Skip to content
Home » Blog » 150 Penetration and ethical hacking tools to use in 2021

150 Penetration and ethical hacking tools to use in 2021

  • by

Introduction

Penetration testing and ethical hacking tools are critical components of any organization’s vulnerability assessment and patching process.

Because cyber assaults are on the rise, businesses must pay close attention to penetration testing and continue to monitor their networks to avoid an attack that might result in major harm to the company’s image.

In order to run a security operation, security specialists and researchers must depend on security and hacking tools that allow them to save time while successfully monitoring and doing penetration testing on the network.

We’ve compiled a comprehensive list of the most essential hacking tools used by millions of security experts and thousands of businesses across the globe.

Debuggers

  1. GDB https://www.gnu.org/software/gdb
  2. IDA https://www.hex-rays.com/products/ida/
  3. Immunity Debugger https://www.immunityinc.com/products/debugger
  4. OllyDbg www.ollydbg.de
  5. WinDbg https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-tools

Evasion and Code Obfuscation

  1. py2exe https:/py2exe.org
  2. Shikata_ga_nai https://github.com/rapid7/metasploit-framework
  3. Veil https://github.com/Veil-Framework/Veil

Networking Tools

  1. fping https://fping.org
  2. hping http://www.hping.org
  3. Scapy https://scapy.net
  4. Tcpdump https://www.tcpdump.org
  5. Wireshark https://www.wireshark.org

Penetration Testing Frameworks

  1. Empire https://www.powershellempire.com
  2. Impacket https://github.com/CoreSecurity/impacket
  3. Kali Linux https://www.kali.org
  4. Metasploit https://www.metasploit.com
  5. PowerSploit https://github.com/PowerShellMafia/PowerSploit
  6. Responder https://github.com/SpiderLabs/Responder
  7. SharpHound https://github.com/BloodHoundAD/SharpHound3

Reconnaissance (OSINT)

  1. Censys https://censys.io
  2. ExifTool https://github.com/exiftool/exiftool
  3. FOCA https://github.com/ElevenPaths/FOCA
  4. Maltego https://www.maltego.com
  5. Recon-ng https://github.com/lanmaster53/recon-ng
  6. Shodan https://www.shodan.io
  7. theHarvester https://github.com/laramies/theHarvester
  8. WHOIS https://www.whois.net

Remote Access Tools

  1. Apple Remote Desktop https://www.apple.com/remotedesktop
  2. Microsoft Remote Desktop Protocol (RDP) https://docs.microsoft.com/en-us/windows/desktop/termserv/remote-desktop-protocol
  3. Ncat https://nmap.org/ncat
  4. Netcat http://netcat.sourceforge.net
  5. OpenSSH https://www.openssh.com
  6. ProxyChains https://github.com/haad/proxychains
  7. PsExec https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
  8. TigerVNC https://tigervnc.org
  9. WinRM https://docs.microsoft.com/en-us/windows/desktop/winrm/portal
  10. WMI https://docs.microsoft.com/en-us/windows/desktop/wmisdk/about-wmi
  11. X server https://www.x.org/wiki/XServer

Social Engineering Tools

  1. BeEF https://beefproject.com
  2. SET https://www.trustedsec.com/social-engineer-toolkit-set

Virtual Machine Software

  1. Oracle VM VirtualBox https://www.virtualbox.org
  2. Proxmox Virtual Environment https://www.proxmox.com
  3. VMware Workstation or VMware Player https://www.vmware.com

Vulnerability and Exploitation Research

  1. ATT&CK https://attack.mitre.org
  2. CAPEC https://capec.mitre.org
  3. CVE Details https://www.cvedetails.com
  4. CVE https://cve.mitre.org
  5. CWE https://cwe.mitre.org
  6. Exploit Database https://www.exploit-db.com
  7. National Vulnerability Database https://nvd.nist.gov
  8. Searchsploit https://www.exploit-db.com/searchsploit
  9. sqlninja http://sqlninja.sourceforge.net/
  10. xsshunter https://xsshunter.com/
  11. NoSQLMap https://github.com/codingo/NoSQLMap
  12. ysoserial https://github.com/frohoff/ysoserial
  13. SSRFTest https://github.com/daeken/SSRFTest
  14. Retire-js https://addons.mozilla.org/en-US/firefox/addon/retire-js/
  15. spiderfoot https://github.com/smicallef/spiderfoot

Vulnerability Scanners

  1. Nessus https://www.tenable.com/products/nessus
  2. Nikto https://cirt.net/Nikto2
  3. OpenVAS https://www.openvas.org
  4. wapiti https://wapiti.sourceforge.io/
  5. canvas https://www.immunityinc.com/products/canvas/
  6. Sn1per https://github.com/1N3/Sn1per
  7. lazyrecon https://github.com/nahamsec/lazyrecon
  8. Osmedeus https://github.com/j3ssie/Osmedeus
  9. reconness https://github.com/reconness/reconness
  10. ironwasp https://resources.infosecinstitute.com/ironwasp-part-1-2/

