Ultimate Pentest Tools List (300+)

by Cyver | Jul 18, 2023 | Blog

The following include a list of pentest tools available across the web. Many are free and even open source, others are premium tools and require a monthly or yearly subscription. We’ll note when pentest tools aren’t free. We interviewed Cyver pentester Mike Terhaar for his favorites and highlighted them in the text.

*Please note some tools were included more than once when they fit well into several categories. In addition, all tools are in alphabetical order and not ranked.

Attack / Adversary Simulation (Red teaming) (22 tools)

Atomic Red Team – Library of tests mapped to the MITRE ATT&CK Framework

APT Simulator – Script & toolset to simulate the appearance of an APT attack

ATT&CK Simulator – Automate adversary simulations for red/blue-purple teaming

BlindSpot – Adversary simulator with red-team, breach simulation, and purple team capabilities. (Not Free)

Caldera – A framework for adversary emulation by MITRE

Cobalt Strike – A VM & threat emulation framework for adversary simulation / red teaming

Cymulate – Security posture management platform with red teaming (Not Free)

Dumpsterfire – Menu-driven tool for building distributed security events for red/blue/purple team drills

GreyMatter – Security operations platform with red teaming (formerly Threatcare) (Not Free)

Infection Monkey – Open-source breach and attack simulation platform

Invoke Adversary – Script for automating adversary threats

Mandiant – Security validation and adversary simulation tool in Google Cloud (Not Free)

MATE – Attack Simulator offered by Microsoft as part of 365

Metta – Open-source tool for network adversarial simulation

NSAUnfetter – Attack simulator based on the MITRE ATT&CK framework

Pentera – Automate insider & outsider attacks for red-team/purple team exercises (Not Free)

Red Team Automation (RTA) - Scripts based on 50+ MITRE ATT&CK tactics for blue teams

SafeBreach – Breach and attack simulation platform (Not Free)

Scythe.io - Cloud adversary emulation platform for red-team/purple team (Not Free)

SimSpace – Simulated environment for cybersecurity exercises (Not Free)

Splunk Attack Range – Cloud and local environment builder for attack simulation

THC Hydra – Attack-simulator tool for unauthorized access

Distros / Distributions (13 tools)

Distros are operating systems packaged with components designed for ethical hacking or pentesting – many with more specific focuses, such as web pentesting.

“I like Parrot OS the most because it’s more flexible than Kali. Of course, that depends on what you need. Parrot is a default OS and you install what you need.” says Mike, “Kali is fixed. Kali is also fixed to their own update lists and patches, so if you change anything, it can break the system. I also like BlackArch’s OS a lot, but I have less experience with it because it needs more configuration, but I really like that you can do everything with one system.”

ArchStrike – Arch GNU/Linux repository closely following LInux Standards

AttifyOS – GNU/Linux distribution built around IoT pentesting

BackBox – Ubuntu-based distribution for penetration tests and security assessments.

BlackArch – Arch GNU/Linux-based distribution with 2,500+ tools

CAINE – Computer Aided Investigative Environment is a digital forensics and analysis framework

Fedora Security Lab – Test environment for security auditing, forensics, system rescue, etc.

Kali – GNU/Linux distro for digital forensics and pentesting

Linux Kodachi – A Debian-based distro, boot from CD/USB, filters traffic through TOR and attempts trace cleanup after use

Network Security Toolkit (NST) – Fedora-based bootable live operating system

ParrotOS – Distro featuring multiple architecture options and 100+ pentest tools

Pentoo – Security-focused live USB-based on Gentoo for 32/64-bit OS

Samurai Web Testing Framework – Distro for pentesting on the web

The Pentesters Framework – Distro is organized around Penetration Testing Execution Standard (PTES)

Frameworks (17 tools)

“I use both ReNgine and Metasploit. Metasploit a bit less because you need more infrastructure level data.” says Mike, “ ReNgine gives you an impression of the general hygiene of the application and implementation, open services, hardening, etc. Metasploit is flexible, old-school, and makes life a lot easier. But ReNgine replaces an expensive tool like Nessus, delivering a lot in a single application”

BetterCAP – Modular, portable, and easily extensible MITM framework.

