top of page

Pen Testing Tools

*Included in Kali Linux

Aquatone

Visual inspection automation tool

Cobalt Strike

Threat emulation software

DirBuster*

Brute force tool used to enumerate directories/files on a server

GhostPack

Collection of popular hacking tools adapted to C#

John the Ripper*

Versatile password cracking tool

Netcat*

Networking tool used to read/write data over a connection

Pypcap

Python wrapper for libpcap

Shodan

IoT search engine

Veil-Evasion

Payload generator tool used for evading anti-virus

BloodHound

Active Directory relationship mapping tool

Commix*

Command injection exploiter tool for web applications

Empire

Windows post-exploitation framework

Gnmap-Parser

Nmap scan results parsing tool

Kali Linux

Linux distribution for penetration testing, digital forensics, and other security objectives

Nikto*

Web server vulnerability scanner

Responder*

LLMNR, NBT-NS, and mDNS poisoning tool

SQLmap*

Tool used for SQL injection detection and exploitation

WPscan*

WordPress vulnerability scanner

Burp Suite*

Suite of security tools for web application testing

CrackMapExec

Post-exploitation tool for Active Directory environments

Exploit-DB

Database of exploits and other security resources

Hydra*

Password cracking tool

Metasploit*

Platform used to identify and exploit vulnerabilities on a target

Nmap*

Network scanner for host/port/service enumeration

Scapy

Packet manipulation tool

theHarvester*

Tool used to enumerate PII such as email addresses of employees at a particular organization

Wireshark*

Network protocol/packet analyzer

Cain & Abel

Password recovery tool

Crowbar*

Brute force tool that utilizes keys

EyeWitness*

Visual inspection automation tool

Impacket*

Collection of network protocol Python classes for remote execution, MITM, and more.

MSFvenom*

Payload generating/encoding tool

Patator*

Advanced brute force tool

Searchsploit*

CLI tool used to search Exploit-DB

Unicornscan*

Powerful port scanner

ZAP*

Web application vulnerability scanner and security testing tool

bottom of page