useful scripts for pen testing

 

In this blog, we will discuss some of the most useful scripts for pen testing and provide detailed explanations on how to use them. *<Custom Script at the end>*

 

1. Nmap

Nmap is a popular network scanner used to identify hosts and services on a network. Nmap uses various techniques to determine what hosts are available on a network, what services those hosts are offering, and what operating systems they are running. Nmap is a versatile tool that can be used for a variety of tasks, such as network inventory, security audits, and vulnerability assessments.

To use Nmap, we need to download and install it on our system. Then we can run the following command to scan a network:

```
nmap <target IP address or network range>
```

This command will scan the target network and generate a report of the hosts and services found.

We can also use Nmap for more advanced tasks, such as OS fingerprinting, port scanning, and service enumeration. For example, to perform OS fingerprinting, we can run the following command:

```
nmap -O <target IP address>
```

This command will use various techniques to determine the operating system running on the target host.

2. Metasploit

Metasploit is a popular exploitation framework used to test the security of systems and networks. Metasploit provides a variety of modules and tools that can be used to identify vulnerabilities and exploit them to gain access to systems and networks.

To use Metasploit, we need to download and install it on our system. Once installed, we can launch the Metasploit console by running the following command:

```
msfconsole
```

This will launch the Metasploit console, where we can browse and search for modules and tools to use in our testing.

Metasploit provides a wide range of modules and tools for various types of testing, such as port scanning, vulnerability scanning, exploit development, and payload generation. For example, to perform a port scan with Metasploit, we can use the following command:

```
msf > use auxiliary/scanner/portscan/tcp
msf auxiliary(tcp) > set RHOSTS <target IP address>
msf auxiliary(tcp) > run
```

This command will scan the target host for open TCP ports and generate a report of the open ports found.

3. Hydra

Hydra is a popular password cracking tool used to perform brute force attacks against password-protected services. Hydra can be used to crack passwords for various types of services, such as SSH, FTP, HTTP, and SMB.

To use Hydra, we need to download and install it on our system. Once installed, we can run the following command to perform a brute force attack against a password-protected service:

```
hydra -l <username> -P <password list> <target IP address> <service>
```

This command will use the specified password list to perform a brute force attack against the specified service on the target host.

Hydra can also be used to perform dictionary attacks, where it tries a list of commonly used passwords against a password-protected service. For example, to perform a dictionary attack against an FTP server, we can use the following command:

```
hydra -l <username> -P /usr/share/wordlists/rockyou.txt ftp://<target IP address>
```

This command will use the Rockyou password list to perform a dictionary attack against the FTP service on the target host.

4. SQLmap
 
SQLmap is a popular SQL injection tool used to test the security of web applications. SQL injection is a common vulnerability in web applications that allows attackers to execute malicious SQL statements and gain access to sensitive data.

To use SQLmap, we need to download and install it on our system. Once installed, we can run the following command to test a web application for SQL injection vulnerabilities:

```
sqlmap -u <target URL> --batch --random-agent --level=5 --risk=3
```

This command will scan the target URL for SQL injection vulnerabilities and generate a report of the vulnerabilities found.

SQLmap provides a variety of options and features to customize the testing process, such as testing for specific types of SQL injection vulnerabilities, dumping data from the database, and executing custom SQL statements.

5. Dirbuster

Dirbuster is a popular tool used to discover hidden files and directories on web servers. Dirbuster uses a wordlist to generate a list of possible files and directories on the target server and tests each one to see if it exists.

To use Dirbuster, we need to download and install it on our system. Once installed, we can run the following command to discover hidden files and directories on a web server:

```
dirbuster -u <target URL> -w <wordlist file> -t <number of threads>
```

This command will use the specified wordlist file to generate a list of possible files and directories on the target server and test each one to see if it exists.

Dirbuster provides a variety of options and features to customize the testing process, such as using different wordlists, specifying file extensions to test, and filtering out false positives.

6. Nikto

Nikto is a popular web server scanner used to identify vulnerabilities and misconfigurations on web servers. Nikto can test for a variety of vulnerabilities, such as outdated software versions, weak passwords, and file disclosure vulnerabilities.

