Penetration Testing Tools
Penetration testing tools and frameworks for manual security testing, exploit development, and vulnerability validation.
Browse 272 penetration testing tools
FEATURED
USE CASES
WeirdAAL is an open-source framework that provides tools and libraries for simulating attacks and testing security vulnerabilities in AWS environments.
Pacu is an open-source AWS exploitation framework designed for offensive security testing against cloud environments through modular attack capabilities.
A security assessment tool that identifies AWS IAM permissions by systematically testing API calls to determine the actual scope of access granted to specific credentials.
A proof-of-concept toolkit for fingerprinting and exploiting Amazon Web Services cloud infrastructures using the boto library.
A collection of Python scripts for conducting penetration testing activities against Amazon Web Services (AWS) environments.
An exploitation framework for industrial security with modules for controlling PLCs and scanning devices.
A Python script for creating a cohesive and up-to-date penetration testing framework.
A comprehensive repository of payloads and bypass techniques for web application security testing and penetration testing across multiple platforms and attack vectors.
InternalBlue is a Bluetooth experimentation framework that enables low-level firmware interaction with Broadcom chips for security research and attack prototype development.
Ropper is a multi-architecture binary analysis tool that searches for ROP gadgets and displays information about executable files for exploit development.
mXtract is a Linux-based tool for memory analysis and dumping with regex pattern search capabilities.
LinEnum is a tool for Linux enumeration that provides detailed system information and performs various checks and tasks.
A Ruby framework designed to aid in the penetration testing of WordPress systems.
Powerful PowerShell script for identifying missing software patches for local privilege escalation vulnerabilities.
Pwndbg is a GDB plug-in that enhances the debugging experience for low-level software developers, hardware hackers, reverse-engineers, and exploit developers.
A Burp Suite plugin that performs intelligent content discovery by analyzing current requests to identify directories, files, and variations based on the application's structure.
A Python script that performs security testing attacks against AWS Cognito services including account creation, user enumeration, and privilege escalation vulnerabilities.
OWASP OWTF is a penetration testing framework focused on efficiency and alignment with security standards.
A WebSocket Manipulation Proxy with a user interface to capture, intercept, and send custom messages for WebSocket and Socket.IO communications.
FeatherDuster is a cryptanalysis tool that automatically identifies and exploits weaknesses in cryptographic systems by analyzing ciphertext files.
Principal Mapper is a Python tool that models AWS IAM configurations as directed graphs to identify privilege escalation risks and alternative attack paths in AWS environments.
A Linux privilege escalation auditing tool that identifies potential kernel vulnerabilities and suggests applicable exploits based on system analysis.
mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets.
Penetration Testing Tools FAQ
Common questions about Penetration Testing tools, selection guides, pricing, and comparisons.
A pen tester toolkit typically includes: reconnaissance tools (subdomain enumeration, port scanning, OSINT), vulnerability scanners (web, network, cloud), exploitation frameworks (for validating vulnerabilities), post-exploitation tools (privilege escalation, lateral movement), password cracking and credential testing tools, and reporting tools to document findings with remediation guidance.
