Hacker's Guide to Pentesting Tools

1. Reconnaissance and Information Gathering

• Nmap: Free and open-source tool for network discovery, management, and security auditing. Supports native IPv6 scanning enhancements and multithreaded performance boosts for large enterprise networks. Runs on Linux, Windows, macOS. Interface: Terminal. https://nmap.org/
• Zenmap: Official GUI for Nmap, providing a user-friendly interface for network scanning and visualizing scan results. Supports saved scan profiles and interactive network mapping. Runs on Linux, Windows, macOS. Interface: GUI. https://nmap.org/zenmap/
• Recon-ng: Full-featured web reconnaissance framework written in Python, with a modular interface similar to Metasploit. Includes support for more OSINT APIs and cloud account reconnaissance modules. Runs on Linux, macOS, Windows (with Python). Interface: Terminal. https://github.com/lanmaster53/recon-ng
• theHarvester: Tool for gathering emails, subdomains, hosts, employee names, and more from public sources. Supports decentralized sources like Mastodon and federated APIs, plus fast scraping. Runs on Linux, macOS, Windows (with Python). Interface: Terminal. https://github.com/laramies/theHarvester
• Maltego: Enables penetration testers to visualize relationships between people, organizations, and online entities. Gathers data from various sources to identify potential attack vectors. Runs on Windows, Linux, macOS. Interface: GUI. https://www.maltego.com/
• Spiderfoot: Provides scan options for passive reconnaissance, including detailed descriptions of each option to gather information without directly interacting with the target. Runs on Linux, Windows, macOS (with Python). Interface: Both (Web GUI and CLI). https://www.spiderfoot.net/
• Dnsdumpster: Online DNS reconnaissance tool for discovering subdomains and mapping network infrastructure. Scans for various DNS records like A, MX, TXT, and CNAME. Runs on any OS with a web browser. Interface: Web GUI. https://dnsdumpster.com/
• Hunter: Cybersecurity tool for email discovery and validation, uncovering contact details to map out a target organization’s communication network. Runs on any OS with a web browser. Interface: Web GUI. https://hunter.io/
• Shodan: Search engine for discovering and analyzing internet-connected devices and their security posture. Runs on any OS with a web browser. Interface: Web GUI. https://www.shodan.io/
• Kali Linux Tools: Comprehensive suite including utilities like Whois Lookup and ICMP Ping for initial reconnaissance and troubleshooting. Runs on Linux (primarily Kali Linux). Interface: Both (Terminal and GUI depending on tool). https://www.kali.org/tools/

2. Vulnerability Scanning

• Nessus: Comprehensive vulnerability scanner that identifies and remediates vulnerabilities across various systems. Provides detailed reporting and integration with other security tools. Runs on Windows, Linux, macOS. Interface: Web GUI. https://www.tenable.com/products/nessus
• OpenVAS: Highly capable and free tool for scanning systems and networks for known vulnerabilities. Supports quick and accurate identification of hidden issues. Runs on Linux, Windows (via VM), macOS. Interface: Both (GUI and CLI). https://www.openvas.org/
• Nikto: Solid scanner for checking web servers, digging into risky files, outdated software, and common red flags. Trusted for website penetration testing. Runs on Linux, Windows, macOS (with Perl). Interface: Terminal. https://cirt.net/Nikto2
• Burp Suite: Powerful suite for web vulnerability scanning and manual testing. Available in free and pro versions; excels at identifying common and complex web vulnerabilities. Runs on Windows, Linux, macOS. Interface: GUI. https://portswigger.net/burp
• ZAP (Zed Attack Proxy): Free, open-source web application scanner that identifies security vulnerabilities automatically and manually. Supports complex web applications like SPAs and multi-level forms. Runs on Windows, Linux, macOS. Interface: GUI. https://www.zaproxy.org/
• Acunetix: Specializes in web application security testing, identifying OWASP Top 10 risks like SQL injection and XSS. User-friendly with automation features for DevSecOps. Runs on Windows, Linux, macOS. Interface: Web GUI. https://www.acunetix.com/
• Wapiti: Dynamic vulnerability scanner for black-box audits of web application security. Runs on Linux, Windows, macOS (with Python). Interface: Terminal. https://wapiti.sourceforge.io/
• Vega: Open-source GUI-based scanner for finding SQL injection, XSS, and other vulnerabilities. Runs on Windows, Linux, macOS. Interface: GUI. https://github.com/subgraph/Vega

