Penetration testing

The Top 20 Penetration Testing Tools, Part 2

Ravi Das
July 30, 2018 by
Ravi Das


In this article, we continue with the theme of examining the top 20 penetration testing tools that are available today. In our last installment, we covered the first five. Now let's move on, beginning with number six:

6) Nagios

Earn two pentesting certifications at once!

Earn two pentesting certifications at once!

Enroll in one boot camp to earn both your Certified Ethical Hacker (CEH) and CompTIA PenTest+ certifications — backed with an Exam Pass Guarantee.

This is a penetration testing tool which can be used to check for the security vulnerabilities and weaknesses across an entire network infrastructure. This includes the following:

  • All network paths of communication
  • All endpoints
  • All servers
  • All of the network security devices (this includes routers, hubs, switches, firewalls, network intrusion devices and so forth)
  • All of the software applications which make use of the network infrastructure
  • All data-related network links
  • Any associated network-based nodes

It is cross-compatible with both Linux and Windows operating systems. As an open-source platform, it's free, and can be downloaded


7) Aircrack-ng

This is a pentesting tool that is primarily used for testing WiFi-based network security. In this aspect, it focuses upon three key areas:

  • Network Monitoring: It can capture and quickly analyze data packets in real time
  • Network Attacking: The suite of tools can be used for conducting replay attacks, deauthentication, examining fake wireless access points and data packet injection
  • Network Cracking: It can also be used for testing WEP, WPA and PSK network-based protocols

It works across all open source OS platforms (FreeBSD, OpenBSD, NetBSD and Linux) as well as Windows and OS X. It can be downloaded here.

8) Wifiphisher

This is a pentesting tool used primarily in testing for rogue wireless access points in a WiFi-based network. Its key feature is that it can be used to launch "ethical" phishing attacks, which can identify many hidden security holes in the IT infrastructure of any business or corporation. Examples of these include login credential harvesting and determining other weak points which a botnet-style attack can be launched from.

This tool works only on the Linux platform, and it can be downloaded for free here.

9) SQLmap

As its name implies, this penetration-testing tool is primarily used in simulating SQL-injection attacks on SQL-based servers. It can be used a across all of these databases:

  • MySQL
  • Oracle
  • PostgreSQL
  • Microsoft SQL Server
  • Microsoft Access
  • IBM DB2
  • SQLite
  • Firebird
  • Sybase
  • SAP
  • MaxDB
  • Informix

It also supports the following types of SQL injection attacks:

  • Boolean-based blind
  • Time-based blind
  • Error-based
  • UNION query-based
  • Stacked queries
  • Out-of-band

This tool can be downloaded for free here.

10) BeEF (Browser Exploitation Framework)

This penetration-testing tool is used for testing the vulnerabilities and weaknesses that are found across all of the major web browser platforms, including Explorer, Firefox, Chrome and Safari. It is important to note that this tool only looks for holes on the client side, and thus, the simulated attack vectors can only be launched from this angle. Multiple web browsers can be linked together and used as specific "beachheads or launching directed command modules and further attacks against the system from within the browser context." (Source)

BeEF can be used on both desktop and wireless devices, especially smartphones (Android, iPhone, Windows Mobile and more). Download it for free here.

11) The Immunity Debugger

This is a penetration-testing tool that is specifically designed for creating and launching source code exploits, analyzing all types and kinds of malware, and conducting reverse-engineering techniques on binary code files. It comes in both GUI and command line formats (both are available in the same download package). It can also be used with the Python API for extended functionalities such as:

  • Python scripting
  • Creating Python-based hooks (which can be used to trigger simulated events during an actual pentest)
  • Python graphing

This tool can be downloaded for free here.

12) Acunetix

This pentesting tool has been designed to detect any unknown security vulnerabilities in Web-based applications. It makes use of specialized crawler technology which can pinpoint any hidden flaws in your source code (even making use of a client-based script analyzer). It can even launch simulated SQL injection attacks and cross-site scripting (XSS) attacks as well. This package can also scan for vulnerabilities in WordPress plugins and be used as a network scanner (primarily for examining the perimeter and any misconfigurations).

It is also highly-regarded for creating sophisticated Vulnerability Management and Regulatory Compliance Reports as well. However, this package does not come free, and can be quite expensive. But there is a free 14-day trial version that can be downloaded

13) Monitis

This company offers cloud-based, 24/7 real-time website performance monitoring services. In addition to this, it also offers a vulnerability scan service which costs just $50.00 for one scan; a customer can get a detailed and customized report about any type of security vulnerability that their environment might be facing. They even provide recommended solutions in order to fix any detected gaps or holes that have been unearthed. You can purchase your low-cost vulnerability scan here.

