Penetration Testing

Penetration testing (pentesting) or offensive security is performed by the so-called red teams.

A breach and attack simulation (BAS) platform is intended to automate some aspects of penetration testing. These systems are de designed to inject threat indicators on to systems and networks in an effort to trigger other security controls.

It combines red team (attack) and blue team (defense) techniques together with automation to simulate advanced persistent threats and other advanced threat actors when run against your environment. This allows a variety of threats to be replicated and assessed in an environment without as much overhead as a fully staffed purple team.

Common Attacks

You can find a summary of common attacks on this post.

Penetration Testing Methodologies

You can find a list of penetration testing methodologies on this post.

Security Testing Scenario-building Tools

These are tools to create scenarios to test security on them.

This post provides security testing scenario-building tools for the following systems:

• Web application
• DNS
• Active Directory

Web Application Security Testing Scenario Creation

You can find how to create web applications to test on this post.

DNS Security Testing Scenario Creation

You can find how to create DNS Security Testing Scenario on this post.

Active Directory Security Testing Scenario Creation

You can find how to create and Active Directory Security Testing Scenario on this post.

Pentesting Tools

Categories of pentesting tool featured on this post:

• Footprinting
• SQL injection
• Web application
• Credential harvesting
• Social engineering
• Pentesting assessment data

In addition, you can find a list of pentesting tools used on Certified Ethcial Hacker (CEH) iLabs on this post.

Footprinting Tools

You can find a list of tools for footprinting on this post.

SQL Injection Tools

You can find a list of SQL injection tools on this post.

Web Application Pentesting Tools

• Web Application Security Scanners
• Web Application Security Testing Tools
• Web Server Security Scanners
• Web Application Pentesting Frameworks
• HTTP Traffic Interception Tools
• Web Server Attack Tools

Credential Harvesting Tools

You can find tools for credential harvesting on this post.

Social Engineering Pentesting Tools

You can find a list of social engineering pentesting tools on this post.

Pentesting Assessment Data Tools

Offensive security assessment data is the one that is collected during penetration testing.

Nemesis is a centralized data processing platform that ingests, enriches, and performs analytics on offensive security assessment data (i.e., data collected during penetration tests and red team engagements).​​ It is FOSS.

You might also be interested in…

• Introduction to IT Security
• List of Tools featured in CEH iLabs by Hacking Phases

External References

• “Integration results of SHIELD HW/SW modules“, Table 5-1 “Reference list of cybersecurity functional testing tools publicly available”, pp. 22-23; Shield Project, 2018