Are you trying to learn hacking or just can’t seem to keep up with all of the penetration testing tools out there?

Then, I think you’ll love this article.

We selected 95 of our favorite tools for penetration tests and put them in this list for you.

If you just want to learn about different tools, read them all. If you are looking for a specific type, you can use the buttons to jump straight to that section.

Enjoy!

Bonus: If you don’t have time to read the whole article now, you can get a PDF version of it. Just tell us where to email it.

Penetration Testing Tools for Reconnaissance

Nikto

Reconnaissance, Vulnerability     Free

Nikto is a web scanning tool that runs series of tests against web servers and applications. The tool looks for things like: dangerous files, outdated applications, server configuration vulnerabilities and more.

Official Website:
https://cirt.net/Nikto2

Shodan

Reconnaissance     Free

Shodan is Google for hackers. Seriously! You can find a ton of valuable information. Open ports, webcams, refrigerators, unsecured devices, etc.

Official Website:
https://www.shodan.io/

Wireshark

Reconnaissance     Free

Wireshark is one of the penetration testing tools that every hacker needs. It can do so many things. Sniffing traffic, tracing communications are just a few things you can do with the tool. I guarantee you’ll find yourself using it more and more once you try it.

Official Website:
https://www.wireshark.org/

p0f

Reconnaissance     Free

P0f is a tool for reconnaissance. It uses only passive fingerprinting techniques to identify the devices sending and receiving any TCP/IP communications. It can be especially useful when NMAP scans are blocked.

Sn1per

Reconnaissance     Paid, Free Version Available

Sn1per is a penetration testing tool that automates scanning for penetration testing. It can also enumerate and scan for vulnerabilities. The professional version is used by Professional penetration testers, bug bounty researchers and corporate teams.

SPARTA

Reconnaissance     Free

SPARTA is a GUI application for scanning and enumerating networks during penetration tests. You can use SPARTA to run NMAP commands or use other recon techniques.

Official Website:
http://sparta.secforce.com/

Maltego

Reconnaissance, OSINT     Paid, Free Limited Version

Maltego is an OSINT (Open Source Intelligence) tool for collecting data about potential targets. The tool can be super useful when preparing for social engineering attacks. It transforms openly available data into visual graphs for easier discovery and investigation.

TheHarvester

Reconnaissance, OSINT     Free

TheHarvester is another of several penetration testing tools that uses OSINT for reconnaissance. You can use the tool to discover valuable information about your targets in the early stages of a penetration test.

DMitry

Reconnaissance     Free

DMitry is a UNIX based tool for gathering information about potential targets and hosts. It will help you perform whois lookups, subdomain research, email address searches and more on target hosts.

WHOIS

Reconnaissance, OSINT     Free

WHOIS is an open tool for looking up information about domain names. Due to recent privacy laws, the tool is not as full of information as it previously was. However, you can still get useful information from it.

Official Website:
https://whois.icann.org/en

IKE Scan

Reconnaissance, IPSEC VPNs     Free

IKE Scan is a penetration testing tool that you can use to discover and fingerprint IKE hosts using the retransmission backoff method. The tool assists in the following activities: Discovery of hosts, fingerprinting, transform enumeration to find supported attributes, user enumeration, and offline pre-shared key cracking.

NSLookup

Reconnaissance, OSINT     Free

NSLookup can be very useful during reconnaissance for a pen test even though it’s not technically a penetration testing tool. NSLookup performs DNS queries and lookups and can help in gathering info about a target.

FOCA (Fingerprinting Organizations with Collected Archives)

Reconnaissance, OSINT     Free

FOCA is a tool that helps find metadata and hidden information in documents. The documents can be collected from web pages or using other methods, scanned for valuable information. That info can then be used to formulate an attack plan.

Censys

Reconnaissance, OSINT     Free

Censys allows you to perform reconnaissance on IP addresses, domains, or CIDR blocks. You can gather information about ISP providers, open ports, protocols in use, related domains, and more.

Official Website:
https://censys.io/

HPING

Reconnaissance     Free

HPing is a command line tool with numerous uses as a penetration testing tool. A few things that the tool can be used for include: firewall testing, advanced port scanning, network testing, TOS, remote OS fingerprinting, remote uptime, and much more.

Official Website:
http://www.hping.org/

Password Attack Tools

Hashcat

Password     Free

Hashcat is one of the most well-known penetration testing tools for cracking passwords. It can use predefined dictionaries, rainbow tables, and even brute-force to find the best way to crack passwords.