Caldera – A framework for adversary emulation by MITRE

Cobalt Strike – A Fortra VM & threat emulation framework

Dshell – Network forensic analysis framework

ExploitPack – Graphical tool with 39,000+ exploits for pentest automation

Empire – Post-exploitation adversary emulation framework

IronWASP – Framework for web-application vulnerability testing with tools & scanner capabilities

Jok3r – A network infrastructure and web security assessment framework with automation & pentest tools

Metasploit – Post-exploitation pentest tools to verify vulnerabilities, manage assessments, and more. Open Source and Pro available. Pro costs roughly $15,000 per year.

MobSF – An automated, mobile application pentesting, malware analysis and security assessment framework with static and dynamic analysis.

Pupy – Cross-platform remote administration and post-exploitation tool in Python & C

Recon-ng – A web-based reconnaissance framework

ReNgine – Open-source reconnaissance framework

routersploit – Open-source exploitation framework for embedded devices

shellsploit – Exploit development framework

WordPress Exploit Framework – Ruby framework for WordPress pentesting

Static and Dynamic Analyzers (15 tools)

“Snyk is a good one, I’m not much for it for pentesting, but for internal teams, it gives you insight and constant overview of your application vulnerabilities, changes, the impact of those based on vulnerabilities, etc.”

bandit – Python code analyzer with a focus on vulnerabilities

Brakeman – Static analysis security vulnerability scanner for Ruby on Rails applications.

cppcheck – Extensible C/C++ static analyzer and bug finder

Checkmarx –Full suite of sast, dast, and code scanning tools built for internal teams (Not Free)

Coverity – Free static analysis solution for open-source projects

Codacy – AI-driven SAST for 40+ programming languages (Not Free)

FindBugs – Free ava static analyzer with a focus on bugs

Forta WebInspect - Web scanner

Kiuwan – SAST and code analysis for vulnerability management (Not Free)

KlocWork – Compliance-based SAST (Not Free)

PMD – Source code analyzer for cross-language SaaS

sobelow – Phoenix Framework static analyzer focused on vulnerabilities

SonarQube – Static code analysis for 30+ languages, frameworks, and platforms (Not Free)

Snyk - Vulnerability database and code scanner (Not Free)

Veracode – Static analysis and vulnerability management (Not Free)

Hacking & Exploitation Tools (160)

Anonymity Tools (5 tools)

“normally when I do a test it’s in the open and the owner knows it so I don’t have to hide, but in case of red teaming, then you need the stealth”

I2P – Fully-encrypted private network layer

Nipe – Script to make Tor your default gateway

OnionScan – Discover vulnerabilities available through Onion-operated services

Tor – Onion-routed overlay network

What Every Browser Knows About You – Test your own Web browser’s configuration

CTF Tools (3 tools)

ctf-tools – Scripts to install various security research tools and deploy to new machines

Pwntools – Rapid exploit development framework for CTFs

RsaCtfTool – Attack and decrypts RSA tools

DDoS Tools (11 tools)

“It’s never my goal to deliberately cause an outage on a customer network, but, of course, when red teaming, or if it’s part of the engagement, you should use a tool like this and MHDDoS is a favorite.”

DDOS Ripper – DDOS attack server based on compromised computer systems

CC-attack – Socks4/5 proxy-based multithreading attack

HOIC – LOIC with countermeasure workarounds

LOIC – Open source network stress tool written in #C

MHDDoS – Python3 DDoS attack script with 56 methods

Nightmare Stresser – DDOS API for stress testing with up to 150 concurrent floods

Raven-Storm – DDoS Toolkit with multiple attack protocols

SlowLoris – Low bandwidth DDoS tool in Python

T50 – Network stress tool

UFONet – Denial of service toolkit with multifunctionality

Defense Evasion Tools (8 tools)

“I like Veil because it connects to Metasploit”, says Mike, “If you write code and want to pass it through antivirus, you need to use a tool like Veil, but in the old days, Veil was already being blocked by antivirus systems, so you’ll probably want a range of tools in case the current version doesn’t get through the AV.”

AntiVirus Evasion Tool (AVET) –Antivirus evasion tools

Fireprox – AWS API Gateway management tool for Ip rotation

Hyperion – Runtime encryptor for 32-bit portable executables (“PE .exes”).

peCloak.py – Hides malicious Windows executable from antivirus

peCloakCapstone – Multi-platform fork of peCloak.py

Proxybroker2 – Auto-rotate IP via proxy

Veil – Generate payloads to bypass common anti-virus solutions

Hash & Cracking Hacking Tools (12 tools)

“There are a lot of great tools for this. John the Ripper of course, Rainbow Tables, Cain and Abel. If you have a list and usernames and you know you’re working with a group of common users, you’re almost certain their password will fit in a list, so John the Ripper is your best option.”

