Penetration Testing tools help in identifying security weaknesses ing a network, server or web application. These tools are very useful since they allow you to identify the "unknown vulnerabilities" in the software and networking applications that can cause a security breach. Vulnerability Assessment and Penetration Testing (VAPT) Tools attack your system within the network and outside the network as if an hacker would attack it. If the unauthorized access is possible, the system has to be corrected. Here is a list of top 40 Penetration Testing Tools
Here is a list of top 40 Penetration Testing Tools
Netsparker is an easy to use web application security scanner that can automatically find SQL Injection, XSS and other vulnerabilities in your web applications and web services. It is available as on-premises and SAAS solution.
- Dead accurate vulnerability detection with the unique Proof-Based Scanning Technology.
- Minimal configuration required. Scanner automatically detects URL rewrite rules, custom 404 error pages.
- REST API for seamless integration with the SDLC, bug tracking systems etc.
- Fully scalable solution. Scan 1,000 web applications in just 24 hours.
- Scans for all variants of SQL Injection, XSS, and 4500+ additional vulnerabilities
- Detects over 1200 WordPress core, theme, and plugin vulnerabilities
- Fast & Scalable – crawls hundreds of thousands of pages without interruptions
- Integrates with popular WAFs and Issue Trackers to aid in the SDLC
- Available On Premises and as a Cloud solution.
Probe.ly continuously scans for vulnerabilities in your Web Applications. It allows its customers to manage the life cycle of vulnerabilities and provides them with some guidance on how to fix them. Probe.ly is a security tool built having Developers in mind.
- Scans for SQL Injections, XSS, OWASP TOP10 and over 5000 vulnerabilities, including 1000 WordPress and Joomla vulnerabilities
- Full API - All features of Probely are also available through an API
- Integration with your CI tools, Slack and Jira
- Unlimited team members
- PDF Reports to showcase your security
- Diverse scanning profiles (ranging from safe to aggressive scans)
- Multiple Environment Targets - Production (non-intrusive scans) and Testing (intrusive and complete scans)
The Open Web Application Security Project (OWASP) is a worldwide non-profit organization focused on improving the security of software. The project has multiple tools to pen test various software environments and protocols. Flagship tools of the project include
- Zed Attack Proxy (ZAP – an integrated penetration testing tool)
- OWASP Dependency Check (it scans for project dependencies and checks against know vulnerabilities)
- OWASP Web Testing Environment Project (collection of security tools and documentation)
The OWASP testing guide gives "best practice" to penetration test the most common web application
Wireshark is a network analysis tool previously known as Ethereal. It captures packet in real time and display them in human readable format. Basically, it is a network packet analyzer- which provides the minute details about your network protocols, decryption, packet information, etc. It is an open source and can be used on Linux, Windows, OS X, Solaris, NetBSD, FreeBSD and many other systems. The information that is retrieved via this tool can be viewed through a GUI or the TTY mode TShark Utility.
WireShark features include
- Live capture and offline analysis
- Rich VoIP analysis
- Capture files compressed with gzip can be decompressed on the fly
- Output can be exported to XML, PostScript, CSV or plain text
- Multi-platform: Runs on windows, Linux, FreeBSD, NetBSD and many others
- Live data can be read from internet, PPP/HDLC, ATM, Blue-tooth, USB, Token Ring, etc.
- Decryption support for many protocols that include IPsec, ISAKMP, SSL/TLS,WEP, and WPA/WPA2
- For quick intuitive analysis, coloring rules can be applied to the packet
- Read/Write many different capture file formats
w3af is a web application attack and audit framework. It has three types of plugins; discovery, audit and attack that communicate with each other for any vulnerabilities in site, for example a discovery plugin in w3af looks for different url's to test for vulnerabilities and forward it to the audit plugin which then uses these URL's to search for vulnerabilities.
It can also be configured to run as a MITM proxy. The request intercepted could be sent to the request generator and then manual web application testing can be performed using variable parameters. It also has features to exploit the vulnerabilities that it finds.
- Proxy support
- HTTP response cache
- DNS cache
- File uploading using multipart
- Cookie handling
- HTTP basic and digest authentication
- User agent faking
- Add custom headers to requests
This is the most popular and advanced Framework that can be used for pentest. It is an open source tool based on the concept of 'exploit' which means you pass a code that breach the security measures and enter a certain system. If entered, it runs a 'payload', a code that performs operations on a target machine, thus creating the perfect framework for penetration testing. It is a great testing tool test whether the IDS is successful in preventing the attacks that we bypass it
Features of Metaspoilt
- Basic command line interface
- Third party import
- Manual brute forcing
- Manual brute forcing
- website penetration testing
Kali works only on Linux Machines. It enables you to create a backup and recovery schedule that fit your needs. It promotes a quick and easy way to find and update the largest database of security penetration testing collection to-date. It is the best tools available for packet sniffing and injecting. An expertise in TCP/IP protocol and networking can be beneficial while using this tool.