To use Nikto, we need to download and install it on our system. Once installed, we can run the following command to scan a web server for vulnerabilities:

```
nikto -h <target IP address or hostname>
```

This command will scan the target web server for vulnerabilities and generate a report of the vulnerabilities found.

Nikto provides a variety of options and features to customize the testing process, such as testing for specific types of vulnerabilities, scanning multiple web servers at once, and using authentication credentials to test for authenticated vulnerabilities.

7. Custom Scripts

In addition to the tools mentioned above, custom scripts can be created to perform specific testing tasks or automate repetitive tasks. Custom scripts can be written in various programming languages, such as Python, Ruby, and Bash.

For example, a custom script can be written to automate the process of scanning a network with Nmap and then testing each host for vulnerabilities with Metasploit. The script can also generate a report of the vulnerabilities found and save it to a file.

Custom scripts can also be written to automate the process of exploiting vulnerabilities found during testing. For example, a custom script can be written to automate the process of exploiting an SQL injection vulnerability found with SQLmap.

Conclusion

In this blog, we discussed some of the most useful scripts for pen testing and provided detailed explanations on how to use them. We covered network scanning with Nmap, exploitation with Metasploit, password cracking with Hydra, web application testing with SQLmap, hidden file and directory discovery with Dirbuster, and web server scanning with Nikto. We also discussed the importance of custom scripts in pen testing and provided examples of how they can be used to automate testing tasks and exploit vulnerabilities. With the help of these scripts and tools, organizations can identify and remediate vulnerabilities before attackers can exploit them. 

 

 

$Custom script

Custom python script that automates the process of network scanning with Nmap and vulnerability testing with Metasploit.

Before we begin, please make sure that Nmap and Metasploit are installed on your system.

Here's the script:

import os # Define the target network range target_network = "192.168.0.0/24" # Define the name of the output file output_file = "vulnerabilities.txt" # Perform network scanning with Nmap print("Scanning the network with Nmap...") os.system("nmap -sS -O -T4 " + target_network + " -oN nmap_scan.txt") # Parse the Nmap output file to extract the IP addresses of the hosts ip_addresses = [] with open("nmap_scan.txt", "r") as nmap_file: for line in nmap_file: if "Nmap scan report for" in line: ip_address = line.split()[-1] ip_addresses.append(ip_address) # Test each host for vulnerabilities with Metasploit print("Testing each host for vulnerabilities with Metasploit...") with open(output_file, "w") as vuln_file: for ip_address in ip_addresses: # Use Metasploit to scan for vulnerabilities on the host msfconsole_command = "msfconsole -q -x 'use auxiliary/scanner/portscan/tcp; set RHOSTS " + ip_address + "; run; exit'" msfconsole_output = os.popen(msfconsole_command).read() # Parse the Metasploit output to extract the vulnerabilities found vulnerabilities = [] for line in msfconsole_output.split("\n"): if "VULNERABLE" in line: vulnerability = line.split(": ")[1] vulnerabilities.append(vulnerability) # Write the vulnerabilities found to the output file if vulnerabilities: vuln_file.write("Vulnerabilities found on " + ip_address + ":\n") for vulnerability in vulnerabilities: vuln_file.write("- " + vulnerability + "\n") print("Done. Vulnerabilities saved to " + output_file)


Let's go through the code step by step:

1. We start by defining the target network range and the name of the output file.
2. We perform a network scan using Nmap and save the output to a file called "nmap_scan.txt".
3. We parse the Nmap output file to extract the IP addresses of the hosts.
4. We use Metasploit to scan each host for vulnerabilities.
5. We parse the Metasploit output to extract the vulnerabilities found.
6. We write the vulnerabilities found to the output file.
7. We print a message indicating that the script has finished running and the vulnerabilities have been saved to the output file.

To run the script, simply save it as a Python file (e.g., "pen_test_script.py") and run it from the command line using the following command:

python pen_test_script.py


The script will perform the network scan, test each host for vulnerabilities, and save the vulnerabilities found to the output file. You can then review the output file to see the vulnerabilities that were found during the pen test.

n0600d