Online tools for the simplest Pentest

Before each system administrator, sooner or later the question arises about the effectiveness of the available network protection tools. How to verify that the firewall is configured securely enough? Do I need a streaming antivirus and does the IPS work? Is the mail secure? As a rule, to solve such questions, it is suggested to perform a Penetration Test. However, it is either too expensive or too difficult (if done by oneself), and such a deep analysis is not always needed. Fortunately, there are online resources that allow you to carry out basic checks of your protection (mainly the firewall and anti-virus protection). Of course, this cannot replace a full-fledged PenTest, but it gives an idea of ​​how protected your network is from the simplest and at the same time the most common types of attacks.

If you are interested in this topic, then welcome under the cat ...

Check Point CheckMe - Instant Security Check
I would like to start a review with a tool that makes a comprehensive analysis of the security level of your firewall (be it UTM or NGFW). This is Check Point CheckMe .
')
This service includes a series of tests that checks your computer and network for vulnerability from ransomware, phishing, zero-day attacks, bot networks, code injection, the use of anonymizers and data leakage.


How does CheckMe work?

1. Follow the link .
2. Run a scan in your browser.
3. Your browser will exchange data with the CheckMe service to analyze the security of your network (without any real risk to your network)

Sample page with the results of the network check


By clicking on the “GET FULL REPORT” button at the bottom, you will receive a detailed report with the results and correction guidance to your email (will be sent from “CheckMe@checkpoint.com” with the subject “CheckMe Report”)

What are the threats checked?
CheckMe simulates various scenarios that could be the starting point for the following attack vectors:

1. Extortion software is malicious software that encrypts user files and requires a ransom for their decryption.
2. Identity Theft / Phishing Attacks - stealing personal information using fake websites that look like real ones.
3. Zero-day attacks - uses the element of surprise and uses a hole in the software that is unknown to the developer.
4. Bots - perform malicious attacks that allow attackers to gain complete control over the infected computer.
5. Attack on the browser - the introduction of a malicious script on websites to steal the cookies of the victims in order to impersonate themselves.
6. Anonymous web surfing - allows users to hide their network activity. It can open gaps in the organization’s network.
7. Data leakage - the transfer of secret or confidential information outside the organization’s network through theft or accidental exposure.

Test description

1) Threat - software for extortion

This test downloads a virus test file (EICAR-Test-File) through your network.

Txt file
Txt file over https connection
Bz2 file
Zip file

2) Threat - Identity Theft / Phishing Attacks

This test generates connections to phishing and malicious sites through your network.
A successful connection attempt indicates that you could be a victim of a phishing attack and your personal information could be stolen.

CheckMe simulates this test by downloading the favicon.ico file from the following sites:

Site 1
Site 2

3) Threat - zero day attacks

This test downloads files in various formats, which are often used in zero-day attacks.

CheckMe simulates this test by downloading the following files:

File 1
File 2
File 3

4) Threat - Attack on the browser

This test checks the protection of your network against Cross-Site Scripting (XSS), SQL injection and command injection.

CheckMe simulates this test by connecting to the following test sites:

Site 1
Site 2
Site 3

5) Threat - Bot Infection

This test simulates bot activity through the well-known Command and Control protocol.
CheckMe simulates this test by placing the line:
creditcard = 1234 & expyear = 2017 & ccv = 123 & pin = 1234
on
www.cpcheckme.com/check/testsAssets/post.html

6) Threat - Use of anonymizers

This test checks the ability to connect to sites anonymizers through your network.
CheckMe simulates connections by trying to access www.hidemyass.com

7) Threat - Leakage of confidential data

This test generates structured traffic, test credit card numbers (via HTTP and HTTPS) on public sites through your network.

All tests are safe and do not pose any risk to user devices and the network!
The administrator can see security alerts that notify test simulations.

Test from fortinet

It will also be interesting to check, which provides Fortinet. The test is not as complex and in a general sense, it checks various ways of delivering a test virus (eicar). The possibility of downloading the eicar file in open form, in the form of archives of various degrees of nesting (archive in the archive - up to 10 degrees of nesting) is checked. There are several types of archives: zip, rar, tar, cab, 7zip. There is also a password-protected archive. By the results you can see with what type of threats your systems fail.

Run the Fortinet test

HTTPS archived Eicar

Almost most antivirus tests use the Eicar file. Therefore, you can not access third-party services (many do not trust vendor tests) and use the eicar.org site directly .

Here we can also download a test file and the following options are possible:



As you can see, there is an eicar file in open form, in the form of an archive. A distinctive feature is the ability to download a file via the https protocol. Those. if your firewall (whether Cisco, CheckPoint, Fortinet and any other) is not configured to https inspection, then the file will be downloaded without any problems. It will probably be blocked by the operating system (at least in Winodws 10), but this is already a serious “bell” because Most modern resources have long since switched to https, which means that without an https inspection, your security tools simply do not see anything and will pass viruses like water through a sieve.

Online sandboxes (sandbox)

I will not consider in detail the question “What is a sandbox?”, Especially since a little later we will devote a small series of articles to this. The main task of sandboxes is to run the file and see what happens after that. According to the results, a verdict about the harmfulness of this file. Sandboxes help fight against malicious programs that ordinary antiviruses do not define. There are several online services where you can check files in the sandbox:

• CheckPoint SandBlast
• Threatexpert
• ViCheck

These services are very useful for checking your streaming antivirus. For example, you can download some virus file in Tor-networks, run it through your antivirus (better on the layout, and not in the work environment) and check it in the online sandbox. Then compare the results and make sure that anti-virus protection is no longer enough.

Online antivirus

There could be dozens of links, because almost every self-respecting antivirus has an online scanner. However, almost all of these links can be replaced with one - VirusTotal

The resource allows you to scan files and links for the subject of infection. In this analysis is performed using a variety of antiviruses and you can see the verdict for each of them.
The url checker is very interesting. With it, you can check the effectiveness of your Proxy or means of protecting Web-traffic. Find a viral site, check it in virustotal, and then see if it opens through your proxy.

Online Firewall and Port Scanners
These tools can also come in handy when testing your network:

• Hackerwatch
• T1shopper
• TCP Port Scan with Nmap
• MXToolbox
• Hackertarget
• DNS Tools

Online Anti-spam and Email Security Scanners

EmailSecurityCheck
This resource will check the security of your mail server. For this, several emails with test virus files will be sent, which are packaged in various ways. If you have received any of these letters, then this is a reason to think about the security of your email server.

What's next?

Using the above services, you can draw some conclusions regarding the effectiveness of existing remedies. Pay attention not only to the effectiveness of protection, but also to the incident detection process. You should be as informed as possible about all IS events. This is achieved either with the help of embedded tools (email alert, dashboard devices, etc.) or third-party (SIEM or Log-managment systems).

The next logical step is to conduct a network security audit. This can be done both with CheckPoint and with Fortinet, and for free. More information about this can be found here and here . We have already partially described the architecture of Check Point solutions and in the following posts we will describe how to use it to make a free network security audit.

PS If you use Check Point, but the test is still not passed, then you can see how to strengthen your defense, so to speak, “tighten the screws”.