Dear all forumer, I'm plan to do penetration testing against my OPNSense router to see any weakness in it.
Do you guys know what tools in Kali Linux to use? Thanks in advance.
The Kali Linux community might be a good place to ask such a question.
Cookiemonster was right (https://forum.opnsense.org/index.php?msg=225425), but now it seems to turn into an ongoing series of accidents...
From the way you are asking, it looks like you do not know what exactly you want to test. Any real test needs a specfication of what to test and how (anything else is called trying), yet this is exactly what you are asking for. So, first you have to answer yourself a few questions:
Guessing from the other paranoid threads you have opened, you want proof for your theory of your ISP hacking you. If they (or rather: anyone) wanted to take over control of your router (which potentially is a good target for such undertaking), they would probably install some kind of malware in it. You can check if any files were modified within OpnSense itself.
Speaking of specifications: From where do you want to test? From the WAN side? Obviously, your ISP did not have access to your LAN originally.
If you did not open up the GUI or SSH from the WAN side, how could anyone get in? Most of the detected vulnerabilities in routers concern stack overflows, missing checks or default passwords in their web GUIs. If you do not expose them, you are mostly safe. Yes, in theory, there could be kernel buffer overflows, but either way, there would be traces left from the next steps of a takeover, see last paragraph.
IMHO, it is 10000 times more likely that your client device(s) have been hacked by some malware that you picked up by downloading, by e-mail or by application bugs in your browser or other applications causing a buffer overflow. I would scan those first.
Quote from: peterwkc on January 11, 2025, 11:40:21 AMDear all forumer, I'm plan to do penetration testing against my OPNSense router to see any weakness in it.
Do you guys know what tools in Kali Linux to use? Thanks in advance.
If you need to ask this, you are in no way remotely qualified to penetration test anything. Live your life, don't stress about this. Sorry, got to be said.
Let me do nmap and vulnerability assessment.
for port scanning, nmap is a great tool, but port scanning is just a small part of professional Penetration testing.
Like others have said, that fact that your asking this question, largely shows your mostly underqualified to even know where to begin.
I had the same issue pop up suddenly, and after some digging, I found out my network was being hit repeatedly by an IP Stresser (https://ipstressthem.su/). Once I tweaked the firewall rules a bit, the alerts stopped. I'd also run a packet capture during those events to get a clearer picture of what's going on.