Penetration Testing Tools : Top 55
Penetration Testing Tools: Complete Updated List 2019<
Penetration testing is a method of finding flaws in the software in terms of security loopholes. The aim is to force a planned attack on the system to verify whether the attacker is capable of gaining access into the system's local files and features. Penetration testing is also known as
.Following is the list of 'Pen testing' penetration testing tools that are most widely used. These tools cater to different categories like application specific scanners, debuggers, encryption tools, packet sniffers, password crackers, traffic monitoring tools, vulnerability scanners, port scanners, web proxies and many more.
Vega:Vega is an open source penetration tool aimed at testing security of web applications to track whether there's any loophole which might lead to some malicious attacks. Vega emphasises on the following features:
Verifying if the website is prone to SQL injections which leads to mishandling of data
Vega, when acting as a proxy, analyses the communication between the client and server thus applying SSL encryption for a website
The proxy scanner can simultaneously run the modules that might attack the system while the user browses the target website through it
The platform for Vega is written in Java that works across platforms like Windows, Linux, OS X.
ZED Attack Proxy (ZAP):An open source penetration testing tool developed by Open Web Application Security Project which intends to find vulnerabilities within a web application. Few major areas which ZAP emphasises on are:
Intercepting Proxy: The term means intercepting or fetching the messages transferred between the browser and Web server. ZED hence tracks the destination server by tracking the intercepted messages.
Automated Scanner: The scanning mechanism reads through the web page's content to assess presence of any loophole that could lead to malicious attack to the systems' confidential data
Passive Scanner: A passive scanner is nothing but a way to capture the traffic between the browser and web server. Basically, the proxy server starts as we start ZAP and tracks the traffic for a secure connection
Brute Force Scanner: Such a scanner mechanism helps to catch bugs in terms of authentication. Brute force implies attacking the authenticity and invading deep into the system's confidential information via GET and POST response-request.
Fuzzer: Fuzzing in ZAP is a technique of injecting malformed data into the system with an intent to find bugs within the web application.
Port Scanner:Port scanning is used to test the number of open ports on the target site.
Spider:This feature is used to track new resources on a website and lists the URLs. It keeps traversing the URL’s until new resources are located.
Web Sockets:Websockets are a TCP connection between the client and server and are intended to remove communication barriers while the client attempts to establish a connection with the server.
Test reports can be generated in different formats like HTML, XML, JSON etc.
Supports various methods for validating authenticity - Basic, Digest, Kerberos, NTLM
Removes parameters from URL's
Enables activation/deactivation of SSL certificate verification
Hence, Wapiti can detect the following vulnerabilities -
Remote and local file identification, injections into database, cross site scripting, backup configurations that could possibly be bypassed and so on.
W3af:The acronym stands for 'Web Application and Audit Framework' designed to guard our web applications against security vulnerabilities. The tool extends the following functionalities/ features that define its credibility in performing pen testing.
With W3af's features we can capture security threats like SQL injection, cross-site scripting, credential authentication etc.
The tool comes with a GUI and console user interface
W3af is divided into core and plugin, where the core is responsible to coordinate with the system and offer features that are used by plugins to discover the vulnerabilities
Iron Wasp is a GUI based tool which has an easy to use interface
One may record Login sequence while testing
Capable of checking a wide range of vulnerabilities
Test reports can be generated in HTML and RTF formats
Testers can write custom security scanner in a short span of time
It has built-in crawler, scan manger and proxy
A wide range of database management systems are supported - MySQL, Oracle, PostgreSQL, Microsoft SQL server and Informix
One may apply a variety of SQL injection techniques such as Boolean based, time based, error based, UNION query based etc.
Supports connectivity to the database by passing DBMS credentials, IP address, port number and database name
Facilitates cracking password hashes with auto recognition of passwords
We can download or upload any file by connecting to the database
BeEF (Browser Exploitation Framework):
Enables capturing of vulnerabilities associated with any website, in real time.
