Swing based UI for desktop mode • Comprehensive REST(ish) API for daemon mode • Plugin architecture (add-ons) • Online ‘marketplace’ (all free:) • Release, beta and alpha quality add-ons • Traditional and ajax spiders • Passive and active scanning • Highly configurable, eg scan policies • Highly scriptable
  • 20. Conclusion • ZAP is changing rapidly • Its the most active O/S web appsec security tool • Its great for people new to appsec and also for security pros • If you dont know its capabilities, how can you know you're using the most appropriate tool? • Its a community based tool –so get involved