AirCrack – Wifi Password retrieval with FMS

Brutus Password Cracker – Complex password retrieval with multi-stage authentication, brute force, dictionary, & more

BruteForce Wallet – Wallet password search

Cain and Abel – Sniffer and password cracking for forensics

CrackStation – Browser-based password hash-cracking

CeWL – Custom wordlists for spidering to feed password crackers

Hashcat – Hash cracking tool

John the Ripper – Password cracker

JWT Cracker – HS256 JWT token brute force cracker

Medusa – Brute-force parallel testing password cracker

Rainbow Crack – Hash cracker using large-scale time-memory technique

Rainbow Tables - Rainbow table generator with verification

Hex Editors (14 tools)

“You can use a custom hex editor, but I use the hex in Burp with an integrated translator”

Frhed – Binary file editor for Windows with partial file loading capabilities

FS Hex Editor – Hexadecimal and ASCII file editor

Hackman – Hex and binary editor with RAM viewer

HexEdit.js – Browser-based hex editing.

Hexinator – Hex tool with free and premium versions

Hexplorer – Hex editor with data mining tools

HxD Hex Editor – View, edit, and save hex and source code files

Kaitai Struct – Generate parsers and protocols

MiTeX Hexadecimal – Hex and Octal file editor with calculator

Open Freely – Hex viewer and editor

Tiny Hexer – Hex viewer, binary searcher, and octal viewer

Tyrannosaurus Hex – Open-source hex editor with color coding

UltraEdit – Text, code, and hex editor

Veles – Binary data visualization and analysis tool

IoT (3 tools)

“I still use the old school tools like Netcat and Nmap and nowadays, reNgine,” says Mike, “I start with NMap and follow up with NCat and that’s all I need.”

Praeda – Data harvester for multi-function printer assessments

Printer Exploitation Toolkit (PRET) – USB or network program for printer security mapping & exploitation

routersploit – Open-source exploitation framework for embedded devices

Network Tools (20 tools)

“Ettercap is an easy to use command line tool, you can write your filters on the go, you only get the information you actually want.” says Mike, “That's good if you want specific traffic details, however, if you don’t know what you're looking for, ettercap is unusable. Wireshark is the same but with a graphical interface, so you can easily filter - which makes it more commonly used”.

BetterCAP – Modular, portable man-in-the-middle framework.

CrackMapExec – Suite of tools for network penetration

Ettercap – Comprehensive suite for machine-in-the-middle attacks.

evilgrade – Fake update injection

Dripcap – Caffeinated packet analyzer for multiple OS

dnschef – Highly configurable DNS proxy

dnsenum – Perl script with DNS enumeration, zone transfer, dictionary attack, and reverse lookup functionality

dsniff – Recon & infiltration tools for networks

impacket – Network protocol toolset focused on low-impact access

Intercepter-NG – Multifunctional network toolkit for recon & interception

Morpheus – Automated ettercap TCP/IP hijacking tool

Nginx – Graphical interface with scriptable access to network infrastructure scanning and enumeration tools

pig – Linux packet crafting tool with library of attack signatures

pwnat – Punches holes in firewalls/NATs without port or DMZ setup required

scapy – Python-based interactive packet manipulation program & library

Scap-workbench – A GUI tool with SCAP Scanner and tailoring functionality

tcpdump/libpcap – Command-line packet analyzer tool

Wireshark - A graphic interface surrounding tcpdump / network protocol analyzer

Yersina – A network tool for 2-layer attacks

Zarp – Network attack tool for the exploitation of protocols and stacks

Mobile Exploitation (8 tools)

Dex2Jar – Tool for Android “. dex” and Java “. class” files.

Drozer – A mobile app security testing framework

Frida "Universal" SSL Unpinner – Universal unpinner.

Frida – Dynamic instrumentation toolkit

Genymotion: – Cross-platform Android emulator for developers & QA engineers

Jadx – Command line and GUI tool for producing java source code from Android Dex and APK files

MobSF – A mobile application pentesting, malware analysis and security assessment framework with static and dynamic analysis.