3. Exploitation Tools

• Metasploit: Powerful penetration testing framework with a vast library of exploits and payloads. Modular architecture for simulating real-world attacks; includes ~250 post-exploitation modules. Runs on Linux, Windows, macOS. Interface: Both (Terminal and GUI). https://www.metasploit.com/
• Burp Suite: For web apps; includes tools for intercepting HTTP/S traffic, scanning for flaws, and automating testing tasks. Runs on Windows, Linux, macOS. Interface: GUI. https://portswigger.net/burp
• SQLmap: Automated tool for detecting and exploiting SQL injection flaws. Runs on Linux, Windows, macOS (with Python). Interface: Terminal. https://sqlmap.org/
• Cobalt Strike: Sophisticated tool for red team operations with post-exploitation capabilities and customizable attack scenarios. Runs on Windows, Linux, macOS. Interface: GUI. https://www.cobaltstrike.com/
• Canvas: Commercial tool similar to Metasploit with curated exploit modules, tailored for ICS and IoT. Runs on Windows, Linux. Interface: GUI. https://immune.com/
• Core Impact: Commercial pentesting tool with automation for multiple platforms. Runs on Windows. Interface: GUI. https://www.coresecurity.com/core-impact
• Exploit Pack: Java-based automated tool for managing exploits and red team operations. Runs on Windows, Linux, macOS. Interface: GUI. https://exploitpack.com/

4. Password Cracking

• Hashcat: Renowned password recovery tool using various algorithms; supports GPU acceleration for brute-force and dictionary attacks. Runs on Linux, Windows, macOS. Interface: Terminal. https://hashcat.net/hashcat/
• John the Ripper: Powerful tool for dictionary and brute-force attacks; supports multiple encryption algorithms across platforms. Runs on Linux, Windows, macOS. Interface: Terminal. https://www.openwall.com/john/
• Johnny: GUI frontend for John the Ripper, simplifying password cracking with a user-friendly interface for managing attacks. Runs on Linux, Windows, macOS. Interface: GUI. https://openwall.info/wiki/john/johnny
• Hydra (THC Hydra): Fast, flexible tool supporting numerous protocols like HTTP, FTP, and SSH for brute-force attacks. Runs on Linux, Windows, macOS. Interface: Terminal. https://github.com/vanhauser-thc/thc-hydra
• Aircrack-ng: Suite for WiFi auditing, cracking WEP and WPA-PSK keys. Runs on Linux, Windows, macOS. Interface: Terminal. https://www.aircrack-ng.org/
• Medusa: Command-line tool for massively parallel brute-force password testing against multiple hosts. Runs on Linux, Windows, macOS. Interface: Terminal. https://github.com/jmk-foofus/medusa

5. Network Sniffing and Packet Analysis

• Wireshark: Widely used network protocol analyzer for capturing and browsing traffic; provides deep insights into packets and protocols. Runs on Windows, Linux, macOS. Interface: GUI. https://www.wireshark.org/
• Tcpdump: Lightweight CLI tool for capturing and analyzing traffic from a wide range of protocols. Runs on Linux, macOS, Windows (with WinPcap). Interface: Terminal. https://www.tcpdump.org/
• Ettercap: Powerful sniffer and packet manipulation tool for man-in-the-middle attacks on LANs. Runs on Linux, Windows, macOS. Interface: Both (GUI and Terminal). https://ettercap.github.io/ettercap/
• NetworkMiner: Open-source tool for network forensic analysis; parses PCAP files and extracts files from traffic. Runs on Windows, Linux (with Mono). Interface: GUI. https://www.netresec.com/?page=NetworkMiner
• Kismet: Wireless network detector, sniffer, and intrusion detection system. Runs on Linux, macOS, Windows (limited). Interface: Terminal. https://www.kismetwireless.net/

6. Web Application Testing

• Burp Suite: Comprehensive platform for web vulnerability scanning and manual testing; includes proxy, scanner, and intruder tools. Runs on Windows, Linux, macOS. Interface: GUI. https://portswigger.net/burp
• OWASP ZAP: Free, open-source scanner for identifying vulnerabilities like SQL injection and XSS; supports automated and manual testing. Runs on Windows, Linux, macOS. Interface: GUI. https://www.zaproxy.org/
• Nikto: Fast scanner for web servers, checking for risky files and outdated software. Runs on Linux, Windows, macOS (with Perl). Interface: Terminal. https://cirt.net/Nikto2
• SQLmap: Detects and exploits SQL injection flaws. Runs on Linux, Windows, macOS (with Python). Interface: Terminal. https://sqlmap.org/
• Wfuzz: Tool for fuzzing web applications to identify vulnerabilities. Runs on Linux, Windows, macOS (with Python). Interface: Terminal. https://github.com/xmendez/wfuzz
• Wapiti: Black-box scanner for common web vulnerabilities, including SSTI and JWT fuzzing. Runs on Linux, Windows, macOS (with Python). Interface: Terminal. https://wapiti.sourceforge.io/

7. Wireless Network Testing

• Aircrack-ng: Suite for WiFi auditing, monitoring, attacking, testing, and cracking WEP/WPA keys. Runs on Linux, Windows, macOS. Interface: Terminal. https://www.aircrack-ng.org/
• Kismet: Wireless network detector, sniffer, and intrusion detection system. Runs on Linux, macOS, Windows (limited). Interface: Terminal. https://www.kismetwireless.net/
• Wifite: Automated wireless attack tool. Runs on Linux. Interface: Terminal. https://github.com/derv82/wifite2
• Airgeddon: Multi-use bash script for WiFi attacks, including rogue AP and evil twin setups. Runs on Linux. Interface: Terminal. https://github.com/v1s1t0r1sh3r3/airgeddon
• Eaphammer: Tool for WPA-EAP attacks. Runs on Linux. Interface: Terminal. https://github.com/s0lst1c3/eaphammer

