Penetration Testing
Penetration testing tools and frameworks for manual security testing, exploit development, and vulnerability validation.
Browse 103 penetration testing tools
FEATURED
RELATED TASKS
A web application security testing platform that combines manual and automated testing tools for conducting comprehensive security assessments and penetration testing.
A web application security testing platform that combines manual and automated testing tools for conducting comprehensive security assessments and penetration testing.
AI-powered automated penetration testing platform for vulnerability discovery
AI-powered automated penetration testing platform for vulnerability discovery
A tool to easily automate and multithread your pentesting and bug bounty workflow without any coding
A tool to easily automate and multithread your pentesting and bug bounty workflow without any coding
A penetration testing framework for identifying and exploiting vulnerabilities.
A penetration testing framework for identifying and exploiting vulnerabilities.
A scripting engine for interacting with GraphQL endpoints for pentesting purposes.
A scripting engine for interacting with GraphQL endpoints for pentesting purposes.
SQLi-Hunter is an HTTP/HTTPS proxy server and SQLMAP API wrapper that simplifies the identification and exploitation of SQL injection vulnerabilities in web applications.
SQLi-Hunter is an HTTP/HTTPS proxy server and SQLMAP API wrapper that simplifies the identification and exploitation of SQL injection vulnerabilities in web applications.
A directory traversal fuzzer for finding and exploiting directory traversal vulnerabilities.
A directory traversal fuzzer for finding and exploiting directory traversal vulnerabilities.
A correlated injection proxy tool that integrates with XSS Hunter for automated cross-site scripting vulnerability testing and payload tracking.
A correlated injection proxy tool that integrates with XSS Hunter for automated cross-site scripting vulnerability testing and payload tracking.
Educational repository containing materials on advanced subdomain enumeration techniques from Bugcrowd LevelUp 2017 conference.
Educational repository containing materials on advanced subdomain enumeration techniques from Bugcrowd LevelUp 2017 conference.
A command-line tool for identifying NoSQL injection vulnerabilities in MongoDB databases through automated scanning and reporting.
A command-line tool for identifying NoSQL injection vulnerabilities in MongoDB databases through automated scanning and reporting.
A subdomain enumeration tool for bug hunting and pentesting
A Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
A Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
A tool to help exploit XXE vulnerabilities by sending a crafted XML file to the server and parsing it to extract the data.
A tool to help exploit XXE vulnerabilities by sending a crafted XML file to the server and parsing it to extract the data.
A Burp Suite extension that detects NGINX alias traversal vulnerabilities by analyzing HTTP traffic patterns to identify path traversal misconfigurations.
A Burp Suite extension that detects NGINX alias traversal vulnerabilities by analyzing HTTP traffic patterns to identify path traversal misconfigurations.
A tool to declutter URL lists for crawling and pentesting
A collection of customizable automation scripts for Turbo Intruder that facilitate vulnerability scanning, exploitation, and data extraction in penetration testing workflows.
A collection of customizable automation scripts for Turbo Intruder that facilitate vulnerability scanning, exploitation, and data extraction in penetration testing workflows.
A tool for analyzing pentest screenshots using a convolutional neural network
A tool for analyzing pentest screenshots using a convolutional neural network
An advanced cross-platform tool for detecting and exploiting SQL injection security flaws
An advanced cross-platform tool for detecting and exploiting SQL injection security flaws
FuzzDB is an open-source dictionary of attack patterns and predictable resource locations for dynamic application security testing and vulnerability discovery.
FuzzDB is an open-source dictionary of attack patterns and predictable resource locations for dynamic application security testing and vulnerability discovery.
Modular framework for web services penetration testing with support for various attacks.
Modular framework for web services penetration testing with support for various attacks.
A collection of vulnerable web applications containing command injection flaws designed to test and evaluate detection and exploitation tools like commix.
A collection of vulnerable web applications containing command injection flaws designed to test and evaluate detection and exploitation tools like commix.
OWASP OWTF is a penetration testing framework focused on efficiency and alignment with security standards.
OWASP OWTF is a penetration testing framework focused on efficiency and alignment with security standards.
A Python script that performs security testing attacks against AWS Cognito services including account creation, user enumeration, and privilege escalation vulnerabilities.
A Python script that performs security testing attacks against AWS Cognito services including account creation, user enumeration, and privilege escalation vulnerabilities.
Penetration Testing Tools - FAQ
Common questions about Penetration Testing tools including selection guides, pricing, and comparisons.
Penetration testing tools and frameworks for manual security testing, exploit development, and vulnerability validation.