The tool is compatible with Kali Linux, hence can be started as a service and accessed on the localhost
A cost friendly penetration testing tool
Helps to counter vulnerabilities like cross-site scripting
Facilitates SQL injection
Generates file's session is and time to analyse statistics
Back up file analysis and assess file inclusion vulnerabilities
A tool written in Java, is used for penetration testing HTTP(S) protocols
WebScarab may act as an intercepting proxy thus it allows the operator review and modify browser requests before sending them to the server and review results returned by the server
Bandwidth simulator helps the testers to assess a browser’s performance in case of a communication over a slower network
Parameter fuzzing helps to check whether the browser is validating incomplete parameter validation that eventually leads to Cross Site Scripting and SQL injection
Calls an application's methods in two ways - recursively and searching through the dictionary
Highly optimised HTTP handling, minimum CPU footprint leads to higher processing speed leading to 2000 requests per second
Offers a variety of checks that brings out the slightest flaws including blind injection vectors
Auto wordlist creation/ form auto completion
Supports a range of web technologies and websites composed of hybrid technologies
Capable of detecting intrusive interaction between domains
Solves a lot of security issues like MIME type mismatch, charset issues, XSS and many more
Ratproxy efficiently handles sea-surf (X SRF) attacks. While testing the application, the proxy will try to validate the XSRF protections, each time a request is received
Identifies if HTTP and META redirectors are redirected to lesser known browsers
Header Brute force attacks are used to enforce some attack mechanism by which we can decrypt the cipher text carried by the header (GET or POST method)
Checks accuracy of URL encoding as well
Proxy validates the request and response exchanged over HTTP
Multithreading enables executing concurrent codes
With Grendel scan's UI, testers simply identify the location for storing the scanned files and URL to begin with
Once the scan begins the tester isn't required to do much with it
Test report generated in HTML format so as to make it readable across all web browsers, the best part of the report being the type and degree of vulnerabilities are listed accordingly in the generated report
Watcher:Watcher is a penetration tool or sometimes termed as a utility that scans the available wireless network available within a specific range and retrieves information like IP address, MAC address, NIC card name and name of the computer
Watcher is a safer option for cloud infrastructure
Unlike scanners and crawlers, this tool screens user interactions and reports its confidentiality
Watcher has a built-in Check macro feature with which password protected pages can be verified easily
The tool can convert PDF/ Word files into HTML files to make it readable as in a normal webpage
X5S is a Fiddler plugin that lets us insert test cases into a web application so as to figure out encoding issues. The idea is to analyse as to how an encoding issue leads to cross-site scripting
It also helps to identify the areas to assess bypassing of XSS filters by injecting ASCII
With X5S we can analyse whether the injected values in the input fields leads to an appropriate encoded output or does the character transform into something else
X5S lays more emphasis on verify parameter and field values to assess their vulnerability to threats
Supports a wide range of frameworks that helps with a quite a few major functionalities like configuring, logging, database storage, scripting etc.
Metasploit provides auxiliary modules that can perform pre and post exploitation functionalities like scanning, launch attacks, OS detection, service detection etc.
Metasploit can very well integrate with add-on packages that creates standalone payloads that can further be encrypted via database connectivity, GUI interface etc.
Metasploit's open source feature makes it quite flexible to make it adaptable as per requirement
A network analyser which screens the network to do a micro analysis of what's going on. It can detect over a hundred protocols at a given point of time
Wireshark captures live packet data from network interface
Great features for VOIP analysis
Can extract or import files from already capture file formats like tcpdump, Secure IDS iplog, Microsoft Network monitor, WAN/LAN analyser and so on.
Supports network protocols such as IPSec, Kerberos, SNMPv3, SSL/TLS, WEP and WPA/WPA2
The output thus generated can be stored CSV, XML or PostScript
CORE Impact:CORE impact's advanced features include -
Testers can pause and save the state of a test during a run, post which they can resume the window where they left the work undone
Reports are customisable as users can export test report to a format say Microsoft Excel. Also they are free to make appropriate changes to the report
Supports 'Kerberos' protocol with latest features like pass-the-ticket and pass-the-key
Supports Windows Management Instrumentation (WMI)
Providing maximum and availability of data backup for any database and an easy recovery method
Provides a way to archive logs of data which is a great way to manage and export data to local and remote hosts
Extracting physical backups are easier
While backing up a given piece of data, parallel streams of backup are created thereby improving performance to a great extent
Test recoveries are done to ensure that all configurations, devices and data are in place before finally restoring data
This penetration tool has the potential to identify vulnerabilities that may cause harm to sensitive information stored in the system
Verifies whether a system has the latest software patches
Verifies vulnerability of the system to get affected by malicious users by applying common passwords
Tests with mobile devices to assess the degree of vulnerability
Burp suite is a popular tool that lets us scan through any portion of a webpage and make changes wherever required
Covers vulnerabilities such as SQL injection, cross-site scripting, file path manipulation, Server Side Includes (SSI) injection, XML injection and so on
With this tool, while testing security vulnerability we can set 'attack insertion points' within parameters, cookies, HTTP headers or URL file path
Testers have the option to filter configurations by choosing the appropriate URL’s or hosts are to be scanned
Real time feedback enables better assessment of test results due to the ongoing active scan queue that reflects the progress of each scan
Cain & Abel:
Password manager helps locate passwords of Outlook Express, Internet Explorer and so on
Can fetch password for Enterprise as well as local credentials on Windows XP
Dialup password decoder can reveal passwords stored by 'Dial-up' connections
Can detect man-in-the middle attacks
Can extract user names for Security Identifiers on remote systems
Can monitor messages from a variety of protocols - VRRP, RIPv2, EIGRP etc.