- Addition of 64 bit support allows brute force password cracking
- Back Track comes with pre-loaded tools for LAN and WLAN sniffing, vulnerability scanning, password cracking, and digital forensics
- Backtrack integrates with some best tools like Metaspoilt and Wireshark
- Besides network tool, it also includes pidgin, xmms, Mozilla, k3b, etc.
- Back track support KDE and Gnome.
9) Samurai framework:
The Samurai Web Testing Framework is a penetration testing software. It is supported on VirtualBox and VMWare that has been pre-configured to function as a web pen-testing environment.
- It is open source, free to use tool
- It contains the best of the open source and free tools that focus on testing and attacking website
- It also includes a pre-configured wiki to set up the central information store during the pen-test
Download link: https://sourceforge.net/projects/samurai/files/
Aircrack is one of the handy tool required in wireless pen testing. It cracks vulnerable wireless connections. It is powered by WEP WPA and WPA 2 encryption Keys.
- More cards/drivers supported
- Support all types of OS and platforms
- New WEP attack: PTW
- Support for WEP dictionary attack
- Support for Fragmentation attack
- Improved tracking speed
Download link: https://www.aircrack-ng.org/downloads.html
ZAP is one of the most popular open source security testing tool. It is maintained by hundreds of international volunteers. It can help users to find security vulnerabilities in web applications during the developing and testing phase.
- It helps to Identifies the security holes present in the web application by simulating an actual attack
- Passive scanning analyse the responses from the server to identify certain issues
- It attempts brute force access to files and directories.
- Spidering feature helps to construct the hierarchical structure of the website
- Supplying invalid or unexpected data to crash it or to produce unexpected results
- Helpful tool to find out the open ports on the target website
- It provides an interactive Java shell which can be used to execute BeanShell scripts
- It is fully internationalized and supports 11 languages
Download link: https://github.com/zaproxy/zaproxy/wiki
Sqlmap is an open source penetration testing tool. It automates the entire process of detecting and exploiting SQL injection flaws. It comes with many detection engines and features for an ideal penetration test.
- Full support for six SQL injection techniques
- Allows direct connection to the database without passing via a SQL injection
- Support to enumerate users, password hashes, privileges, roles, databases, tables, and columns
- Automatic recognition of password given in hash formats and support for cracking them
- Support to dump database tables entirely or specific columns
- The users can also select a range of characters from each column's entry
- Allows to establish TCP connection between the affected system and the database server
- Support to search for specific database names, tables or specific columns across all databases and tables
- Allows to execute arbitrary commands and retrieve their standard output on the database server
Download link: https://github.com/sqlmapproject/sqlmap
Sqlninja is a penetration testing tool. It is aimed to exploit SQL Injection vulnerabilities on a web application. It uses Microsoft SQL Server as back-end. It also provides a remote access on the vulnerable DB server, even in a very hostile environment.
- Fingerprinting of the remote SQL
- Data extraction, time-based or using DNS tunnel
- Allows Integration with Metasploit3, to obtain a graphical access to the remote DB server
- Upload of executable using only normal HTTP requests via VBScript or debug.exe
- Direct and reverse bindshell, both for TCP and UDP
- Creation of a custom xp cmdshell if the original one is not available on w2k3 using token kidnapping
Download link: http://sqlninja.sourceforge.net/download.html
The Browser Exploitation Framework. It is a pen testing tool that focuses on the web browser. It uses GitHub to track issues and host its git repository.
- It allows to check the actual security posture by using client-side attack vectors
- BeEF allows to hook with one or more web browsers. It can then be used for launching directed command modules and further attacks on the system.
Download link: http://beefproject.com
Dradis is an open source framework for penetration testing. It allows maintaining the information that can be shared among the participants of a pen-test. The information collected helps users to understand what is completed and what needs to completed.
- Easy process for report generation
- Support for attachments
- Seamless collaboration
- Integration with existing systems and tools using server plugins
- Platform independent
Download link: https://dradisframework.com/ce
16) Rapid 7:
Nexpose Rapid 7 is a useful vulnerability management software. It monitors exposures in real-time and adapts to new threats with fresh data which helps users to act at the moment of impact.
