Top-18 Tools
for Pentesting






Penetration Testing Tools:

Penetration Test Phases

The penetration testing process usually occurs in five stages. In each of these stages, penetration testers use tools to automate data gathering and exploitation of organizational resources.

  1. Planning and reconnaissance—the pentester defines the goal and scope of the test. To properly plan the test, the pentester gathers intelligence, which can help in better understanding how a targeted environment works and discover its potential weaknesses.
  2. Scanning—helps the pentester to better understand how the targeted application might respond to various intrusion attempts. The pentester may use either static or dynamic analysis to access a network.
  3. Gaining access—the pentester uses several pentesting techniques, such as SQL injection and cross-site scripting (XSS), to detect vulnerabilities.
  4. Maintaining access—the pentester tries to understand if a cybercriminal can exploit weakness, achieve persistent presence in the system, and gain more access.
  5. Analysis—the pentester compiles the results of the penetration test into a detailed report. The report usually specifies the vulnerabilities that were exploited, the time spent undetected within the system, the sensitive data that was accessed, and more.

Types of Penetration Testing Tools

There is a wide range of tools you can use when running a pentest, each providing different capabilities. Here are the most commonly used penetration testing tools:

18 Tools to Supercharge Your Pentests:

1. Parrot Security

We are the Parrot Project!

Parrot is a worldwide community of developers and security specialists that work together to build a shared framework of tools to make their job easier, standardized and more reliable and secure.

Parrot OS, the flagship product of Parrot Security is a GNU/Linux distribution based on Debian and designed with Security and Privacy in mind. It includes a full portable laboratory for all kinds of cyber security operations, from pentesting to digital forensics and reverse engineering, but it also includes everything needed to develop your own software or keep your data secure!

2. Kali 

Lets you configure customized backup and recovery schedules, but it works only on Linux. Kali offers the use of several tools, curated to help you perform many penetration testing tasks, including sniffing and injecting, password cracking, and digital forensics. Kali is offered under the open source license, and can be integrated with Metasploit and Wireshark.

You can use Metasploit on various environments, including servers, applications, and networks. It comes with a clickable graphical user interface (GUI), which works on Linux, Microsoft Windows, and Apple Mac OS.

3. Burp Suite

Category: Net Scanner

One primary use of the Burp Suite is to intercept all requests and responses between the browser and the target application. The free version is also useful for generating a proof-of-concept cross-site request forgery (CSRF) attack for a given request. There’s also the application-aware crawler that can be used to map out application contents. A paid version unlocks even more features.

4. Nmap
Category: Port scanner

Nmap is an abbreviation for ‘Network Mapper.’ It is an open source, free application used for network scanning. It makes use of IP packets for auditing the network. Nmap offers a multitude of options to scan a single IP, port, or host to a range of IPs, ports, and hosts. It can also be used to scan a subnet, identify the services that are running on hosts, determine the OS versions in which the remote hosts are running, and discover vulnerabilities and security holes. It is a very powerful tool. The output and information can serve as a precursor to penetration testing efforts.

5. Wireshark
Category: Web vulnerability scanner

Wireshark is an industry standard network protocol analysis tool. The tool essentially captures data packets moving within a network and displays them back to the end user in a human-readable form. Wireshark allows users to capture data via Ethernet, Wi-Fi, Npcap adapter, Bluetooth, and token ring to name the few. It even allows users to capture data from USB-attached network interfaces through USBPcap. Wireshark even comes as a console version with the name ‘tshark.’

6. Metasploit

Category: Vulnerability exploitation framework

The Metasploit framework provides a series of tools to perform penetration testing on a system. This multi-purpose hacking framework is widely used by pen tester to unearth vulnerabilities on different platforms, collect the information on the existing vulnerabilities, and test against the remediation defenses in place. The Metasploit framework is an open source project backed by more than 200,000 contributors, making it a robust framework for penetration testing, executing exploit strategies, testing against the remediation defenses put in place, conducting research, and contributing to active database of vulnerabilities.

7. Nikto

Category: Web vulnerability scanner

Nikto is another tool that is quite famous within pen testing community. It is an open source pen tester tool available under GPL. Nikto offers multiple options within its interface to run against a host. It probes a host to find potential vulnerabilities such as server misconfiguration, insecure host files and programs, out-of-date programs that might pose risk, and version-specific issues that might risk the server. Nikto is available on OS X by MacNikto.