Web and Database Tools

  1. Burp Suite https://portswigger.net/burp
  2. OWASP ZAP https://github.com/zaproxy/zaproxy
  3. sqlmap http://sqlmap.org
  4. Active Scan++ https://portswigger.net/bappstore/3123d5b5f25c4128894d97ea1acc4976
  5. BurpSentinel https://github.com/dobin/BurpSentinel
  6. Auto Repeater https://github.com/nccgroup/AutoRepeater
  7. Authorize https://portswigger.net/bappstore/f9bbac8c4acf4aefa4d7dc92a991af2f
  8. Burp Beautifier https://portswigger.net/bappstore/a005a6a8fba34a8893ec649f76a8d5a7
  9. Flow https://portswigger.net/bappstore/ee1c45f4cc084304b2af4b7e92c0a49d
  10. Headless Burp https://portswigger.net/bappstore/d54b11f7af3c4dfeb6b81fb5db72e381
  11. Logger++ https://portswigger.net/bappstore/470b7057b86f41c396a97903377f3d81
  12. WSDL wizard https://portswigger.net/bappstore/ef2f3f1a593d417987bb2ddded760aee
  13. Json beautifier https://portswigger.net/bappstore/309ef28d45ff4f19bedfed3896cb3ca9
  14. Jparser https://github.com/nahamsec/JSParser
  15. Knockpy https://github.com/guelfoweb/knock
  16. Lazys3 https://github.com/nahamsec/lazys3
  17. Sublist3r https://github.com/aboul3la/Sublist3r
  18. teh_s3_bucketeers  https://github.com/tomdev/teh_s3_bucketeers
  19. virtual-host-discovery  https://github.com/jobertabma/virtual-host-discovery
  20. wpscan  https://github.com/wpscanteam/wpscan
  21. webscreenshot  https://github.com/maaaaz/webscreenshot
  22. asnloockup https://www.ultratools.com/tools/asnInfo
  23. unfurl  https://github.com/JLospinoso/unfurl
  24. waybackurls https://github.com/tomnomnom/waybackurls
  25. httprobe https://github.com/tomnomnom/httprobe
  26. meg https://github.com/tomnomnom/meg
  27. gau https://github.com/lc/gau
  28. ffuf https://github.com/ffuf/ffuf
  29. dirsearch https://github.com/maurosoria/dirsearch
  30. subfinder https://github.com/projectdiscovery/subfinder
  31. EyeWitness https://github.com/FortyNorthSecurity/EyeWitness
  32. nuclei https://github.com/projectdiscovery/nuclei
  33. naabu https://github.com/projectdiscovery/naabu
  34. shuffledns https://github.com/projectdiscovery/shuffledns
  35. dnsprobe https://github.com/projectdiscovery/dnsprobe
  36. chaos https://chaos.projectdiscovery.io/
  37. subjack https://github.com/haccer/subjack
  38. gitGraber https://github.com/hisxo/gitGraber
  39. shhgit https://github.com/eth0izzle/shhgit
  40. commit-stream https://github.com/x1sec/commit-stream
  41. masscan https://github.com/robertdavidgraham/masscan
  42. massdns https://github.com/blechschmidt/massdns
  43. findomain https://github.com/Edu4rdSHL/findomain
  44. Amass https://github.com/OWASP/Amass
  45. dnsgen https://github.com/ProjectAnte/dnsgen
  46. DNSGrep https://github.com/erbbysam/DNSGrep
  47. wfuzz https://github.com/xmendez/wfuzz
  48. aquatone https://github.com/michenriksen/aquatone
  49. WhatWeb https://github.com/urbanadventurer/WhatWeb
  50. recon_profile https://github.com/nahamsec/recon_profile

Wireless Testing Tools

  1. Aircrack-ng https://www.aircrack-ng.org
  2. Kismet https://www.kismetwireless.net
  3. Wifite https://github.com/derv82/wifite2

Credential Testing Tools

  1. Cain and Abel https://www.darknet.org.uk/2007/01/cain-and-abel-download-windows-password-cracker/
  2. CeWL https://tools.kali.org/password-attacks/cewl
  3. DirBuster https://tools.kali.org/web-applications/dirbuster
  4. Hashcat https://hashcat.net/hashcat
  5. Hydra https://tools.kali.org/password-attacks/hydra
  6. John the Ripper https://tools.kali.org/password-attacks/john
  7. Medusa http://foofus.net/goons/jmk/medusa/medusa.html
  8. Mimikatz https://github.com/gentilkiwi/mimikatz
  9. Patator https://github.com/lanjelot/patator
  10. w3af http://w3af.org

CTF Tools

  1. ctf-tools https://github.com/zardus/ctf-tools
  2. Pwntools https://github.com/Gallopsled/pwntools
  3. RSACTFTool https://github.com/sourcekris/RsaCtfTool

Mobile hacking

  1. MobSF https://github.com/MobSF/Mobile-Security-Framework-MobSF
  2. jadx https://github.com/skylot/jadx
  3. dex2jar https://github.com/pxb1988/dex2jar
  4. radare2 https://rada.re/n/
  5. genymotion https://www.genymotion.com/
  6. Universal unpinner https://gist.github.com/teknogeek/4dc35fb3801bd7f13e5f0da5b784c725
  7. Frida https://frida.re/

Other tools

  1. ettercap https://www.ettercap-project.org/
  2. transformations https://transformations.jobertabma.nl/
  3. foxyproxy https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/
  4. wappalyzer https://addons.mozilla.org/en-US/firefox/addon/wappalyzer/
  5. builtwith https://addons.mozilla.org/en-US/firefox/addon/builtwith/
  6. altair https://altair.sirmuel.design/
  7. thc-hydra https://github.com/vanhauser-thc/thc-hydra
  8. peda https://github.com/longld/peda

Related Posts

Tags:

Leave a Reply