Official Website:
https://hashcat.net/hashcat/

RainbowCrack

Password     Free

RainbowCrack is a password cracking tool that uses rainbow tables to crack password hashes. It is not a brute force attacker. It is based on the faster time-memory trade-off technique.

John The Ripper

Password     Free

John the Ripper is a fast password cracker. It works on Unix, Windows, DOS, and Open VMS. It works for cracking password hashes as well as Windows LM hashes.

johntheripper2_p12_design_650x650-1

Official Website:
https://www.openwall.com/john/

Medusa

Password     Free

Medusa is a password brute force tool that was designed specifically for systems that allow remote access of any kind. It is very stable and fast.

THC Hydra

Password     Free

THC Hydra is a commonly used brute force tool for breaking passwords. It has a ton of options and is a standard for everyone’s penetration testing tool kit.

CeWL

Password     Free

CeWL is a custom word list generation tool for preparing for brute force or rainbow attacks. Sometimes, when on a pen test you want to generate your own list – CeWL is the tool.

Mimikatz

Password     Free

Mimikatz is a tool that was built for collecting Windows passwords and hashes. It’s a well-known tool and can also perform pass-the-hash, pass-the-ticket or build Golden tickets.

Crunch

Password     Free

Crunch is a wordlist generation tool that allows you to specify a particular character set and create a wordlist from all of the possible combinations and permutations. This is great for reducing the scope of a rainbow or brute-force attack.

Patator

Password     Free

Patator was developed by an individual who was not happy with the performance of the well known brute force tools. It can attack a bunch of systems including SMB, SMTP, LDAP, VMware and a bunch more.

Dirbuster

Password     Free

Dirbuster is a brute force tool that was specifically designed for attacking web and application servers. It can also create a password list by crawling the developer’s sites.

Cain & Abel

Password     Free

Cain and Abel is one of the more well know free cybersecurity tools for password recovery. The tool, built for the Microsoft OS, allows for the recovery or discovery of passwords using a variety of methods including network sniffing, brute force and dictionary attacks.

Official Website:
http://www.oxid.it/cain.html

Tools for Hacking Windows

WinDBG

 Windows     Free

WinDBG is a debugging tool for Windows. It can be used to debug kernel-mode and user-mode code, analyzing crash dumps, and examining CPU registers while a particular code executes. It can be useful if you are working on developing malware.

Official Website:
http://www.windbg.org/

Ophcrack

 Windows, Passwords     Free

Ophcrack is a penetration testing tool for cracking Windows passwords using rainbow tables. It uses an efficient method of rainbow table cracking that the tool’s developers created. The tool also has a GUI.

PowerShell Penetration Testing Tools

Powersploit

Powershell, Windows     Free

Powersploit is a collection of Powershell commands and scripts that can be used by an attacker to attack Windows systems. It can be used with other Powershell pen testing tools for even more power.

PowerShell Empire

Powershell, Windows     Free

Empire is an amazing PowerShell penetration testing tool for the post-exploitation phase. It adds the ability to run PowerShell commands for privilege escalation and lateral movement without even needing powershell.exe.

WiFi Hacking

coWPAtty

WiFi Hacking     Free

coWPAtty is a tool for attacking WiFi networks with WPA and WPA2 authentication systems. Many enterprise environments still use PSK authentication for WiFI. CoWPAtty can help in attacking them.

WiFi Phisher

WiFi Hacking     Free

WiFi Phisher is one of the best penetration testing tools for setting up rogue access point to gain wireless credentials during red team engagements. It has a ton of functionality and can do pretty much anything you need. Some of the captive portal configurations are just amazing.

Official Website:
https://wifiphisher.org/

Fern WiFi Cracker

WiFi Hacking     Paid, Free Version Available

Fern WiFi Cracker is a penetration testing tool for wireless security auditing and attacks. The program is written in Python and the Python Qt GUI Library. It is great for cracking and recovering WEP/WPA/WPS keys and can run other network-based attacks on both wireless and wired networks.

Official Website:
http://www.fern-pro.com

AirCrack-NG

WiFi Hacking     Free

AirCrack-NG is an amazing pen testing tool for WiFi penetration testing. In fact, it has become one of my go-to tools. It’s actually a suite of tools and can perform pretty much every aspect of wireless hacking.

Official Website:
https://www.aircrack-ng.org/

NetStumbler

WiFi Hacking     Free

NetStumbler is a penetration testing tool that lets you search for open WiFi networks. The tools take a more active approach than other WiFi scanning tools. Presently, the tool only works on Windows.

Official Website:
http://www.netstumbler.com

Kismet

WiFi Hacking     Free

Kismet is a wireless penetration testing tool with several uses. It can assist in device detection, sniffing, wardriving, and even intrusion detection for WiFi, Bluetooth, and some Software Defined Radio. It also works on both Windows and Linux, making it very versatile.

