Penetration Testing Tools

Hashcat

Password-cracking tool for GPU-driven brute-force attacks.

John the Ripper

Open-source password cracker supporting multiple hash types.

Mimikatz

Extracts Windows credentials, hashes, and Kerberos tickets.

Patator

Brute-force tool for protocols like SSH, FTP, and SMTP.

Hydra

Network login cracker for rapid credential brute-forcing.

Burp Suite

Web proxy for manual/automated vulnerability testing.

OWASP ZAP

Open-source web app scanner for vulnerabilities like XSS and SQLi.

Nmap

Network mapper for host discovery, port scanning, and OS detection.

Nessus

Vulnerability scanner for identifying misconfigurations and exploits.

BeEF

Browser Exploitation Framework for client-side attacks.

SQLmap

Automated SQL injection detection and exploitation tool.

DirBuster

Brute-forces web server directories/files.

w3af

Web application attack and audit framework.

Nikto

Web server scanner for outdated software and misconfigurations.

Metasploit

Exploitation framework for developing/deploying payloads.

OpenVAS

Open-source vulnerability scanner (fork of Nessus).

Cain and Abel

Password recovery tool with network sniffing capabilities.

Medusa

Parallelized login brute-forcer for protocols.

SearchSploit

CLI tool for querying Exploit-DB.

Netcat

Networking utility for reading/writing TCP/UDP data.

GDB

GNU Debugger for analyzing software crashes.

Responder

LLMNR/NBT-NS poisoner for credential harvesting.

Impacket

Python library for network protocol exploitation (e.g., SMB).

Empire

PowerShell/post-exploitation framework.

PowerSploit

PowerShell scripts for penetration testing.

BloodHound

Maps Active Directory attack paths.

Drozer

Android security assessment framework.

Covenant

.NET command-and-control (C2) framework.

Cobalt Strike

Red-team toolkit for adversary emulation.

Reaver

Exploits WPS vulnerabilities in Wi-Fi routers.