14) Burp Suite

This is a pentesting tool that uses any browser platform you're currently using to map a particular application and discover any unknown vulnerabilities in its functionalities. Even customized attacks (per the client's requirements) can be launched. Other features of this package include:

  • The ability to scan and identify 100+ security vulnerabilities
  • Support for various types of attack insertion points
  • Scan for nested insertion points
  • Options for both passive and active scanning
  • Automation of repetitive pentesting techniques
  • Complete view of the connection between the server and the application that's being pentested
  • Manual of insertion points

At the present time, there is a paid subscription and free downloadable version.

15) OWASP Zed Attack Proxy

This is one of the most popular, open-source penetration-testing tools. It has been developed by hundreds of cybersecurity professionals, and was primarily created for the testing of Web-based applications to find any holes or weaknesses not only in the source code itself, but other facets that are associated with it, such as the database.

It is important to note that this tool is actually meant for the pentester that is starting out on their first assignment, while the more experienced pentester would find OWASP useful for manual pentesting exercises.

The tool is free and can be downloaded here.

16) Nessus

The Nessus penetration-testing tool was created back in 1998, and since then, it has prided itself on being "The Most Widely Deployed Vulnerability Scanner in The World." This package does not focus on any one particular area; it can be used to pentest various facets such as:

  • Software code flaws (especially backdoors)
  • Any kind of malware or botnets that may exist on your IT Infrastructure
  • Any sort of configuration auditing
  • Scan for any other security vulnerabilities that may exist at your physical place of business, or anything that you may have virtually (such as a virtual server) or stored in the cloud
  • Testing for an unlimited number of IP addresses
  • It can even work in conjunction with other pentesting tools, most notably Metasploit, Canvas and ExploitHub
  • It can support over 90,000 various plugins (it also comes with an embedded scripting language so that pentesters can even create their own plugins)

More details on what it can do can be found here. Nessus is currently used by almost 2,000,000 users and 24,000 business entities worldwide.

However, the tool is based on a paid subscription model (there is a free trial), and it can be purchased here.

17) Netsparker

Netsparker is a pentesting tool that has been developed for ascertaining security vulnerabilities and flaws found in Web-based applications and their supporting functionalities, primarily the database, and the connections between that and the applications. Specifically, this tool can test for vulnerabilities that are associated with SQL injection attacks, XSS attacks and other associated APIs. It also boasts a high rate of confirmation for any false positives that may appear in a penetration test scenario.

It can be used with web applications that have been developed with PHP, ASP.NET, Java, HTML and more. A free trial can be downloaded here.

18) Nipper

This pentesting package is unique because apart from finding security vulnerabilities in software and Web-based applications, Nipper can also be used to pentest for the following types of networking hardware:

  • Network switches
  • Routers
  • Firewalls
  • Network intrusion devices
  • Switches
  • Hubs

It supports networking hardware from the major vendors, such as the following:

  • Cisco
  • Juniper
  • 3Com
  • McAfee
  • Nokia
  • HP
  • Checkpoint

It also provides continual monitoring and analysis of your network infrastructure 24/7. It comes with a free trial version that can be downloaded here.

19) Cain & Abel

Cain and Abel is a penetration-testing tool that has been designed specifically to check for the vulnerabilities that are associated with passwords and the databases they reside in. It has various functionalities, such as:

  • Network sniffing
  • Dictionary-style attacks
  • Brute force attacks
  • Cryptanalysis and other forms of encryption-based attacks
  • Uncovering vulnerabilities found in the cache memory
  • Conducting routing protocol analyses

It's important to note that this tool works only on Windows OS. It comes as a free package and can be downloaded here.


SQL NINJA is a penetration-testing tool that is devoted entirely to the exclusive penetration testing of Web-based applications which use Microsoft SQL Server as the back end. It is designed to test primarily for SQL injection attacks, taking remote access of the SQL database in an automated process. It uses PERL as the primary scripting language for debugging purposes.

It runs on the following Operating Systems:

  • Linux
  • FreeBSD
  • Mac OSX
  • iOS

It has a purely command-line interface, and being an open-source platform, it can be downloaded for free here.


17 penetration testing tools the pros use, CSO Online

37 Powerful Penetration Testing Tools (Security Testing Tools), Software Testing Tools

Hacker Tools Top Ten, Concise Courses

Become a Certified Ethical Hacker, guaranteed!

Become a Certified Ethical Hacker, guaranteed!

Get training from anywhere to earn your Certified Ethical Hacker (CEH) Certification — backed with an Exam Pass Guarantee.

5 penetration test tools to secure your network, Computer Weekly

Ravi Das
Ravi Das

Ravi is a Business Development Specialist for BiometricNews.Net, Inc., a technical communications and content marketing firm based out of Chicago, IL. The business was started in 2009, and has clients all over the world. Ravi’s primary area of expertise is Biometrics. In this regard, he has written and published two books through CRC Press. He is also a regular columnist for the Journal of Documents and Identity, a leading security publication based out of Amsterdam.

You can visit the company’s website at (or; and contact Ravi at