8. John the Ripper

Category: Password cracking

John the Ripper (often referred to as ‘John’ or JTR) is a very popular password cracking tool. JTR is primarily used to perform dictionary attacks to identify weak password vulnerabilities in a network. JTR is an offline password cracker that can be invoked locally or remotely. It also supports brute force and rainbow crack attacks.

9. OpenVAS

Category: Vulnerability scanner

OpenVAS is a vulnerability scanner that was forked from the last free version of Nessus after that tool went proprietary in 2005. The free version of Nessus today only works only in non-enterprise environments. For security audit purpose, Nessus remains a popular vulnerability scanner, however, enterprise scans now require a license fee of about $2,000 a year. With OpenVAS, a user can perform a number of vulnerability scans and create exportable reports highlighting comprehensive scans to create security strategies.

10. Aircrack-ng

Category: Password cracking

Aircrack-ng is a suite of wireless password cracking tools for the 802.11a/b/g family of wireless networks that supports raw monitoring (rfmon) mode. It captures network traffic in monitor mode. Once enough data is captured, it runs cracking algorithms to recover WEP and WPA keys. The Aircrack-ng suite consists of various tools such as Airodump-ng (a packet capturing program), Airsnort-ng (an encryption key cracker), Aireplay-ng (for traffic generation), and Airdecap-ng (a captured file decryption tool).

11. Kismet

Category: Packet sniffer

With increasing instances of wireless LAN hacking, Kismet has become an important tool for detecting intrusion and packet sniffing on the 802.11 a/b/g family of WLAN that supports raw monitoring (rfmon) mode. Kismet is an outstanding lightweight tool that works in passive mode to identify the access points and client SSIDs over wireless networks. These SSIDs and access points can be mapped to each other to identify any hidden networks or non-beaconing networks. Kismet also allows to log traffic in a Wireshark-compatible format for further analysis.

12. Sqlmap 

is an open source tool that provides automation capabilities for detecting and exploiting SQL injection vulnerabilities. The tool provides password cracking capabilities, and lets you execute arbitrary code commands. It supports six SQL injection techniques and lets you directly connect to a database without having to pass through the injection. 

WireShark can analyze VoIP traffic, read live data from protocols like PPP/DLC, bluetooth and ATM, decompress compress files on the fly, and decrypt transmission encrypted by protocols like IPSec and WPA/WPA2.

13. ZAP

 is an open source vulnerability scanner for web applications. It can perform passive scanning, or simulate attacks on applications to discover security weaknesses. ZAP can identify open ports, perform brute force search on files or directories, crawl to discover the structure of a site, and supply random inputs (fuzzing) to test if the website crashes or behaves unexpectedly.

14. w3af

w3af is a Web Application Attack and Audit Framework.
The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.

Our framework is proudly developed using Python to be easy to use and extend, and licensed under GPLv2.0

15. Ettercap 

enables passive and active security testing for networks and hosts. It supports a large number of network protocols, can sniff SSH and SSL secured connections, and enables ARP poisoning on a switched LAN. Ettercap is customizable, letting you create custom plugins using an API.

16. Hping 

is a powerful TCP/IP packet analyzer, based on the UNIX ping command. It can be used to test firewalls, scan ports, perform MTU discovery, perform advanced traceroutes, and attempt TOS and fragmentation attacks. Hping can also be used to remotely identify operating systems and server uptime. It supports TCP, UDP, ICMP, and RAP-IP.

17. Sqlninja 

is a SQL injection tool based on Microsoft SQL Server. It can be used to fingerprint a remote SQL interface, extract data via SQL commands or DNS tunnel, upload executables, perform direct or reverse bindshell, perform token kidnapping, and integrate with Metasploit3 to enable GUI-based control of a remote database.

18. Fiddler
Category: Proxy server application

Fiddler is a freeware web proxy tool that is browser and platform agnostic. It has several features that can help an pen tester. It allows users to debug web traffic from any system (works with almost all operating systems on PCs), smart phone, or tablet. From an pen tester tools standpoint, Fiddler is primarily used to intercept and decrypt HTTPS traffic. As the name suggests, users can fiddle with and inspect that traffic to identify vulnerabilities in the application at hand.


Campos Entertainment TR

©2022 Campos Entertainment TR.