Penetration testing is an operation performed by professional security personnel to find vulnerabilities in a system. Before malicious hackers found these vulnerabilities, of course. While these industry security experts have a wide variety of tools, some are publicly free, others require a fee, but this article assures you that it is worth a look.
1. Nmap
September 1, 2017 is Nmap's 20th birthday. Since its inception, Nmap has been the tool of choice for network discovery and attack surface mapping. From host discovery and port scanning, to OS detection and IDS evasion/spoofing, Nmap is an essential tool for hacking operations large and small.
2. Aircrack-ng
Similar to Nmap, Aircrack-ng is the kind of tool that penetration testers not only know but use frequently whenever evaluating wireless networks. Aircrack-ng is a suite of wireless evaluation tools covering packet capture and attack (including cracking WAP and WEP).
3. Wifiphisher
Wifiphisher is a tool for spoofing malicious access points that can launch automated phishing attacks against WiFi networks. Based on the scope of the task, Wifiphisher can lead to credential acquisition or actual infection. A full overview can be found in the Documentation section on their website.
4. Burp Suite
Used in conjunction with a web browser, it discovers the functionality and security issues of a given app and is the basis for launching custom attacks.
Currently, the free version has limited functionality, but the paid version ($349 per user) offers comprehensive web scraping and scanning capabilities (supports over 100 vulnerabilities - including OWASP's top ten); multiple attack points; scope-based configuration. The most common comment about this tool is that it can be used to automate repetitive functions, providing a good view of the app's interaction with the server.
5. OWASP ZAP
OWASP Zed Attack Proxy (ZAP) is an application testing tool on a par with Burp Suite. The prevailing view is that ZAP is suitable for application security novices and Burp Suite is the preferred core assessment tool. Cash-strapped people gravitate to ZAP because it's an open-source tool. OWASP recommends ZAP for application testing and has published a series of tutorials to guide users through the effective use of the tool in long-term security projects.
https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
6. SQLmap
As its website states, SQLmap is an "automated SQL injection and database takeover tool". This description fully explains the core essence of the tool. SQLmap supports all common database platforms - MySQL, MSSQL, Access, DB2, PostgreSQL, Sybase, SQLite, and 6 different attack methods.
7. CME(CrackMapExec)
CME is a post-exploitation tool that helps automate large Active Directory (AD) network security assessment tasks. Its creator, a hacker nicknamed "byt3bl33d3r," says the tool's survival concept is to "use AD built-in features/protocols to achieve its functionality and circumvent most endpoint protection/IDS/IPS solutions."
The CME use case for testing red teams is clear, but blue teams can also use the tool to assess account permissions, simulate attacks, and find configuration errors. CME also uses the PowerSploit toolkit and the Impacket library.
https://github.com/byt3bl33d3r/CrackMapExec
8. Impacket
Impacket, used by CEM, is a Python class library for low-level programmatic access to protocols like TCP, UDP, ICMP, IGMP, and ARP over SMB1-3 or IPv4/IPv6. Packets can be constructed from scratch, or parsed from raw data.
https://github.com/CoreSecurity/impacket
9. PowerSploit
PowerSploit is a collection of modules used during the evaluation process. As the name suggests, the modules themselves are for PowerShell on Windows. Its functions include: residency, anti-software evasion, leakage, code execution, script modification, reconnaissance, etc.
https://github.com/PowerShellMafia/PowerSploit
10. Luckystrike
Luckystrike from "curi0usJack" is a malicious Excel (.xls) and Word (.doc) document generation tool. Luckystrike works with standard command lines, PowerShell scripts, and executable programs (EXEs).
https://github.com/curi0usJack/luckystrike
11. BeEF (Browser Exploit Framework)
BeEF is a handy tool for assessing the actual security status of a target environment using client-side attack methods. Given the many features and options the tool offers, BeEF has been mentioned by many security experts as being particularly useful.
12. THC-Hydra
THC-Hydra is a network login cracker that supports multiple services. In fact, it supports more than 48 services, including Cisco auth, Cisco enable, IMAP, IRC, LDAP, MS-SQL, MYSQL, Rlogin, Rsh, RTSP, and SSH (v1 and v2). The tool is not very complicated, and the detailed documentation covers a lot of details, making it easy for newcomers to start.
https://github.com/vanhauser-thc/thc-hydra
13. Immunity Debugger
Immunity Debugger is a tool that helps security personnel write exploits, analyze malware, and reverse engineer binaries. There are a lot of features, but most of them are well explained in two documents, an overview by Igor Novkovich and a paper on basic reverse engineering in the SANS reading area. If reverse engineering or exploit writing is already in your skill set, you're probably already quite familiar with the tool; if not, it's worth a look.
https://www.immunityinc.com/products/debugger/
14. Social Engineering Toolbox (SET)
As the name suggests, SET is a penetration testing framework for social engineering. It's such a popular tool, it's even been seen on TV. The frequent use of SET in the American TV series "Mr. Robot" made the hackers smile.
Two other tools from TrustedSec are also worth mentioning: Unicorn, for PowerShell downgrade attacks and direct memory code injection (a perfect match for SET), and nps_payload, which generates intrusion detection evasion payloads.
https://github.com/trustedsec/social-engineer-toolkit
15. Metasploit
The Metasploit framework is so commonly used that it is like the default must-have tool, except for Kali Linux, it is the most mentioned by security experts. Kali is one of the Linux distributions, and most of the tools mentioned here are pre-installed into Kali.
Metasploit has been the primary tool for many penetration testers over the years. Even after being acquired by Rapid7, it is still fully supported like an open source project, and the tool is constantly being developed by the entire exploit developer community. If a bug or exploit is in the news, Metasploit is bound to include it. Need to assess the known vulnerabilities of a network? Metasploit can do it for you.
https://github.com/rapid7/metasploit-framework
16. Penetration Testing Tool Cheat Sheet
The HighOn.Coffee Blog's Penetration Testing Tools Cheat Sheet provides a high-level reference for a variety of commonly used commands, from network configuration to port scanning and network service attacks.
https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/
17. SecLists
SecLists, as you can see from the name, is a collection of lists hosted on GitHub. List types include usernames, passwords, common data patterns, fuzzing payloads, shells, etc., which can help penetration testers to quickly complete the task at hand.