Pentest and Vulnerability Scanning – A simple list of useful tools

Posted: May 4, 2013 in Penetration Testing and Vulnerability Scanning

BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking.
The Metasploit Project is a computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
Nexpose proactively scans your environment for misconfigurations, vulnerabilities, and malware and provides guidance for mitigating risks.
Mobilisafe is a mobile risk management solution that automatically performs a mobile risk assessment of all the devices in your organization and provides easy-to-use tools to eliminate these risks.

Armitage is a GUI front-end for the Metasploit Framework developed by Raphael Mudge with the goal of helping security professionals better understand hacking and to help them realize the power of Metasploit.
Cortana is a real-time collaborative hacking tools with bots.
Cobalt Strike is a collection of threat emulation tools that work with the Metasploit Framework. Cobalt Strike helps you get a foothold in a network and quietly keep it. Cobalt Strike’s post-exploitation tools help you demonstrate what a sophisticated attacker can do. Cobalt Strike also generates professional reports at the end of your engagements.
Acunetix Web Vulnerability Scanner Includes Many Innovative Features:
AcuSensor Technology
An automatic client script analyzer allowing for security testing of Ajax and Web 2.0 applications
Industries’ most advanced and in-depth SQL injection and Cross site scripting testing
Advanced penetration testing tools, such as the HTTP Editor and the HTTP Fuzzer
Visual macro recorder makes testing web forms and password protected areas easy
Support for pages with CAPTCHA, single sign-on and Two Factor authentication mechanisms
Extensive reporting facilities including PCI compliance reports
Multi-threaded and lightning fast scanner crawls hundreds of thousands of pages with ease
Intelligent crawler detects web server type and application language
Acunetix crawls and analyzes websites including flash content, SOAP and AJAX
Port scans a web server and runs security checks against network services running on the server
Amap is a great tool for determining what application is listening on a given port.
IBM Security AppScan software automates application security testing by scanning applications, identifying vulnerabilities and generating reports with intelligent fix recommendations to ease remediation.
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.
McAfee Foundstone guides enterprises on the best ways to protect assets and maximize business goals through maintaining a strong security posture
IP360 is the world’s leading vulnerability and risk management system enabling thousands of enterprises and government agencies to cost-effectively measure and manage their security risk.
MICROSOFT Baseline Security Analyzer
The Microsoft Baseline Security Analyzer provides a streamlined method to identify missing security updates and common security misconfigurations.
Nessus leverages credentialed and uncredentialed scans; patch, configuration, and mobile device managers; external repositories; website reputation; and global threat intelligence to reduce risk and protect sensitive data.
Netsparker can find and report security issues such as SQL Injection and Cross-site Scripting (XSS) in all web applications regardless of the platform and the technology they are built on.
Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing.
OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.
mapping & discovery
network perimeter scans
PCI compliance scanning
Web application security testing
Detection of malware infections and threats
IT security policy creation, scanning & reporting
Retina Network Security Scanner identifies the vulnerabilities – missing patches, configuration weaknesses, and industry best practices – to protect an organization’s IT assets. Retina provides cost-effective security risk assessment, as well as enables security best practices, policy enforcement, and regulatory audits.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s