Radare2 – Toolchain for forensics, software reverse engineering, exploiting, debugging, etc.

Reverse Engineering Tools (16 tools)

binwalk – Analyze, reverse engineer, and extract firmware images

Capstone – Lightweight multi-platform, multi-architecture disassembly framework

dnSpy – .Net debugger and assembly tool

Evan’s Debugger – DObugger for GNU/Linux.

Frida – A scriptable and portable dynamic reverse engineering toolkit

Immunity Debugger – Debugger with exploit and malware capabilities

Interactive Disassembler (IDA Pro) – A multi-processor disassembler and debugger with free/premium versions

Medusa – Open source, cross-platform interactive disassembler

peda – Python Exploit Development Assistance for GDB

plasma – Interactive disassembler for x86/ARM/MIPS

PyREBox – Python scriptable Reverse Engineering sandbox and framework

Radare2 – Open source, cross-platform reverse engineering framework

rVMI – Full system analysis via virtual machine introspection

Voltron – Debugger UK for hackers

WDK/WinDbg – Microsoft Windows Driver Kit and WinDbg.

x64dbg – Open source x64/x32 debugger

Social Engineering Tools (6 tools)

“Catfish and Kingfish are nice tools, you can create your own social media campaigns, build complete websites, copy them, make the receiving end believe what you’re writing if they don’t look well enough”

Beelogger – Tool for generating keyloggers for Windows

Catphish – Ruby fishing toolkit

Evilginx2 – MITM attack framework used for phishing credentials and session cookies with 2-factor bypass

King Phisher – Create and manage simultaneous phishing attacks with server and content tools

Social Engineer Toolkit (SET) – Social engineering toolkit with framework

wifiphisher – Automated phishing attacks against WiFi network for red teaming or WiFi investigations

Utilities

(Windows) (8 tools)

“Sysinternals is a must-have. You can enumerate Windows systems, learn more about the environment the network is connected to. Mimikatz is also great for extracting sensitive data from system memory”

DeathStar – Python script to gain Active Directory administrative rights

Fibratus – Windows kernel exploration and tracing tool

Magic Unicorn – Shellcode generator and injection tool

mimikatz – Extract windows credentials PowerSploit – PowerShell Post-Exploitation Framework

redsnarf – Post-exploitation tool to retrieving password hashes and credentials from Windows workstations, servers, and domain controllers.

Responder – LLMNR, NBT-NS and MDNS poisoner

Sysinternals Suite – Microsoft’s Sysinternals Troubleshooting Utilities

Windows Exploit Suggester – Scan for missing Windows patches and vulnerabilities

(GNU/Linux)

Linux Exploit Suggester – Heuristic reporting on potential exploits for GNU/Linux

(macOS) (8 tools)

“I always build my Mac machine from scratch and the tools I use are Linux. The tools listed here are mostly for breaking into Mac, but it’s not common for companies to have a complete Mac network”.

EggShell – Remote administration tool for OSX

EmPyre – Post exploitation OS X agent

EvilOSX – Remote Administration tool for OS X

Kemon – Open source kernel monitoring

Keychain dump – Searches for unlocked keychain master keys

Machotools – Retrieve and change machotool data

MOSL – Audit MacOS security settings

PassiveFuzzFramework OSX – Fuzzing tool for OSX kernel vulnerabilities

Web Testing (21 tools)

“DIrbuster only works if you have a good list. I sometimes use Zed, SQLMap, and those are my go-to with Burp.” Says Mike, “SQLMap is also really powerful if you have a hunch SQL injection is possible. It’s flexible and much faster than doing it by hand. Very fast and easy to automate”

Burp Suite – An integrated platform for web-application pentesting (Free edition available) (Enterprise from $1,999 – Unlimited costs $49,999 per year). Some addons include:

Browser Exploitation Framework (BeEF) – Command and control server for delivering exploits

DirBuster – Brute-force over directories and web application server tool with hidden directory search

Commix – Command-line injection & exploitation tool

fimap – Python tool to find, prepare, audit, & exploit LFI/RFI bugs.

Kadimus – LFI scan and exploit tool.

