| || | submitted by icssindia to ethicalhacking
penetration-testing-hacking-tools Penetration testing
& Hacking Tools
are more often used by security industries to test the vulnerabilities in network and applications. Here you can find the Comprehensive Penetration testing & Hacking Tools
list that covers Performing Penetration testing Operation in all the Environment. Penetration testing and ethical hacking
tools are a very essential part of every organization to test the vulnerabilities and patch the vulnerable system.
Also, Read What is Penetration Testing? How to do Penetration Testing?
Penetration Testing & Hacking Tools List
Online Resources – Hacking Tools
Penetration Testing Resources
Social Engineering Resources
Lock Picking Resources
Penetration Testing Distributions
- Kali – GNU/Linux distribution designed for digital forensics and penetration testing Hacking Tools
- ArchStrike – Arch GNU/Linux repository for security professionals and enthusiasts.
- BlackArch – Arch GNU/Linux-based distribution with best Hacking Tools for penetration testers and security researchers.
- Network Security Toolkit (NST) – Fedora-based bootable live operating system designed to provide easy access to best-of-breed open source network security applications.
- Pentoo – Security-focused live CD based on Gentoo.
- BackBox – Ubuntu-based distribution for penetration tests and security assessments.
- Parrot – Distribution similar to Kali, with multiple architectures with 100 of Hacking Tools.
- Buscador – GNU/Linux virtual machine that is pre-configured for online investigators.
- Fedora Security Lab – provides a safe test environment to work on security auditing, forensics, system rescue, and teaching security testing methodologies.
- The Pentesters Framework – Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that eliminates often unused toolchains.
- AttifyOS – GNU/Linux distribution focused on tools useful during the Internet of Things (IoT) security assessments.
Docker for Penetration Testing
- Metasploit – post-exploitation Hacking Tools for offensive security teams to help verify vulnerabilities and manage security assessments.
- Armitage – Java-based GUI front-end for the Metasploit Framework.
- Faraday – Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.
- ExploitPack – Graphical tool for automating penetration tests that ships with many pre-packaged exploits.
- Pupy – Cross-platform (Windows, Linux, macOS, Android) remote administration and post-exploitation tool,
- Nexpose – Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
- Nessus – Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable.
- OpenVAS – Free software implementation of the popular Nessus vulnerability assessment system.
- Vuls – Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go.
- Brakeman – Static analysis security vulnerability scanner for Ruby on Rails applications.
- cppcheck – Extensible C/C++ static analyzer focused on finding bugs.
- FindBugs – Free software static analyzer to look for bugs in Java code.
- sobelow – Security-focused static analysis for the Phoenix Framework.
- bandit – Security oriented static analyzer for Python code.
- Nikto – Noisy but fast black box web server and web application vulnerability scanner.
- Arachni – Scriptable framework for evaluating the security of web applications.
- w3af – Hacking Tools for Web application attack and audit framework.
- Wapiti – Black box web application vulnerability scanner with built-in fuzzer.
- SecApps – In-browser web application security testing suite.
- WebReaver – Commercial, graphical web application vulnerability scanner designed for macOS.
- WPScan – Hacking Tools of the Black box WordPress vulnerability scanner.
- cms-explorer – Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
- joomscan – one of the best Hacking Tools for Joomla vulnerability scanner.
- ACSTIS – Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.
- zmap – Open source network scanner that enables researchers to easily perform Internet-wide network studies.
- nmap – Free security scanner for network exploration & security audits.
- pig – one of the Hacking Tools forGNU/Linux packet crafting.
- scanless – Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.
- tcpdump/libpcap – Common packet analyzer that runs under the command line.
- Wireshark – Widely-used graphical, cross-platform network protocol analyzer.
- Network-Tools.com – Website offering an interface to numerous basic network utilities like ping, traceroute, whois, and more.
- netsniff-ng – Swiss army knife for network sniffing.
- Intercepter-NG – Multifunctional network toolkit.
- SPARTA – Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.
- dnschef – Highly configurable DNS proxy for pentesters.
- DNSDumpster – one of the Hacking Tools for Online DNS recon and search service.
- CloudFail – Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
- dnsenum – Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack and then performs reverse look-ups on the results.
- dnsmap – One of the Hacking Tools for Passive DNS network mapper.
- dnsrecon – One of the Hacking Tools for DNS enumeration script.
- dnstracer – Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
- passivedns-client – Library and query tool for querying several passive DNS providers.
- passivedns – Network sniffer that logs all DNS server replies for use in a passive DNS setup.
- Mass Scan – best Hacking Tools for TCP port scanner, spews SYN packets asynchronously, scanning the entire Internet in under 5 minutes.
- Zarp – Network attack tool centered around the exploitation of local networks.
- mitmproxy – Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
- Morpheus – Automated ettercap TCP/IP Hacking Tools .
