Hello! It takes a minute to create a free account.
When you create an account we will be able to remember exactly what you have read so you can pick up where you left off. You will receive notifications here or by email when someone replies to you. You can also reply to or vote on topics to show your appreciation.Get Started Already have an account?
Compilation of Penetration Testing Tools
Here is a compilation of multiple forensic and penetration testing tools for applications, networks, and websites.
Nmap is a very versatile tool developed to scan addresses (IPV6 included), this tool allows the users to gather a mass amount of information about the target quickly, information including open ports, + much, much more.
Nmap supports a large number of scanning techniques such as UDP, TCP connect(), TCP SYN (half-open), FTP proxy (bounce attack), ICMP (ping sweep), FIN, ACK sweep, Xmas Tree, SYN sweep, IP Protocol, and Null scan.
A very powerful network troubleshooting and analysis tool, Wire shark provides the ability to view data from a live network and supports hundreds of protocols and media formats.
Cain & Abel
Cain and Abel is a revolutionary tool that provides many functions that are able to do various password retrieval jobs, cracking passwords, sniffing networks, and routing/analyzing protocols. This tool is Windows-only, unlike many other tools that exist, this is a pleasant twist to modern penetration testing and forensic tools.
Metasploit, a very powerful network security and analysis tool, used often for penetration attacks, this tool has a clean interface and easily gathers the information that you seek.
Ettercap is a suite for man-in-the-middle attacks on LAN. It features sniffing of live connections, content filtering on the fly, and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many features for network and host analysis. (Taken from their website).
The Nessus tool provides high-speed data discovery, asset profiling, configuration auditing, and vulnerability analysis of networks.
W3af is an extremely popular, powerful, and flexible framework for finding and exploiting web application vulnerabilities. It is easy to use and extend and features dozens of web assessment and exploitation plugins. In some ways, it is like a web-focused Metasploit.
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface to finding and exploiting security vulnerabilities.