GISKismet

WiFi Hacking     Free

GISKismet is a wireless penetration testing tool that is used for wireless recon visualization. It allows you to visualize the data that you have collected from Kismet in a flexible and easy-to-understand manner. The data is stored in a database so that you can generate graphs using SQL.

Wifite

WiFi Hacking     Free

Wifite was once more popular and maintained than it is presently. However, the community has created Wifite2 and maintain it. The tool depends on several other tools for hacking WiFI.

Reaver

WiFi Hacking     Free

Reaver is another of several hacking tools developed for attacking wireless networks. It was designed to be a more robust wifi hacking tool and has a boasted average time to crack WPA/WPA2 keys of 4-10 hours.

Bettercap

WiFi Hacking, MITM, BLE     Free

Bettercap is more of a penetration testing tool suite than just a WiFi Hacking tool. It can perform attacks against WiFi, Bluetooth, HID hijacking, and even ethernet recon and man in the middle attacks.

Official Website:
https://www.bettercap.org/

Vulnerabilities

OpenVAS

Vulnerability Assessment, Reconnaissance     Free

OpenVAS is an amazing vulnerability scanner that can perform several types of scanning. Using a powerful vulnerability assessment tool like this one can help you find vulnerabilities to exploit.

Official Website:
http://openvas.org/

Nessus

Vulnerability Assessment, Reconnaissance     Paid w/free limited version

Nessus is a very robust vulnerability scanning and assessment tool. You can scan hosts and find configuration and patch status info. Using this, you can create appropriate attacks.

OWASP Zed Attack Proxy Project (ZAP)

Vulnerability Assessment     Free

Zap is a very common tool used for hacking web applications. It’s open source and allows you to perform both active and passive scans of a web app. It generates nice reports and has several nice add-ons.

Official Website:
https://www.zaproxy.org/

Yasca

Vulnerability Assessment     Free

Yasca is a free static analysis tool for detecting security vulnerabilities in application source code. It’s written in PHP and is a command line tool. The tool hasn’t been maintained in a while, but it is still used.

SearchSploit

Exploits     Free

SearchSploit is a component of ExploitDB that you can download and install on your hacking machine. Then, you’ll be able to search through exploits, shellcodes and papers when planning or putting together an attack plan.

Vega

Exploits, Vulnerabilities     Free

Vega is a free an open source vulnerability scanner for web applications. The tool helps you find and validate SQL injection and Cross Site Scripting Attacks among other tasks. The tool is GUI based as well.

Web

W3AF

Web     Free

W3AF is a tool for web attacks and auditing. It check for a bunch of common web vulnerabilities including SQL – all automatically.

Official Website:
http://w3af.org/

HTTrack

Web     Free

HTTrack allows you to clone a website to a local directory. You can then poke around and look for vulnerabilities that you can possibly exploit.

Official Website:
https://www.httrack.com/

GoLismero

Web     Free

GoLismero is a penetration testing tool for web security testing and scanning. The tool is very simple to use and plugin development is very simple.

BurpSuite

Web     Paid, Free Version Available

The BurpSuite tool uses numerous components to test all features of web apps. If you know Java, Python, or Ruby, you can create your own extensions as well. It’s a must-have for web application pen testing.

Official Website:
https://portswigger.net/burp

BeEF – Browser Exploitation Framework

Web     Free

BeEF is very unique among pen testing tools. The developers wanted to allow for a unique approach to penetration testing. Hence, BeEF was developed to allows testers to use web browsers to mount further attacks into a network.

Official Website:
http://beefproject.com/

Samurai Web Testing Framework

Web     Free

Samurai Web Testing Framework is a complete set of tools for performing web penetration testing. It runs on Virtualbox and VMware virtual machines.

Official Website:
http://www.samurai-wtf.org/

WPScan

Web, WordPress     Paid, Free Option

WPScan is a tool for finding vulnerabilities in WordPress websites. The tool is recommended to be installed on a Mac or a Docker environment. There is also a paid cloud-hosted option.

Official Website:
https://wpscan.org/

Recon-NG

Web     Free

Recon-NG is a reconnaissance framework for hacking websites. The tool is written in python and has numerous independent modules similar to the Metasploit framework.

Netsparker

Web     Paid

Netsparker is a commercial tool for finding vulnerabilities in web applications. It can finds things like SQL Injection, Cross-Site Scripting, and do a Proof of Concept before reporting the vulnerability.

