Community Manager at Infosec!
Who we are | What we do
Name your fave top 10 Pen Test tools
shochan
Member Posts: 1,013 ■■■■■■■■□□
in Pentesting
I thought I would reach out to our fellow TE geeks and see what are your fave Pentest Tools that you use on the regular? And are they getting the info you are needing/wanting? If you know any cool pen test blogs that are worth a look, please post! CHEERS & Hi5!
CompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP
Comments
-
tedjames
Member Posts: 1,182 ■■■■■■■■□□
Don't know that I have favorite tools, but the ones that have given me the most success have been Tenable.IO (Network and Web), Burp Suite, OWASP-ZAP, Nikto, some others I can't remember offhand, and good old fashioned manual testing.Some good sites to check out:https://null-byte.wonderhowto.com/
https://www.hackingarticles.in
https://0ut3r.space/2019/02/22/kali-linux-website-penetration-testing/
https://www.owasp.org/index.php/Web_Application_Penetration_TestingActually, anything from OWASP is great. There are plenty more, of course. -
Infosec_Sam
Admin Posts: 527 Admin
I haven't been involved in pentesting long enough to have any favorite tools, but I tend to find some quality blogs on Medium from time to time. You can find some that really spell out the whole process of participating in a CTF or bug bounty, which is pretty insightful.
https://medium.com/bugbountywriteup
-
SteveLavoie
Member Posts: 1,133 ■■■■■■■■■□
Currently I am looking at Powershell Empire, it look awesome
-
shochan
Member Posts: 1,013 ■■■■■■■■□□
Yeah, I have subscribed to Null-Byte on YouTube last year...he goes thru a lot of tools & how to use them. And...Hak5 - https://www.youtube.com/user/Hak5Darrentedjames said:Don't know that I have favorite tools, but the ones that have given me the most success have been Tenable.IO (Network and Web), Burp Suite, OWASP-ZAP, Nikto, some others I can't remember offhand, and good old fashioned manual testing.Some good sites to check out:https://null-byte.wonderhowto.com/
https://www.hackingarticles.in
https://0ut3r.space/2019/02/22/kali-linux-website-penetration-testing/
https://www.owasp.org/index.php/Web_Application_Penetration_TestingActually, anything from OWASP is great. There are plenty more, of course.
I have come across these as well -
https://medium.com/@clong/introducing-detection-lab-61db34bed6ae
High on Coffee
IPPSEC - https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA
Thanks for the posts!
CompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP -
Sylabicuma
Member Posts: 26 ■■■□□□□□□□
I'm not a pentester, but I do a lot of OSINT. This is a good site that I find a lot of tools on for OSINT (under the OSINT tab, obv), it may be useful to find pentesting tools:
-
chrisone
Member Posts: 2,278 ■■■■■■■■■□
Not in any order or category, but quickly off the top of my head....
Powershell
PowerSploit
Covenant
Empire (retired
)
Merlin
Bloodhound
mimikatz
Nishang
LinEnum
win-priv-checker
burp
dirb
nikto
gobuster
unicorn
metasploit (yes, this is a great tool)
msfvenom
nmap
netcat
hydra
hashcat
Immunity debugger
GNU debugger
IDA Pro
Ollydbg
GDB
Eh.... that is all I can muster up. May the TE collective fill in the gaps
Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX -
JDMurray
Admin Posts: 13,090 Admin
White belt pentesters might find interesting the objectives for the GIAC GSE certification. It lists some security tools and what skills you should have to pass the hands-on GSE exam. Also listed are some security monitoring tools that you should practice recognizing and bypassing during a pentest.
