Penetration testing tools

42

Best


Penetration


Testing



(Pen Testing) Tools


in 2018

Penetration Testing tools help in identifying security weaknesses ing a network, server or web application. These tools are very useful since they allow you to identify the "unknown vulnerabilities" in the software and networking applications that can cause a security breach. Vulnerability Assessment and Penetration Testing (VAPT) Tools attack your system within the network and outside the network as if an hacker would attack it. If the unauthorized access is possible, the system has to be corrected.


Here is a list of top 40 Penetration Testing Tools


1) Netsparker



Netsparker is an easy to use web application security scanner that can automatically find SQL Injection, XSS and other vulnerabilities in your web applications and web services. It is available as on-premises and SAAS solution.


Features


Dead accurate vulnerability detection with the unique Proof-Based Scanning Technology.

Minimal configuration required. Scanner automatically detects URL rewrite rules, custom 404 error pages.

REST API for seamless integration with the SDLC, bug tracking systems etc.

Fully scalable solution. Scan 1,000 web applications in just 24 hours.



2) Acunetix



Acunetix is a fully automated penetration testing tool. Its web application security scanner accurately scans HTML5, JavaScript and Single-page applications. It can audit complex, authenticated webapps and issues compliance and management reports on a wide range of web and network vulnerabilities, including out-of-band vulnerabilities.


Features:


Scans for all variants of SQL Injection, XSS, and 4500+ additional vulnerabilities

Detects over 1200 WordPress core, theme, and plugin vulnerabilities

Fast & Scalable – crawls hundreds of thousands of pages without interruptions

Integrates with popular WAFs and Issue Trackers to aid in the SDLC

Available On Premises and as a Cloud solution.



3) Probe.ly



Probe.ly continuously scans for vulnerabilities in your Web Applications. It allows its customers to manage the life cycle of vulnerabilities and provides them with some guidance on how to fix them. Probe.ly is a security tool built having Developers in mind.


Features:


Scans for SQL Injections, XSS, OWASP TOP10 and over 5000 vulnerabilities, including 1000 WordPress and Joomla vulnerabilities

Full API - All features of Probely are also available through an API

Integration with your CI tools, Slack and Jira

Unlimited team members

PDF Reports to showcase your security

Diverse scanning profiles (ranging from safe to aggressive scans)

Multiple Environment Targets - Production (non-intrusive scans) and Testing (intrusive and complete scans)



4) Owasp



The Open Web Application Security Project (OWASP) is a worldwide non-profit organization focused on improving the security of software. The project has multiple tools to pen test various software environments and protocols. Flagship tools of the project include


Zed Attack Proxy (ZAP – an integrated penetration testing tool)

OWASP Dependency Check (it scans for project dependencies and checks against know vulnerabilities)

OWASP Web Testing Environment Project (collection of security tools and documentation)

The OWASP testing guide gives "best practice" to penetration test the most common web application


Owasp link

https://www.owasp.org/index.php/Category:OWASP_Testing_


5) WireShark



Wireshark is a network analysis tool previously known as Ethereal. It captures packet in real time and display them in human readable format. Basically, it is a network packet analyzer- which provides the minute details about your network protocols, decryption, packet information, etc. It is an open source and can be used on Linux, Windows, OS X, Solaris, NetBSD, FreeBSD and many other systems. The information that is retrieved via this tool can be viewed through a GUI or the TTY mode TShark Utility.


WireShark features include


Live capture and offline analysis

Rich VoIP analysis

Capture files compressed with gzip can be decompressed on the fly

Output can be exported to XML, PostScript, CSV or plain text

Multi-platform: Runs on windows, Linux, FreeBSD, NetBSD and many others

Live data can be read from internet, PPP/HDLC, ATM, Blue-tooth, USB, Token Ring, etc.

Decryption support for many protocols that include IPsec, ISAKMP, SSL/TLS,WEP, and WPA/WPA2 quick intuitive analysis, coloring rules can be applied to the

Read/Write many different capture file formats

Wireshark Download

link=https://www.wireshark.org/

6) w3af


w3af is a web application attack and audit framework. It has three types of plugins; discovery, audit and attack that communicate with each other for any vulnerabilities in site, for example a discovery plugin in w3af looks for different url's to test for vulnerabilities and forward it to the audit plugin which then uses these URL's to search for vulnerabilities.


