This is an old revision of the document!
Penetration testing tools and softwares
https://www.carson-saint.com/products/saintcloud/
SAINTcloud® Vulnerability Management Manage risk. Pay as you go. Powered by SAINT logo Enabling cloud-based security.
The cost of defending your most critical technology resources and information rises every year. Increased threats and tight budgets challenge even the most robust risk-management program. Carson & SAINT developed SAINTcloud vulnerability management to provide all of the power and capability offered in our fully-integrated vulnerability management solution, SAINT Security Suite, without the need to implement and maintain on-premise infrastructure and software. This means you can spend more time reducing risks and less time managing the tools you use.
Our mission at PlexTrac is to improve the posture of every security team, regardless of size or scope. Simply put, there’s a PlexTrac for every security professional on the planet.
https://se.works/product/pentoma
Automate Your Penetration Testing Tasks.
The Penetration testing no longer needs to be complicated. You can simply provide the URLs and APIs that you want to pen test to Pentoma®. It will take care of the rest, and deliver the report to you.
Global Bug Bounty Platform Crowdsourced security & Vulnerability Disclosure France, Singapore, Switzerland, Germany
The most advanced Penetration Testing Distribution
Kali Linux is an open-source, Debian-based Linux distribution geared towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering.
Hexway — awesome platform for penetration testing & vulnerability management
https://www.intigriti.com/pricing
Whether it’s a private or public bug bounty program, a vulnerability disclosure policy, a hybrid pentest, a live hacking event, or something in-between — our subscriptions have been built to cater for all organisations. Request a quote today and we’ll be in touch to provide you with the most suitable pricing package to meet your needs.
https://www.ptsecurity.com/ww-en/products/maxpatrol/
MaxPatrol 8
Vulnerability and compliance management system
https://pentera.io/platform/?redirected=true
Automatically validate security for continuous resilience
Test the entire IT infrastructure, reveal true risk, and create a surgical remediation™ roadmap
https://github.com/zaproxy/zaproxy/wiki
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.
Welcome to the PentestBox Tool List Website! Here you will find a list of the tools which are inside PentestBox and how to use them.
https://www.pentesteracademy.com/
Online Labs and Course Library
https://aws.amazon.com/marketplace/pp/prodview-pj6x6syhznze2
PurpleLeaf is a service-backed continuous penetration testing platform. Our platform allows customers to receive ongoing manual penetration testing combined with network and cloud vulnerability scanning. By purchasing PurpleLeaf through the AWS marketplace, your dedicated dashboard is created instantly.
https://www.titania.com/products/nipper/
Manage your network risks with Nipper our accurate firewall and network configuration audit tool
Nipper discovers vulnerabilities in firewalls, switches and routers, automatically prioritizing risks to your organization. Our virtual modelling reduces false positives and identifies exact fixes to help you stay secure.
http://www.porcupine.org/satan/
(Security Administrator Tool for Analyzing Networks)
https://www.evolvesecurity.com/enterprise/darwin-attack
DARWIN ATTACK®
The Real-Time Pentest Platform No more emails, static reporting and waiting for answers about the threats to your environment. Our communication, collaboration and remediation solutions platform infuses real-time communication and intelligence to the pentesting experience.
https://www.datatheorem.com/solutions/
Secure user data across mobile and modern applications with solutions designed to automate and scale with today’s development models.
External Attack Surface Management Platform
Discover your external attack surface in minutes so you can start reducing your cyber risk as quickly as possible.
https://www.immuniweb.com/products/ondemand/
ImmuniWeb® On-Demand Web Application Penetration Testing Made Simple
ImmuniWeb® On-Demand leverages our award-winning Machine Learning technology to accelerate and enhance web penetration testing. Every pentest is easily customizable and provided with a zero false-positives SLA. Unlimited patch verifications and 24/7 access to our security analysts are included into every project.
Pentesting and Vulnerability Management Find and Fix Vulnerabilities that Matter with the Premier Security Testing Platform
https://apicritique.com/#pricing
API Critique The Most Advanced API Penetration Testing Solution.
https://appcheck-ng.com/features
AppCheck is a vulnerability scanning platform built by leading penetration testing experts to expose security issues
https://se.works/product/appsolid
Advanced Mobile App Hardening: Protect your Android & iOS applications.
AppSolid® provides continuous app hardening, anti-debugging and anti- reversing as a part of an automated DevSecOps process.
Upload your application, download it, and publish. No coding required.
https://bugbounter.com/for-companies/
https://bugbounter.com/about-bugbounter/
Why Should You Prefer Ecosystem?
