A penetration tester has to rely on automated hacking tools because we are often up against a ticking clock. Real-world hackers (criminals) can spend an infinite amount of time building custom attack vectors and hacking tools to compromise their targets. We often have only 40 hours or less to conduct a thorough assessment of our target environment. Reliable hacking tools are critical to our success.
Here you can find a collection of useful hacking tools used for penetration testing. These tools were contributed to or written entirely by members of pentestgeek.com. These tools have helped us shave off precious hours during an engagement and also assist in demonstrating value by compromising vulnerable hosts and/or facilitating in the execution of otherwise complex attack vectors.
As always, pentestgeek.com does not condone nor encourage the illegal use of hacking tools to compromise unauthorized targets and/or conduct penetration testing activities against systems without documented consent from an authoritative party. We present these tools freely in an effort to help educate and facilitate the legal practice of ethical hacking and penetration testing for the betterment of enterprise network security.
Pentest Geek Hacking Tools
|Tool Name||Tool Description|
|Smbexec||A rapid psexec style hacking tool with samba that offers various features for common post exploitation needs including hash dumping, payload creation, UAC utilities and many others.|
|Phishing Frenzy||A Ruby-on-Rails web application hacking tool used to manage email phishing campaigns through campaign customizations, reusing templates, and advanced statistical reporting.|
|Phishing Scripts||Various phishing scripts/hacking tools that help your phishing campaign including, but not limited to tracking user clicks|
|Ciscobruter||A command line hacking tool for brute forcing Cisco SSL VPN’s that don’t use 2-factor authentication|
|Webshot||Just another hacking tool to screenshot web servers. Useful for reporting on large engagements with hundreds of HTTP servers.|
Metasploit Hacking Tools
General Purpose Hacking Tools
Web Hacking Tools
Here are a few of the web hacking tools that we leverage during a typical engagement to identify web application attack vectors as well as to launch targeted web based attack vectors.
- Burp Suite – https://portswigger.net/burp/
- SQLMap – http://sqlmap.org
- Dir Buster – https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project
- cURL – https://curl.haxx.se/
Password Hacking Tools
WiFi Hacking Tools
- Aircrack-ng – https://www.aircrack-ng.org
- Hostapd-wpe – https://github.com/OpenSecurityResearch/hostapd-wpe
Subscribe to Pentest Geek
Follow Pentest Geek
- How To Install Metasploit Framework Ubuntu 14.04
- How to Install Nmap From Source
- Another Lap Around Microsoft LAPS
- Credential Harvesting via MiTM – Burp Suite Tutorial
- SSL Certificate from letsencrypt.org – Setup Guide
- Forensics and Incident Response
- Information Gathering
- Penetration Testing Tutorials
- Web Applications