Lazys3 – Ruby script to brute-force for AWS s3 buckets

liffy – LFI exploitation tool

LFI Suite – LFI exploiter and scanner

NoSQLMap d –Audit for and automate injection attacks, exploit configuration weaknesses, and clone data

OWASP Zed Attack Proxy (ZAP) – Scriptable HTTP intercepting proxy and fuzzer for web applications

Payloads All The Things – Payloads and bypasses for Web Application Security.

sslstrip2 – SSL stripping tool

SSRFTest – Server Site Request Forgery tool

SQLNinja – An SQL server injection and takeover tool

SQLMap – SQL injection detection, exploitation, and takeover tool

Subjack – Subdomain identification and takeover tool written in Go

tplmap – Server-side template injection, detection, and takeover tool

weevely3 – Weaponized web shell for post exploitation

WPSploit – Exploit WordPress websites with Metasploit

YsoSerial – Payload generation tool to exploit unsafe Java serialization

Wireless Network Hacking Tools (5 tools)

Aircrack-ng – Testing & auditing tools for wireless networks

Fluxion – Suite of automated social engineering-based WPA attacks and analysis

Kismet – Wireless network detector, sniffer, and WIDS

Reaver – Brute force attack against WiFi Protected Setup.

Wifite2 – Python script to audit wireless networks

Pentest Management Platforms

Cyver Core – A full-service pentest collaboration and management platform with report generation and team collaboration (Not Free)

AttackForge – A pentest management and reporting tool (Not Free)

Reconmap – A pentest collaboration platform (Not Free)

Faraday – Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments. (Not Free)

Pentest Report Generation Tools

(all of the above pentest management platforms also offer report generation)

Dradis – Ruby-based open-source report generation tool (not free)

PwnDoc– Pentest report generation tool

Serpico – Pentest report automation tool

MagicTree - Pentest report generation and streamlining tool with Nmap integration

Metagoofil - Autofills metadata into reports

PeTeReport – Python and Django tool to write markdown reports

Recon & Enumeration Tools (104)

Generic Recon & Enumeration

“These are all tools that can help make your life easier, but if you’re using something like Burp, you don’t need them anymore.” says Mike, “Or if you don’t trust Burp is complete, you can add to your toolbox to validate”.

Asnlookup – ASN Information tool

BlindElephant – Web application identifier and fingerprinter.

Chaos – Internet-wide asset data for research and recon

cms-explorer – Reveal the specific modules, plugins, components, and themes run by CMS websites + associated vulnerabilities

DET – Data exfiltration tool for DLP configuration errors

EyeWitness – Screenshot, server header, and default credentials tool

FuzzDB – Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery

Recon_profile – Alias creation tool

Skipfish – An active web-application security reconnaissance tool

smbmap – SMB enumeration too

Teh_s3_bucketeers – Discover S3 buckets on Amazon's AWS platform.

Transformations – Browser-based data obscurity detection tool

Spiderfoot – Automated OSINT and data collection

Splunk - A threat detection and management platform

Retire.JS – Browser plugin for finding vulnerable js libraries

Virtual-host-discovery – Enumerate virtual hosts on an IP / HTTP scanner

VHostScan – Virtual host scanner that performs reverse lookups

Wappalyzer – A browser extension to identify technologies used on websites

wafw00f – Identifies and fingerprints Web Application Firewall (WAF)

webscreenshot – Screenshot script

WhatWeb – Web scanner and fingerprinter

XSS hunter – Cross-site scripting vulnerability detection and probing

zmap – Open source network scanner with 13+ tools for further research & scans

URl / Subdomain Finders (8 tools)

“We always work on an assignment, and then the target is scope information and not more than that, so we rarely use these. But Rengine also has a URl and subdomain finder”.

Dirsearch – Command line tool to brute force directories and files

Dnsgen – This tool generates a combination of domain names from the provided input

Gau – Getallurls (gau) fetches known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl

JSParser – A python script to parse relative URLs from JavaScript files

Subfinder – ASubdomain discovery tool that discovers valid subdomains for websites by using passive online sources

Unfurl – Analyze URLs and estimate entropies to find URLs that might be vulnerable to attack

Waybackurls – Accept line-delimited domains on stdin, fetch known URLs from the Wayback Machine for *.domain and output them on stdout

Meg – URL fetching tool

OSINT Tools (16 tools)

“I like Shodan the most, theHarvester as well but it’s part of reNgine”, adds Mike, “ I always look at Shodan for known information about a particular target when I do a web application pentest, because it can point you in the right direction from the start. Maltego would be my number one if it were cheaper, but as-is, I think it’s way too expensive”.

