Skip to main content

Pentest Tools

This page contain list of tools used for Pentest

Certification and Training

WebsiteDescription
CompTIACompTIA PenTest+ is for cybersecurity professionals tasked with penetration testing and vulnerability management.
TCM Security AcademyTCM Security is a cybersecurity company that provides services for penetration testing, security training, and compliance services.
TryHackMeLearn by following structured paths and reinforce your skills in a real-world environment by completing guided, objective-based tasks and challenges.
Hack The BoxPlatform to test and advance your skills in penetration testing and cybersecurity.
PentesterLabHands-on training for web application security.
Offensive SecurityCertifications, training, and labs, including the popular OSCP certification.
eLearnSecurityCertifications and training in penetration testing and other areas of cybersecurity.

Frameworks and Platforms

WebsiteDescription
Kali LinuxThe most advanced penetration testing distribution.
BlackArchAn Arch Linux-based distribution for penetration testers and security researchers.
Parrot Security OSSecurity GNU/Linux distribution designed for pen testing, forensic analysis, reverse engineering, and software development.
SlingshotDesigned to be stable, reliable, and lean. Includes many standard pen testing tools, as well as the PenTesters Framework (PTF).
ArchStrikeArch Linux repository for security professionals and researchers.

Initial LookUp

WebsiteDescription
ViewDNSDNS Lookup (A, NS, MX, TXT, CNAME, etc.), reverse IP lookup, IP geolocation check, traceroute, ping IP or website, check if site is down, and Whois Lookup.
ShodanSearch engine for the Internet of Everything.
Have I Been Pwned?Check if your email or phone is in a data breach.
SpiderFootAutomate OSINT.
NetlasDiscover, research, and monitor any assets available online.
MaltegoInteractive data mining tool that renders directed graphs for link analysis.

Network Scanning

WebsiteDescription
NMAPNetwork scanning and vulnerability detection tool.
MasscanMass IP port scanner, similar to Nmap.
MetaSploitPenetration testing software.
Burp SuiteWeb vulnerability scanner and testing tool.
NessusVulnerability scanner.
OpenVASOpen-source vulnerability scanner.
HydraPassword cracking tool.
WiresharkNetwork protocol analyzer.
John the RipperPassword cracker.
Intruder.ioVulnerability scanner.
Recon-ngFull-featured Web Reconnaissance framework written in Python.

Web Application Testing Tools

WebsiteDescription
Powershell EmpirePost-exploitation framework.
Covenant.NET command and control framework.
C2 Framework MatrixCommand and control framework comparison.
MythicC2 framework for red teams.
NishangOffensive PowerShell for red teaming.
ApfellC2 framework for macOS.
PoseidonC2 framework for macOS.
NoPowerShellPowerShell without powershell.exe.
NetcatNetworking utility for reading from and writing to network connections.
PowerShdllRun PowerShell without powershell.exe.
PowerLessShellRun PowerShell scripts without powershell.exe.
NiktoWeb server scanner.

Collaboration and Reporting

WebsiteDescription
DradisCollaboration and reporting tool for security assessments.

Proxy Tools

WebsiteDescription
ProxyChainsRedirects TCP connections through proxy servers.

Debugging and Analysis

WebsiteDescription
GDB (GNU Debugger)Debugging tool for Linux executables.
OllyDbgBinary code analysis tool.

Fuzzing and Exploitation Frameworks

WebsiteDescription
PeachFuzzing framework.
PacuAWS exploitation framework.

Infrastructure and Data Discovery

WebsiteDescription
CloudBruteTool for finding a company's infrastructure, files, and data.

Web Application Testing

WebsiteDescription
DirbusterDirectory and file brute-forcer.
w3afWeb application attack and audit framework.
PatatorMulti-purpose brute-forcer.
OWASP ZAPWeb application security scanner.

Network Analysis and Manipulation

WebsiteDescription
tcpdumpPacket analyzer.
Aircrack-ngWiFi network security assessment tool.
GattackerBLE Man-in-the-Middle tool.
Hping3Packet generator and analyzer.
ScapyPacket manipulation tool.

Wireless Security Tools

WebsiteDescription
Wifite2Wireless auditing tool.
Airodump-ng802.11 frame capture tool.
WifiteWireless auditing tool.
ReaverWPA attack tool.
KismetWireless network detector, sniffer, and IDS.

Credential Extraction and Exploitation

WebsiteDescription
MimikatzCredential extraction tool.
CrackMapExecPost-exploitation tool.
ResponderLLMNR, NBT-NS, and MDNS poisoner.

Exploitation and Vulnerability Databases

WebsiteDescription
ExploitDBExploit database.
SearchSploitLocal search tool for Exploit DB.

Steganography and Audio Analysis

WebsiteDescription
SnowCLI steganography tool.
Sonic VisualizerAudio analysis tool.

Mobile Security Assessment

WebsiteDescription
DrozerAndroid security assessment framework.
FridaDynamic instrumentation toolkit.
MobSFMobile security framework for static and dynamic analysis.
ObjectionRuntime mobile exploration tool.
iOS Secure App Development (ISAD)Mobile security testing methodology.

Android Development and Analysis

WebsiteDescription
Android SDKDevelopment kit for Android.
ApkX toolAPK decompiler.
apktoolAndroid application reverse engineering tool.
AndroguardReverse engineering, malware, and goodware analysis of Android applications.
dex2jarTool to work with Android .dex and Java .class files.

Miscellaneous Tools

WebsiteDescription
CeWLCustom word list generator.
truffleHogSearches git repositories for secrets.
MedusaParallel brute-forcer for network logins.
packETHPacket crafting tool.
EAPHammerWPA2-Enterprise attack tool.
Impacket ToolsCollection of Python classes for working with network protocols.
mitm6IPv6 DNS hijacking tool.
SSLStripSSL/TLS stripping attack tool.
SQLmapAutomated SQL injection tool.
Cydia SubstrateFramework for modifying iOS apps.
iGoatOWASP project for iOS mobile app security.
NeedleModular framework for iOS security assessments.
cURLData transfer tool supporting various protocols.