- Get a Real-Time View of Risk
- It brings innovative and progressive solutions that help the user to get their jobs done
- Know Where to Focus
- Bring More to Your Security Program
Download link: https://www.rapid7.com/products/nexpose/download/
Hping is a TCP/IP packet analyzer pen testing tool. This interface is inspired to the ping (8) UNIX command. It supports TCP, ICMP, UDP, and RAW-IP protocols.
- Allows firewall testing
- Advanced port scanning
- Network testing, using different protocols, TOS, fragmentation
- Manual path MTU discovery
- Advanced traceroute with all the supported protocols
- Remote OS fingerprinting & uptime guessing
- TCP/IP stacks auditing
Download link: https://github.com/antirez/hping
Superscan is a free Windows-only closed-source penetration testing tool. It also includes networking tools such as ping, traceroute, whois and HTTP HEAD.
- Superior scanning speed
- Support for unlimited IP ranges
- Improved host detection using multiple ICMP methods
- Provide support for TCP SYN scanning
- Simple HTML report generation
- Source port scanning
- Extensive banner grabbing
- Large built-in port list description database
- IP and port scan order randomization
- Extensive Windows host enumeration capability
19) ISS Scanner:
The IBM Internet Scanner is a pen testing tool which offers the foundation for the effective network security for any business.
- Internet Scanner minimize the business risk by finding the weak spots in the network
- It allows to automate scans and discover vulnerabilities
- Internet Scanner cuts the risk by identifying the security holes, or vulnerabilities, in the network
- Complete Vulnerability Management
- Internet Scanner can identify more than 1,300 types of networked devices
Download link: https://www-01.ibm.com/software/info/trials
Scapy is a powerful and interactive pen testing tool. It can handle many classical tasks like scanning, probing, and attacks on the network.
- It performs some specific tasks like sending invalid frames, injecting 802.11 frames. It uses various combining techniques which is hard to do with other tools
- It allows user to build exactly the packets they want
- Reduces the number of lines written to execute the specific code
Download link: http://secdev.org/projects/scapy/
IronWASP is an open source software for web application vulnerability testing. It is designed to be customizable so that users can create their custom security scanners using it.
- GUI based and very easy to use
- It has powerful and an effective scanning engine
- Support for recording Login sequence
- Reporting in both HTML and RTF formats
- Checks for over 25 types of web vulnerabilities
- False Positives and Negatives detection support
- It supports Python and Ruby
- Extensible using plug-ins or modules in Python, Ruby, C# or VB.NET
Download link: http://ironwasp.org/download.html
Ettercap is a comprehensive pen testing tool. It supports active and passive dissection. It also includes many features for network and host analysis.
- It supports active and passive dissection of many protocols
- Feature of ARP poisoning to sniff on a switched LAN between two hosts
- Characters can be injected into a server or to a client while maintaining a live connection
- Ettercap is capable of sniffing an SSH connection in full duplex
- Allows sniffing of HTTP SSL secured data even when the connection is made using proxy
- Allows creation of custom plugins using Ettercap's API
Download link: https://ettercap.github.io/ettercap/downloads.html
23) Security Onion:
Security Onion is a penetration testing tool. It is used for intrusion detection, and network security monitoring. It has an easy-to-use Setup wizard allows users to build an army of distributed sensors for their enterprise.
- It is built on a distributed client-server model
- Network Security Monitoring allows monitoring for security related events
- It offers full packet capture
- Network-based and host-based intrusion detection systems
- It has a built-in mechanism to purge old data before storage device fill to its capacity
Download link: https://securityonion.net/
24) Personal Software Inspector:
Personal Software Inspector is an open source computer security solution. This tool can identify vulnerabilities in applications on a PC or a Server.
- It is available in eight different languages
- Automates the updates for insecure programs
- It covers thousands of programs and automatically detects insecure programs
- This pen testing tool automatically and regularly scans PC for vulnerable programs
- Detects and notifies programs that can't be automatically updated
HconSTF is Open Source Penetration Testing tool based on different browser technologies. It helps any security professional to assists in the Penetration testing. It contains web tools which are powerful in doing XSS, SQL injection, CSRF, Trace XSS, RFI, LFI, etc.
- Categorized and comprehensive toolset
- Every option is configured for penetration testing
- Specially configured and enhanced for gaining solid anonymity
- Works for web app testing assessments
- Easy to use & collaborative Operating System
Download link: http://www.hcon.in/
26) IBM Security AppScan:
IBM Security AppScan helps to enhance web application security and mobile application security. It improves application security and strengthens regulatory compliance. It helps users to identify security vulnerabilities and generate reports.