AQUATONE – Create attack surface maps of subdomains with pre-compiled binaries

Censys – Threat intelligence and mapping platform

creepy – Geolocation gathering via social media platforms

C99.nl – Subdomain scanning tool

DataSploit – OSINT framework based around corporate espionage

Etherape – A graphical network monitor for Unix with graphic network activity display

Google Hacking Database – Google dorks database

Maltego – Open-source intelligence and graphical link analysis tool for gathering and connecting information for intelligence and forensics. (€ 999 per year)

metagoofil – Metadata harvester with email extraction functions

Seclists – Security testing data repository

Shodan – Search for Internet-connected devices

theHarvester – Harvest E-mail, subdomain and names via OSINT

Debookee – Network traffic interception and analysis for Mac

NetCat - Go-to network research tool

Nipper – Network configuration & audit tool for internal teams

XRay – Recon, mapping, OSINT for public networks

ZoomEye – Network component search engine

Dorks (5 tools)

BinGoo – GNU/Linux bash-based Bing and Google Dorking Tool

dork-bot– Command line Google dork tool

fast-recon – Script to perform Google dorks against a domain

GooDork – Command line Google dorking tool

snitch – Scripts to use dorks to gather information

Fuzzers (4 tools)

Dirb – Web content scanner and fuzzer

Ffuf – Web fuzzer

Netzob – Reverse engineer, model, and fuzz networks

Wfuzz – web application fuzzer

Mapping & Asset Discovery (5 tools)

Amass – Attack-surface mapping and external asset discovery

Lazyrecon – Script for recon and forensics for identifying first targets in a pentest

Sn1per – Automated scanner to enumerate and scan for vulnerabilities, best as recon tool and attack surface management. Community and Pro versions available.

Tripwire IP360 – Full network and asset discovery vulnerability scanner (Not Free)

Altair – GraphQL query and implementation debugging

Github Grabbers/Rippers (7 tools)

DVCS Ripper – Version control system ripper for web-accessible systems

gitGraber – Python tool to search and find GitHub data

Commit-stream – Extract commit logs from the Github event API

github-dorks – CLI tool to scan Github repos/organizations for sensitive information leaks

GitTools – Rip Web-accessible .git repositories

Shhgit – Search GitHub for sensitive data via the API

vcsmap – Plugin-based tool to scan public version control systems (GitHub) for sensitive information

Transport Layer Security Tools (6 tools)

“SSLScan is a go-to, it’s a quick way to look at general information for SSL certificates, which I use to advise customers to update their cyphers to TLS 1.3, and I check which versions they use”

Httprobe – Probes for working HTTP/HTTPS servers

SSLyze – TLS/SSL library to identify misconfigurations

SSLScan - Scans SSL certificates highlighting relevant information

Sublert – Python tool to leverage certificate transparency to monitor subdomains

testssl.sh – Command line tool to check ports for SSL/TLS protocols / services

tls_prober – Identify TLS/SSL implementations

DNS Mappers/Subdomain Finders (20 tools)

“I normally use Qualys, if it’s part of the test, there’s a lot more to it than just this so if yo use these, you’ll need a larger toolkit”

AltDNS – Recon tool for DNS subdomain discovery using generated patterns and resolution. Exports to brute forcing tools

BroadbandSearch – Suite of tools for network recon

CloudFail – Unmask server IP addresses using old database records and detecting misconfigured DNS.

DNSDumpster – DNS records research for recon

dnsmap – Simple DNS mapper

Dnsgrep – DNS lookup using Rapid7 rdns & fdns datasets

DNSSec Analyzer - Gives a good impression of environment and site situation

dnstracer – Traces DNS server information to source

Dnsprobe – DNS lookup with user-supplied resolvers

dnsrecon – DNS enumeration script in Python

FindDomain – Domain monitoring and recon tool with alerts and API

Knockpy – Python tool to enumerate subdomains via word list with DNS zone transfer & wildcard DNS record bypass

Netsniff-ng – Linux network plumbing & recon tool

Massdns - Stub-resolver for bulk DNS lookup & enumeration

Mass Scan – SYN packet port scanner

passivedns-client – Library and query tool for passive DNS databases

passivedns – Network sniffer to create log files of DNS server answers

Rapid7 Forward DNS (FDNS) – DNS request responses for all forward DNS names in Rapid7's Project Sonar

Shuffledns – Subdomain scanner using active bruteforce

Sublist3r – Enumerate subdomains using OSINT

Proxies (6 tools)

“I have a separate browser I connect directly to my applications and use foxyproxy for that, and then Burp itself is a proxy. Foxyproxy is just a management tool”.

