Performing penetration tests is a complex task, it involves a process in which different types of tasks are carried out that identify, in a target infrastructure, the vulnerabilities that could be exploited and the damage that an attacker could cause. In other words, an ethical hacking process is carried out to identify which incidents could occur before they happen and, subsequently, repair or improve the website penetration testing, in such a way that these attacks are prevented.
To carry out a penetration test in a professional way, it is necessary to add to the knowledge of ethical hacking, other fundamental aspects such as: programming, methodologies, documentation, among others. However, these learnings usually come once they know and know how to use many tools that are part of the penetration testing process.
These are, in my opinion, the first tools that you should know, not only to begin to prepare yourself to carry out this task, but to begin to understand it.
In a full penetration testing process, there are instances prior to running this tool, but to get started, it’s probably the best way to start. Some are a network scanning tool that allows you to identify which services are running on a remote device, as well as the identification of active computers, operating systems on the remote computer, existence of filters or firewalls, among others.
In simple words, when a server or device is going to be attacked, the attacker will be able to carry out different attacks depending on the service: it is not the same to damage a web server, a database server or an edge router.