Penetration testing tools

 Here is a categorized list of popular penetration testing tools along with their primary uses, organized by phases of the penetration testing lifecycle:

🧭 1. Reconnaissance (Information Gathering)

ToolUse
Nmap Network scanner to discover hosts, open ports, services, and operating systems.
Recon-ngWeb-based reconnaissance using modules to gather info from various sources.
theHarvesterEmail, subdomain, and name collection via OSINT from search engines and databases.
MaltegoGraph-based link analysis for mapping relationships between people, companies, domains, etc.
ShodanSearch engine for Internet-connected devices; finds exposed services.
FOCAExtracts metadata from documents found on web servers.

πŸ•΅️ 2. Scanning & Enumeration

ToolUse
Nikto        Scans web servers for known vulnerabilities and outdated software.
Dirb / Gobuster        Directory brute-forcing to find hidden files/folders on websites.
Netcat (nc)        Banner grabbing, port scanning, backdoor creation, and more.
Enum4linux        Linux tool for enumerating information from Windows systems using SMB.
LDAPenum        Enumerates data from LDAP directories.

πŸ’₯ 3. Vulnerability Assessment

ToolUse
NessusEnterprise-grade vulnerability scanner for network and systems.
OpenVASOpen-source vulnerability scanning and management tool.
NexposeRapid7’s vulnerability scanner to assess and manage risks.
Burp Suite (Community/Pro)Identifies vulnerabilities in web apps; powerful with Pro version for scanning.
OWASP ZAP (Zed Attack Proxy)Free web app scanner; detects common vulnerabilities (OWASP Top 10).

πŸ”“ 4. Exploitation

ToolUse
Metasploit FrameworkFramework for developing, testing, and executing exploits.
BeEF (Browser Exploitation Framework)Targets web browsers to gain control of victim systems.
SQLmapAutomates SQL injection attacks to retrieve DB info.
Hydra / Medusa / NcrackBrute force tools for various protocols (SSH, FTP, HTTP, etc.).
ExploitDBOnline repository of publicly known exploits and vulnerabilities.

πŸ“‘ 5. Post-Exploitation

ToolUse
MimikatzExtracts plaintext passwords, hashes, PINs from Windows memory.
EmpirePost-exploitation and adversary emulation tool using PowerShell.
PowerSploitPowerShell scripts for post-exploitation on Windows.
BloodHoundMaps Active Directory relationships to identify privilege escalation paths.
LaZagneRetrieves stored passwords from popular applications.

πŸ§ͺ 6. Wireless Attacks

ToolUse
Aircrack-ngCracks WEP and WPA/WPA2-PSK keys using captured packets.
KismetWireless network detector, sniffer, and IDS.
ReaverBruteforces WPS PIN to recover WPA/WPA2 passphrases.
WiFi-PumpkinRogue access point framework for wireless network attacks.

πŸ“ˆ 7. Web Application Testing

ToolUse
Burp SuiteManual and automated web vulnerability testing.
OWASP ZAPWeb application scanner, similar to Burp Suite.
WfuzzWeb application brute forcer (for parameters, directories, etc.).
XSStrikeDetects and exploits XSS vulnerabilities.
NiktoWeb server scanning for misconfigurations, insecure files, etc.

πŸ–₯️ 8. Social Engineering

ToolUse
Social-Engineer Toolkit (SET)Performs phishing, credential harvesting, and other social engineering attacks.
GophishPhishing simulation tool for training and assessment.
Evilginx2Man-in-the-middle phishing attacks using session hijacking.

πŸ”§ 9. General Utilities & Frameworks

ToolUse
Kali Linux / Parrot OS    Linux distributions preloaded with hundreds of pen-testing tools.
Netcat    Network debugging, port scanning, reverse shells.
Wireshark    Packet sniffer and analyzer.
Tcpdump    Command-line packet analysis.
ProxyChains    Forces applications to connect through a proxy like TOR.

🧠 Bonus: AI-Assisted & Modern Tools

ToolUse
ChatGPT + Burp Suite pluginAI-assisted web application vulnerability explanation.
PentestGPT (GitHub)LLM-based helper for pentest note-taking, enumeration planning, etc.
AutoRecon / LinPEAS / WinPEASAutomated recon & privilege escalation enumeration scripts.

Comments

Post a Comment

Popular posts from this blog

Kali Linux Commands for Ethical Hacking Tools

  πŸ”₯ Kali Linux Commands for Ethical Hacking Tools Here’s a complete list of Kali Linux tools and their commands, categorized by Reconnaissance, Scanning, Exploitation, Wireless Attacks, Password Cracking, and Post-Exploitation . πŸ•΅️ 1. Reconnaissance (Information Gathering) WHOIS Lookup sh Copy Edit whois example.com Get domain information. DNS Enumeration sh Copy Edit dig example.com nslookup example.com host example.com Find subdomains & DNS records. Subdomain Discovery sh Copy Edit sublist3r -d example.com List subdomains of a target. Network Scanning (Nmap) sh Copy Edit nmap -sS -p 1-65535 example.com nmap -A -T4 example.com Scan open ports & services. Netcat (Banner Grabbing & Reverse Shell) sh Copy Edit nc -v example.com 80 nc -lvnp 4444 🌐 2. Web Application Security Nikto (Web Vulnerability Scanner) sh Copy Edit nikto -h http://example.com Scan for vulnerabilities. SQL Injection (SQLmap) sh Copy Edit sqlmap -u "http:/...
Read more

A business-level SSL certificate typically falls under Organization Validation (OV)

 A business-level SSL certificate typically falls under Organization Validation (OV) SSL or Extended Validation (EV) SSL . These certificates require businesses to undergo a verification process , ensuring they are legally registered and operating. Example of a Business-Level SSL Certificate (EV SSL) πŸ”Ή Common Name (CN): paypal.com πŸ”Ή Organization (O): PayPal, Inc. πŸ”Ή Organizational Unit (OU): Security Department πŸ”Ή Country (C): US πŸ”Ή State (S): California πŸ”Ή Locality (L): San Jose πŸ”Ή Issuer: DigiCert Inc πŸ”Ή Certificate Type: Extended Validation (EV) SSL πŸ’‘ How to Identify a Business-Level SSL Certificate: Check the Certificate Details: Click the padlock icon in the browser’s address bar. View "Certificate (Valid)" → "Details" . Look for the Organization (O) field —it should contain a real business name . Extended Validation (EV) SSL Indicators: Some browsers (e.g., older versions of Safari) highlight the company name in the...
Read more