March 17, 2015

A lot of people contact us and ask: What are your preferred tools for Pentesting and which ones are free? Whilst there are hundreds and thousands of free Pentesting tools around, we seem to use only a core bunch of them as many have similar functionality. Some people may prefer one tool over another, but the bottom line is: There are many tools to achieve the same goal.

Here is our personal list of preferred tools, which does by no means indicate that those are the only ones to use.

Scanning

NMAP
Angry IP Scanner
Firewalk
OpenVAS
Nexpose

Penetration Testing

Metasploit Framework
Kali Linux
Netcat

Web Application Penetration Testing

Burp Suite
Acunetix
SQLmap
Nikto
w3af
owasp-zap
Webscarab
Wapiti

Password Attacks and MITM

Cain & Abel
Snort
THC Hydra
Ettercap
John the Ripper
Medusa

Wireless Attacks

Aircrack-NG Suite
Wifite
Easy-Creds
Evil-AP script
dsniff, tcpdump, stringswatch, SSLStrip, TShark
Ettercap
zANTI (Android)
Intercepter-NG (Android)
dSploit (Android)

Social Engineering

Social Engineering Toolkit (SET)
Maltego
CEWL
Veresoftware Toolbar
Mantra

Commercial Tools

Core Impact
Metasploit Pro
Canvas Pro
SAINT
Nessus Pro

Share
 

Comments are closed.