Penetration Testing Tools: Complete Updated List 2019<
Penetration testing is a method of finding flaws in the software in terms of security loopholes. The aim is to force a planned attack on the system to verify whether the attacker is capable of gaining access into the system's local files and features. Penetration testing is also known as 'Pen testing'.Following is the list of penetration testing tools that are most widely used. These tools cater to different categories like application specific scanners, debuggers, encryption tools, packet sniffers, password crackers, traffic monitoring tools, vulnerability scanners, port scanners, web proxies and many more.
Vega:Vega is an open source penetration tool aimed at testing security of web applications to track whether there's any loophole which might lead to some malicious attacks. Vega emphasises on the following features:
Verifying if the website is prone to SQL injections which leads to mishandling of data
Automated Scanner: The web crawler feature of Vega helps to crawl through the website to analyse the page’s content to capture links and form parameters to assess possible points of data injections and runs the script written in JavaScript to ensure its correctness
Vega, when acting as a proxy, analyses the communication between the client and server thus applying SSL encryption for a website
The proxy scanner can simultaneously run the modules that might attack the system while the user browses the target website through it
The platform for Vega is written in Java that works across platforms like Windows, Linux, OS X.
ZED Attack Proxy (ZAP):An open source penetration testing tool developed by Open Web Application Security Project which intends to find vulnerabilities within a web application. Few major areas which ZAP emphasises on are:
Intercepting Proxy: The term means intercepting or fetching the messages transferred between the browser and Web server. ZED hence tracks the destination server by tracking the intercepted messages.
Automated Scanner: The scanning mechanism reads through the web page's content to assess presence of any loophole that could lead to malicious attack to the systems' confidential data
Passive Scanner: A passive scanner is nothing but a way to capture the traffic between the browser and web server. Basically, the proxy server starts as we start ZAP and tracks the traffic for a secure connection
Brute Force Scanner: Such a scanner mechanism helps to catch bugs in terms of authentication. Brute force implies attacking the authenticity and invading deep into the system's confidential information via GET and POST response-request.
Fuzzer: Fuzzing in ZAP is a technique of injecting malformed data into the system with an intent to find bugs within the web application.
Port Scanner:Port scanning is used to test the number of open ports on the target site.
Spider:This feature is used to track new resources on a website and lists the URLs. It keeps traversing the URL’s until new resources are located.
Web Sockets:Websockets are a TCP connection between the client and server and are intended to remove communication barriers while the client attempts to establish a connection with the server.
W3af:The acronym stands for 'Web Application and Audit Framework' designed to guard our web applications against security vulnerabilities. The tool extends the following functionalities/ features that define its credibility in performing pen testing.
With W3af's features we can capture security threats like SQL injection, cross-site scripting, credential authentication etc.
The tool comes with a GUI and console user interface
W3af is divided into core and plugin, where the core is responsible to coordinate with the system and offer features that are used by plugins to discover the vulnerabilities
A tool written in Java, is used for penetration testing HTTP(S) protocols
WebScarab may act as an intercepting proxy thus it allows the operator review and modify browser requests before sending them to the server and review results returned by the server
Bandwidth simulator helps the testers to assess a browser’s performance in case of a communication over a slower network
Parameter fuzzing helps to check whether the browser is validating incomplete parameter validation that eventually leads to Cross Site Scripting and SQL injection
Capable of detecting intrusive interaction between domains
Solves a lot of security issues like MIME type mismatch, charset issues, XSS and many more
Ratproxy efficiently handles sea-surf (X SRF) attacks. While testing the application, the proxy will try to validate the XSRF protections, each time a request is received
Identifies if HTTP and META redirectors are redirected to lesser known browsers
Among all sorts of security problems some of the very basic aspects are met by this tool - alarming the JavaScript, directory indexing, server errors etc.
