User Tools

Site Tools


Penetration testing tools and softwares


Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions. Wireshark development thrives thanks to the volunteer contributions of networking experts around the globe and is the continuation of a project started by Gerald Combs in 1998.


Wfuzz: The Web fuzzer

Wfuzz provides a framework to automate web applications security assessments and could help you to secure your web applications by finding and exploiting web application vulnerabilities.


Free, Simple, Distributed, Intelligent, Powerful, Friendly.

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications.

This is a Ruby framework that helps in analyzing web application security. It performs a meta-analysis on the HTTP responses it receives during an audit process and presents various insights into how secure the application is.


Immunity’s CANVAS is one of the leading and trusted vulnerability assessment and penetration testing (VAPT) tools in the commercial market. It is commercial software well known for being offensive in nature, cross platform, adopted widely by penetration testers to conduct exploitation testing (usually with the extensive range of Canvas Exploitation Pack CEP addon) to perform industry/project scope specific pentesting. It is also widely adopted by vulnerability and exploit researchers for exploit development and testing.

Immunity’s CANVAS is a widely used tool that contains more than 400 exploits and multiple payload options. It renders useful for web applications, wireless systems, networks, etc.

It has a command-line and GUI interface, works best on Linux, Apple Mac OS X, and Microsoft Windows. It is not free of charge and more information can be found on the page below.

John the Ripper

John the Ripper is an Open Source password security auditing and password recovery tool available for many operating systems. John the Ripper jumbo supports hundreds of hash and cipher types, including for: user passwords of Unix flavors (Linux, *BSD, Solaris, AIX, QNX, etc.), macOS, Windows, “web apps” (e.g., WordPress), groupware (e.g., Notes/Domino), and database servers (SQL, LDAP, etc.); network traffic captures (Windows network authentication, WiFi WPA-PSK, etc.); encrypted private keys (SSH, GnuPG, cryptocurrency wallets, etc.), filesystems and disks (macOS .dmg files and “sparse bundles”, Windows BitLocker, etc.), archives (ZIP, RAR, 7z), and document files (PDF, Microsoft Office's, etc.) These are just some of the examples - there are many more.

Password hash code and strength-checking code are also made available to be integrated into your own software/code which I think is very unique. This tool comes in a pro and free form.

Cain & Abel ( No website found )

If cracking encrypted passwords or network keys is what you need, then Cain & Abel is the perfect tool for you.

It uses network sniffing, Dictionary, Brute-Force & Cryptanalysis attacks, cache uncovering, and routing protocol analysis methods to achieve this. This is exclusively for Microsoft operating systems.

Burp Suite

Burp Suite is also essentially a scanner (with a limited “intruder” tool for attacks), although many security testing specialists swear that pen-testing without this tool is unimaginable. The tool is not free, but very cost-effective.



This open-source penetration testing software is capable of conducting detailed tests on web servers with a capacity to identify nearly 7000 malicious files and applications.

Detects outdated versions of1250 servers

Has full HTTP support

Customized reports are available based on templates

Can scan numerous server ports 


Nessus is also a scanner and needs to be watched out for. It is one of the most robust vulnerability identifier tools available. It specializes in compliance checks, sensitive data searches, IPs scans, website scanning, etc. and aids in finding the “weak-spots”.


w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.

It has a command-line interface and works on Linux, Apple Mac OS X, and Microsoft Windows. All versions are free of charge to download.

W3af is a framework for web application pentesting and auditing. 

Helps enhance any pentesting platform with its given guidelines

Developed with the help of Python

Identifies nearly 200 different web app flaws

Can also scan session-protected pages

Comes with a graphical interface


BeyondTrust will not accept new orders for BeyondTrust Enterprise Vulnerability Management, formerly Retina CS and Retina Network Security Scanner (all versions).


As opposed to a certain application or a server, Retina targets the entire environment at a particular company/firm. It comes as a package called Retina Community.

It is a commercial product and is a sort of a vulnerability management tool more than a Pen-Testing tool. It works on having scheduled assessments and presenting results.

Zed Attack Proxy (ZAP)

Security Testing Basics

Software security testing is the process of assessing and testing a system to discover security risks and vulnerabilities of the system and its data. There is no universal terminology but for our purposes, we define assessments as the analysis and discovery of vulnerabilities without attempting to actually exploit those vulnerabilities. We define testing as the discovery and attempted exploitation of vulnerabilities.

Security testing is often broken out, somewhat arbitrarily, according to either the type of vulnerability being tested or the type of testing being done. A common breakout is:

Vulnerability Assessment – The system is scanned and analyzed for security issues.

Penetration Testing – The system undergoes analysis and attack from simulated malicious attackers.

Runtime Testing – The system undergoes analysis and security testing from an end-user.

