Penetration testing tools & resources

Reading Time: 2 minutes

Metasploit – The world’s most used penetration testing framework. Find security issues, verify vulnerability mitigations & manage security assessments.

Nessus – vulnerability scanner.

Kali Linux – an industry standard penetration testing distribution & framework. It’s fully customizable and utilizes LUKS full-disk encryption.

Parrot OS – a full portable laboratory for all kinds of cyber security operations.

Kali Linux Nethunter – Open Source Android penetration testing platform.

OpenVAS – Open Vulnerability Assessment Scanner.

REMnux – is a Linux toolkit for reverse-engineering and analyzing malicious software.

Port scanners

Port scanners are essentials tolls for maintaining and testing server security.

Nmap – Network Mapper is a free and open source utility for network discovery and security auditing.

Unicornscan -offers asynchronous TCP and UDP scanning capabilities and non-common network discovery patterns.

Angry IP Scanner – super fast, scans local networks as well as Internet.

Intrusion detection systems (IDS/IPS)

Intrusion detection / prevention systems provide valuable information about potential attack vectors, which is essential when proactively identifying threats, setting up defenses and responding to incidents.

Snort – uses rules that help define malicious network activity.

OSSEC – world’s most popular free and open source host-based intrusion detection system.

Suricata – free and open source, mature, fast and robust network threat detection engine.

Cowrie – SSH and Telnet honeypot designed to log brute force attacks and the shell interaction.

Logwatch – not IDS, but absolutely useful for the purpose. It parses through system’s logs and creates a report.

Fail2ban – scans log files and bans IPs that show the malicious signs such as too many password failures, seeking for exploits etc.

Exploit databases

Google Hacking Database – exploit database by Offensive Security.

Build your lab

Vulnhub.com – virtual machines for security lab.

AutoRecon – multi-threaded network reconnaissance tool .

GOWAPT – Web Application Penetration Test.

Train your pen skills

Nets.ec – Information about shellcode, countermeasures, administration, exploitation and programming.

OpenSecurityTraining.info – training material for computer security classes.

Metasploit unleashed – the most complete and in-depth Metasploit guide available.

Pentest-standard.org – the penetration testing execution standard.

SWEET – secure web development teaching.

Securitytube – over the shoulder security training videos.

Hack.me – build, host and share vulnerable web application code for educational and research purposes.

Falconspy.medium.com – valuable reading you are preparing for OSCP.

Test your hacking skills

Virtualhackinglabs.com – commercial online penetration testing lab.

Hackthebox.eu – test your penetration testing skills.

For rainy days

Cmdchallenge.com – test your command line skills.

Root-me.org – train your hacking skills.

Defendtheweb.net – community and articles.

ChaosVPN – VPN to connect Hackers and Hackerspaces.

PenTestIt – Cyberattack world map.

Dangerous websites lists / feeds / databases

Threatshub.org/download/ –

https://bitbucket.org/threatshub/th-dfbase/raw/master/data/malware/ThreatsHub_Malicious_DataFeed

zonefiles.io/compromised-domain-list/
github.com/firehol/blocklist-ipsets
https://github.com/stamparm/ipsum

Pen testing news feed