AlternativeTo Logo

Apps with 'Penetration Testing' feature

  1. Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing, originally forked from Backtrack Linux by the Offensive Security team.
  2. Parrot is a GNU/Linux distribution based on Debian Testing and designed with Security, Development, and Privacy in mind.

  3. The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
  4. BlackArch Linux is an Small Arch Linux iconArch Linux -based distribution for penetration testers and security researchers. The repository contains 2554 tools.
  5. Metasploit Community Edition simplifies network discovery and vulnerability verification for specific exploits, increasing the effectiveness of vulnerability scanners such as Nexpose - for free.
    • FreemiumProprietary
    • Mac
    • Windows
    • Linux
    • Android
    • iPhone
    Geekbench 5 is a cross-platform benchmark that measures your system's performance with the press of a button.
    • FreeOpen Source
    • Online
    • Self-Hosted
    • Software as a Service (SaaS)
    Reconmap is an open-source tool for InfoSec teams to collaborate on pentest and other security projects.
  6. Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with other members of similar interests. It contains several challenges that are constantly updated.
  7. BackBox is a Linux distribution based on Ubuntu developed to perform penetration tests and security assessments.
  8. The Social-Engineer Toolkit is an open source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly.
    • FreeOpen Source
    • Windows
    • C (programming language)
    It's well known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash, pass-the-ticket, build Golden tickets, play with certificates or private keys, vault... maybe make coffee?.
  9. Probely is a top-tier cloud-based DAST Scanner designed for DevOps, empowering Security and Development teams to work together to secure their web applications and APIs.
  10. Sandcat Browser 5 brings unique features that are useful for pen-testers and web developers. Sandcat is built on top of Chromium and uses the Lua programming language to provide extensions and scripting support.


    Latest release Nov 16, 2018

  11. BOOLR is a digital logic simulator built with HTML and JavaScript using Electron . Simulations run asynchronously and in ticks so complex simulations won't cause freezes.


    Its Github repository hasn't seen activity since 2017.

  12. Exploit Pack is an open source project security that will help you adapt exploit codes on-the-fly.