What is Penetration Testing?
Penetration testing is the practice of intentionally attacking a system to find its weaknesses before a real attacker does. Think of it as hiring someone to try and break into your house — so you can find out which lock is weak, which window is cracked, and which door does not latch properly.
Every tool below is legal and widely used in professional security assessments, but only when used with explicit written permission on systems you are authorized to test.
Category 1 — Vulnerability Discovery
NMAP
NMAP / ZenMap
Network Scanner
The first tool most pen testers reach for. Scans a network to discover connected devices, open ports, and running services. ZenMap provides a graphical interface for NMAP.
Sqlmap
Sqlmap
SQL Injection Automation
Automatically detects and exploits SQL injection vulnerabilities in web applications, capable of extracting database contents from vulnerable targets.
LES
Linux Exploit Suggester
Privilege Escalation
Analyzes a Linux system and suggests known exploits that could allow escalation to root or administrator privileges.
MobSF
Mobile Security Framework
Mobile App Analysis
Automated tool for analyzing Android and iOS applications for security vulnerabilities including insecure code, permissions, and network communications.
Category 2 — Web Apps and Shell Access
Metasploit
Metasploit Framework
Exploitation Framework
The most well-known exploitation framework. Contains hundreds of pre-built exploits for known vulnerabilities. The Swiss Army knife of penetration testing.
Fuzzdb
Fuzzdb
Attack Payload Database
A massive database of malicious input strings used to test web applications for SQL injection, XSS, path traversal, and other injection vulnerabilities.
Burp Suite
Burp Suite
Web Application Proxy
Sits between your browser and the web server, intercepting every request and response. Lets testers inspect, modify, and replay web requests. Essential for web app security testing.
Nikto
Nikto
Web Server Scanner
Scans web servers for thousands of known misconfigurations, outdated software versions, and dangerous default files. A fast automated first check.
Category 3 — Credentials and Wireless
Wireshark
Wireshark
Packet Analyzer
Captures and analyzes all network traffic in real time. If traffic is unencrypted, Wireshark can read passwords, cookies, and data in plain text. Also heavily used by defenders.
John the Ripper
John the Ripper
Password Cracker
Cracks password hashes using dictionary attacks and brute force. Turns scrambled hash strings back into readable plaintext passwords.
Hydra
THC-Hydra
Online Password Bruteforcer
Rapidly tries thousands of username and password combinations against live login services (SSH, FTP, RDP, HTTP). Tests whether accounts use weak or default credentials.
Aircrack-ng
Aircrack-ng
Wireless Network Auditing
Suite of tools for testing Wi-Fi network security. Captures wireless handshakes and attempts to crack WEP/WPA/WPA2 passwords.
Hashcat
Hashcat
Advanced Password Cracker
The fastest password cracking tool available — leverages your GPU to crack hashes at extraordinary speeds. Supports hundreds of hash types and multiple attack modes.
Responsible Use
Always operate within the scope of a signed engagement or in dedicated lab environments like TryHackMe or HackTheBox. Unauthorized use of these tools against systems you do not own is illegal in most jurisdictions.