Penetration Testing Tools / Security Audit Tools

Posted by on Sep 14, 2012 in Security BlogNo comments


Security Audit Tools

1) Google Reconnaissance

Domain to search for: (e.g.


External Tools

There are a large amount of penetration testing tools to choose from on the market. The security audit tools below have been selected to cover a range of testing techniques from web based testing to network mapping, but the list is by no means complete, as there are hundreds of different tools to use for specific tests. We have also included download links where possible.

1) Metaspoit Framework Download

This is the free version of the metasploit package, one of the best pieces of software around for Windows, Linux and Mac systems. Metasploit allows you to quickly search for and execute exploits against a target.

2) OpenVAS Download

OpenVAS is one of the worlds most advanced open source vulnerability scanners. You can read about the openvas online scanner here. A project contributed by many security professionals globally, this tools gives great accurate scan results, and allows you to manage and report your findings.

3) Tenable Nessus Download

Although this is not a free tool, it has a bunch of incredibly effective scan engines that will rank amongst the best of the vulnerability scanners available on the market. Initially developed as an open source project up until 2008.

4) Snort Download

Snort is one of the original defsec IDS systems, going way back to the early security scene on the internet. It’s incredibly effective, be sure to check it out!

5) BackTrack Download / Kali Linux Download

Formerly BackTrack, the team have now rebranded as Kali Linux, an incredible Live CD or USB security distro, with a large amount of open source tools, bundled into a user friendly Linux distribution.

6) Netcat > Ncat Download

Netcat (1998) now essentially replaced by Nmap’s Ncat is a simple TCP/UDP transmitter/receiver, allowing you to capture and listen for connections using it’s port binding feature, with script  and debugging support.

7) Nmap Download

Nmap is an advanced and extremely fast port scanner, now available in GUI form under the name of Zenmap ( This tools is great for fast network service and port identification.

8) Burp Suite Download

Burp Suite is a collection of Burp tools developed by portswigger. A fast a powerful vulnerability scanner with scripting support and debuging engines, this is a great security audit tool.

9) Nikto Download

Nikto is a free opensource web vulnerability scanner, which is extremely fast, light and capable of identifying over 6400 web flaws on common web servers like Apache.

10) W3af Download

W3af is growing in popularity as it’s another extremely fast web vulnerability framework to help you exploit web applications, be sure to check it out.


We highly advising using penetration testing tools ONLY if you know what you are doing with them. When performing a security audit with tools such as these, you need a full understanding of them to interpret the results, please be sure to contact us if you require a professional penetration test conducted on your website.

Registered Memberships and Partners:

OWASP - Open Web Applications Security Project
ISSA UK - Information Systems Security Association UK
NIST - Computer Security Division of NIST
UKITA - UK Information Technology Association
ISF - Information Security Forum
ISACA - Information Security Audit & Control Association

  • Latest Tweets

    • US intelligence agencies have placed cyber attacks from foreign governments and criminals at the top of their list of threats to the country

    • Kaspersky report identifies 100 hacked banks, over $1 billion stolen by cyber criminals based in Russia, Ukraine and China.