Penetration Testing Tools

Hashcat

A GPU-accelerated password-cracking tool that supports brute-force, dictionary, and rule-based attacks against hashes (e.g., MD5, SHA-256, NTLM).

John the Ripper

A flexible password-cracking tool that detects weak passwords using multiple attack modes (wordlist, incremental, hybrid).

Mimikatz

Extracts plaintext credentials, Kerberos tickets, and hashes from Windows memory (LSASS) for lateral movement in post-exploitation.

Patator

A brute-force tool for protocols like SSH, FTP, and SMTP, with granular control over payloads and error handling.

Hydra

A fast network login cracker that brute-forces credentials across protocols (e.g., HTTP, RDP, SMB).

Burp Suite

A web proxy tool for intercepting, modifying, and testing web app vulnerabilities (e.g., SQLi, XSS, CSRF).

OWASP ZAP

An open-source web app scanner that identifies vulnerabilities like insecure headers, XSS, and broken authentication.

Nmap

A network exploration tool for host discovery, port scanning, OS fingerprinting, and vulnerability detection via scripts.

Nessus

A vulnerability scanner that identifies CVEs, misconfigurations, and compliance issues in networks and applications.

BeEF (Browser Exploitation Framework)

Hijacks browsers to launch client-side attacks (e.g., phishing, keylogging) via JavaScript hooks.

SQLmap

Automates SQL injection detection, database fingerprinting, and data exfiltration (e.g., dumping tables, executing commands).

DirBuster

Discovers hidden directories/files on web servers by brute-forcing paths (e.g., /admin, /backup.zip).

Metasploit

A framework for developing, testing, and deploying exploits (e.g., reverse shells, privilege escalation modules).

OpenVAS

Scans networks for vulnerabilities (e.g., unpatched software, weak credentials) using a database of 50,000+ tests.

Cain and Abel

Recovers passwords via sniffing, ARP poisoning, and brute-force attacks (e.g., VoIP, wireless).

Medusa

A parallelized login brute-forcer for protocols like HTTP, SSH, and FTP.

SearchSploit

Command-line tool to search the Exploit-DB database for public exploits.

Netcat

A networking utility for reading/writing data across TCP/UDP connections (e.g., port scanning, file transfers).

GDB (GNU Debugger)

Analyzes program crashes, memory leaks, and assembly code for reverse engineering.

Responder

Poisons LLMNR/NBT-NS requests to capture NTLMv2 hashes in Windows environments.

Impacket

A Python library for crafting packets and exploiting protocols like SMB, Kerberos, and LDAP.

Empire

A post-exploitation framework using PowerShell agents for lateral movement and persistence.

PowerSploit

A collection of PowerShell scripts for privilege escalation, reconnaissance, and code execution.

BloodHound

Visualizes Active Directory attack paths (e.g., privilege escalation via group membership).

Drozer

Assesses Android app security by exploiting insecure components (e.g., exposed activities, content providers).

Covenant

A .NET command-and-control (C2) framework for red team operations.

Cobalt Strike

A commercial red-team toolkit for spear phishing, lateral movement, and C2 emulation.

Reaver

Cracks Wi-Fi passwords by exploiting weak WPS PINs on routers.

Gattacker

Exploits Git repositories by spoofing commits or injecting malicious code.

EAPHammer

Conducts evil twin attacks against WPA2-Enterprise networks (e.g., stealing RADIUS credentials).

Scout Suite

Audits cloud environments (AWS, Azure, GCP) for misconfigured storage, IAM policies, and logging.

Cloud Custodian

Automates cloud security policies (e.g., deleting unattached volumes, encrypting S3 buckets).

CloudBrute

Discovers misconfigured cloud storage (e.g., open S3 buckets, Azure blobs) via brute-force.

Pacu

Exploits AWS vulnerabilities (e.g., privilege escalation, data exfiltration).

Frida

A dynamic instrumentation toolkit for reverse-engineering and hooking mobile/app functions.

Brakeman

A static analysis tool for Ruby on Rails apps to detect vulnerabilities (e.g., SQLi, XSS).

ChopChop

Tests Wi-Fi encryption (e.g., WEP) by forging packets and analyzing responses.

hping3

Crafts custom TCP/IP packets for firewall testing, network mapping, and DoS attacks.

Scapy

A Python library for crafting, sending, and decoding network packets (e.g., ARP spoofing).

MDK4

A Wi-Fi tool for deauthentication attacks, beacon flooding, and AP disruption.

Wifite

Automates Wi-Fi attacks (e.g., cracking WPA, deauth attacks) against multiple targets.

Cowpatty

Brute-forces WPA-PSK passwords using precomputed PMK hashes for faster cracking.

Bluecrack

Audits Bluetooth devices for vulnerabilities (e.g., pairing flaws, data leakage).

ProxyChains

Routes traffic through proxies to anonymize scans/attacks (e.g., hiding source IP).

WinDbg/OllyDbg

Debuggers for analyzing Windows binaries, memory dumps, and exploits.

Android SDK Tools

A suite for developing and testing Android apps (e.g., ADB for device access).

MobSF (Mobile Security Framework)

Scans Android/iOS apps for vulnerabilities (e.g., insecure storage, code leaks).

Snow

A steganography tool for hiding data in text files via whitespace manipulation.

TinEye

A reverse image search engine to track image origins and detect impersonation.

Censys

Discovers internet-connected devices and services using certificate, port, and protocol data.

Recon-ng

A web reconnaissance framework for OSINT (e.g., harvesting emails, subdomains).

Maltego

Visualizes relationships between entities (e.g., domains, IPs, people) using OSINT data.

Gobuster

Brute-forces web directories, DNS subdomains, and S3 buckets.

TruffleHog

Scans Git repositories for exposed secrets (e.g., API keys, passwords).

Postman Collection

A tool for testing and documenting API endpoints (e.g., fuzzing parameters).