Header Brute force attacks are used to enforce some attack mechanism by which we can decrypt the cipher text carried by the header (GET or POST method)
Checks accuracy of URL encoding as well
Proxy validates the request and response exchanged over HTTP
With Grendel scan's UI, testers simply identify the location for storing the scanned files and URL to begin with
Once the scan begins the tester isn't required to do much with it
Test report generated in HTML format so as to make it readable across all web browsers, the best part of the report being the type and degree of vulnerabilities are listed accordingly in the generated report
Watcher:Watcher is a penetration tool or sometimes termed as a utility that scans the available wireless network available within a specific range and retrieves information like IP address, MAC address, NIC card name and name of the computer
Watcher is a safer option for cloud infrastructure
Unlike scanners and crawlers, this tool screens user interactions and reports its confidentiality
Watcher has a built-in Check macro feature with which password protected pages can be verified easily
The tool can convert PDF/ Word files into HTML files to make it readable as in a normal webpage
X5S is a Fiddler plugin that lets us insert test cases into a web application so as to figure out encoding issues. The idea is to analyse as to how an encoding issue leads to cross-site scripting
It also helps to identify the areas to assess bypassing of XSS filters by injecting ASCII
With X5S we can analyse whether the injected values in the input fields leads to an appropriate encoded output or does the character transform into something else
X5S lays more emphasis on verify parameter and field values to assess their vulnerability to threats
Integrated browser environment of Arachni offers maximum coverage for a wide range of technologies like HTML5, JavaScript, DOM manipulation and many more
Metasploit:
Supports a wide range of frameworks that helps with a quite a few major functionalities like configuring, logging, database storage, scripting etc.
Metasploit provides auxiliary modules that can perform pre and post exploitation functionalities like scanning, launch attacks, OS detection, service detection etc.
Metasploit can very well integrate with add-on packages that creates standalone payloads that can further be encrypted via database connectivity, GUI interface etc.
Metasploit's open source feature makes it quite flexible to make it adaptable as per requirement
A network analyser which screens the network to do a micro analysis of what's going on. It can detect over a hundred protocols at a given point of time
Wireshark captures live packet data from network interface
Great features for VOIP analysis
Can extract or import files from already capture file formats like tcpdump, Secure IDS iplog, Microsoft Network monitor, WAN/LAN analyser and so on.
Supports network protocols such as IPSec, Kerberos, SNMPv3, SSL/TLS, WEP and WPA/WPA2
The output thus generated can be stored CSV, XML or PostScript
Burp suite is a popular tool that lets us scan through any portion of a webpage and make changes wherever required
Covers vulnerabilities such as SQL injection, cross-site scripting, file path manipulation, Server Side Includes (SSI) injection, XML injection and so on
With this tool, while testing security vulnerability we can set 'attack insertion points' within parameters, cookies, HTTP headers or URL file path
Testers have the option to filter configurations by choosing the appropriate URL’s or hosts are to be scanned
Real time feedback enables better assessment of test results due to the ongoing active scan queue that reflects the progress of each scan
The tool is meant to perform man-in-the-middle attacks by injecting random characters into a live connection thus imitating commands sent or received by the client to the server
TCP/UDP packets are automatically filtered and replaced by searching for any ASCII or hexadecimal string and replacing it with our own choice of a string
Auto collection of information from protocols like TELNET, FTP, POP3, SSH1 and many more
The tool enables inserting into HTTP SSL session
Using PPTP tunnels we can perform man-in-the-middle attacks
Integrates well with other tools as well as other activities like application development, build integration, security monitoring
Offers security in terms of better regulatory compliance thereby minimising application's risk
With features such as Intelligent Finding Analytics, time and effort is reduced to a great extent to determine and find a remedy to a certain vulnerability
Security status can be shared among the team members with enhanced reporting and compliance features
Stronger and cost-effective security with source code analysis
Universal translator: this feature allows to comprehend everything be it any specific type of format, protocols and development technologies pertaining to modern browsers
Vulnerability validator: with an efficient reporting system, developers can validate threats or vulnerabilities and reproduce them in real time
AppSpider scales up the process of identifying security issues through integrations with Continuous Integration, WAF (Web Application Firewall), bug tracking, thus enabling developers to resolve defects
Netsparker's proof based scanning lets uncover various hidden vulnerabilities, in a read-only format so that a summary of such security issues are reported and solved on time
Easy 'URL Configuration' let testers replace erroneous GET parameters with more correct or readable URL path segments
Custom URL Rewrite enables configuring scanner by providing URL rewrite patterns for the target website
The tool has capabilities to counter vulnerabilities like SQL injection, cross site scripting across all types of platforms and technology
Web service scanning eases communication between network and web based devices
OWASP:It is termed as 'Open Web Application Security Project' that provides a list of documents, articles, methodologies and so on for a variety of security testing tools.
Provides free and open source security tools and standards
Complete documentation for secure code development, security code review and various aspects involved in an application's security testing
Detects vulnerabilities like cross site scripting, cross site forgery, SQL injection, HTTP response splitting, session cookie issues, URL redirection etc.
Available for all major platforms like JavaScript, python, C, C++, Java
The list of tools available for security/penetration testing are many, out which the ones mentioned in this article have gained a considerable attention and has become a favourite choice for many hackers and security engineers.