Code Review – The system code undergoes a detailed review and analysis looking specifically for security vulnerabilities.

Note that risk assessment, which is commonly listed as part of security testing, is not included in this list. That is because a risk assessment is not actually a test but rather the analysis of the perceived severity of different risks (software security, personnel security, hardware security, etc.) and any mitigation steps for those risks.

Zed Attack Proxy (ZAP) is a free, open-source penetration testing tool being maintained under the umbrella of the Open Web Application Security Project (OWASP). ZAP is designed specifically for testing web applications and is both flexible and extensible.

At its core, ZAP is what is known as a “man-in-the-middle proxy.” It stands between the tester’s browser and the web application so that it can intercept and inspect messages sent between browser and web application, modify the contents if needed, and then forward those packets on to the destination. It can be used as a stand-alone application, and as a daemon process.


SAINTcloud® Vulnerability Management Manage risk. Pay as you go.

Enabling cloud-based security.

The cost of defending your most critical technology resources and information rises every year. Increased threats and tight budgets challenge even the most robust risk-management program. Carson & SAINT developed SAINTcloud vulnerability management to provide all of the power and capability offered in our fully-integrated vulnerability management solution, SAINT Security Suite, without the need to implement and maintain on-premise infrastructure and software. This means you can spend more time reducing risks and less time managing the tools you use.


Our mission at PlexTrac is to improve the posture of every security team, regardless of size or scope. Simply put, there’s a PlexTrac for every security professional on the planet.


Automate Your Penetration Testing Tasks.

The Penetration testing no longer needs to be complicated. You can simply provide the URLs and APIs that you want to pen test to Pentoma®. It will take care of the rest, and deliver the report to you.

Yes We Hack

Global Bug Bounty Platform

Crowdsourced security & Vulnerability Disclosure

France, Singapore, Switzerland, Germany

Kali Linux Distribution

The most advanced Penetration Testing Distribution

Kali Linux is an open-source, Debian-based Linux distribution geared towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering.


Hexway — awesome platform for penetration testing & vulnerability management


Hybrid Pentest

Security testing reimagined

Intigriti’s Hybrid Pentest solution brings a new approach to bug bounty and security testing. Supersede traditional penetration testing, secure your assets, and be ready to counter modern-day threats by harnessing the full power of the crowd.

Whether it’s a private or public bug bounty program, a vulnerability disclosure policy, a hybrid pentest, a live hacking event, or something in-between — our subscriptions have been built to cater for all organisations. Request a quote today and we’ll be in touch to provide you with the most suitable pricing package to meet your needs.


MaxPatrol 8

Vulnerability and compliance management system


Automatically validate security for continuous resilience

Test the entire IT infrastructure, reveal true risk, and create a surgical remediation™ roadmap

Zed Attack Proxy

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.


Welcome to the PentestBox Tool List Website! Here you will find a list of the tools which are inside PentestBox and how to use them.

Pentesters Academy

Online Labs and Course Library


PurpleLeaf is a service-backed continuous penetration testing platform. Our platform allows customers to receive ongoing manual penetration testing combined with network and cloud vulnerability scanning. By purchasing PurpleLeaf through the AWS marketplace, your dedicated dashboard is created instantly.


Manage your network risks with Nipper our accurate firewall and network configuration audit tool

Nipper discovers vulnerabilities in firewalls, switches and routers, automatically prioritizing risks to your organization. Our virtual modelling reduces false positives and identifies exact fixes to help you stay secure.


(Security Administrator Tool for Analyzing Networks)



‍The Real-Time Pentest Platform

No more emails, static reporting and waiting for answers about the threats to your environment. Our communication, collaboration and remediation solutions platform infuses real-time communication and intelligence to the pentesting experience.

Data Theorem

Data Theorem's Product Suite Simplified

Automated hacking and full application stack discovery that protects your data.

Secure user data across mobile and modern applications with solutions designed to automate and scale with today’s development models.

External Attack Surface Management Platform

External Attack Surface Management Platform

Discover your external attack surface in minutes so you can start reducing your cyber risk as quickly as possible.


ImmuniWeb® On-Demand

Web Application Penetration Testing Made Simple

ImmuniWeb® On-Demand leverages our award-winning Machine Learning technology to accelerate and enhance web penetration testing. Every pentest is easily customizable and provided with a zero false-positives SLA. Unlimited patch verifications and 24/7 access to our security analysts are included into every project.


Pentesting and Vulnerability Management

Find and Fix Vulnerabilities that Matter with the Premier Security Testing Platform

API Critique

API Critique

The Most Advanced API Penetration Testing Solution.


AppCheck is a vulnerability scanning platform built by leading penetration testing experts to expose security issues


Advanced Mobile App Hardening: Protect your Android & iOS applications.