- mallory – HTTP/HTTPS proxy over SSH.
- SSH MITM – Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.
- Netzob – Reverse engineering, traffic generation and fuzzing of communication protocols.
- DET – Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.
- pwnat – Punches holes in firewalls and NATs.
- dsniff – Collection of tools for network auditing and pentesting.
- tgcd – Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.
- smbmap – Handy SMB enumeration tool.
- scapy – Python-based interactive packet manipulation program & library.
- Dshell – Network forensic analysis framework.
- Debookee – Simple and powerful network traffic analyzer for macOS.
- Dripcap – Caffeinated packet analyzer.
- Printer Exploitation Toolkit (PRET) – Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
- Praeda – Automated multi-function printer data harvester for gathering usable data during security assessments.
- routersploit – Open source exploitation framework similar to Metasploit but dedicated to embedded devices.
- evilgrade – Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
- XRay – Network (sub)domain discovery and reconnaissance automation tool.
- Ettercap – Comprehensive, mature suite for machine-in-the-middle attacks.
- BetterCAP – Modular, portable and easily extensible MITM framework.
- CrackMapExec – A swiss army knife for pentesting networks.
- impacket – A collection of Python classes for working with network protocols.
Wireless Network Hacking Tools
- Aircrack-ng – Set of Penetration testing & Hacking Tools list for auditing wireless networks.
- Kismet – Wireless network detector, sniffer, and IDS.
- Reaver – Brute force attack against Wifi Protected Setup.
- Wifite – Automated wireless attack tool.
- Fluxion – Suite of automated social engineering-based WPA attacks.
Transport Layer Security Tools
- SSLyze – Fast and comprehensive TLS/SSL configuration analyzer to help identify security misconfigurations.
- tls_prober – Fingerprint a server’s SSL/TLS implementation.
- testssl.sh – Command-line tool which checks a server’s service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.
- OWASP Zed Attack Proxy (ZAP) – Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
- Fiddler – Free cross-platform web debugging proxy with user-friendly companion tools.
- Burp Suite – One of the Hacking Tools ntegrated platform for performing security testing of web applications.
- autochrome – Easy to install a test browser with all the appropriate settings needed for web application testing with native Burp support, from NCCGroup.
- Browser Exploitation Framework (BeEF) – Command and control server for delivering exploits to commandeered Web browsers.
- Offensive Web Testing Framework (OWTF) – Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
- WordPress Exploit Framework – Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
- WPSploit – Exploit WordPress-powered websites with Metasploit.
- SQLmap – Automatic SQL injection and database takeover tool.
- tplmap – Automatic server-side template injection and Web server takeover Hacking Tools.
- weevely3 – Weaponized web shell.
- Wappalyzer – Wappalyzer uncovers the technologies used on websites.
- WhatWeb – Website fingerprinter.
- BlindElephant – Web application fingerprinter.
- wafw00f – Identifies and fingerprints Web Application Firewall (WAF) products.
- fimap – Find, prepare, audit, exploit and even google automatically for LFI/RFI bugs.
- Kadabra – Automatic LFI exploiter and scanner.
- Kadimus – LFI scan and exploit tool.
- liffy – LFI exploitation tool.
- Commix – Automated all-in-one operating system command injection and exploitation tool.
- DVCS Ripper – Rip web-accessible (distributed) version control systems: SVN/GIT/HG/BZR.
- GitTools – One of the Hacking Tools that Automatically find and download Web-accessible .git repositories.
- sslstrip –One of the Hacking Tools Demonstration of the HTTPS stripping attacks.
- sslstrip2 – SSLStrip version to defeat HSTS.
- NoSQLmap – Automatic NoSQL injection and database takeover tool.
- VHostScan – A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases, and dynamic default pages.
- FuzzDB – Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
- EyeWitness – Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
- webscreenshot – A simple script to take screenshots of the list of websites.
- HexEdit.js – Browser-based hex editing.
- Hexinator – World’s finest (proprietary, commercial) Hex Editor.
- Frhed – Binary file editor for Windows.
- 0xED – Native macOS hex editor that supports plug-ins to display custom data types.
File Format Analysis Tools
- Veles – Binary data visualization and analysis tool.
- Hachoir – Python library to view and edit a binary stream as the tree of fields and tools for metadata extraction.
Comment your next topic below 👇🏻 ʟɪᴋᴇ ᴀɴᴅ ᴛᴇʟʟ ᴜs ᴡʜᴀᴛ ᴍᴏʀᴇ ʏᴏᴜ ᴡᴀɴᴛ ᴛᴏ ᴋɴᴏᴡ, ᴡʜɪᴄʜ ᴛᴏᴘɪᴄ sʜᴏᴜʟᴅ ɪ ᴘᴏsᴛ.
If you Guys want to thank us, just give us a Like, and Follow my page. This really motivates us. 😊