Software Alternatives & Reviews

Awesome Penetration Testing

Recommended and mentioned products

  1. ZMap is a fast single packet network scanner designed for Internet-wide network surveys.

    Zmap - Open source network scanner that enables researchers to easily perform Internet-wide network studies.
  2. x64_dbg is a 32-bit and 64-bit assembler level debugger for Windows. Key features:

  3. WiGLE (Wireless Geographic Logging Engine) - Information about wireless networks world-wide, with user-friendly desktop and web applications.
  4. Tails is a Debian based live CD/USB with the goal of providing complete Internet anonymity for the...

    Tails - Live operating system aiming to preserve your privacy and anonymity.
  5. sqlmap is an open source penetration testing tool that automates the process of detecting and...

    SQLmap - Automatic SQL injection and database takeover tool.
  6. Intercepter-NG is a multifunctional network toolkit for various types of IT specialists.

  7. Find security vulnerabilities right from your browser.

    SecApps - In-browser web application security testing suite.
  8. A fast and clever open source HEX editor for Mac OS X.

    Hex Fiend - Fast, open source, hex editor for macOS with support for viewing binary diffs.
  9. Open-source platform for InfoSec teams to run and manage security and penetration testing projects.

    freemium £39.0 / Monthly

    Reconmap - Open-source collaboration platform for InfoSec professionals that streamlines the pentest process.
  10. PentestBox is an Opensource PreConfigured Portable Penetration Testing Environment for the Windows Operating System

    PentestBox - Open source pre-configured portable penetration testing environment for the Windows Operating System.
  11. Nmap Free Security Scanner, Port Scanner, & Network Exploration Tool. Download open source software for Linux, Windows, UNIX, FreeBSD, etc.

    Nmap - Free security scanner for network exploration & security audits.
  12. mitmproxy is an SSL-capable man-in-the-middle proxy for HTTP.

    Mitmproxy - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
  13. Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.

  14. Kaitai Struct is a formal language for binary format specification that can be compiled into parser code

  15. Find all the email addresses related to a domain - Data broker providing a Web search interface for discovering the email addresses and other organizational details of a company.
  16. The professional Hex Editor for Windows and Linux.

  17. The World's Fastest CPU/GPU powered password cracker.

  18. An open source interactive disassembler

  19. The Social-Engineer Toolkit is an open source penetration testing framework designed for social...

    Social Engineer Toolkit (SET) - Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly.
  20. This is the fastest Internet port scanner.

    Mass Scan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
  21. sn0int is a semi-automatic OSINT framework and package manager

    Sn0int - Semi-automatic OSINT framework and package manager.
  22. A general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence

    Tsunami - General purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
  23. To attack multiple WEP, WPA, and WPS encrypted networks in a row.

    Wifite - Automated wireless attack tool.
  24. GhostProject is the industry leading data breach search engine. We have over 15 billion records and 7,200 data breaches

    paid Free Trial $30.0 / Monthly

    GhostProject - Searchable database of billions of cleartext passwords, partially visible for free.
  25. Findbugs is a tool that looks for bugs in Java code. Findbugs finds the bugs by analyzing computer software without actually executing programs. Using this software allows for easy debugging and repairing broken script. Read more about FindBugs.

  26. Armitage makes penetration testing easy by adding a GUI to the Metasploit framework

    Armitage - Java-based GUI front-end for the Metasploit Framework.
  27. Open source domain intelligence lookups for security recon

  28. Free courses in cyber security

    Cybrary - Free courses in ethical hacking and advanced penetration testing. Advanced penetration testing courses are based on the book 'Penetration Testing for Highly Secured Environments'.
  29. iodine is a free (ISC licensed) tunnel application to forward IPv4 traffic through DNS servers (IP over DNS). Works on Linux, FreeBSD, NetBSD, OpenBSD and Mac OS X.

    Iodine - Tunnel IPv4 data through a DNS server; useful for exfiltration from networks where Internet access is firewalled, but DNS queries are allowed.
  30. Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order...

    Reaver - Brute force attack against WiFi Protected Setup.
  31. Security auditing tool for systems running Linux, macOS, BSD, and other UNIX-based systems.

    Lynis - Auditing tool for UNIX-based systems.
  32. Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web...

    Nikto - Noisy but fast black box web server and web application vulnerability scanner.
  33. An Arch Linux repository for security professionals and enthusiasts.

    ArchStrike - Arch GNU/Linux repository for security professionals and enthusiasts.
  34. mat2 is a metadata removal tool, supporting a wide range of commonly used file formats.

    Metadata Anonymization Toolkit (MAT) - Metadata removal tool, supporting a wide range of commonly used file formats, written in Python3.