← Back to Blog

Pentesting Tools Overview

Type: Reference Guide Category: Tools
Tools Enumeration Exploitation Post-Exploitation

These are a few of the plethora of tools out there. These are ones which I have used at some point.

General Enumeration | Scanning | Reconnaissance

whatweb

Often the first tool used when given a domain, to determine basic info about the web server and obtain the IP address.

Nmap

Among the most commonly used tools, nmap allows scanning the target machine for open ports, services, and vulnerability assessment via scripts.

rustscan

Extremely fast alternative to nmap. Does not provide the depth of information but scans the entire port range in a fraction of the time.

wpscan

If a WordPress site is identified, wpscan is useful for finding potential vulnerabilities by enumerating plugins and bruteforce attacks if xmlrpc is enabled.

Nessus

All-around vulnerability scanner that can help identify potential vulnerabilities and avenues of attack.

OWASP Zap

GUI-based scanning tool focused on the OWASP top 10 vulnerabilities.

Dig, dnsenum, nslookup

Useful for automating DNS queries and understanding the relationship between domain names and IPs.

Shodan

Extremely powerful passive recon engine.

Web and Network Exploitation

Enumeration & Exploitation Tools

BURP Suite

Powerful proxy to intercept and modify requests, leading to a large variety of potential uses.

dirb, dirbuster, gobuster

Directory enumeration tools.

gospider

Spider/crawler written in Go.

ffuf, hydra

Web fuzzing, directory enumeration, account brute forcing.

sstimap, lfimap

LFI and SSTI vulnerability scanner and exploitation tools.

LinPEAS, WinPEAS

Extremely comprehensive privilege escalation scripts.

enum4linux, smbmap, smbscan

SMB enumeration scripts.

revshells.com

Convenient website to create simple reverse shell payloads.

Automated Exploitation Tools

Metasploit

Massive collection of known exploits, scripts, payloads, and database.

SQLMap

SQL injection scanner and exploitation tool.

xsssniper

XSS scanner and exploitation tool. Handy when nothing else works.

Responder

Capture authentication hashes.

Impacket suite

psexec, wmiexec, smbserver, and more.

BloodHound/SharpHound

Domain discovery and attack path visualization.

Investigative & Post-Exploitation Tools

hashcat

GPU-accelerated password cracking tool. Extremely fast.

John the Ripper

Password cracking tool, useful for auto-detection and john2* conversion scripts.

cewl, crunch

Custom password and wordlist generators.

binwalk, exiftools

Linux file analysis tools.