It can also be configured to run as a MITM proxy. The request intercepted could be sent to the request generator and then manual web application testing can be performed using variable parameters. It also has features to exploit the vulnerabilities that it finds.


W3af features


Proxy support

HTTP response cache

DNS cache

File uploading using multipart

Cookie handling

HTTP basic and digest authentication

User agent faking

Add custom headers to requests

w3af download link http://w3af.org/take-a-tour


7) Metaspoilt



This is the most popular and advanced Framework that can be used for pentest. It is an open source tool based on the concept of 'exploit' which means you pass a code that breach the security measures and enter a certain system. If entered, it runs a 'payload', a code that performs operations on a target machine, thus creating the perfect framework for penetration testing. It is a great testing tool test whether the IDS is successful in preventing the attacks that we bypass it


Metaspoilt can be used on networks, applications, servers, etc. It has a command line and GUI clickable interface, works on Apple Mac OS X, works on Linux and Microsoft Windows.


Features of Metaspoilt


Basic command line interface

Third party import

Manual brute forcing

Manual brute forcing

website penetration testing

Metaspoilt download link


8) Kali



Kali works only on Linux Machines. It enables you to create a backup and recovery schedule that fit your needs. It promotes a quick and easy way to find and update the largest database of security penetration testing collection to-date. It is the best tools available for packet sniffing and injecting. An expertise in TCP/IP protocol and networking can be beneficial while using this tool.


Features


Addition of 64 bit support allows brute force password cracking

Back Track comes with pre-loaded tools for LAN and WLAN sniffing, vulnerability scanning, password cracking, and digital forensics

Backtrack integrates with some best tools like Metaspoilt and Wireshark

Besides network tool, it also includes pidgin, xmms, Mozilla, k3b, etc.

Back track support KDE and Gnome.

Kali download link


9) Samurai framework:

The Samurai Web Testing Framework is a penetration testing software. It is supported on VirtualBox and VMWare that has been pre-configured to function as a web pen-testing environment.


Features:


It is open source, free to use tool

It contains the best of the open source and free tools that focus on testing and attacking website

It also includes a pre-configured wiki to set up the central information store during the pen-test

Download link: https://sourceforge.net/projects/samurai/files/


10) Aircrack:



Aircrack is one of the handy tool required in wireless pen testing. It cracks vulnerable wireless connections. It is powered by WEP WPA and WPA 2 encryption Keys.


Features:


More cards/drivers supported

Support all types of OS and platforms

New WEP attack: PTW

Support for WEP dictionary attack

Support for Fragmentation attack

Improved tracking speed

Download link: https://www.aircrack-ng.org/downloads.html


11) ZAP:



ZAP is one of the most popular open source security testing tool. It is maintained by hundreds of international volunteers. It can help users to find security vulnerabilities in web applications during the developing and testing phase.


Features:


It helps to Identifies the security holes present in the web application by simulating an actual attack

Passive scanning analyse the responses from the server to identify certain issues

It attempts brute force access to files and directories.

Spidering feature helps to construct the hierarchical structure of the website

Supplying invalid or unexpected data to crash it or to produce unexpected results

Helpful tool to find out the open ports on the target website

It provides an interactive Java shell which can be used to execute BeanShell scripts

It is fully internationalized and supports 11 languages

Download link: https://github.com/zaproxy/zaproxy/wiki


12) Sqlmap:



Sqlmap is an open source penetration testing tool. It automates the entire process of detecting and exploiting SQL injection flaws. It comes with many detection engines and features for an ideal penetration test.


