Cybersecurity, Cyber, IT, news, computer, security, hacker, whitehat, blackhat, gray hat, education, penetration tester, information security, hacking, video, operating system, OS, google,googledork, VM, online safety, internet security research, article, ethical, elearning, security+, technology, google hacking, windows administrator, tools, free tools, networking resources, SMB,help, cyber-security

Pentesting- General     How-To's    Tools   Practice Sites    Scripts       Links   New Interesting Exploit Code

 Pentesting Tools


This is a partial list of tools I use in my Pentest efforts.  Many of these are great time savers.  To learn how to use them, Google for their authors how-to's and others walk-throughs.  You might also check the How-to's section of this site (I may post some there as well).  Good Luck!


Tool Name Purpose Download Link
Kali Linux The Swiss-Army build of Penetration testing.  Many of the tools you will need are pre-configured and tweaked to work in this one build kali-linux
Veil-Framework The core framework that Evasion, Catapult, Pillage, and PowerShell reside.  These are extensions of the pentesters payload generations sets.  I have had the opportunity to watch some of these guys work and they know their stuff! Veil-Framework
Armitage A highly user friendly GUI on top of Kali / Metasploit designed to automate many of the manual processes.  This project is the open source version of the paid application Colbalt Strike (professional version) of this application.  Great tool for ease wins on highly exploitable boxes (e.g. ms08-067 / xp).  Doesn't really teach you how to pentest / for that see Kali and Offsec training. Armitage
Colbalt Strike The Red Teaming core software distribution for automating and managing force on force exploitation.  Best Product Placement Demo Video here.  Recommend you learn on Kali first so you can appreciate what this does for you.  Includes advanced beaconing and exfil capability integration options. Colbalt Strike
Mimikatz Extracts plain-text passwords, hashes, Pin Codes from memory.  Very useful in a Pass-the-Hash exploit Mimikatz
Tiger Unix Security Auditing and Detection Tool This Unix security audit tool that can be use both for auditing and as an intrusion detection system. It supports multiple Unix platforms and it is free and provided under a GPL license. Tiger