Acunetix:
Acunetix is a and very popular website security tool, most commonly used by protector and attackers. It provides many tools to test your or clients website for various injections. Acunetix WVS automatically checks your web applications for SQL Injection, XSS & other web vulnerabilities.
MetaSploit:
MetaSploit, a very powerful network security and analysis tool, used often for penetration attacks, this tool has a clean interface and easily gathers the information that you need.
Nmap:
Nmap is a tool developed to scan addresses IPV4 and IPV6 included, this tool allows the users to gather a mass amount of information quickly about the target, information including open ports. Nmap supports number of scanning techniques such as: UDP, TCP connect(), TCP SYN (half open), ftp proxy (bounce attack), ICMP (ping sweep), FIN, ACK sweep, Xmas Tree, SYN sweep, IP Protocol, and Null scan.
Wireshark:
A very powerful network troubleshooting and analysis tool, Wire shark provides the ability to view data from a running live network and supports almost all of protocols and media formats.
Cain and Abel:
Cain and Abel is a revolutionary tool that provides many functions and able to do various password retrieval jobs, cracking passwords, sniffing networks and routing/analysing protocols. This tool is available for Windows only, unlike many other tools that exist, this is a pleasant twist to modern penetration testing and forensic tools.
Ettercap:
Ettercap is a suite for the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many interesting tricks. It supports active and passive dissection of too many protocols (even ciphered ones) and includes many feature for network and host analysis.
Havij:
Havij is the most common known of testing tool for SQLI injection and many other web based injection types. It fluently provides the site's scan, admin look-up, password cracking and database retrieval. It literally makes it a breeze to hack, and find, vulnerable websites.
Kismet:
Kismet is an 802.11 layer2 wireless network detector tool, sniffer and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring ( rfmon ) mode, and ( with appropriate hardware ). Kismet also supports plug-ins which allow sniffing other media such as DECT.
BackTrack Linux:
Back Track is a most popular boot-able Live-CD of a Linux. Back Track offers a vast variety of penetration testing tools, along with those for network attacks, and supports many other forms of testing/attacking, for VOIP networks, Websites and many more. The tool's interface and design provides an easy to use layout.
w3af:
W3af is an extremely popular and powerful framework for finding and exploiting web application vulnerabilities. It is easy to use and extend and features dozens of web assessment and exploitation-plug-ins. In some ways it is like a web-focused Metasploit.
Encase:
EnCase is a suite of computer forensics software, commonly used by law enforcement. Its wide use has made it a de-facto standard in forensics. It is made to collect data from a computer in a forensically sound manner (employing checksums to help detect tampering).
Helix:
Helix is a live bootable Ubuntu CD you can use with pen drive also, that contains a multitude of forensic tools involving cellphones, computers, file systems, images, and tied into its sheer power is a friendly and easy to use interface.
Burp Suite:
Burp Suite is an integrated platform for security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
2 comments: On Most Popular Web Penetration Testing Tools
Hi, Neat post.
thanks
That is really fascinating, You are an overly professional blogger. I have joined your rss feed and sit up for in the hunt for extra of your fantastic post. Additionally, I have shared your website in my social networks