Metasploit exploit framework
Released in 2004, Metasploit is another must-have in your toolbox. Essentially a framework for building security tools and the exploits to launch with those tools, Metasploit is the easiest way to verify that a vulnerability identified by Nessus or Wikto is truly a security hole. Metasploit contains a module launcher to customize both the exploit and payload intended for a particular target. If the penetration is successful the tester is provided a shell to interact with the payload on the target system. There are around 350 different modules to choose from covering a wide range of hosts and operating systems. If the Metasploit repository doesn’t already have a canned exploit for the vulnerability in question, you can create one.
The true power of the framework is the ease of creation of new modules. Modules may be exploits, payloads, encoders, and no-ops. You can define an entirely new module or create variations of preexisting modules.
Click for larger view.
A plan of action
Penetration testing is an invaluable process in assessing business risk via IT infrastructure. To make the process cohesive and efficient, however, you must put it in an organized system. I highly recommend using the OSSTMM framework to organize your testing and help you interpret the results. The OSSTMM covers several operational areas and provides templates and valuation of risk for each one.
Once the testing framework is in place you will need a wide range of tools for your toolbox. Vulnerability scanners, protocol analyzers, and wireless tools are but a few of the areas to consider. I have learned to trust the list at Sectools.org to provide most of the tools in my toolbox. Lastly, don't forget about researching the target before the test. Using search engines, you can develop important insight into a target with fairly little effort. The information gained here may save you countless hours testing operating systems and applications that don't exist in the target area.