Penetration Testing Tools
Penetration testing tools and frameworks for manual security testing, exploit development, and vulnerability validation.
Browse 272 penetration testing tools
FEATURED
USE CASES
A simple Python script to test for a hypothetical JWT vulnerability
A Burp extension to check JWT tokens for potential weaknesses
AEM (Adobe Experience Manager) Hacker is a tool designed to help security researchers and penetration testers identify and exploit vulnerabilities in AEM-based systems.
A security tool for discovering and analyzing interesting files in AWS S3 buckets across multiple regions and bucket types.
A collection of three tools for extracting, dumping, and scanning exposed .git repositories on websites to identify sensitive information and security vulnerabilities.
Tplmap is a command-line tool that detects and exploits server-side template injection vulnerabilities in web applications across multiple template engines.
A bash script for scanning a target network for HTTP resources through XXE
A tool to help exploit XXE vulnerabilities by sending a crafted XML file to the server and parsing it to extract the data.
A collection of scripts for debugging SSRF, blind XSS, and XXE vulnerabilities
A tool to detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.
Shadow Workers is an open source C2 framework and proxy tool for penetration testers to exploit XSS vulnerabilities and malicious Service Workers.
A Burp Suite extension that automates XSS vulnerability detection and validation through custom payload generation and response analysis.
A collection of XSS payloads designed to turn alert(1) into P1
Penetration Testing Tools FAQ
Common questions about Penetration Testing tools, selection guides, pricing, and comparisons.
A pen tester toolkit typically includes: reconnaissance tools (subdomain enumeration, port scanning, OSINT), vulnerability scanners (web, network, cloud), exploitation frameworks (for validating vulnerabilities), post-exploitation tools (privilege escalation, lateral movement), password cracking and credential testing tools, and reporting tools to document findings with remediation guidance.
