Nmap makes it easy for one to perform network discovery and security auditing.
It used in managing upgrade schedules. It guides one in understanding the
features of any target network. Features such as host, services, etc. It works
on almost all the environment.
Metasploit is a research security project that delivers to the user vital
information regarding security vulnerabilities and helps to formulate
penetration testing , strategies and methods of execution.
It is a very popular security tool that focuses on vulnerability scanning. It
is the most perfect vulnerabilities identifier: Nessus scans for .It also
scans for default passwords.It specialized in compliance checks, Sensitive
data searches, website security scanning etc. It also helps in finding
weak-spots. It works on most of the environments.
Hydra is a powerful password guessing tool.It guesses weak passwords from
databases that have been stored in or are in transit within a computer
system or network.Brute force password guessing.
It is known for the following powerful features: passwords recovery, and
revealing password boxes,wireless scanning, network sniffing etc. It also
contains an Access Database password decoder, RDP password decode and Hash
Kismet is a wireless network detector, sniffer, and intrusion detection
security penetration tool. Kismet can monitor and sniff 802.11b, 802.11a,
802.11g, and 802.11n traffic. It is open source and widely used.
The Random Password Generator from random.org generates random passwords
based on the guidelines provided.
Faraday is a Collaborative Penetration Test and Vulnerability Management
WinDump is a powerful network packet analyzer that can be used for network
debugging and security monitoring.
John the Ripper is a popular password cracking penetration tool that is
mostly used to perform dictionary attacks. This tool can also be used to
perform a variety of alterations to dictionary attacks. John the Ripper as
an offline password cracker.
It is a Vulnerability Assessment System that offers various tools and
services for vulnerability scanning and management.
OpenPuff is a tool with the following features: Whitening and encoding,
ability to add a decoy password to reveal decoy data and ability to split
the hidden data over multiple carriers.
It is a top security tool which offers powerful vulnerability assessment
across the whole operating systems, devices, application
softwares , and virtual environments within a given network. It uses a
database that is being updated regularly so it can detect latest security
It is a modular framework that facilitates a user to take advantage of poor
upgrade implementations entering fake updates.
This tool is very efficient program that finds vulnerabilities in web
applications. . ZAP provides automated scanners,tools that allow one to
discover security vulnerabilities. It is recommended for those intending to
be career penetrates.
Nikto is web server scanner that scans and detect web serves for any
vulnerabilities. Nikto also scans for outdated versions. ,It also check the
server configurations and also identifies installed web servers and web
It is a powerful tool that helps the user to discover, audit and execute
what is in the web while the program is running.
This is a network security tool that allows the user to access the wireless
card from other computers and allows the user to run tools on a remote
computer. It allows network analysis, wireless packet capturing, and packet
It allows the user to completely remove data from the hard drive by
overwriting each data block many times using an erasure method.
Automated penetration testing software that consists of various modules that
aids penetration testing operations like exploiting, crediting and scanning.
It also identifies, designs and checks network vulnerability.
KeePass is a password manager that allows one to store username and password
combinations in a highly configured database. Access to the database is
secured using a master password or key file.
22. Open stego
It is a powerful tool that attaches secret message file into an image file.
It is also used to unhide data from the output file and uses password to
encrypt. This tool is open source.
It is an integrated platform for attacking web applications.
It is a powerful Network monitoring which is installed in a few minutes and
it discovers one’s entire network automatically
It is a tool that is used to test and reports on SQL injection. Acunetix
generates detailed reports while identifying security issues and
It is a free and open source network security too. It mainly analysis
computer network protocols within a security auditing context and also is an
27. Vera code
It ensures security of code development and minimizes
28. Punk spider:
This security tool is a web scanner that performs more than most of the
29. IBM Appscan:
It is a security tool that scans and identifies the problem and then gives
the remedy to the problem.
(Security Administrator Tool for analyzing Networks). It is used for
collecting and reporting network security vulnerability.
This tool focus on highlighting relationships between people or sites ,
32. Iron Wasp:
It is a unique scanner for web application
33. Secunia PSI:
It is a software inspector that keeps the system secured
It is used to exploit vulnerabilities in password, database etc.
it is a good open source tool. It is mostly used for detecting issues in an
36. Burp suite:
It is a scanner, interceptor of proxy. It also crawl content and
This tool is a scanner that identifies problems and suggests remedial
38. Immunity’s CANVAS:
This tool is used for web application and wireless systems.
The Browser Exploitation Framework , This tool focus on the web
This tool helps the user find open wireless access points on the network.
This is a good manual on website.
This is a tool that works over a number of protocols and through a files,
pipes, devices etc. It provides forking, logging, and dumping, different
modes of communication, and many more other options
(IDS intrusion detection systems)
packet crafting tools
It used for scanning large number of machines
it is a free, open source utility. It detects almost all the latest
an automated exploitation system development framework to penetration
testers and security professionals worldwide.
it is able to perform a powerful attack based on: Dictionary or
This tool sources out for all the network problems and gives out remedies
a good protocol attack tool used in penetration testing.
a tool that searches, reports, monitors and analyzes streaming data.
a Web Debugging tool which logs all HTTP traffic between one’s
computer and the Internet.