Protecting digital assets is a common concern, and a safer world is possible only through cooperation. That's why at Bugbounter, we have established an ecosystem of freelance researchers committed to discovering cyber security vulnerabilities so that organizations can always be prepared against cyber threats. Our platform brings together a network of ethical hackers and security researchers with organizations, enabling security teams to test their risks for any asset they wish.
https://www.praetorian.com/chariot/
Defensive Investments Need an Offensive Perspective
Gain the upper-hand over attackers by partnering with the industry's leading offensive security service provider. We put you back on the offensive by combining security expertise with technology automation to continuously focus and improve your defensive investments.
https://www.cobaltstrike.com/features/
Cobalt Strike is threat emulation software. Execute targeted attacks against modern enterprises with one of the most powerful network attack kits available to penetration testers. This is not compliance testing.
Aircrack-ng is a complete suite of tools to assess WiFi network security.
It focuses on different areas of WiFi security:
Monitoring: Packet capture and export of data to text files for further processing by third party tools Attacking: Replay attacks, deauthentication, fake access points and others via packet injection Testing: Checking WiFi cards and driver capabilities (capture and injection) Cracking: WEP and WPA PSK (WPA 1 and 2)
All tools are command line which allows for heavy scripting. A lot of GUIs have taken advantage of this feature. It works primarily on Linux but also Windows, macOS, FreeBSD, OpenBSD, NetBSD, as well as Solaris and even eComStation 2.
https://www.ettercap-project.org/
Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.
Penetration Testing as a Service (PTaaS)
https://www.ivanti.com/company/history/risksense?rsredirect=
Full spectrum risk‑based vulnerability management
Founded in 2015 by a group of cybersecurity experts, RiskSense® provided vulnerability management and prioritization to measure and control cybersecurity risk. The RiskSense platform employed human-interactive machine learning technology and embodied the expertise and intimate knowledge gained from real-world experience in defending critical networks from the world’s most dangerous cyberadversaries.
From its inception, RiskSense invested heavily in research, leading to a variety of patents that were part of the DNA of the RiskSense platform. To stay ahead of cyberadversaries, RiskSense employed a deep bench of security researchers and collaborated via its Fellowship Program with leading IT and cybersecurity programs at New Mexico Tech, UC Riverside and Carnegie Mellon University, among others.
RiskSense was acquired by Ivanti on August 2, 2021.
https://www.nowsecure.com/products/
NowSecure Platform
Automate static, dynamic and interactive testing for mobile apps, and integrate with the SDLC to deliver security results with a detailed assessment in just minutes. Deployed in the cloud or on-premises, uncover compliance gaps, security flaws, and privacy issues at the pace mobile DevOps requires.
https://www.getastra.com/vapt/website-vapt
It's one small security loophole v/s your entire business. 99.7% websites have atleast one vulnerability. Find your website's weaknesses and patch them up before it hurts your business. Get a security audit with 1250+ tests, right now!
Discover your vulnerabilities, before hackers can.
The quickest, most affordable solution to get compliant and secure all of your assets, giving you year around peace of mind.
The Pentest Management Platform for /
Change the way you deliver pentests, with cloud pentest management tools, complete with automated reporting & everything you need to deliver Pentest-as-a-Service.
https://www.synopsys.com/software-integrity/penetration-testing.html
On-demand expert penetration testing
Synopsys Penetration Testing enables you to address exploratory risk analysis and business logic testing so you can systematically find and eliminate business-critical vulnerabilities in your running web applications and web services, without the need for source code.
https://www.appknox.com/vulnerability-assessment
Try Appknox's Vulnerability Assessment Tool
Assess vulnerabilities as a part of your SDLC automatically
https://www.stackhawk.com/product/
Security Testing for the Modern Engineering Team
Focused on pre-production API and web application security testing, StackHawk gives Development teams the ability to actively run security testing as part of their traditional software testing workflows, while giving AppSec teams the peace of mind of controlled and security tested applications in production.
https://github.com/beefproject/beef
The Browser Exploitation Framework Project
NMAP
NMAP is short for Network Mapper. It helps you map a network by scanning ports, discovering operating systems, and creating an inventory of devices and the services running on them. This is a great suite for network pen testing.
NMAP sends differently structured packets for different transport layer protocols which return with IP addresses and other information. You can use this information for host discovery, OS fingerprinting, service discovery, and security auditing.
NMAP is a powerful tool with the capability of mapping a very large network with thousands of ports connected to it.
https://www.getastra.com/pentest/pricing
Astra Security’s product, the Astra Pentest is guided by one principle – making the pentest process simple for the users. Astra’s efforts towards making the penetration testing platform self-serving are constant and yet they manage to always be available and on point with support. Astra has made visualizing, navigating, and remediating vulnerabilities as simple as running a search on Google.
