Penetration Testing Tools
Penetration testing tools and frameworks for manual security testing, exploit development, and vulnerability validation.
Browse 272 penetration testing tools
FEATURED
USE CASES
A brute force parameter discovery tool for identifying hidden GET and POST parameters in web applications during security assessments.
A python tool for discovering endpoints, parameters, and wordlists in a given target
A Burp Suite extension that passively scans JavaScript files to discover endpoint links and potential attack surfaces in web applications.
A modern directory scanner that can be used to find hidden directories and files on a web server.
A fast and flexible web fuzzer for identifying vulnerabilities in web applications
A tool for analyzing pentest screenshots using a convolutional neural network
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
A lightweight web security auditing toolkit that simplifies security tasks and enhances productivity.
CrackMapExec (CME) - A tool for querying internal database for host and credential information in cybersecurity.
The Proxmark III is a versatile device for sniffing, reading, and cloning RFID tags with strong community support.
Hack with JavaScript XSS'OR tool for encoding/decoding and various XSS related functionalities.
Automatic tool for pentesting XSS attacks against different applications
GNU/Linux Wireless distribution for security testing with XFCE desktop environment.
Tool for attacking Active Directory environments through SQL Server access.
A complete suite of tools for assessing WiFi network security with capabilities for monitoring, attacking, testing, and cracking.
Ophcrack is a free Windows password cracker based on rainbow tables with various features for password recovery.
A tool for testing and analyzing RFID and NFC tags, allowing users to read and write data, and perform various attacks and tests.
Lambda-Proxy is a utility that enables SQL injection testing of AWS Lambda functions by converting SQLMap HTTP attacks into Lambda invoke calls through a local proxy.
Penetration Testing Tools FAQ
Common questions about Penetration Testing tools, selection guides, pricing, and comparisons.
A pen tester toolkit typically includes: reconnaissance tools (subdomain enumeration, port scanning, OSINT), vulnerability scanners (web, network, cloud), exploitation frameworks (for validating vulnerabilities), post-exploitation tools (privilege escalation, lateral movement), password cracking and credential testing tools, and reporting tools to document findings with remediation guidance.