Features:


Full support for six SQL injection techniques

Allows direct connection to the database without passing via a SQL injection

Support to enumerate users, password hashes, privileges, roles, databases, tables, and columns

Automatic recognition of password given in hash formats and support for cracking them

Support to dump database tables entirely or specific columns

The users can also select a range of characters from each column's entry

Allows to establish TCP connection between the affected system and the database server

Support to search for specific database names, tables or specific columns across all databases and tables

Allows to execute arbitrary commands and retrieve their standard output on the database server

Download link: https://github.com/sqlmapproject/sqlmap


13) Sqlninja:



Sqlninja is a penetration testing tool. It is aimed to exploit SQL Injection vulnerabilities on a web application. It uses Microsoft SQL Server as back-end. It also provides a remote access on the vulnerable DB server, even in a very hostile environment.


Features:


Fingerprinting of the remote SQL

Data extraction, time-based or using DNS tunnel

Allows Integration with Metasploit3, to obtain a graphical access to the remote DB server

Upload of executable using only normal HTTP requests via VBScript or debug.exe

Direct and reverse bindshell, both for TCP and UDP

Creation of a custom xp cmdshell if the original one is not available on w2k3 using token kidnapping

Download link: http://sqlninja.sourceforge.net/download.html


14) BeEF:



The Browser Exploitation Framework. It is a pen testing tool that focuses on the web browser. It uses GitHub to track issues and host its git repository.


Features:


It allows to check the actual security posture by using client-side attack vectors

BeEF allows to hook with one or more web browsers. It can then be used for launching directed command modules and further attacks on the system.

Download link: http://beefproject.com


15) Dradis:



Dradis is an open source framework for penetration testing. It allows maintaining the information that can be shared among the participants of a pen-test. The information collected helps users to understand what is completed and what needs to completed.


Features:


Easy process for report generation

Support for attachments

Seamless collaboration

Integration with existing systems and tools using server plugins

Platform independent

Download link: https://dradisframework.com/ce


16) Rapid 7:



Nexpose Rapid 7 is a useful vulnerability management software. It monitors exposures in real-time and adapts to new threats with fresh data which helps users to act at the moment of impact.


Features:


Get a Real-Time View of Risk

It brings innovative and progressive solutions that help the user to get their jobs done

Know Where to Focus

Bring More to Your Security Program

Download link: https://www.rapid7.com/products/nexpose/download/


17) Hping:

Hping is a TCP/IP packet analyzer pen testing tool. This interface is inspired to the ping (8) UNIX command. It supports TCP, ICMP, UDP, and RAW-IP protocols.


Features:


Allows firewall testing

Advanced port scanning

Network testing, using different protocols, TOS, fragmentation

Manual path MTU discovery

Advanced traceroute with all the supported protocols

Remote OS fingerprinting & uptime guessing

TCP/IP stacks auditing

Download link: https://github.com/antirez/hping


18) SuperScan:



Superscan is a free Windows-only closed-source penetration testing tool. It also includes networking tools such as ping, traceroute, whois and HTTP HEAD.


Feature:


Superior scanning speed

Support for unlimited IP ranges

Improved host detection using multiple ICMP methods

Provide support for TCP SYN scanning

Simple HTML report generation

Source port scanning

Extensive banner grabbing

Large built-in port list description database

IP and port scan order randomization

Extensive Windows host enumeration capability

Download link: https://www.mcafee.com/in/downloads/free-tools/termsofuse.aspx


19) ISS Scanner:



The IBM Internet Scanner is a pen testing tool which offers the foundation for the effective network security for any business.


Features:


Internet Scanner minimize the business risk by finding the weak spots in the network

It allows to automate scans and discover vulnerabilities

Internet Scanner cuts the risk by identifying the security holes, or vulnerabilities, in the network

Complete Vulnerability Management

Internet Scanner can identify more than 1,300 types of networked devices

Download link: https://www-01.ibm.com/software/info/trials


20) Scapy:

Scapy is a powerful and interactive pen testing tool. It can handle many classical tasks like scanning, probing, and attacks on the network.


Features:


It performs some specific tasks like sending invalid frames, injecting 802.11 frames. It uses various combining techniques which is hard to do with other tools

It allows user to build exactly the packets they want

Reduces the number of lines written to execute the specific code

Download link: http://secdev.org/projects/scapy/


21) IronWASP:



IronWASP is an open source software for web application vulnerability testing. It is designed to be customizable so that users can create their custom security scanners using it.


