Penetration testing tools & resources

Reading Time: 2 minutes

Metasploit – The world’s most used penetration testing framework. Find security issues, verify vulnerability mitigations & manage security assessments.

Nessus – vulnerability scanner.

Kali Linux – an industry standard penetration testing distribution & framework. It’s fully customizable and utilizes LUKS full-disk encryption.

Parrot OS – a full portable laboratory for all kinds of cyber security operations.

Kali Linux Nethunter – Open Source Android penetration testing platform.

OpenVAS – Open Vulnerability Assessment Scanner.

REMnux – is a Linux toolkit for reverse-engineering and analyzing malicious software.

Port scanners

Port scanners are essentials tolls for maintaining and testing server security.

Nmap – Network Mapper is a free and open source utility for network discovery and security auditing.

Unicornscan -offers asynchronous TCP and UDP scanning capabilities and non-common network discovery patterns.

Angry IP Scanner – super fast, scans local networks as well as Internet.

Intrusion detection systems (IDS/IPS)

Intrusion detection / prevention systems provide valuable information about potential attack vectors, which is essential when proactively identifying threats, setting up defenses and responding to incidents.

Snort – uses rules that help define malicious network activity.

OSSEC – world’s most popular free and open source host-based intrusion detection system.

Suricata – free and open source, mature, fast and robust network threat detection engine.

Cowrie – SSH and Telnet honeypot designed to log brute force attacks and the shell interaction.

Logwatch – not IDS, but absolutely useful for the purpose. It parses through system’s logs and creates a report.

Fail2ban – scans log files and bans IPs that show the malicious signs such as too many password failures, seeking for exploits etc.

Exploit databases

Google Hacking Database – exploit database by Offensive Security.

Build your lab – virtual machines for security lab.

AutoRecon – multi-threaded network reconnaissance tool .

GOWAPT – Web Application Penetration Test.

Train your pen skills – Information about shellcode, countermeasures, administration, exploitation and programming. – training material for computer security classes.

Metasploit unleashed – the most complete and in-depth Metasploit guide available. – the penetration testing execution standard.

SWEET – secure web development teaching.

Securitytube – over the shoulder security training videos. – build, host and share vulnerable web application code for educational and research purposes. – valuable reading you are preparing for OSCP.

Test your hacking skills – commercial online penetration testing lab. – test your penetration testing skills.

For rainy days – test your command line skills. – train your hacking skills. – community and articles.

ChaosVPN – VPN to connect Hackers and Hackerspaces.

PenTestIt – Cyberattack world map.

Dangerous websites lists / feeds / databases

Pen testing news feed

[ccpw id=”511″]