- Enable Development and QA to perform testing during SDLC process
- Control what applications each user can test
- Easily distribute reports
- Increase visibility and better understand enterprise risks
- Focus on finding and fixing issues
- Control the access of information
Download link: http://www-03.ibm.com/software/products/en/appscan
Arachni is an open source Ruby framework based tool for penetration testers & administrators. It is used for evaluating the security of modern web applications.
- It is a versatile tool, so it covers large numbers of use-cases. This ranging from a simple command line scanner utility to a global high-performance grid of scanners
- Option for Multiple deployments
- It offers verifiable, inspectable code base to ensure the highest level of protection
- It can easily integrate with browser environment
- It offers highly detailed and well-structured reports
Download link: https://sourceforge.net/projects/safe3wvs/files
Websecurify is a powerful security testing environment. It is a user -friendly interface which is simple and easy to use. It offers a combination of automatic and manual vulnerability testing technologies.
- Good testing and scanning technology
- Strong testing engine to detect URLs
- It is extensible with many available add-ons
- It is available for all the major desktop and mobile platforms
Download link: https://www.websecurify.com/
Vega is an open source web security scanner and pen testing platform to test the security of web applications.
- Automated, Manual, and Hybrid Security Testing
- It helps users to find vulnerabilities. It may be cross-site scripting, stored cross-site scripting, blind SQL injection, shell injection, etc.
- It can automatically log into websites when supplied with user credentials
- It runs effectively on Linux, OS X, and Windows
Download link: https://subgraph.com/vega/download/index.en.html
Wapiti is another famous penetration testing tool. It allows auditing the security of the web applications. It supports both GET and POST HTTP methods for the vulnerability check.
- Generates vulnerability reports in various formats
- It can suspend and resume a scan or an attack
- Fast and easy way to activate and deactivate attack modules
- Support HTTP and HTTPS proxies
- It allows restraining the scope of the scan
- Automatic removal of a parameter in URLs
- Import of cookies
- It can activate or deactivate SSL certificates verification
- Extract URLs from Flash SWF files
Download link: https://sourceforge.net/projects/wapiti/files/
Kismet is a wireless network detector and intrusion detection system. It works with Wi-Fi networks but can be expanded via plugins as it allows to handle other network types.
- Allows standard PCAP logging
- Client/Server modular architecture
- Plug-in architecture to expand core features
- Multiple capture source support
- Distributed remote sniffing via light-weight remote capture
- XML output for integration with other tools
Download link: https://www.kismetwireless.net/download.shtml
32) Kali Linux:
Kali Linux is an open source pen testing tool which is maintained and funded by Offensive Security.
- Full customization of Kali ISOs with live-build to create customized Kali Linux images
- It contains a bunch of Meta package collections which aggregate different tool sets
- ISO of Doom and Other Kali Recipes
- Disk Encryption on Raspberry Pi 2
- Live USB with Multiple Persistence Stores
Download link: https://www.kali.org/
33) Parrot Security:
Parrot Security is a pen testing tool. It offers fully portable laboratory for security and digital forensics experts. It also helps users to protect their privacy with anonymity and crypto tools.
- It includes a full arsenal of security oriented tools to perform penetration tests, security audits and more.
- It comes with preinstalled and useful and updated libraries
- Offers powerful worldwide mirror servers
- Allows community-driven development
- Offers separate Cloud OS specifically designed for servers
Download link: https://www.parrotsec.org/download.fx
This toolkit is licensed under an Apache-style license. It is free and open source project that provides a full-featured toolkit for the TLS and SSL protocols.
- It is written in C, but wrappers are available for many computer languages
- The library includes tools for generating RSA private keys and Certificate Signing Requests
- Verify CSR file
- Completely remove Passphrase from Key
- Create new Private Key and allows Certificate Signing Request
Download link: https://www.openssl.org/source/
Snort is an open-source intrusion detection and pen testing system. It offers the benefits of signature-protocol- and anomaly-based inspection methods. This tool helps users to get maximum protection from malware attacks.
- Snort gained notoriety for being able to detect threats accurately at high speeds
- Protect your workspace from emerging attacks quickly
- Snort can be used to create customized unique network security solutions
- Test SSL certificate of a particular URL
- It can check if particular cipher is accepted on URL
- Verify the Certificate Signer Authority
- Ability to submit false positives/negatives
Download link: https://www.snort.org/downloads
BackBox is an Open Source Community project with the objective of enhancing the culture of security in IT environment. It is available in two different variations like Backbox Linux and Backbox Cloud. It includes some of the most commonly known/used security and analysis tools.
