Key Points
Penetration testing is a manual process, but that doesn't mean that many tasks can't be automated with the right tools. In this article, we'll look at how to use automated penetration testing tools to provide continuous protection in between periodic, manual tests.
TL;DR
Best automated pentesting tools
- Intruder (free trial available)
- Acunetix (custom quote on application)
- Qualys (free trial available)
Best manual pentesting tools
- Kali Linux (open-source)
- Nmap (open-source)
- Metasploit (open-source)
- SQLmap (open-source)
- Burp Suite (free version available)
What is a penetration test?
A penetration test is a simulated attack against your network or systems by a security pro – sometimes known as an ethical hacker – to uncover vulnerabilities in your infrastructure. Their goal is to find out where and how a real hacker might enter and exploit your network, so you can fix any weaknesses before a real attack occurs.
Think of it like a bank hiring someone to try to break into their building and access the vault. If the ‘burglar' succeeds, the bank can see how and where they need to tighten their security controls to prevent a real breach. Insights provided by the penetration test can then be used to tune up their security policies and patch detected vulnerabilities.
Manual vs. automated pentesting
Not all vulnerabilities are created equal, while some can be detected automatically, some need the discerning eye (and mind) of a human to spot. For that reason, penetration tests involve a range of activities, some of which are manual and some of which can be automated.
While penetration testers use a huge variety of tools to speed up their work, one type of tool in particular is designed to automate all of the vulnerabilities that can be discovered easily by machine; these are called “vulnerability scanners”. Often when people go searching for an “automated penetration testing tool” what they are really looking for is a vulnerability scanner that is easy to use and can help them cover the important gap in between annual pen-tests.
A simple example of the difference would be that vulnerability scanning might easily spot that the version of web server you are using has known security weaknesses, simply by looking at the version number and comparing it with lists of known vulnerabilities. While a pen-tester is more likely to find a more complex logic flaw like an online shopping cart that lets you add items and not pay for them.
If you'd like to get a deeper understanding, have a read of this blog post on the differences between vulnerabilities and penetration testing.
Which penetration testing tools do I need?
This depends on what you want to achieve. Typically, we see two scenarios when people are looking for a penetration testing tool: they're either businesses looking to automate their security efforts and get continuous protection, or pen testing professionals looking for specific tools to get their work done faster. As these tools require more expertise, in this article we'll focus first on what you can automate with little or no previous security knowledge.
3 easy-to-use automated pentesting tools
Most companies are unlikely to have the time or expertise to use most professional penetration testing tools, as only the largest companies have penetration testers in-house. But many tasks, like detecting known software flaws, misconfigurations, missing security patches or unintended exposure to the internet, can easily be automated.
These tools are sometimes called automated pentesting tools or online penetration testing tools – but are more often known as vulnerability scanners. They're designed to be easy to use and provide year-round protection in between manual penetration tests.
For more in-depth info about automated penetration testing, read our explainer on the subject. Here are our top tips and recommendations for automated pentesting tools:
Intruder
Intruder continuously monitors your evolving attack surface with proactive vulnerability scans so you can respond faster to new threats. It's designed with simplicity in mind, but runs over 140,000 security checks across your internal and external perimeter infrastructure, including API and application-layer vulnerability checks for OWASP Top 10, XSS, SQL injection, CWE/SANS Top 25, remote code execution, OS command injection, and more. Its CloudBot also runs hourly checks for new IP addresses or hostnames in connected AWS, Google Cloud or Azure accounts.
Intruder also provides continuous penetration testing which assesses your systems for critical vulnerabilities that aren’t detectable by automated scanners. It prioritizes high-impact issues, from simple misconfigurations that could expose your data to complex attack chains that could give hackers control of your systems.
Key features of Intruder
- Vulnerabilities are prioritized by context for a holistic view of all vulnerabilities, saving time and reducing your attack surface
- Its online vulnerability scanner is easy to set up and use, all you need to know is what to scan - infrastructure, web apps or APIs
- It continuously scans your network, kicking off vulnerability scans when it sees a change, an unintentionally exposed service, or an emerging threat
Price
Free 14-day trial, price on website
Acunetix
Acunetix claims to offer the highest XSS and SQL injection rates to provide incredible reach to protect sensitive data. It uses a blend of dynamic application security testing (DAST) and interactive application security testing (IAST) to detect over 7,000 vulnerabilities. These include hard-to-scan places in web applications like password-protected areas and multi-level forms. High levels of automation make prioritizing high-risk areas easier.
Key features of Acunetix
- Scheduling makes it simple to schedule one-time or recurring scans in multiple environments
- High level of automation makes prioritizing high-risk areas easier
- Integrates seamlessly with your development tools and DevSecOps processes
Price
Custom quote on application
Qualys
Known for its broad scanning capabilities and flexibility, Qualys can scan multiple systems from a single console, including cloud environments and your internal network. You can create custom reports that segment and prioritize analytical data, and can be scheduled for more responsive vulnerability management. It can suffer from poor support and lack of integrations.