On Astra’s penetration testing platform, the user gets a dedicated dashboard to visualize the vulnerabilities, read the CVSS scores, get in touch with the security personnel, and access remediation support.
https://www.veracode.com/platform
The Veracode Continuous Software Security Platform
https://portswigger.net/solutions/penetration-testing
Penetration testing software from PortSwigger Revolutionize your workflow - with the leading penetration testing software
Cybersecurity made easier
Designed to meet your growing security needs, Defendify streamlines multiple layers of cybersecurity through a single platform, ongoing guidance, and expert support.
https://hckrt.com/Home/Features
Ethical Hacking Platform
Appropriate management of vulnerabilities is not easy at all. However, it is essential to secure your business. We are providing several useful features to make it more convenient.
https://www.coresecurity.com/products/core-impact
It takes a crowd to defeat a crowd
Cybersecurity is a team effort. And having the right team makes all the difference as to whether you win or lose.
Why crowdsourced security?
Most organizations lack the resources and diversified skills to find hidden vulnerabilities before attackers do. Unfortunately, using reactive tools alone leads to noisy, low-impact results that miss emerging risks. Even sophisticated companies can misjudge the creativity, patience, and diverse skills of today’s attackers.
Crowdsourcing emerged to address the skills gap—and the imbalance between attackers and defenders—by incentivizing ethical hackers to report critical bugs. Yet many firms struggle to integrate crowdsourcing into their security strategy in a trusted, efficient way; purpose-built tools are too limited, and consulting-based approaches fail to scale.
Bugcrowd has re-envisioned crowdsourced security with a platform-powered approach that activates the right researchers to your needs and environment at the right time, with all operational details fully managed for you.
Core Impact is designed to enable security teams to conduct advanced penetration tests with ease. With guided automation and certified exploits, the powerful penetration testing software enables you to safely test your environment using the same techniques as today's adversaries.
Replicate attacks across network infrastructure, endpoints, web, and applications to reveal exploited vulnerabilities, empowering you to immediately remediate risks.
https://www.indusface.com/web-application-scanning.php
Web Application Scanner Choose Indusface WAS for the most comprehensive application security audit to detect a wide range of high-risk Vulnerabilities, Malware, and Critical CVEs.
https://www.invicti.com/features/
How Invicti paves your road to security
Build security automation into every step of your SDLC. So you get more security with less manual effort.
https://github.com/sqlmapproject/sqlmap
Automatic SQL injection and database takeover tool
Complete attack surface coverage for AppSec and ProdSec teams
Start covering your external attack surface with rigorous discovery, 99.7% accurate vulnerability assessments, and accelerated remediation through actionable guidance.
Test your security before an attacker does.
It’s critical to be able to identify potential vulnerabilities in the three major categories that affect most businesses - network, wireless and web application. With Verizon’s penetration testing, you can take a proactive approach to securing your organization, assessing cyber threats, and addressing your security gaps across each of these areas.
We have investigated many of largest data breaches on record, conducted hundreds of incident investigations every year, and processed 61 billion security events on average every year. With that experience in security, we can help you find your cyber security vulnerabilities before they become serious threats.
https://www.acunetix.com/vulnerability-scanner/
Improve Your Web Application Security with the Acunetix Vulnerability Scanner
Acunetix is not just a web vulnerability scanner. It is a complete web application security testing solution that can be used both standalone and as part of complex environments. It offers built-in vulnerability assessment and vulnerability management, as well as many options for integration with market-leading software development tools. By making Acunetix one of your security measures, you can significantly increase your cybersecurity stance and eliminate many security risks at a low resource cost.
https://www.cobalt.io/platform
Cobalt’s Pentest as a Service (PtaaS) platform is paired with an exclusive community of testers to deliver the real-time insights you need to remediate risk quickly and innovate securely.
https://www.intruder.io/pricing
Intruder is an online vulnerability scanner that finds cyber security weaknesses in your digital infrastructure, to avoid costly data breaches.
https://www.rapid7.com/products/metasploit/
Penetration testing software for offensive security teams.
Peace of mind from security’s greatest minds
Increase your resistance to attack by tapping the world’s top ethical hackers. Understand your attack surface, hunt bugs, test apps, and fix vulnerabilities before anyone else knows they exist.
https://pentest-tools.com/features
A cloud-based pentesting platform built to make your workflow easier and smoother
https://beaglesecurity.com/features
Beagle Security combines all the essential features at an affordable price so that your business and data is secure throughout.