跳转至

【17 super useful penetration testing tools, all here!】

17 super useful penetration testing tools, all here!

💻Collection search tools + analysis🔧

🔗【 ❤️ Download ❤️ 】

Penetration testing is an operation performed by professional security personnel to find vulnerabilities in the system . That is, of course, until malicious hackers find these vulnerabilities. The tools these industry security experts love vary widely, some are publicly available for free, others require a fee, but this article assures you it’s worth a look!!

  1. Nmap September 1, 2017 is Nmap’s 20th birthday. From its inception, Nmap has been the tool of choice for network discovery and attack surface mapping. From host discovery and port scanning, to operating system detection and IDS evasion/spoofing, Nmap is an essential tool for hacker operations large and small.

  2. Aircrack-ng Similar to Nmap, Aircrack-ng is the kind of tool that penetration testers not only know, but will use frequently whenever they evaluate wireless networks. Aircrack-ng is a suite of wireless assessment tools covering packet capture and attacks (including cracking WAP and WEP).

  3. Wifiphisher Wifiphisher is a tool that fakes malicious access points and launches automated phishing attacks against WiFi networks. Depending on the scope of the task, Wifiphisher can cause credential harvesting or actual infection. A complete overview is available in the documentation section of its website.

  4. Wifiphisher Wifiphisher is a tool that fakes malicious access points and launches automated phishing attacks against WiFi networks. Depending on the scope of the task, Wifiphisher can cause credential harvesting or actual infection. A complete overview is available in the documentation section of its website.

  5. Burp Suite   Used in conjunction with a web browser, it can discover the functionality and security issues of a given App and is the basis for launching customized attacks.

Currently, the free version is very limited in functionality, but the paid version ($349 per user) offers comprehensive web crawling and scanning capabilities (supporting over 100 vulnerabilities - included in the OWASP Top 10); multiple attack points; and scope-based configuration. The most common comments about this tool are that it can be used to automate repetitive functions and provide a good view of the app's interaction with the server.

  1. OWASP ZAP OWASP Zed Attack Proxy (ZAP) is an application testing tool comparable to Burp Suite. The general opinion is that ZAP is suitable for those new to application security, while Burp Suite is the core assessment tool of choice. People who are tight on money tend to prefer ZAP because it is an open source tool. OWASP recommends ZAP for application testing and has published a series of tutorials to guide users in effectively utilizing the tool in long-term security projects.