Name your fave top 10 Pen Test tools

I thought I would reach out to our fellow TE geeks and see what are your fave Pentest Tools that you use on the regular? And are they getting the info you are needing/wanting? If you know any cool pen test blogs that are worth a look, please post! CHEERS & Hi5!

Find more posts tagged with

Comments

tedjames

Don't know that I have favorite tools, but the ones that have given me the most success have been Tenable.IO (Network and Web), Burp Suite, OWASP-ZAP, Nikto, some others I can't remember offhand, and good old fashioned manual testing.

Some good sites to check out:

https://www.hackers-arise.com

https://null-byte.wonderhowto.com/
https://www.hackingarticles.in
https://0ut3r.space/2019/02/22/kali-linux-website-penetration-testing/
https://www.owasp.org/index.php/Web_Application_Penetration_Testing

Actually, anything from OWASP is great. There are plenty more, of course.

Infosec_Sam

I haven't been involved in pentesting long enough to have any favorite tools, but I tend to find some quality blogs on Medium from time to time. You can find some that really spell out the whole process of participating in a CTF or bug bounty, which is pretty insightful.

https://medium.com/bugbountywriteup

SteveLavoie

Currently I am looking at Powershell Empire, it look awesome

shochan

tedjames said:

Don't know that I have favorite tools, but the ones that have given me the most success have been Tenable.IO (Network and Web), Burp Suite, OWASP-ZAP, Nikto, some others I can't remember offhand, and good old fashioned manual testing.

Some good sites to check out:
https://www.hackers-arise.com
https://null-byte.wonderhowto.com/
https://www.hackingarticles.in
https://0ut3r.space/2019/02/22/kali-linux-website-penetration-testing/
https://www.owasp.org/index.php/Web_Application_Penetration_Testing

Actually, anything from OWASP is great. There are plenty more, of course.

Yeah, I have subscribed to Null-Byte on YouTube last year...he goes thru a lot of tools & how to use them. And...Hak5 - https://www.youtube.com/user/Hak5Darren

I have come across these as well -

https://medium.com/@clong/introducing-detection-lab-61db34bed6ae

High on Coffee

IPPSEC - https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA

Thanks for the posts!

jacktors22

Bloodhound
Netsparker
Owasp
kali
hashcat
burp
sqlmap

Sylabicuma

I'm not a pentester, but I do a lot of OSINT. This is a good site that I find a lot of tools on for OSINT (under the OSINT tab, obv), it may be useful to find pentesting tools:

https://www.kitploit.com/

chrisone

Not in any order or category, but quickly off the top of my head....
Powershell
PowerSploit
Covenant
Empire (retired

)
Merlin
Bloodhound
mimikatz
Nishang
LinEnum
win-priv-checker
burp
dirb
nikto
gobuster
unicorn
metasploit (yes, this is a great tool)
msfvenom
nmap
netcat
hydra
hashcat
Immunity debugger
GNU debugger
IDA Pro
Ollydbg
GDB

Eh.... that is all I can muster up. May the TE collective fill in the gaps

JDMurray

White belt pentesters might find interesting the objectives for the GIAC GSE certification. It lists some security tools and what skills you should have to pass the hands-on GSE exam. Also listed are some security monitoring tools that you should practice recognizing and bypassing during a pentest.