Fiddler – Web debugging proxy suitable for recon

Foxyproxy - Browser plugin to offer enhanced proxy management in Firefox

mallory – HTTP/HTTPS proxy over SSH.

mitmproxy – SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets. Web and command line versions available

Burp - Includes a full proxy

ZAP - An intercepting capable proxy

Port Scanners (4 tools)

Naabu – Port scanner for attack surface discovery and enumeration

NMap - Extremely popular port scanner

Misc. Tools (7 tools)

NCat – swissarmy knife for pentesters

Osmedeus –A workflow engine to put together scanners and tools for reconnaissance

Reconness – Script to schedule tools and keep recon information in one place

Swiftness X – A note taking tool for BB and pentesting.

tgcd – Unix network extensibility for listening, port forwarding, and logging

scanless – Utility for finding third-party websites to do port scans on your behalf

SSH MITM – SSH connection interceptor over proxy with plaintext logs

Vulnerability Scanners (34 tools)

“Rengine, of course, because it’s open source and the interface is simple and easy to use. You can add tools yourself if you’d like more functionality. You can also create reports there.”

ACSTIS – Client-side template injection scanner

Acunetix – Web application vulnerability scanner with DAS/IAST and SCA + 7,000+ vulnerabilities in library (Not Free)

Astra – Continuous scanning platform for web apps, API, network, mobile app, & cloud infrastructure (Not Free)

Amazon Inspector - Scanner and risk management platform (Not Free)

BurpSuite Pro - A web vulnerability scanner used by over 16,000 organizations as part of a larger suite of vulnerability assessment tools. (Not Free)

Checkmarx –Full suite of sast, dast, and code scanning tools built for internal teams

Codename SCNR – A zero-dependency scriptable framework and web application scanner (Not Free)

Comodo HacckerProof – Schedulable scanner with PCI options (Not Free)

Core Impact – Vulnerability scanner with pentesting environment

Detectify – Automated vulnerability scanner with 2,000+ vulnerabilities in the library

Dnscan – Wordlist-based DNS subdomain scanner with zone-transfer functionality

HCL AppScan – Cloud-based application scanner with code review (Not Free)

Intruder.io –Vulnerability management and scanner intended for internal teams (Not Free)

Invicti – (Formerly Netsparker) Web and code vulnerability scanner designed for internal teams

joomscan – Open-source joomla vulnerability scanner

Nexpose – Vulnerability and risk management assessment tool by Rapid7 and integrated with Rapid7’s other tooling (Metasploit) (Not Free)

Nessus – Vulnerability management, configuration, and compliance assessment platform with target profiling, malware discover, and integrated PCI DSS (Free and Pro available)

Nikto – Open-source black box web server and web application vulnerability scanner with large database.

NMap - Free security scanner for network exploration & security audits scripts

NodeZero –Asset discovery and vulnerability scanner for internal and external pentest teams

Nuclei – Templated vulnerability scanner

OpenVAS – Free implementation of the Nessus vulnerability assessment system with scheduling, authorized credential scans, and IP targeting

Probely – Web application and API vulnerability scanner

ReNgine – Open-source vulnerability scanner and reconnaissance tool

Qualys – Vulnerability detection and management platform for compliance and internal security

Rapid7 - Platform with a range of products for vulnerability and threat insights

SecApps – In-browser web application security testing suite.

Sophos - Endpoint and web application scanning and threat prevention with anti-phishing tools intended for internal teams (Not Free)

Vulnerability Manager Plus – Scanner designed for internal pentest teams with security recommendations and patch management integrated.

Vuls – Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go.

w3af – Hacking Tools for Web application attack and audit framework.

Wapiti – Black box web application vulnerability scanner with built-in fuzzer and injection tools.

WPScan – Hacking Tools of Black Box WordPress vulnerability scanner.

ZAP – OWASP's web app scanner

Did we miss any tools? Email them to us at (email) and we’ll be happy to update the list.

Case Studies

New Features

Press Releases