Penetration Testing Tools

Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing, originally forked from Backtrack Linux by the Offensive Security team.

Parrot is a GNU/Linux distribution based on Debian Testing and designed with Security, Development, and Privacy in mind.

Metasploit Community Edition simplifies network discovery and vulnerability verification for specific exploits, increasing the effectiveness of vulnerability scanners such as Nexpose - for free. This helps prioritize remediation and eliminate false positives, providing true...

An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

BlackArch Linux is an Small Arch Linux iconArch Linux -based distribution for penetration testers and security researchers. The repository contains 2554 tools.

Wifite is an automated wireless attack tool. Wifite was designed for use with pentesting distributions of Linux, such as Kali Linux, Pentoo, BackBox; any Linux distributions with wireless drivers patched for injection. The current version 2 is a complete re-write of the original.

Caido is a cutting-edge web application security tool that enables users to efficiently identify and assess potential vulnerabilities in their web applications. It can be easily integrated into both personal and enterprise environments, making it adaptable to a wide range of...

The Kali Linux NetHunter project is the first Open Source Android penetration testing platform for Nexus devices, created as a joint effort between the Kali community member “BinkyBear” and Offensive Security. NetHunter supports Wireless 802.

It's well known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash, pass-the-ticket, build Golden tickets, play with certificates or private keys, vault... maybe make coffee?.

Founded in 2015, YesWeHack is a global Bug Bounty and VDP Platform. YesWeHack offers companies an innovative approach to cybersecurity with Bug Bounty (pay-per-vulnerability discovered), connecting more than 45,000 cybersecurity experts (ethical hackers) across 170 countries...

Exploit Pack is an open source project security that will help you adapt exploit codes on-the-fly.

The Social-Engineer Toolkit is an open source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly.

Sn1per Professional is an all-in-one offensive security platform that provides a comprehensive view of your internal and external attack surface and offers an asset risk scoring system to prioritize, reduce, and manage risk.

btscanner is a tool designed specifically to extract as much information as possible from a Bluetooth device without the requirement to pair.