Penetration Testing Tools

While going through Penetration Testing, it’s worthwhile to writeup a post on tools widely used in the various categories

Testing Tools are categorised mainly in to five categories

Information Gathering
Web Application Testing
Infrastructure Tesing
Exploit helpers
Utilities

Information Gathering

Google Hacking
Allows you to find juicy information indexed by Google about a target website (ex. directory listing, sensitive files, error messages, login pages, etc).

Find Domains
Allows you to discover domains associated with a target domain and to determine the attack surface of a target organization.

Find Subdomains
Allows you to discover subdomains of a target domain and to determine the attack surface of a target organization.

Find Virtual Host
Attempts to discover virtual hosts that are configured on a given IP address. This is helpful to find multiple websites hosted on the same server.

Website Recon
This tool allows you to discover the technologies used by a target web application – server-side and client-side. It can also scan multiple virtual hosts on the same IP.

Web application Testing

Website Scanner
Finds common vulnerabilities which affect web applications: SQL Injection, XSS, OS Command Injection, Directory Traversal, and others. The scanner also identifies specific web server configuration issues.

URL Fuzzer
Discover hidden files and directories .conf, .bak, .bkp, .zip, .xls, etc. Get easy access to hidden content hosted on your target web server. Fuzz the target with your custom wordlist in the specified location.

SQLi Scanner
The online scanner identifies SQL Injection vulnerabilities found in web applications by crawling and performing a deep inspection of web pages and parameters.

XSS Scanner
This scanner helps you test if the target web application is affected by Cross-Site Scripting vulnerabilities powered by OWASP ZAP.

WordPress Scanner
This tool helps you discover security issues and vulnerabilities in the target WordPress website using the most advanced WordPress scanner: WPScan.

Drupal Scanner
Finds Drupal version, modules, theme, and their vulnerabilities. Checks for common Drupal misconfigurations and weak server settings.

Joomla Scanner
Perform a Joomla security assessment by finding vulnerabilities in Joomla core, components, modules, and templates.

SharePoint Scanner
Discover various security weaknesses and vulnerabilities in web applications built on top of Microsoft SharePoint and FrontPage.

Infrastructure Testing

Network Scan OpenVAS
Scanner allows you to detect a wide range of vulnerabilities in network services, operating systems, and also in web servers, its use cases are very diverse

Password Auditor
The tool scans an URL, IP address, or hostname for network services that require authentication and detects weak credentials by trying to log in using the usernames and passwords from the input wordlists.

ProxyLogon
The tool can be used to check if the email server (Microsoft Exchange) is affected by CVE-2021-26855, a SSRF vulnerability which can lead to disclosure of sensitive information and to Remote Code Execution.

Subdomain Takeover
Allows you to discover subdomains of a target organization that point to external services and are not claimed – leaving them vulnerable to a hostile takeover.

TCP Port Scan
Knowing which network services are exposed to the Internet is essential for securing the network perimeter of a company. With a Nmap portscan, you can easily obtain a quick view of the network attack surface that includes all open TCP ports and services.

UDP Port Scan
Allows you to discover which UDP ports are open on your target host, identify the service versions, and detect the operating system.

DNS Zone Transfer
Check if the name servers of the target domain are vulnerable to DNS Zone Transfer and attempt to retrieve the full DNS Zone file.

SSL/TLS Scanner
The SSL Scanner connects to the target port and attempts to negotiate various cipher suites and multiple SSL/TLS versions to determine weak configurations and common vulnerabilities (ex. POODLE, Heartbleed, DROWN, ROBOT, etc.). The full version of the SSL Scanner scans multiple ports and services (HTTPS, SMTPs, IMAPs, etc.).

Exploit Helpers

SQLi Exploiter
Allows you to confirm SQL Injection vulnerabilities in your site, to see the vulnerable parameters, and also to demonstrate the business risk by extracting data from the database. Powered by SQLMap.

XSS Exploiter
The XSS Exploiter allows you to easily demonstrate the true risk of an XSS vulnerability that you found in a web application by creating a Proof-of-Concept scenario.

HTTP Request Logger
This is a useful pentest utility that logs all the HTTP/S requests received on a certain handler URL: source IP, User Agent, URL parameters, timestamp, etc. .