Hacking tools used by security professionals to detect vulnerabilities in network and applications. Here you can find the Comprehensive Penetration testing tools list that covers Performing Penetration testing Operation in all the Environment.
1. Kali Linux 2018.3 Release
The Penetration Testing and Ethical Hacking Linux Distribution!
Kali 2018.3 brings up the kernel version upto 4.17.0 wherein, there wasn’t any major change with 4.17.0, but version 4.16.0 had some major improvements such as Spectre and Meltdown fixes, improved power management, and better GPU support.
Trackerjacker does the work of an NMAP plus the Decive Tracking.
It is a network scanner and also a host detection tool which is very useful during penetration testing. Rather than just gathering information and enumeration, it also is a powerful utility that can be used as a vulnerability detector and a Device tracker. Wherein, you can get all the nearby wifi networks and know about all the devices connected to each network.
3. Tinfoleak v2.4
Tinfoleak is an amazing tool to extract Twitter information and automate them based on Intelligent Analysis
This is an open-source tool within the OSINT (Open Source Intelligence) and SOCMINT (Social Media Intelligence) disciplines. Information of the Account, user activity, User’s devices, Usage frequency, likes, hashtags etc are extracted and an automated structured report in generated.
Th3Inspector is an all in one tool used for information gathering. It is an open source code, when used, you can easily collect Information such as server details, WHOIS information, target IP, Phone number, sub domains, etc.
Vooki is a Web Application scanner. Speciality is that, Vooki provides GUI support, which makes it easier for users to check vulnerabilities in their website. This is a free internet utility vulnerability scanner which extends its usage to Rest API Scanner, and reporting part too.
BLACKEYE is an upgrade from original ShellPhish Tool. It is the accomplished one, with 32 templates +1 customizable!
Speciality is, tool is supported by mobile versions, which also have arm support and does brace templates of few websites that are hard to clone and unsupported by many other tools.
ANDRAX is the first Penetration testing tool generated for Android based Smartphones. It is an opensource which is easily compatible with any Android phone.
It behaves like a common Linux distribution, as it has the ability to run natively on Android. You wouldn’t easily find any flaw in Andrax, as it more over has everything that is necessary for penetration testing.
8. Pure Blood v2.0
Pure Blood is a Penetration Testing framework created For Hackers, Pentesters and Bug Hunters. This is basically based on “Web Pentest / Information gathering” and “Web Application attack”
9. Infection Monkey:
Infection Monkey is an open source Breach & Attack Simulation tool. Using this you can find how resilient your private and public environments are to face breach attacks and server infections. The result will help you to understand better about the weak spots in your network and prioritize risk mitigation in there.
This automated pentest tool is based on 2 major factors, A Manager and its Agents:
Monkey (Agents)- A tool which infects other machines and spreads infection
. Monkey Island (Manager) – A centralised server which monitors and controls the Infected Monkeys progress inside the data center
SocialBox is a phishing tool with Ngrok integration. Using this, anybody can easily create phishing sites. The utilization of SocialFish rests with the responsibility of the END-USER. Engineers expect NO risk and are NOT in charge of any abuse or harm caused by this program.
Mercury is a Hacking Tool which is used to gather information of the Target. This Mercury is fed by various other small tools which makes it more easier to test web applications without having to install any other tools separately.
12. Wifite 2.1.0:
An automated wireless tool which is a complete re-write of wifite, a Python script for auditing wireless networks.
Wifite uses all known methods for retrieving password of a wireless access point . Run wifite, select your targets, and Wifite will automatically start trying to capture or crack the password.
13. LOIC 1.0.8 (Low Orbit Ion Cannon) :
LOIC is a network stress testing and a denial-of-service attack application. This is an open source code written in C#.
LOIC has even been joined to be applicable in voluntary botnets.
Finds social media Profiles using Image Recognition and Reverse Image Search techniques
All you need is a picture of your friend along with their related profile name! Use this information in the EagleEye, which will hunt profiles in Facebook with the Name first and then with face recognition technique, it fetches the right Facebook profile. After, through Reverse Image Search, other Social Media Profiles are quested. All at the end, you will get the expected output in a PDF file.
Trape is an OSINT analysis and Research tool which was created to show up the world, how close ‘conidential information’ about a person’s browsing detail could be known to the Internet Companies. You would have never known that the status of your browser’s sessions could be monitored and you could even be controlled through it. In the sense, your location can even be tracked through a bypass in the browser [Locator Optimization] . All this information is actually helpful to track the CyberCriminals. Thereby, this Trape is a quite a People Tracker!
16. Devploit v3.6
Devploit is an Information gathering tool. It is based on a simple Python Script, running which, large number of information can be collected.
17. SocialBox :
SocialBox is an automated software used to generate a large number of consecutive guesses to obtain information such as a user’s password or personal identification number, which is typically a BruteForce Attack. This is basically implied on Facebook, Gmail, Instragram and Twitter.
All the extracted information is given in an organized manner. This Photon’s smart thread management & refined logic will give you a top level performance.
BadMod detects Website’s Content Management System, Website Scanner and Auto Exploiter
20. Hijacker v1.5:
Hijacker is a complete WiFi hacking Apps tit for Android. It gives a Graphical User Interface for the penetration testing tools like Aircrack-ng, Airodump-ng, MDK3, and Reaver. This offers a basic and simple UI without having to write any commands in terminal and just by copy&pasting MAC addresses.
Hijacker requires an ARM Android gadget with a wireless adaptor that backings Monitor Mode.