Features:


GUI based and very easy to use

It has powerful and an effective scanning engine

Support for recording Login sequence

Reporting in both HTML and RTF formats

Checks for over 25 types of web vulnerabilities

False Positives and Negatives detection support

It supports Python and Ruby

Extensible using plug-ins or modules in Python, Ruby, C# or VB.NET

Download link: http://ironwasp.org/download.html


22) Ettercap:



Ettercap is a comprehensive pen testing tool. It supports active and passive dissection. It also includes many features for network and host analysis.


Features:


It supports active and passive dissection of many protocols

Feature of ARP poisoning to sniff on a switched LAN between two hosts

Characters can be injected into a server or to a client while maintaining a live connection

Ettercap is capable of sniffing an SSH connection in full duplex

Allows sniffing of HTTP SSL secured data even when the connection is made using proxy

Allows creation of custom plugins using Ettercap's API

Download link: https://ettercap.github.io/ettercap/downloads.html


23) Security Onion:



Security Onion is a penetration testing tool. It is used for intrusion detection, and network security monitoring. It has an easy-to-use Setup wizard allows users to build an army of distributed sensors for their enterprise.


Features:


It is built on a distributed client-server model

Network Security Monitoring allows monitoring for security related events

It offers full packet capture

Network-based and host-based intrusion detection systems

It has a built-in mechanism to purge old data before storage device fill to its capacity

Download link: https://securityonion.net/


24) Personal Software Inspector:

Personal Software Inspector is an open source computer security solution. This tool can identify vulnerabilities in applications on a PC or a Server.


Features:


It is available in eight different languages

Automates the updates for insecure programs

It covers thousands of programs and automatically detects insecure programs

This pen testing tool automatically and regularly scans PC for vulnerable programs

Detects and notifies programs that can't be automatically updated

Download link: http://learn.flexerasoftware.com/SVM-EVAL-Personal-Software-Inspector


25) HconSTF:



HconSTF is Open Source Penetration Testing tool based on different browser technologies. It helps any security professional to assists in the Penetration testing. It contains web tools which are powerful in doing XSS, SQL injection, CSRF, Trace XSS, RFI, LFI, etc.


Features:


Categorized and comprehensive toolset

Every option is configured for penetration testing

Specially configured and enhanced for gaining solid anonymity

Works for web app testing assessments

Easy to use & collaborative Operating System

Download link: http://www.hcon.in/


26) IBM Security AppScan:



IBM Security AppScan helps to enhance web application security and mobile application security. It improves application security and strengthens regulatory compliance. It helps users to identify security vulnerabilities and generate reports.


Features:


Enable Development and QA to perform testing during SDLC process

Control what applications each user can test

Easily distribute reports

Increase visibility and better understand enterprise risks

Focus on finding and fixing issues

Control the access of information

Download link: http://www-03.ibm.com/software/products/en/appscan


27) Arachni:

Arachni is an open source Ruby framework based tool for penetration testers & administrators. It is used for evaluating the security of modern web applications.


Features:


It is a versatile tool, so it covers large numbers of use-cases. This ranging from a simple command line scanner utility to a global high-performance grid of scanners

Option for Multiple deployments

It offers verifiable, inspectable code base to ensure the highest level of protection

It can easily integrate with browser environment

It offers highly detailed and well-structured reports

Download link: https://sourceforge.net/projects/safe3wvs/files


28) Websecurify:



Websecurify is a powerful security testing environment. It is a user -friendly interface which is simple and easy to use. It offers a combination of automatic and manual vulnerability testing technologies.


Features:


Good testing and scanning technology

Strong testing engine to detect URLs

It is extensible with many available add-ons

It is available for all the major desktop and mobile platforms

Download link: https://www.websecurify.com/


29) Vega:

Vega is an open source web security scanner and pen testing platform to test the security of web applications.


Features:


Automated, Manual, and Hybrid Security Testing

It helps users to find vulnerabilities. It may be cross-site scripting, stored cross-site scripting, blind SQL injection, shell injection, etc.

