Frequently Asked Question

All Categories » Penetration Testing

3. Penetration Tools

Last Updated 10 months ago

1. Reconnaissance & Information Gathering

These tools help collect data about the target before launching attacks.

  • Nmap – Network scanning and host discovery.

  • Recon-ng – Web reconnaissance framework.

  • Maltego – Link analysis and data mining.

  • theHarvester – Email, domain, and metadata collection.

  • Shodan – Search engine for Internet-connected devices.

  • FOCA – Metadata extraction from public documents.


2. Vulnerability Scanning

Used to identify known vulnerabilities in systems and applications.

  • Nessus – Comprehensive vulnerability scanner.

  • OpenVAS – Open-source vulnerability assessment system.

  • Qualys – Cloud-based vulnerability scanning.

  • Nikto – Web server scanner for outdated software, vulnerabilities, etc.

  • Burp Suite (Community/Pro) – Basic passive scanning (more active in later phases).


3. Exploitation

These tools help exploit identified vulnerabilities.

  • Metasploit Framework – Widely used exploitation framework.

  • SQLMap – Automated SQL injection and database takeover tool.

  • BeEF – Exploitation through web browsers.

  • Canvas – Commercial exploitation tool.

  • Social-Engineer Toolkit (SET) – Phishing and social engineering attacks.


4. Password Cracking & Credential Attacks

Tools used for brute-force, dictionary, or hash cracking attacks.

  • John the Ripper – Password cracking tool.

  • Hydra – Fast network login cracker.

  • Hashcat – High-performance hash cracking.

  • Medusa – Parallel, modular login brute-forcer.

  • Mimikatz – Extracts plaintext passwords and hashes from memory.


5. Web Application Testing

Focus on vulnerabilities like XSS, CSRF, IDOR, etc.

  • Burp Suite – Web app testing suite (scanner, intruder, repeater, etc.).

  • OWASP ZAP – Open-source web application security scanner.

  • Wfuzz – Web fuzzer for bruteforcing parameters.

  • Nikto – Also applicable here for basic checks.

  • Arachni – High-performance web vulnerability scanner.


6. Wireless Network Testing

Used for testing wireless protocols and encryption.

  • Aircrack-ng – WEP/WPA-PSK key cracking.

  • Kismet – Wireless network detector/sniffer.

  • Reaver – WPS attack tool.

  • Fern WiFi Cracker – GUI-based wireless cracker.


7. Mobile Application Testing

Specifically designed for Android and iOS penetration testing.

  • MobSF (Mobile Security Framework) – Automated testing for APK and IPA.

  • Frida – Dynamic instrumentation toolkit for mobile.

  • Objection – Runtime mobile exploration tool.

  • APKTool – Decompiling and analyzing APK files.


8. Post-Exploitation & Privilege Escalation

Maintain access and gather sensitive information.

  • Empire – PowerShell and Python post-exploitation agent.

  • Cobalt Strike – Advanced adversary simulation (commercial).

  • PowerSploit – PowerShell scripts for post-exploitation.

  • LinPEAS / WinPEAS – Privilege escalation enumeration scripts.

  • BloodHound – Analyzes Active Directory relationships and permissions.


9. Reporting & Documentation

Helps in documenting and presenting findings.

  • Dradis – Collaboration and reporting tool.

  • Faraday – Multi-user reporting and dashboard platform.

  • MagicTree – Pen testing data analysis and reporting.

Loading