Penetration Testing
Compare 157 penetration testing tools to find the right one for your needs
π Subcategories
π§ Tools
Compare and find the best penetration testing for your needs
Cymulate
A comprehensive platform for continuous security validation, attack surface management, and exposure management.
usecure
A platform that helps businesses measure, reduce, and monitor human cyber risk.
Picus Security
A continuous security validation platform that helps organizations measure and enhance their cyber resilience by simulating real-world threats.
Bishop Fox Cosmos
A platform that combines attack surface management (ASM) with continuous automated testing to identify and prioritize high-risk exposures.
AttackForge
A pentest management and collaboration platform designed for both security consultancies and enterprise security teams.
Astra Pentest
A comprehensive penetration testing platform combining automated scanning with manual expert testing.
Intruder
An online vulnerability scanner that finds security weaknesses in your digital infrastructure.
Burp Suite Professional
A comprehensive toolkit for web application security testing.
NetSPI
A proactive security solution for discovering, prioritizing, and remediating security vulnerabilities.
BreachLock
A cloud-native platform for continuous attack surface discovery and penetration testing.
Burp Suite Professional
A comprehensive platform for performing security testing of web applications.
Nmap
A free and open-source utility for network discovery and security auditing.
Burp Suite
A graphical tool for testing Web application security.
YesWeHack
A global bug bounty and vulnerability disclosure platform with a strong presence in Europe and Asia.
Intruder
A cloud-based vulnerability scanner that helps businesses to find and fix security weaknesses in their external infrastructure.
Pentest-Tools.com
An online platform that provides a comprehensive suite of tools for penetration testing, vulnerability scanning, and security assessments.
PlexTrac
A platform for cybersecurity teams to streamline reporting and collaboration for penetration testing and vulnerability management.
Intruder
An online vulnerability scanner that helps businesses find and fix cybersecurity weaknesses in their external infrastructure.
Astra Pentest
A comprehensive penetration testing suite that combines automated scanning with manual pentesting by security experts.
Burp Suite
A graphical tool for testing Web application security. It is the industry standard for manual penetration testing of web applications.
Synack
A security testing platform that combines the power of human intelligence with artificial intelligence to find and fix vulnerabilities.
Nmap
A free and open-source utility for network discovery and security auditing.
Burp Suite
A comprehensive platform for performing security testing of web applications.
Acrylic Wi-Fi
A suite of Wi-Fi analysis tools for Windows, including a scanner, heatmapper, and protocol analyzer.
PlexTrac
A platform for pentest reporting, automated remediation tracking, and proactive security management.
Horizon3.ai NodeZero
An autonomous penetration testing platform that continuously assesses an enterprise's attack surface to find and fix exploitable vulnerabilities.
Lumu Technologies
A platform that continuously collects and analyzes network metadata to confirm active compromises in real-time.
Ironscales
An email security platform that combines AI and human insights to protect against phishing.
Hoxhunt
A gamified security awareness and phishing training platform that rewards employees for reporting threats.
Wireshark
A powerful, open-source network protocol analyzer used for troubleshooting, analysis, and security auditing.
Cobalt Strike
A post-exploitation agent and command and control (C2) framework for adversary simulations and red team operations.
Infection Monkey
An open-source, self-propagating breach and attack simulation tool that maps an organization's network and tests for security weaknesses.
Metasploit Framework
An open-source penetration testing framework for developing, testing, and executing exploit code against remote targets.
Cobalt.io
A Pentest as a Service (PtaaS) platform that connects businesses with a community of vetted pentesters.
Pentest-Tools.com
A web-based platform with a collection of tools for penetration testing and vulnerability assessment.
Cobalt Strike
A commercial threat emulation tool for post-exploitation and advanced adversary simulation.
Wireshark
A fundamental tool for network analysis, troubleshooting, and security.
Intigriti
A European bug bounty and vulnerability disclosure platform that connects companies with ethical hackers.