It can automatically log into websites when supplied with user credentials

It runs effectively on Linux, OS X, and Windows

Vega detection modules are written in JavaScript

Download link: https://subgraph.com/vega/download/index.en.html


30) Wapiti:



Wapiti is another famous penetration testing tool. It allows auditing the security of the web applications. It supports both GET and POST HTTP methods for the vulnerability check.


Features:


Generates vulnerability reports in various formats

It can suspend and resume a scan or an attack

Fast and easy way to activate and deactivate attack modules

Support HTTP and HTTPS proxies

It allows restraining the scope of the scan

Automatic removal of a parameter in URLs

Import of cookies

It can activate or deactivate SSL certificates verification

Extract URLs from Flash SWF files

Download link: https://sourceforge.net/projects/wapiti/files/


31) Kismet:



Kismet is a wireless network detector and intrusion detection system. It works with Wi-Fi networks but can be expanded via plugins as it allows to handle other network types.


Features:


Allows standard PCAP logging

Client/Server modular architecture

Plug-in architecture to expand core features

Multiple capture source support

Distributed remote sniffing via light-weight remote capture

XML output for integration with other tools

Download link: https://www.kismetwireless.net/download.shtml


32) Kali Linux:



Kali Linux is an open source pen testing tool which is maintained and funded by Offensive Security.


Features:


Full customization of Kali ISOs with live-build to create customized Kali Linux images

It contains a bunch of Meta package collections which aggregate different tool sets

ISO of Doom and Other Kali Recipes

Disk Encryption on Raspberry Pi 2

Live USB with Multiple Persistence Stores

Download link: https://www.kali.org/


33) Parrot Security:



Parrot Security is a pen testing tool. It offers fully portable laboratory for security and digital forensics experts. It also helps users to protect their privacy with anonymity and crypto tools.


Features:


It includes a full arsenal of security oriented tools to perform penetration tests, security audits and more.

It comes with preinstalled and useful and updated libraries

Offers powerful worldwide mirror servers

Allows community-driven development

Offers separate Cloud OS specifically designed for servers

Download link: https://www.parrotsec.org/download.fx


34) OpenSSL:



This toolkit is licensed under an Apache-style license. It is free and open source project that provides a full-featured toolkit for the TLS and SSL protocols.


Features:


It is written in C, but wrappers are available for many computer languages

The library includes tools for generating RSA private keys and Certificate Signing Requests

Verify CSR file

Completely remove Passphrase from Key

Create new Private Key and allows Certificate Signing Request

Download link: https://www.openssl.org/source/


35) Snort:



Snort is an open-source intrusion detection and pen testing system. It offers the benefits of signature-protocol- and anomaly-based inspection methods. This tool helps users to get maximum protection from malware attacks.


Features:


Snort gained notoriety for being able to detect threats accurately at high speeds

Protect your workspace from emerging attacks quickly

Snort can be used to create customized unique network security solutions

Test SSL certificate of a particular URL

It can check if particular cipher is accepted on URL

Verify the Certificate Signer Authority

Ability to submit false positives/negatives

Download link: https://www.snort.org/downloads


36) Backbox:



BackBox is an Open Source Community project with the objective of enhancing the culture of security in IT environment. It is available in two different variations like Backbox Linux and Backbox Cloud. It includes some of the most commonly known/used security and analysis tools.


Features:


It is helpful tool to reduce company resource needs and lower costs of managing multiple network device requirements

It is fully automated pen testing tool. So, no agents and no network configuration needed to make changes. In order to perform scheduled automated configuration

Secure Access to Devices

Organizations can save time as there is no need to track individual network devices

Supports Credential and Configuration File Encryption

Self-Backup and Automatic Remote Storage

Offers IP Based Access Control

No need to write command as it comes with pre-Configured Commands

Download link: https://backbox.org/download


37) THC Hydra:

Hydra is a parallelized login cracker and pen testing tool. It is very fast and flexible, and new modules are easy to add. This tool allows researchers and security consultants to find unauthorized access.