Key features of Qualys
- Single pane of glass to view all your assets, vulnerabilities, and compliance status
- Constantly updated with latest CVEs so new threats don’t go undetected
- Discovers forgotten devices and helps your internal teams better organize host assets
Price
Free trial available, price on application
5 top manual pentesting tools
When it comes to professional penetration testing, a human tester will use specialist software like network sniffers or password crackers. There are many to consider, but here are our top picks for IT professionals taking their first steps into manual pen testing, including open source tools and paid pen testing tools.
Kali Linux
Kali Linux is an operating system built specifically for penetration testers. It comes bundled with approximately 600 tools for reconnaissance, discovery and exploitation of vulnerabilities, post-exploitation, forensics and more.
Pros
- Pre-installed toolset: Having these tools pre-installed and automatically maintained means pen testers can spend more time focused on their engagements.
- Community and support: Kali Linux has a large community of users and developers, which means there's extensive documentation, tutorials, and forums available for support.
Cons
- Not best for customizing: Can be customized, but is best used out of the box. Installing additional tools can be challenging without corrupting the build, so building your own Linux-based OS is preferable for more advanced users.
Pricing
Free
Nmap
Nmap (short for network mapper), initially released 25 years ago, is the tried and tested penetration testing tool for reconnaissance and network security scanning. Nmap's probes let testers discover hosts and services within computer networks. Once identified, Nmap's scripting engine and version identification capabilities will give testers the ability to map out a network's attack surface, which will then direct exploitation efforts.
Pros
- Fast: It's generally very quick and efficient to run scans with Nmap, including for large networks.
- Highly configurable: Nmap offers extensive configurations and its own scripting engine, so you can tailor it to meet your specific requirements.
- Compatible: Nmap works on all major operating systems, including Windows, Linux, and macOS.
Cons
- No GUI: Nmap is primarily a command line tool. Though there are GUI versions available (Zenmap), it still requires users to read and understand various port scanning flags, and the GUI does not add significant value or ease of use.
Pricing
Free
Metasploit
Metasploit is a platform of penetration testing tools and modules for conducting offensive operations. The framework allows testers to carry out vulnerability scans, search for and launch exploits, and manage compromised systems, including a wide array of post-exploitation helpers.
Pros
- Exploit database: Metasploit provides a vast database of exploits, payloads, and tools for developing and executing exploits.
- Integrations: It integrates well with other tools and can be extended with custom modules and scripts, making it highly flexible.
- Ease of use: It has both a command-line interface and a graphical user interface (Pro version), making it accessible to both beginners and experienced users.
Cons
- Limited documentation: Certain modules or features are not well-documented, which can make it challenging to implement more advanced functionalities.
- Not always up to date: Metasploit's exploit database is not always up to date, so sometimes users must source the latest exploits from elsewhere.
Pricing
- Free version available
- Pro version (price available on request)
SQLmap
SQLmap is a pen testing tool for automatically detecting and exploiting SQL injection vulnerabilities in web applications. It automates away the nitty-gritty complexities and lets testers focus on getting impactful results through the extraction, querying and modification of compromised databases.
Pros
- Find vulnerabilities quickly: SQLmap automates the process of detecting and exploiting SQL injection flaws, which helps users find vulnerabilities quickly.
- Support for multiple databases: It supports a wide range of databases, including MySQL, Oracle, PostgreSQL, Microsoft SQL Server, and more.
- Automated exploitation: SQLmap can automate complex exploitation to extract information from a database which would otherwise require writing custom scripts. For example, extracting a database's contents via a Blind SQL injection weakness.
Cons
- Manual verification required: SQLmap may sometimes produce false positives or miss complex vulnerabilities, requiring manual verification.
- Limited scope: SQLmap's crawling capabilities are limited, and it's best used against an endpoint which already appears vulnerable. As such, it's usually required to chain multiple tools, and use another tool to crawl/spider a site and pass off interesting requests for further scanning.
Pricing
Free
Burp Suite
Burp Suite is an attack proxy and vulnerability scanner used to carry out web application security assessments. Burp allows testers to map out applications, carry out automated scans and identify weaknesses through the interception and replaying of web traffic. Augmenting this is a wide library of free and paid for extensions which can be passively or actively used to help the tester discover vulnerabilities.
Pros
- Automations: Burp Suite's Pro plan offers a range of automations that can detect a wide range of weaknesses.
- Plugins: Users can install a wide range of plugins from the Burp Suite BApp Store to extend its capabilities.
- User-friendly: The tool provides a graphical interface that is easy to navigate.
Cons
- Pay wall: Burp Suite's most useful features are available only on the Professional subscription, which is not free.
Pricing
- Burp Suite Community Edition is free
- Burp Suite Professional subscription starts at $449 for one user
Try Intruder to automate your penetration testing
Some of these tools are virtual Swiss Army knives that run a range of different types of tests, while others are more specialized. Most testers will have several in their armoury, but a vulnerability scanner like Intruder is an ideal place to start. One customer describes it as "convenient but thorough penetration and vulnerability testing wrapped in an affordable package!” Why not try our scanner free for 14 days and put it through its paces? Or get in touch for more information.