- It is helpful tool to reduce company resource needs and lower costs of managing multiple network device requirements
- It is fully automated pen testing tool. So, no agents and no network configuration needed to make changes. In order to perform scheduled automated configuration
- Secure Access to Devices
- Organizations can save time as there is no need to track individual network devices
- Supports Credential and Configuration File Encryption
- Self-Backup and Automatic Remote Storage
- Offers IP Based Access Control
- No need to write command as it comes with pre-Configured Commands
Download link: https://backbox.org/download
37) THC Hydra:
Hydra is a parallelized login cracker and pen testing tool. It is very fast and flexible, and new modules are easy to add. This tool allows researchers and security consultants to find unauthorized access.
- Full time-memory trade-off tool suites along with rainbow table generation, sort, conversion and look up
- It supports rainbow table of any hash algorithm
- Support rainbow table of any charset
- Support rainbow table in compact or raw file format
- Computation on multi-core processor support
- Runs on Windows and Linux operating systems
- Unified rainbow table file format on all supported OS
- Support GUI and Command line user interface
Download link: https://github.com/vanhauser-thc/thc-hydra
38) Reputation Monitor Alert:
Open Threat Exchange Reputation Monitor is a free service. It allows professionals to track their organization's reputation. With the help of this tool, businesses and organizations can track the public IP and domain reputation of their assets.
- Monitors cloud, hybrid cloud, and on-premises infrastructure
- Delivers continuous threat intelligence to keep update about threats as they emerge
- Provides most comprehensive threat detection and actionable incident response directives
- Deploys quickly, easily, and with less number of efforts
- Reduces TCO over traditional security solutions
39) John the Ripper:
John the Ripper known as JTR is a very popular password cracking tool. It is primarily used to perform dictionary attacks. It helps identify weak password vulnerabilities in a network. It also supports users from brute force and rainbow crack attacks.
- John the Ripper is free and Open Source software
- Proactive password strength checking module
- It allows online browsing of the documentation
- Support for many additional hash and cipher types
- Allows to browse the documentation online including summary of changes between two versions
Download link: http://www.openwall.com/john/
40) Safe3 scanner:
Safe3WVS is one of the most powerful web vulnerability testing tool. It comes with web spider crawling technology, especially web portals. It is the fastest tool to find issues like SQL injection, upload vulnerability, and more.
- Full support for Basic, Digest and HTTP authentications.
- Intelligent web spider automatic removes repeated web pages
- Support to scan SQL injection, upload vulnerability, admin path and directory list vulnerability
CloudFlare is CDN with robust security features. Online threats range from comment spam and excessive bot crawling to malicious attacks like SQL injection. It provides protection against comment spam, excessive bot crawling, and malicious attacks.
- It is an enterprise-class DDoS protection network
- Web application firewall helps from the collective intelligence of the entire network
- Registering domain using CloudFlare is the most secure way to protect from domain hijacking
- Rate Limiting feature protects user's critical resources. It blocks visitors with suspicious number of request rates.
- CloudFlare Orbit solves security issues for IOT devices
Download link: https://www.cloudflare.com/
Zenmap is the official Nmap Security Scanner software. It is a multi-platform free and open source application. It is easy to use for beginners but also offers advanced features for experienced users.
- Interactive and graphical results viewing
- It summarizes details about a single host or a complete scan in a convenient display.
- It can even draw a topology map of discovered networks.
- It can show the differences between two scans.
- It allows administrators to track new hosts or services appearing on their networks. Or track existing services that go down
Download link: https://nmap.org/download.html
The other tools that might be useful for penetration testing are
- Acunetix: It is a web vulnerability scanner targeted at web applications. It is expensive tool compare to others and provides facility like cross site scripting testing, PCI compliance reports, SQL injection, etc.
- Retina: It is more like a vulnerability management tools than a pre-testing tool
- Nessus: It concentrates in compliance checks, sensitive data searches, IPs scan, website scanning, etc.
- Netsparker: This tool comes with a robust web application scanner that identifies vulnerabilities and suggest solutions. There are free limited trials available but most of the time it is a commercial product. It also helps to exploit SQL injection and LFI (Local File Induction)
- CORE Impact: This software can be used for mobile device penetration, password identification and cracking, network devise penetration etc. It is one of the expensive tools in software testing
- Burpsuite: Like other this software is also a commercial product. It works on by intercepting proxy, web application scanning, crawling content and functionality etc. The advantage of using Burpsuite is that you can use this on windows, Linux and Mac OS X environment.