How To Become A Penetration Tester


Have you ever wondered how hackers manage to get into someone's computer via the internet?  More often than not, they manage it by exploiting a loophole that is already well known, such as poor configuration of the server or a missing security patch.  There are thousands of such loopholes and vulnerabilities, and no shortage of penetration testers, or "ethical hackers", who will use their knowledge of such back doors to test the security of a company's network.  And, naturally, charge thousands of dollars for doing so.

As you might expect, there are also some automatic software tools that emulate the knowledge of the professional pen-tester.  They have a built-in database of scripts that can attempt to execute known loopholes on a selected system.  Using a pen-testing tool is normally just a matter of typing in the IP address of the computer you want to attack, and then waiting a few minutes for the report to appear.

Although most pen-test software is expensive, there are a handful which are free.  Nmap is probably the most well-known, but it's not aimed at non-techies and you need to understand a lot about computers and networks in order to make good use of it. 

On the other hand, Retina is a great tool.  It's simple to use, with a friendly GUI, and runs under Windows.  Just type in an IP address and you're good to go.  The commercial version costs $1200 a year, but the Community edition (which is still excellent, and knows about thousands of exploits) is free.  If you're concerned about the security of your own computers, or you want to check out the system of a friend or colleague, give it a try.

If you can spare a few minutes, watch the video at and you'll get a great intro to Retina.  If you then want to get the software, fill in your details at to get an email with your serial number and the download link.

The installer is a relatively hefty 170 MB, which is too large for VirusTotal to scan, but the local scanner on my PC gives it a clean bill of health, as does Web of Trust.

Note:  While it can be tempting to point a pentest tool at random systems on the internet, you are strongly advised not to do so without permission.  Stick to the computers on your own LAN.  Otherwise you are probably breaking the law.





Please rate this article: 

Your rating: None
Average: 4.2 (6 votes)