Cain & Abel
This penetration tool has the most powerful test methodology for SQL injection and cross site scripting
AcuMonitor service helps detect a wide range of vulnerabilities
Supports advanced penetration testing tools such as HTTP Editor and HTTP Fuzzer
John The Ripper:
A password cracker tool that caters to needs of the tester and customisable according to a need
The tool is primarily used for detection of passwords that could pose a security threat
This password cracker can be run on any platform either locally or remotely
We may use the command prompt to recover passwords
John The Ripper
Identification of sensitive data across various environments
Scans through a web page including technologies like AJAX, SOAP, REST/WADL, XML, JSON etc.
Open Web Application Security Project list includes risks like SQL Injection, Cross-Site Scripting, Cross-site request forgery and so on
Can audit web applications against huge volumes of database, theme and plugin vulnerabilities
Improves vulnerability detection while limiting the number of false positives
Social Engineer Toolkit:
A Python driven testing tool that aims to detect human attacks on a system
The tool can be combined with java driven attacks to send phish emails and buggy file formats
SET supports both GUI and console based versions to deal with attacks
Primarily aimed at detecting SQL injection vulnerabilities for web applications using Microsoft SQL Server
SQL ninja can detect fingerprint of SQL server by its version, user queries, user privileges etc.
Privilege escalation if the required password is found
xp_cmdshell in case the original one is disabled To find an appropriate port that is permissible by the firewall, a TCP/UDP portscan from SQL Server to the attacking machine is done
In a situation where no TCP/UDP ports are available for direct and reverse shell, DNS tunnelled pseudo shell are used
The tool can identify hosts on a network to list the hosts responding to TCP and ICMP requests
Scanning the number of open ports on a target host
Network services on remote devices are detected to capture an application's name and version number
Detecting an operating system and characteristics of hardware of any network device
Report sharing is much easier with this tool as it's prime objective is information sharing during security assessment
Attachments are supported in order to enable sharing of any file
Dradis is platform independent
Has built-in plugins to read and collect output of a variety of network tools, be it NMap, BurpSuite or Nikto
The tool is meant to perform man-in-the-middle attacks by injecting random characters into a live connection thus imitating commands sent or received by the client to the server
TCP/UDP packets are automatically filtered and replaced by searching for any ASCII or hexadecimal string and replacing it with our own choice of a string
Auto collection of information from protocols like TELNET, FTP, POP3, SSH1 and many more
The tool enables inserting into HTTP SSL session
Using PPTP tunnels we can perform man-in-the-middle attacks
A password cracking tool that aims to guess passwords from databases using Brute Force methodology
It works well with almost all major operating systems - Linux, Windows, Solaris, FreeBSD/OpenBSD, and OSX
SHODAN is a search engine that uses web crawlers to traverse a website
The tool can detect all connected devices to the system
A tool that monitors Wi-Fi network security by capturing and sending data packets to text files which will then be processed by third party tools
Detects fake access points and de-authentication via packet injection
Verifying Wi-Fi driver capabilities
Has the potential to crack WEP and WPA PSK connections
PunkSPIDER(scanner powered by PunkSCAN):
It can perform a huge number of vulnerability scans
There are specific scans performed by the tool are SQL injection, and cross-site scripting
Integrates well with other tools as well as other activities like application development, build integration, security monitoring
Offers security in terms of better regulatory compliance thereby minimising application's risk
With features such as Intelligent Finding Analytics, time and effort is reduced to a great extent to determine and find a remedy to a certain vulnerability
Security status can be shared among the team members with enhanced reporting and compliance features
Stronger and cost-effective security with source code analysis
Monitors network protocols such as SMTP, POP3, HTTP, ICMP and so on
Nagios monitors host resources – processor load, disk space, system logs as well as hardware
The tool can be used to perform remote monitoring that is supported through SSH or SSL
Plugins allows user to develop their service checks with their choice of tools - shell scripts, C++, Perl, Ruby etc.
