List of tools to be used during assessment
There are tons of tools available for performing various tasks throughout the penetration testing lifecycle. However, the following is a list of tools that are most commonly used during a penetration test:
Sr. no | Penetration testing phase | Tools |
1 | Information gathering | SPARTA, NMAP, Dmitry, Shodan, Maltego, theHarvester, Recon-ng |
2 | Enumeration | NMAP, Unicornscan |
3 | Vulnerability assessment | OpenVAS, NExpose, Nessus |
4 | Gaining access | Metasploit, Backdoor-factory, John The Ripper, Hydra |
5 | Privilege escalation | Metasploit |
6 | Covering tracks | Metasploit |
7 | Web application security testing | Nikto, w3af, Burp Suite, ZAP Proxy, SQLmap |
8 | Reporting | KeepNote, Dradis |