Penetration Testing Tools
Penetration testing tools and frameworks for manual security testing, exploit development, and vulnerability validation.
Browse 272 penetration testing tools
FEATURED
USE CASES
A Python library that simplifies testing and exploiting race conditions in web applications using concurrent HTTP requests.
A framework for testing and exploiting race condition vulnerabilities through concurrent request analysis and timing attack automation.
Automatic authorization enforcement detection extension for Burp Suite
A payload generator that creates malicious deserialization payloads for testing .NET applications against insecure deserialization vulnerabilities.
A tool for identifying and analyzing Java serialized objects in network traffic
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
A scripting engine for interacting with GraphQL endpoints for pentesting purposes.
A wordlist to bruteforce for Local File Inclusion (LFI) vulnerabilities
Scripts to automate the process of enumerating a Linux system through a Local File Inclusion (LFI) vulnerability.
A collection of Local File Inclusion (LFI) vulnerability tests and exploitation techniques designed for use with Burp Suite.
A Burp Suite extension that detects NGINX alias traversal vulnerabilities by analyzing HTTP traffic patterns to identify path traversal misconfigurations.
A Python-based tool that automates the identification and exploitation of file inclusion and directory traversal vulnerabilities in web applications.
A directory traversal fuzzer for finding and exploiting directory traversal vulnerabilities.
qsfuzz is a rule-based fuzzing tool for testing query string parameters in web applications to identify security vulnerabilities.
A collection of payloads and methodologies for web pentesting.
A command-line tool that identifies and extracts parameters from HTTP requests and responses to assist with web application security testing and vulnerability assessment.
Penetration Testing Tools FAQ
Common questions about Penetration Testing tools, selection guides, pricing, and comparisons.
A pen tester toolkit typically includes: reconnaissance tools (subdomain enumeration, port scanning, OSINT), vulnerability scanners (web, network, cloud), exploitation frameworks (for validating vulnerabilities), post-exploitation tools (privilege escalation, lateral movement), password cracking and credential testing tools, and reporting tools to document findings with remediation guidance.