Official Website:
https://www.netsparker.com/

Android

Drozer

Android     Free

Drozer is a comprehensive security and attack framework for Android testing. It can be used for testing app security or pen testing.

APK Studio

Android     Free

APK Studio is a tool for quickly decompiling Android apps. Once decompiled, you can develop custom attacks and find vulnerabilities.

Phishing

SET – Social Engineer’s Toolkit

Social Engineering, Phishing     Free

The Social Engineer Toolkit is a penetration testing framework that was designed for social engineering. It allows for multiple attack methods very easily. Some of the things that it makes easier are phishing emails, fake login pages, and cloning of websites.

GoPhish

Social Engineering, Phishing     Free

GoPhish was designed for creating phishing campaigns for user security awareness training. However, it can be a powerful tool for phishing and credential collection. The tools makes it super easy to clone any login page or email.

Official Website:
https://getgophish.com/

SPToolkit

Social Engineering, Phishing     Free

SPToolkit or the Simple Phishing Toolkit project is an open source toolkit for helping bring security awareness to the workforce. However, these tools can be of great benefit to pen testers and hackers.

King Phisher

Social Engineering, Phishing     Free

King Phisher is another open source phishing campaign toolkit that can be turned into a useful penetration testing tool.

SocialFish

Social Engineering, Phishing     Free

SocialFish is another free phishing and security awareness training tool. However, these tools could be used for a penetration test with a few modifications.

Lucy

Social Engineering, Phishing     Paid, Free Community Edition

Lucy is a well-rounded security awareness training platform. While phishing may be the main function, it can actually perform a ton of attacks including ransomware simulations.

Official Website:
https://lucysecurity.com

Phishing Frenzy

Social Engineering, Phishing     Free

Phishing Frenzy is a platform for end user security awareness training. Using phishing simulations, IT personnel can train users. However, this tool could also be used for penetration testing.

Database / SQL

SQLMap

SQL Injection, Database     Free

Database is one of the most amazing penetration testing tools for automating SQL vulnerability identification, SQL injection attacks and database takeovers. It comes packed with a rich identification capability and a ton of flags and options.

Official Website:
https://sqlmap.org

BBQSQL

SQL Injection, Database     Free

BBQSQL is a tool specifically designed and developed for blind SQL injections that can be very tough to exploit. It is written in Python and is semi-automatic with a good bit of customization.

HexorBase

Database     Free

HexorBase is a database application that was developed for auditing and maintaining several databases simultaneously. It is also able to perform SQL queries and brute force attacks against the common database types.

jSQL

Database     Free

JSQL is a lightweight tool for fingerprinting remote database information from database servers. It can perform injections on a large number of database types including Access, CockroachDB, VUBRID, Oracle, PostgreSQL, and more.

SQLdict

Database     Free

SQLdict is a brute force tool for attacking SQL Server. It uses dictionary attacks to try to crack them.

Sidguesser

Database     Free

Sidguesser is another penetration testing tool for databases. It guesses sids/instances against Oracle databases. Although it can only guess up to 100 per minute, it is still an effective tool.

OScanner

Database, Oracle     Free

OScanner is an assessment tool for testing Oracle frameworks. It can perform operations such as SID enumeration, password test, and enumeration.

Code

OLLYDBG

Code     Free

OllyDbg is probably one of the most well known tools for reverse engineering programs or tools where the source code is available. It places emphasis on binary code analysis.

Official Website:
http://www.ollydbg.de/

Immunity Debugger

Code     Free

Immunity Debugger is a powerful tool for writing exploits, analyzing malware, and reverse engineering files. It allows for both GUI and command line.

GDB

Code     Free

GDB is another popular code analyzer and debugging tool. It performs four main functions: starting a program, making it stop, monitoring results and feeding bad commands to monitor.

NASM Shell

Code     Free

NASM Shell is a well known and widely liked assembler. It can be of great value when trying to reverse engineer malware or some other code.

Official Website:
https://nasm.us/

SonarQube

Code     Free

SonarQube’s code analyzer allows you to review source code and look for possible bugs. These bugs may be able to be exploited during an attack.

Official Website:
https://www.sonarqube.org/

SpotBugs (Formerly FindBugs)

Code     Free

SpotBugs is a code analyzer tool specifically for JAVA programs. The tool will analyze the source code and look for approximately 400 common bug patterns in the code.

Official Website:
https://spotbugs.github.io/

IDA

Code     Free

IDA is a well known disassembler and debugger that offers a ton of features. Lot’s of professionals use it for reverse engineering and investigating code.

GHIDRA

Code     Free

Ghidra is a software reverse engineering suite of tools that has just been released this year. It was developed and used by the NSA for a long time. Recently, they decided to make it open source.