AppSolid® provides continuous app hardening, anti-debugging and anti- reversing as a part of an automated DevSecOps process.

Upload your application, download it, and publish. No coding required.

Bug Bounter

Why Should You Prefer Ecosystem?

Protecting digital assets is a common concern, and a safer world is possible only through cooperation. That's why at Bugbounter, we have established an ecosystem of freelance researchers committed to discovering cyber security vulnerabilities so that organizations can always be prepared against cyber threats. Our platform brings together a network of ethical hackers and security researchers with organizations, enabling security teams to test their risks for any asset they wish.


Defensive Investments Need an Offensive Perspective

Gain the upper-hand over attackers by partnering with the industry's leading offensive security service provider. We put you back on the offensive by combining security expertise with technology automation to continuously focus and improve your defensive investments.


Cobalt Strike is threat emulation software. Execute targeted attacks against modern enterprises with one of the most powerful network attack kits available to penetration testers. This is not compliance testing.


Aircrack-ng is a complete suite of tools to assess WiFi network security.

It focuses on different areas of WiFi security:

Monitoring: Packet capture and export of data to text files for further processing by third party tools

Attacking: Replay attacks, deauthentication, fake access points and others via packet injection

Testing: Checking WiFi cards and driver capabilities (capture and injection)

Cracking: WEP and WPA PSK (WPA 1 and 2)

All tools are command line which allows for heavy scripting. A lot of GUIs have taken advantage of this feature. It works primarily on Linux but also Windows, macOS, FreeBSD, OpenBSD, NetBSD, as well as Solaris and even eComStation 2.


Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.

Scantrics Website overloaded. 21 Jan 2023


Why Edgescan

Speed-up remediation by at least 50% with validated and prioritized vulnerability intelligence

Reduce resources for pen testing and vulnerability management by 60%

Improve resilience and cut red team success by 400%

Full-stack view of your global attack surface and ecosystem

Eliminate the noise of false positives and focus on what matters most

Penetration Testing as a Service (PTaaS)


Ivanti finds, heals and protects every device, everywhere – automatically. Whether your team is down the hall or spread around the globe, Ivanti makes it easy and secure for them to do what they do best.

Full spectrum risk‑based vulnerability management

Founded in 2015 by a group of cybersecurity experts, RiskSense® provided vulnerability management and prioritization to measure and control cybersecurity risk. The RiskSense platform employed human-interactive machine learning technology and embodied the expertise and intimate knowledge gained from real-world experience in defending critical networks from the world’s most dangerous cyberadversaries.

From its inception, RiskSense invested heavily in research, leading to a variety of patents that were part of the DNA of the RiskSense platform. To stay ahead of cyberadversaries, RiskSense employed a deep bench of security researchers and collaborated via its Fellowship Program with leading IT and cybersecurity programs at New Mexico Tech, UC Riverside and Carnegie Mellon University, among others.

RiskSense was acquired by Ivanti on August 2, 2021.


NowSecure Platform

Automate static, dynamic and interactive testing for mobile apps, and integrate with the SDLC to deliver security results with a detailed assessment in just minutes. Deployed in the cloud or on-premises, uncover compliance gaps, security flaws, and privacy issues at the pace mobile DevOps requires.


It's one small security loophole v/s your entire business. 99.7% websites have atleast one vulnerability. Find your website's weaknesses and patch them up before it hurts your business. Get a security audit with 1250+ tests, right now!

Astra Security’s product, the Astra Pentest is guided by one principle – making the pentest process simple for the users. Astra’s efforts towards making the penetration testing platform self-serving are constant and yet they manage to always be available and on point with support. Astra has made visualizing, navigating, and remediating vulnerabilities as simple as running a search on Google.

On Astra’s penetration testing platform, the user gets a dedicated dashboard to visualize the vulnerabilities, read the CVSS scores, get in touch with the security personnel, and access remediation support.

Red Sentry

Discover your vulnerabilities, before hackers can.

The quickest, most affordable solution to get compliant and secure all of your assets, giving you year around peace of mind.

Cyber Core

The Pentest Management Platform

Change the way you deliver pentests, with cloud pentest management tools, complete with automated reporting & everything you need to deliver Pentest-as-a-Service. 


On-demand expert penetration testing

Synopsys Penetration Testing enables you to address exploratory risk analysis and business logic testing so you can systematically find and eliminate business-critical vulnerabilities in your running web applications and web services, without the need for source code.


Appknox Vulnerability Assessment Tool

Assess vulnerabilities as a part of your SDLC automatically


Security Testing for the Modern Engineering Team

Focused on pre-production API and web application security testing, StackHawk gives Development teams the ability to actively run security testing as part of their traditional software testing workflows, while giving AppSec teams the peace of mind of controlled and security tested applications in production.