Cobalt.io
A Pentest as a Service (PtaaS) platform that connects businesses with a community of trusted penetration testers.
GitGuardian
A code security platform that helps developers to find and fix secrets and other security vulnerabilities in their code.
Cobalt
A Pentest as a Service (PtaaS) platform that connects businesses with a community of vetted penetration testers.
Pentera
An automated security validation platform that emulates the entire cyberattack kill chain to safely test the effectiveness of security controls.
Dradis
An open-source framework for information security teams to share information and collaborate on security assessments.
HackerOne
A hacker-powered security platform that connects businesses with a global community of ethical hackers to find and fix vulnerabilities.
Cobalt Strike
A post-exploitation agent and command and control framework for red team operations and adversary simulations.
CyCognito
An external attack surface management (EASM) platform that helps organizations to discover, prioritize, and eliminate their most critical security risks.
Metasploit Framework
A comprehensive penetration testing tool with significant social engineering capabilities.
Metasploit Pro
A penetration testing platform for security teams to verify vulnerabilities and manage security assessments.
Pentera
An automated security validation platform that emulates real-world attacks to test cybersecurity defenses.
HackerOne
A crowdsourced security platform that connects businesses with a global community of ethical hackers.
Bugcrowd
A crowdsourced security platform that connects organizations with a global network of security researchers.
Synack
A security testing platform that combines human expertise with AI-driven technology.
Secureworks
A cybersecurity company that provides intelligence-driven security solutions.
OWASP ZAP
An open-source web application security scanner.
Metasploit Framework
An open-source platform for developing, testing, and executing exploit code against remote targets.
Kali Linux
A Debian-based Linux distribution with a vast collection of pre-installed security tools.
Metasploit Framework
An open-source penetration testing framework with a vast database of exploits and payloads.
HackerOne
A vulnerability coordination and bug bounty platform that connects businesses with penetration testers and cybersecurity researchers.
Synack
A security testing platform that combines human intelligence with AI to deliver on-demand penetration testing and vulnerability disclosure.
Metasploit
An open-source penetration testing framework that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
Invicti
A web application security scanner that provides automated and continuous application security testing.
Bugcrowd
A crowdsourced cybersecurity platform that connects organizations with a global network of security researchers to find and fix vulnerabilities.
OWASP ZAP
An open-source web application security scanner. It is intended to be used by both those new to application security as well as professional penetration testers.
Detectify
An external attack surface management (EASM) platform that combines automation with crowdsourced hacker research to find and fix vulnerabilities.
KnowBe4 Security Awareness Training
Platform for security awareness training and simulated phishing attacks to manage social engineering.
Proofpoint Security Awareness Training
A comprehensive security awareness solution that educates employees on cybersecurity best practices.
Infosec IQ (from Fortra)
A security awareness platform that combines phishing simulations with personalized training.
LUCY Security
A platform for phishing simulations, security awareness training, and IT defense testing.
Metasploit Framework
An open-source platform for developing, testing, and executing exploit code against remote targets.
Ekahau
A suite of professional hardware and software tools for Wi-Fi design, analysis, and troubleshooting.
NetAlly
A provider of handheld network testing tools for Wi-Fi and wired network analysis and troubleshooting.
Nessus
A leading vulnerability scanner used to identify vulnerabilities, misconfigurations, and malware across various assets.
AttackIQ
A breach and attack simulation (BAS) platform that continuously validates security controls against real-world threats.
Pentera
An automated platform that mimics a hacker's entire attack kill chain to validate security controls and identify exploitable vulnerabilities.
SafeBreach
A breach and attack simulation (BAS) platform that provides a 'hacker's view' of the enterprise to validate security controls.
Acunetix
An automated web vulnerability scanner that helps businesses secure their websites, web applications, and APIs.
Rapid7
A cybersecurity company that provides a range of security solutions, including vulnerability management and penetration testing.