Official Website:
https://ghidra-sre.org/

Peach Fuzzer

Code     Paid, With Free Community Edition

Peach is an automated platform for finding vulnerabilities in hardware and software systems by fuzzing. There is the paid version as well as a free community edition.

American Fuzzy Lop (AFL)

Code     Free

American Fuzzy Lop or AFL is a fuzzer with a unique method of compile time instrumentation and algorithms that allow it to discover clean test case that trigger new internal states in binary. This improves the coverage for the fuzzed code.

Network Penetration Testing Tools

Impacket

Networks, TCP/IP, Kerberos     Free

Impacket is a collection of Python classes that can be used for attacking various network protocols. Using the tool, you can create packets from scratch, using parsed data, or creating your own.

Scapy

Networks     Free

Scapy is a powerful tool for packet manipulation during penetration testing exercise. Using the tool, you can forge a ton of attack types. Really. The possibilities are almost endless.

Official Website:
https://scapy.net/

Macchanger

Networks     Free

Macchanger is a tool that you will likely end up using a lot during penetration tests. Its function is simple but effective. It allows you to change the MAC of your device to whatever you choose. You can spoof any device you choose.

Driftnet

Networks     Free

Driftnet is a tool that monitors network traffic and picks out JPEG and GIF images from the traffic. It can also extract MPEG files. This could be useful for reconnaissance or while trying to move laterally through a network.

Netsniff-NG

Networks     Free

Netsniff has a ton of useful application with regards to Linux networking. The developers call it the “Swiss army knife for your daily Linux network plumbing.” The tool can be used for packet reception and transmission, analysis, debugging, and reconnaissance.

Official Website:
http://netsniff-ng.org/

Ncrack

Networks     Free

Ncrack is a tool for high-speed network authentication cracking. Although the tool was designed to help organizations secure their networks by proactively testing their hosts, it can be a great tool during tests and audits.

Official Website:
https://nmap.org/ncrack/

Metasploit

Framework     Free

Metasploit is probably one of the most well-known and most commonly used hacking tools or frameworks. It has a ton of features and can be used during every phase of a penetration test.

Official Website:
https://www.metasploit.com/

Armitage

Framework     Free

Armitage is a fantastic Java-based GUI front-end for one of the most well-known penetration testing tools – the Metasploit Framework. It was developed to help security professionals understand hacking and the power of Metasploit better.

Leave a Reply

Your email address will not be published. Required fields are marked *

About SmartFix

We are a family owned business that provides fast, warrantied repairs for all your mobile devices.

Brooklyn Area

2307 Beverley Rd Brooklyn, New York 11226 United States

1000 101-454555
[email protected]

Store Hours
Mon - Sun 09:00 - 18:00

San Francisco Area

358 Battery Street, 6rd Floor San Francisco, CA 27111

1001 101-454555
[email protected]

Store Hours
Mon - Sun 09:00 - 18:00

121 Resources for you to:

Learn & Master Cyber Security
Send Me the PDF
close-link
Get the Exclusive Bonus
Privacy Checklists and My Favorite Resources

Get Instant Access! 
Your information will never be shared
close-link
LET'S FIGURE OUT HOW TO HELP YOU BECOME A CYBER HERO + FREE STUFF!

Reasons to Subscribe to the CyberX Email List:

 
CLICK HERE TO SUBSCRIBE

 1. Free Stuff 
You'll get instant access to free resources. 

 2. Content Tailored to You 
Over time, Ill get to learn more about you and deliver content that actually matters

 3. No Hype 
Just real content that's meant to make a difference. 
 

close-link

Download the PDF Version Of This Guide

Want to save this guide for later? I'll email you the PDF for free. 
 
DOWNLOAD THE FREE GUIDE
close-link

Want to get a PDF version of this to save for later?

Just tell us where to email it, and we'll send you a free PDF version. 
Yes I Want the PDF
close-link

SAVE MY SPOT!

How would you like us to help you?

Reserves
I want to do my own security using CyberX's proven frameworks.
Warrior
I want CyberX to do my cybersecurity WITH me
We've put together frameworks and guides for you to build a cybersecurity and compliance program
CyberX will help build strategies and/or consult with you or your team to set you in the right direction. Execution is not included.

Tell us about you and your business

It proviedes us with necessary insight into your business and goals

Name

Email

Phone

Only 1 more step

It allows us to create a plan to reach your goals much faster

Monthly IT Budget

Company Name

Almost Ready

What are your struggling with?

What services are you looking for? (Check all that apply)

...expect a quick reply from our team soon!

SEND US YOUR REQUEST