There are several tools and platforms available that automate pen testing tasks and check your web applications and network pen testing against a given benchmark. Some of them include OpenVas, Nessus, and Acunetix. The famous OS specifically built for pen testing is Kali Linux.
In this section, we will carry out a practical pen testing exercise, where we will use a combination of tools. We will divide this into two main parts. In the first part, we will use automated network scanning tools, and then we will pen test the system manually by using different independent scripts. But first, let's understand the network that we have to pen test.
Setting up our network
For demonstration purposes, we will consider the following network:
- Virtual Machine {VMware}
- Kali Linux {Attacker machine}
- Windows machine {Legitimate network user}
- Metasploitable {Machine with vulnerable services}
- pfSense firewall {Open source firewall}
The following suppositions are...