Tenable
A cybersecurity company that provides solutions for vulnerability management and cyber exposure.
Veracode
An application security platform that helps organizations secure their software.
Core Impact
A commercial penetration testing tool for identifying and exploiting vulnerabilities across various vectors.
Bugcrowd
A crowdsourced security platform that connects organizations with a global network of security researchers to identify vulnerabilities.
Detectify
An external attack surface management platform that combines automation with human expertise to find and remediate vulnerabilities.
Invicti Security
An application security platform that provides DAST, IAST, and SCA solutions to help organizations secure their web applications.
Nessus
A proprietary vulnerability scanner developed by Tenable, Inc. It is one of the most widely used vulnerability scanners in the world.
Acunetix
An automated web vulnerability scanner that detects and reports on a wide range of web application vulnerabilities.
Rapid7
A provider of security data and analytics solutions that enable organizations to implement an active, analytics-driven approach to cyber security.
Cofense PhishMe
A SaaS platform that conditions employees to recognize and report phishing attacks through realistic simulations.
Terranova Security (from Fortra)
A security awareness training platform focused on changing unsafe online behaviors.
Checkmarx
An enterprise application security platform for identifying and remediating vulnerabilities in software.
Core Impact
A commercial penetration testing tool for identifying and exploiting vulnerabilities across various vectors.
Acunetix
An automated web vulnerability scanner that helps businesses to find and fix security flaws in their websites and web applications.
Veracode
A comprehensive application security platform that provides a wide range of solutions for securing the entire software development lifecycle.
Core Impact
A penetration testing software that allows you to replicate attacks that pivot across systems, devices, and applications.
Qualys
A cloud-based platform that provides a suite of security and compliance solutions, including vulnerability management, web application scanning, and endpoint detection and response.
Maltego
An OSINT and graphical link analysis tool for gathering and connecting information.
inSSIDer
A Wi-Fi scanning tool for Windows and macOS that helps visualize and troubleshoot wireless networks.
OpenVAS
An open-source vulnerability scanning and management framework.
Qualys
A cloud-based platform for IT, security, and compliance.
Scythe
An adversary emulation platform that helps red, blue, and purple teams build and emulate real-world cyber attacks.
Phishing Frenzy
An open-source phishing and security awareness training framework.
Fluxion
A script that automates social engineering attacks to retrieve WPA/WPA2 keys.
Pyrit
A powerful open-source tool that specializes in cracking WPA/WPA2-PSK keys using GPU acceleration.
CoWPAtty
A classic command-line tool for running an offline dictionary attack against WPA/WPA2-PSK.
theHarvester
An OSINT tool for gathering emails, subdomains, hosts, and names from public sources.
Recon-ng
A modular web reconnaissance framework for open-source intelligence gathering.
SpiderFoot
An open-source and commercial OSINT automation tool for reconnaissance and threat intelligence.
Mandiant Security Validation
A security validation platform that tests security controls using real-world attack emulations based on Mandiant's threat intelligence.
CanIPhish
A phishing simulation and security awareness platform focused on real-world scenarios.
Evilginx2
A man-in-the-middle framework used to phish credentials and session cookies, bypassing 2FA.
Aircrack-ng
An open-source command-line tool for Wi-Fi network security auditing and penetration testing.
Kismet
An open-source tool for detecting wireless networks, sniffing traffic, and identifying potential threats.
Wifite
A Python script that automates the process of attacking WEP, WPA, and WPS encrypted networks.
VECTR
An open-source tool for tracking red team engagements, purple team exercises, and blue team defensive capabilities against TTPs.
Reaver
An open-source tool that exploits a vulnerability in WPS to recover WPA/WPA2 passphrases.
Atomic Red Team
An open-source library of tests mapped to the MITRE ATT&CK framework, used to validate security controls.
Fern Wifi Cracker
A GUI-based tool for wireless security auditing that simplifies attacks on WEP, WPA, and WPS.