Notify the users when a service or host problem occurs and get resolved
Provides SSL support - OpenSSL for Unix
Proxy support for HTTP
We can save reports in HTML, XML, CSV or text format
It can scan a more than one port on a server using an input file
Basic and NTLM are used to perform host authentication
OpenVAS scanner scans a number of hosts concurrently, provides OpenVAS transfer protocol, SSL support for OTP and so on
OpenVAS manager includes OpenVAS management protocol, SQL database for scan results, SSL support, scheduled scans etc.
GreenBone Security Assistant feature consists of client for OMP and OAP, HTTP and HTTPS, web server, online integrated help system
Secunia PSI is available in 5 languages - English, French, German, Spanish and Danish
A better and simplified user interface has an organised way of presenting security status of a software
Automatic patching helps to auto scan them at the background along with updating programs while carrying on with day to day activities
Can verify vulnerabilities in applications and plugins
Warning is issued if there's any chance of threat occurrence
Universal translator: this feature allows to comprehend everything be it any specific type of format, protocols and development technologies pertaining to modern browsers
Vulnerability validator: with an efficient reporting system, developers can validate threats or vulnerabilities and reproduce them in real time
AppSpider scales up the process of identifying security issues through integrations with Continuous Integration, WAF (Web Application Firewall), bug tracking, thus enabling developers to resolve defects
Brakeman:An ideal security testing tool to uncover vulnerabilities in Ruby on Rails application code, that includes-
Cross site scripting.
Unsafe code evaluation.
Cross site forgery.
Handles vulnerabilities such as privacy, backup files, configuration errors, remote administrator interface etc.
SiteDigger uses Google API that makes it stand out among other tools
Automatically tests 26 SSL ciphers thereby assigning them a certain degree of security vulnerability
It has signature update functionality and offers a dynamic GUI
Netsparker's proof based scanning lets uncover various hidden vulnerabilities, in a read-only format so that a summary of such security issues are reported and solved on time
Easy 'URL Configuration' let testers replace erroneous GET parameters with more correct or readable URL path segments
Custom URL Rewrite enables configuring scanner by providing URL rewrite patterns for the target website
The tool has capabilities to counter vulnerabilities like SQL injection, cross site scripting across all types of platforms and technology
Web service scanning eases communication between network and web based devices
OWASP:It is termed as 'Open Web Application Security Project' that provides a list of documents, articles, methodologies and so on for a variety of security testing tools.
Provides free and open source security tools and standards
Complete documentation for secure code development, security code review and various aspects involved in an application's security testing
Standards for libraries and security elements
Is capable of finding SQL injection vulnerabilities in dynamic web pages
Identifies unnecessary content in URL parameters
We may configure Scrawlr as a proxy for accessing a website
Determine the type of server used for an application
Scans across different host names and subdomains
The GUI is easy to use and user-friendly
Advanced test and scan techniques
Detects URL's automatically
Detects vulnerabilities like cross site scripting, cross site forgery, SQL injection, HTTP response splitting, session cookie issues, URL redirection etc.
Parallel web crawling
Discovers server side technology
Custom web navigation Macro reader to navigate through the site and replay the test
Supports OWASP Top10, PCI, SANS/FBI
Basic, Digest, NTLM and certificate authentications
Database support for Sybase, DB2, Access, Postgresql etc.
Supports SQL injection, XSS, upload vulnerability etc.
Scans SQL injection state in spite of the presence of WAF and HIPS
A virtual machine for penetration testing supported on VirtualBox and VMWare
The framework offers some of the best open source tools aimed at testing security vulnerabilities of a website
The tools that come under this framework are webscarab, w3af, BeEF etc.
Faster scanning with more accurate results
Dynamic analysis to retrieve vulnerabilities in order to fix them
The tool organises the list of vulnerabilities such that the user can view and filter results for further analysis
Detailed analysis of code with actionable information like line of code and SQL queries
Prepare action plans
Tracks progress of security tests
We can customise reports as per our requirement
Provides code metrics to asses code's quality
With Kiuwan security, we can export and import various rulesets
Capable of checking more than 47 rule validations
Not much difficulty in configuring pre-processing settings
It is quite simple to add custom rules
Supports various IDE integrations - Visual studio, Eclipse, Emacs and so on
Nsiqcppstyle support CI (Continuous Integration) server
Presents all types of session ID's
It has a built-in Fuzzer wherein we can generate our own Fuzzer library
It crawls through the website, performing vulnerability tests
Veracode's advanced features provides developers a chance to analyse security threats even faster than before
It has custom cleaners that performs cleaning functions for SQL injection, URL redirection, log forging and header injection
Developers do not need to scan a saved file as the tool performs an auto scan
The list of tools available for security/penetration testing are many, out which the ones mentioned in this article have gained a considerable attention and has become a favourite choice for many hackers and security engineers.
Give your feedback!