The Browser Exploitation Framework Project


NMAP is short for Network Mapper. It helps you map a network by scanning ports, discovering operating systems, and creating an inventory of devices and the services running on them. This is a great suite for network pen testing.

NMAP sends differently structured packets for different transport layer protocols which return with IP addresses and other information. You can use this information for host discovery, OS fingerprinting, service discovery, and security auditing. 

NMAP is a powerful tool with the capability of mapping a very large network with thousands of ports connected to it.


The Veracode Continuous Software Security Platform


Penetration testing software from PortSwigger

Revolutionize your workflow - with the leading penetration testing software


Cybersecurity made easier

Designed to meet your growing security needs, Defendify streamlines multiple layers of cybersecurity through a single platform, ongoing guidance, and expert support.


Ethical Hacking Platform

Appropriate management of vulnerabilities is not easy at all. However, it is essential to secure your business. We are providing several useful features to make it more convenient.

Core Impact

Penetration testing software to safely uncover and exploit security weaknesses

Core Impact is designed to enable security teams to conduct advanced penetration tests with ease. With guided automation and certified exploits, the powerful penetration testing software enables you to safely test your environment using the same techniques as today's adversaries. 

Replicate attacks across network infrastructure, endpoints, web, and applications to reveal exploited vulnerabilities, empowering you to immediately remediate risks.

Bug Crowd

It takes a crowd to defeat a crowd

Cybersecurity is a team effort. And having the right team makes all the difference as to whether you win or lose.

Why crowdsourced security?

Most organizations lack the resources and diversified skills to find hidden vulnerabilities before attackers do. Unfortunately, using reactive tools alone leads to noisy, low-impact results that miss emerging risks. Even sophisticated companies can misjudge the creativity, patience, and diverse skills of today’s attackers. 

Crowdsourcing emerged to address the skills gap—and the imbalance between attackers and defenders—by incentivizing ethical hackers to report critical bugs. Yet many firms struggle to integrate crowdsourcing into their security strategy in a trusted, efficient way; purpose-built tools are too limited, and consulting-based approaches fail to scale. 

Bugcrowd has re-envisioned crowdsourced security with a platform-powered approach that activates the right researchers to your needs and environment at the right time, with all operational details fully managed for you.

Indus Face

Web Application Scanner Choose Indusface WAS for the most comprehensive application security audit to detect a wide range of high-risk Vulnerabilities, Malware, and Critical CVEs.


Automatic SQL injection and database takeover tool


Complete attack surface coverage for AppSec and ProdSec teams

Start covering your external attack surface with rigorous discovery, 99.7% accurate vulnerability assessments, and accelerated remediation through actionable guidance.

Verizon Penetration Testing

Test your security before an attacker does.

It’s critical to be able to identify potential vulnerabilities in the three major categories that affect most businesses - network, wireless and web application. With Verizon’s penetration testing, you can take a proactive approach to securing your organization, assessing cyber threats, and addressing your security gaps across each of these areas.

We have investigated many of largest data breaches on record, conducted hundreds of incident investigations every year, and processed 61 billion security events on average every year. With that experience in security, we can help you find your cyber security vulnerabilities before they become serious threats.


How Invicti paves your road to security

Build security automation into every step of your SDLC. So you get more security with less manual effort.


Improve Your Web Application Security with the Acunetix Vulnerability Scanner

Acunetix is not just a web vulnerability scanner. It is a complete web application security testing solution that can be used both standalone and as part of complex environments. It offers built-in vulnerability assessment and vulnerability management, as well as many options for integration with market-leading software development tools. By making Acunetix one of your security measures, you can significantly increase your cybersecurity stance and eliminate many security risks at a low resource cost.


Cobalt’s Pentest as a Service (PtaaS) platform is paired with an exclusive community of testers to deliver the real-time insights you need to remediate risk quickly and innovate securely.


Intruder is an online vulnerability scanner that finds cyber security weaknesses in your digital infrastructure, to avoid costly data breaches.

Intruder is a pentest tool efficient in finding the loopholes and vulnerabilities that lie within web applications. 

Enterprise-grade security testing tool

Security scanning features that can be made use of at bank and government levels


Penetration testing software for offensive security teams.


Peace of mind from security’s greatest minds

Increase your resistance to attack by tapping the world’s top ethical hackers. Understand your attack surface, hunt bugs, test apps, and fix vulnerabilities before anyone else knows they exist.

Pentest Tools

A cloud-based pentesting platform built to make your workflow easier and smoother


Beagle Security combines all the essential features at an affordable price so that your business and data is secure throughout.

atrc_website/penetration_testing_softwares.txt · Last modified: 2023/01/22 04:08 by wikiadmin