Features:


Full time-memory trade-off tool suites along with rainbow table generation, sort, conversion and look up

It supports rainbow table of any hash algorithm

Support rainbow table of any charset

Support rainbow table in compact or raw file format

Computation on multi-core processor support

Runs on Windows and Linux operating systems

Unified rainbow table file format on all supported OS

Support GUI and Command line user interface

Download link: https://github.com/vanhauser-thc/thc-hydra


38) Reputation Monitor Alert:

Open Threat Exchange Reputation Monitor is a free service. It allows professionals to track their organization's reputation. With the help of this tool, businesses and organizations can track the public IP and domain reputation of their assets.


Features:


Monitors cloud, hybrid cloud, and on-premises infrastructure

Delivers continuous threat intelligence to keep update about threats as they emerge

Provides most comprehensive threat detection and actionable incident response directives

Deploys quickly, easily, and with less number of efforts

Reduces TCO over traditional security solutions

Download link: https://www.alienvault.com/try-it-free?utm_internal=sb_freetrial_modal


39) John the Ripper:



John the Ripper known as JTR is a very popular password cracking tool. It is primarily used to perform dictionary attacks. It helps identify weak password vulnerabilities in a network. It also supports users from brute force and rainbow crack attacks.


Features:


John the Ripper is free and Open Source software

Proactive password strength checking module

It allows online browsing of the documentation

Support for many additional hash and cipher types

Allows to browse the documentation online including summary of changes between two versions

Download link: http://www.openwall.com/john/


40) Safe3 scanner:

Safe3WVS is one of the most powerful web vulnerability testing tool. It comes with web spider crawling technology, especially web portals. It is the fastest tool to find issues like SQL injection, upload vulnerability, and more.


Features:


Full support for Basic, Digest and HTTP authentications.

Intelligent web spider automatic removes repeated web pages

An automatic JavaScript analyzer provide support for extracting URLs from Ajax, Web 2.0 and any other applications

Support to scan SQL injection, upload vulnerability, admin path and directory list vulnerability

Download link: https://sourceforge.net/projects/safe3wvs/files/latest/download


41) CloudFlare:



CloudFlare is CDN with robust security features. Online threats range from comment spam and excessive bot crawling to malicious attacks like SQL injection. It provides protection against comment spam, excessive bot crawling, and malicious attacks.


Feature:


It is an enterprise-class DDoS protection network

Web application firewall helps from the collective intelligence of the entire network

Registering domain using CloudFlare is the most secure way to protect from domain hijacking

Rate Limiting feature protects user's critical resources. It blocks visitors with suspicious number of request rates.

CloudFlare Orbit solves security issues for IOT devices

Download link: https://www.cloudflare.com/


42) Zenmap



Zenmap is the official Nmap Security Scanner software. It is a multi-platform free and open source application. It is easy to use for beginners but also offers advanced features for experienced users.


Features:


Interactive and graphical results viewing

It summarizes details about a single host or a complete scan in a convenient display.

It can even draw a topology map of discovered networks.

It can show the differences between two scans.

It allows administrators to track new hosts or services appearing on their networks. Or track existing services that go down

Download link: https://nmap.org/download.html


The other tools that might be useful for penetration testing are


Acunetix: It is a web vulnerability scanner targeted at web applications. It is expensive tool compare to others and provides facility like cross site scripting testing, PCI compliance reports, SQL injection, etc.

Retina: It is more like a vulnerability management tools than a pre-testing tool

Nessus: It concentrates in compliance checks, sensitive data searches, IPs scan, website scanning, etc.

Netsparker: This tool comes with a robust web application scanner that identifies vulnerabilities and suggest solutions. There are free limited trials available but most of the time it is a commercial product. It also helps to exploit SQL injection and LFI (Local File Induction)

CORE Impact: This software can be used for mobile device penetration, password identification and cracking, network devise penetration etc. It is one of the expensive tools in software testing

Burpsuite: Like other this software is also a commercial product. It works on by intercepting proxy, web application scanning, crawling content and functionality etc. The advantage of using Burpsuite is that you can use this on windows, Linux and Mac OS X environment.

Created by Jit Banerjee