Prelude Operator
An open-source platform for continuous security testing, providing a library of TTPs and runners to execute them.
Brute Ratel C4
An advanced command and control (C2) framework designed for red team operations with a strong focus on evading EDR and AV detection.
Airgeddon
A menu-driven bash script that wraps numerous wireless security tools into a single, powerful interface.
MITRE CALDERA
An open-source adversary emulation platform that can be used to test endpoint security solutions and assess a network's security posture.
Empire
An open-source post-exploitation framework that includes a pure PowerShell agent for Windows and a Python agent for Linux/macOS.
Covenant
An open-source, .NET-based command and control framework designed for red team operations, with a focus on usability.
Wifiphisher
A security tool that mounts automated phishing attacks against Wi-Fi networks to obtain credentials.
zANTI
A mobile application for Android that performs network security assessments.
ThreatGen Red vs. Blue
A gamified cybersecurity training platform that includes a Red vs. Blue game for hands-on offensive and defensive skills development.
Sliver
An open-source, cross-platform command and control (C2) framework developed by Bishop Fox, designed for red team operations.
sqlmap
An open-source tool that automates detecting and exploiting SQL injection flaws.
Social-Engineer Toolkit (SET)
A Python-driven tool aimed at penetration testing around social engineering.
BeEF (Browser Exploitation Framework)
A penetration testing tool that focuses on the web browser.
PowerShell Empire
A pure PowerShell post-exploitation agent, now merged with Python-based Empyre.
Scapy
A Python-based library and tool for low-level network packet manipulation.
Immunity CANVAS
A commercial exploit development framework for penetration testers and security professionals.
Routersploit
An open-source framework dedicated to exploiting vulnerabilities in embedded devices.
Brute Ratel C4
A commercial adversary emulation and red team framework.
Sliver
A powerful open-source C2 framework developed by Bishop Fox.
Havoc
An open-source, modern, and malleable post-exploitation C2 framework.
Mythic
A highly extensible, open-source C2 framework for red teams.
Covenant
An open-source C2 framework that uses .NET and Blazor.
Nighthawk
A highly advanced, commercially available C2 framework focused on stealth and evasion.
Armitage
A GUI front-end for the Metasploit Framework for visualization and team collaboration.
Pocsuite3
An open-source framework for writing and testing proofs-of-concept (PoCs).
Exploit Pack
An open-source and commercial exploit framework with a focus on exploit development.
Aircrack-ng
A framework of tools for auditing and cracking wireless networks.
Cobalt Strike
A popular, commercial threat emulation tool for red team operations and adversary simulations.
Brute Ratel C4
A commercial adversary emulation tool designed for stealth and evasion of EDR and AV solutions.
Sliver
An open-source, cross-platform adversary emulation/red team framework.
PoshC2
An open-source, cross-platform C2 framework written in Python and PowerShell.
Open Bug Bounty
A non-profit bug bounty platform that allows security researchers to report vulnerabilities and website owners to receive them for free.
Federacy
A bug bounty platform that connects businesses with a community of ethical hackers for on-demand security testing.
Yogosha
A private bug bounty and vulnerability disclosure platform that connects organizations with a curated community of elite security researchers.
HackenProof
A bug bounty platform that specializes in the security of blockchain and DeFi projects.
SafeHats
A bug bounty platform that provides crowdsourced security testing for businesses of all sizes.
Immunefi
A bug bounty platform that specializes in securing DeFi protocols and smart contracts.
Hacker Target
An online platform that provides a suite of tools for network scanning, vulnerability assessment, and security reconnaissance.
Social-Engineer Toolkit (SET)
A Python-driven, open-source tool for simulating various types of social engineering attacks.
Gophish
An open-source phishing toolkit designed for businesses and penetration testers.
King Phisher
An open-source tool for testing and promoting user awareness by simulating real-world phishing attacks.