Best Tools of Penetration Test for Noobies


  • DirBuster

    Free Mac Windows Linux Website

    DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.

     

    DirBuster icon
  • Wireshark

    Free Mac Windows Linux BSD Website

    Wireshark is the world's foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto (and often de jure) standard across many industries and educational institutions.

    Wireshark has a rich feature set which includes the following:

    -Deep inspection of hundreds of protocols, with more being added all the time
    -Live capture and offline analysis
    -Standard three-pane packet browser
    -Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
    -Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
    -The most powerful display filters in the industry
    -Rich VoIP analysis
    -Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
    -Capture files compressed with gzip can be decompressed on the fly
    -Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
    -Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
    -Coloring rules can be applied to the packet list for quick, intuitive analysis
    -Output can be exported to XML, PostScript®, CSV, or plain text

     

    Wireshark icon
  • OWASP Zed Attack Proxy (ZAP)

    Free Mac Windows Linux Website

    The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
    It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.
    ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

     

    OWASP Zed Attack Proxy (ZAP) icon
  • Burp Suite

    Freemium Mac Windows Linux BSD Website

    Simple, scalable cybersecurity tool suite for researchers, professionals, and enterprises.

     

    Burp Suite icon
  • John the Ripper

    Free Windows Linux Haiku Website

    John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version.

     

    John the Ripper icon
  • netcat

    Free Mac Windows Linux Website

    Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol. It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.

     

    netcat icon
  • Metasploit

    Free Personal Windows Linux BSD Website

    Metasploit Community Edition simplifies network discovery and vulnerability verification for specific exploits, increasing the effectiveness of vulnerability scanners such as Nexpose - for free. This helps prioritize remediation and eliminate false positives, providing true security risk intelligence. IT professionals can demonstrate the impact of vulnerabilities to IT operations to obtain buy-in for remediation.

     

    Metasploit icon
  • BeEF

    Free Mac Linux Website

    BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.

     

    BeEF icon
  • Sqlmap

    Free Mac Linux Website

    sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

     

    Sqlmap icon
  • Nmap

    Free Mac Windows Linux BSD Website

    Extensible, open-source network mapper with OS detection to scan networks for hosts and services.

     

    Nmap icon



Comments on Best Tools of Penetration Test for Noobies

Echo echo ... Feels empty in here

Maybe you want to be the first to submit a comment?

Sign up to comment, it's simple!