Penetration Testing Tools
Penetration testing tools and frameworks for manual security testing, exploit development, and vulnerability validation.
Browse 272 penetration testing tools
FEATURED
USE CASES
An image with commonly used tools for creating a pentest environment easily and quickly, with detailed instructions for launching in a VPS.
Open-source Java application for creating proxies for traffic analysis & modification.
A tool for privilege escalation within Linux environments by targeting vulnerabilities in SUDO usage.
MCIR is a unified framework for building code injection vulnerability testbeds that combines SQL, XML, shell, and XSS injection testing tools with shared functionality and template-based extensibility.
A script to enumerate Google Storage buckets and determine access and privilege escalation
A fast and flexible HTTP enumerator for content discovery and credential bruteforcing
Modular framework for web services penetration testing with support for various attacks.
PowerUp aims to be a clearinghouse of common Windows privilege escalation vectors that rely on misconfigurations.
Linux Exploit Suggester; suggests possible exploits based on the Linux operating system release number.
A PowerShell toolkit for penetration testing Microsoft Azure environments, providing discovery, configuration auditing, and post-exploitation capabilities.
ROPgadget is a cross-platform command-line tool that searches for ROP gadgets in binary files across multiple architectures to facilitate exploit development and ROP chain construction.
A bash-based framework for discovering and extracting exposed .git repositories from web servers during penetration testing and bug bounty activities.
An open source network penetration testing framework with automatic recon and scanning capabilities.
A utility that attempts to decrypt data from weak RSA public keys and recover private keys using multiple integer factorization algorithms.
Pwntools is a Python CTF framework and exploit development library that provides tools for rapid prototyping and development of exploits and CTF challenge solutions.
Compares target's patch levels against Microsoft vulnerability database and detects missing patches.
Intercepts and examines mobile app connections by stripping SSL/TLS layer.
An industrial control system testing tool that enables security researchers to enumerate SCADA controllers, read register values, and modify register data across different testing modes.
Modular framework for pentesting Modbus protocol with diagnostic and offensive features.
A fully customizable, offensive security reporting solution for pentesters, red teamers, and other security professionals.
Automate Google Hacking Database scraping and searching with Pagodo, a tool for finding vulnerabilities and sensitive information.
A reconnaissance tool that retrieves information from Office 365 and Azure Active Directory using a valid credential.
A toolkit to attack Office365, including tools for password spraying, password cracking, token manipulation, and exploiting vulnerabilities in Office365 APIs and services.
CredMaster enhances password spraying tactics with IP rotation to maintain anonymity and efficiency.
Penetration Testing Tools FAQ
Common questions about Penetration Testing tools, selection guides, pricing, and comparisons.
A pen tester toolkit typically includes: reconnaissance tools (subdomain enumeration, port scanning, OSINT), vulnerability scanners (web, network, cloud), exploitation frameworks (for validating vulnerabilities), post-exploitation tools (privilege escalation, lateral movement), password cracking and credential testing tools, and reporting tools to document findings with remediation guidance.
Based on user ratings and community engagement on CybersecTools, the top-rated Penetration Testing tools are:
