Penetration Testing Tools

Looking for expert penetration testers?

Select a service below and contact us for a quote:

Website Penetration Testing

Web Application Penetration Testing

Website Security Audits

Network Penetration Testing

Firewall Security Testing

Internal Infrastructure Penetration Testing


Top 20 Penetration Testing Tools – Gateway to Information Security (External Resources)

Penetration testing tools, network admin tools and other useful security tools:

There are a large amount of penetration testing tools to choose from on the market. The security audit tools below have been selected to cover a range of testing techniques from vuln scanning based testing to network mapping, but the list is by no means complete, as there are hundreds of different tools to use for specific tests. We have also included download links where possible.

1) Metaspoit Framework

This is the free version of the metasploit package, one of the best pieces of software around for Windows, Linux and Mac systems. Metasploit allows you to quickly search for and execute exploits against a target.

2) OpenVAS

OpenVAS is one of the worlds most advanced open source vulnerability scanners. You can read more about the openvas online scanner here. A project contributed by many security professionals globally, this tools gives great accurate scan results, and allows you to manage and report your findings.

3) Tenable Nessus

Although this is not a free tool, it has a bunch of incredibly effective scan engines that will rank amongst the best of the vulnerability scanners available on the market. Initially developed as an open source project up until 2008.

4) Snort

Snort is one of the original defsec Intrusion Detection Systems (IDS), going way back to the early security scene on the internet. It’s incredibly effective, be sure to check it out, one of the best HIPS on the market!

5) BackTrack Download / Kali Linux Download

Formerly BackTrack, the team have now rebranded as Kali Linux, an incredible Live CD or USB security distro, with a large amount of open source tools, bundled into a user friendly Linux distribution.

6) Netcat > Ncat

Netcat (1998) now essentially replaced by Nmap’s Ncat is a simple TCP/UDP transmitter/receiver, allowing you to capture and listen for connections using it’s port binding feature, with script  and debugging support.

7) Nmap Download

Nmap is an advanced and extremely fast port scanner, now available in GUI form under the name of Zenmap ( This tools is great for fast network service and port identification. We have now integrated the Nmap Online Scanner into our set of free penetration testing tools

8) Burp Suite

Burp Suite is a collection of Burp tools developed by portswigger. A fast a powerful vulnerability scanner with scripting support and debuging engines, this is a great security audit tool.

9) Nikto

Nikto is a free opensource http/s vulnerability scanner, which is extremely fast, light and capable of identifying over 6400 web flaws on common web servers like Apache. We have now implemented the Nikto Scanner Online in our penetration testing tools

10) W3af

W3af is growing in popularity as it’s another extremely fast web vulnerability framework to help you exploit web applications, be sure to check it out.

11) Arachni Scanner

Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. We have implemented the Arachni Scanner Online free edition into our penetration testing tools

12) WhatWeb Web Scanner

WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 900 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. WhatWeb Web Scanner Online is now available to try in our free penetration testing tools online

13) BlindElephant Web Scanner

The BlindElephant Web App Fingerprinter attempts to discover the version info by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and highly automatable. BlindElephant Scanner Online is now available and on our free penetration testing tools online portal

14) TCP Traceroute Online

Perform a TCP traceroute online, allowing you to see the route taken in or out of a network. Traceroute online is a computer network diagnostic tool for displaying the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network. TCP Traceroute Online has been incorporated into our penetration testing tools online and is now available.

15) ResolveHost

A simple Linux tool designed to resolve domain names to IP addresses, and IP addresses to domain names. This tool is now in our penetration testing tool suite online, as ResolveHost Online.

16) IP Calc / IP Calculator

Takes an IP address and netmask and calculates the resulting broadcast, network, Cisco wildcard mask, and host range. This tools is now available via IP Calculator Online.

17) CMSmap

CMSmap is a single python based tool that tests for vulnerabilities in the following CMS platforms, Joomla, Drupal and WordPress. We have integrated CMSmap Online into our free penetration testing tools portal. This tools is now available via the CMSmap Online page.

We highly advising using penetration testing tools ONLY if you know what you are doing with them. When performing a security audit with tools such as these, you need a full understanding of them to interpret the results, please be sure to contact us if you require a professional penetration test conducted on your website.

18) WPScan Online

WPScan is a blackbox WordPress engine vulnerability scanning tool, capable of auditing weak usernames and passwords, versions and their vulnerabilities, wordpress plugins and various other wordpress checks. You can use WPScan online via our WPScan online tools suite.


OSSEC is one of the best open source Intrusion Detection Systems or HIDS available in network protection and intrusion systems. This tool provides an excellent forensic tool to help spot attacks via notifications and alerting.

20) provides a list of Network Administration Tools and Software that is a great Resource for System and Network Administrators when it comes to network management and maintenace. They’ve compiled a large list of tools that will assist you in Monitoring your network and potentially uncovering security risks and issues within your perimeter. If your a Network Engineer or System administrator, these tools will assist in your daily tasks and greatly simplify your life.

Other useful Cyber Security Resources:

  • Cyber Security Jobs – is an IT Security Jobs website that allows recruiters to post jobs and candidates to search for cyber security job vacancies. If you are looking to hire a full time or contract out cyber security work and wish to post a job vacancy this is a useful website resource.
  • Cyber Security Courses – a website that lets you search hundreds of IT security courses that have been posted by established cyber security course providers. You can begin your IT security training journey with entry level courses, or take more advanced courses to further your career.
  • Netzen Solutions Ltd – IT consultancy business forming part of our parent company that can assist you with IT security and general IT help, get in touch with Netzen for IT Support.