8. Social Engineering

• Social-Engineer Toolkit (SET): Open-source framework for simulating social engineering attacks like phishing and credential harvesting. Runs on Linux, macOS, Windows (with Python). Interface: Terminal. https://github.com/trustedsec/social-engineer-toolkit
• Phishing Frenzy: Tool for creating phishing campaigns. Runs on Linux, Windows, macOS (web-based). Interface: Web GUI. https://github.com/htrgouvea/phishing-frenzy
• BeEF (Browser Exploitation Framework): Focuses on browser vulnerabilities for client-side attacks and social engineering. Runs on Linux, Windows, macOS. Interface: Web GUI. https://beefproject.com/

9. Post-Exploitation

• Mimikatz: Tool for extracting credentials and performing pass-the-hash attacks. Runs on Windows, Linux (via Wine). Interface: Terminal. https://github.com/gentilkiwi/mimikatz
• PowerSploit: PowerShell-based toolkit for post-exploitation on Windows. Runs on Windows. Interface: Terminal. https://github.com/PowerShellMafia/PowerSploit
• Empire: Cross-platform post-exploitation framework. Runs on Linux, Windows, macOS. Interface: Terminal. https://github.com/BC-Security/Empire
• Cobalt Strike: Advanced post-exploitation for red teaming. Runs on Windows, Linux, macOS. Interface: GUI. https://www.cobaltstrike.com/

10. Reporting and Documentation

• Dradis: Framework for managing and sharing penetration test data; supports collaboration and report generation. Runs on Linux, Windows, macOS. Interface: Web GUI. https://dradisframework.com/
• Faraday: Multiuser integrated pentesting environment for cooperative tests and risk assessments. Runs on Linux, Windows, macOS. Interface: Both (GUI and CLI). https://faradaysec.com/
• PlexTrac: Penetration test reporting and exposure management platform with integrations like Jira and Tenable. Runs on any OS with a web browser. Interface: Web GUI. https://plextrac.com/
• AttackForge: Pentest management tool for standardizing vulnerabilities and speeding up reporting. Runs on any OS with a web browser. Interface: Web GUI. https://www.attackforge.com/
• Pwndoc: Pentest report generator. Runs on Linux, Windows, macOS (with Node.js). Interface: Web GUI. https://github.com/pwndoc/pwndoc

11. Fuzzing Tools

• American Fuzzy Lop (AFL): Coverage-guided fuzzer for binary applications. Runs on Linux, macOS, Windows (via WSL). Interface: Terminal. http://lcamtuf.coredump.cx/afl/
• Peach Fuzzer: Commercial tool for protocol and file fuzzing. Runs on Windows, Linux. Interface: Both (GUI and CLI). https://www.peach.tech/products/peach-fuzzer/
• Ffuf: Fast web fuzzer for directory and parameter discovery. Runs on Linux, Windows, macOS (with Go). Interface: Terminal. https://github.com/ffuf/ffuf
• Boofuzz: Protocol fuzzing framework. Runs on Linux, Windows, macOS (with Python). Interface: Terminal. https://github.com/jtpereyda/boofuzz
• LibFuzzer: Coverage-guided fuzzing integrated into applications. Runs on Linux, macOS, Windows (with LLVM). Interface: Terminal. https://llvm.org/docs/LibFuzzer.html

12. Mobile Application Testing

• MobSF (Mobile Security Framework): Automated tool for static and dynamic analysis of Android/iOS apps. Runs on Linux, Windows, macOS. Interface: Both (Web GUI and CLI). https://github.com/MobSF/Mobile-Security-Framework-MobSF
• Frida: Dynamic instrumentation toolkit for mobile app hooking and manipulation. Runs on Linux, Windows, macOS, Android, iOS. Interface: Terminal. https://frida.re/
• Drozer: Security assessment tool for Android apps. Runs on Linux, Windows, macOS. Interface: Terminal. https://github.com/FSecureLABS/drozer
• QARK: Tool for finding vulnerabilities in Android apps via static analysis. Runs on Linux, Windows, macOS (with Python). Interface: Terminal. https://github.com/linkedin/qark

13. Exploit Development

• Immunity Debugger: Debugger for exploit development on Windows. Runs on Windows. Interface: GUI. https://www.immunityinc.com/products/debugger/
• Mona.py: Python plugin for Immunity Debugger to assist in exploit writing. Runs on Windows (with Immunity Debugger). Interface: Terminal. https://github.com/corelan/mona
• Ghidra: Open-source reverse engineering tool for disassembling and analyzing binaries. Runs on Windows, Linux, macOS. Interface: GUI. https://ghidra-sre.org/
• Metasploit: Framework with modules for developing and testing exploits. Runs on Linux, Windows, macOS. Interface: Both (Terminal and GUI). https://www.metasploit.com/

14. Steganography Tools

• Steghide: Open-source command-line tool for hiding data in image and audio files (JPEG, BMP, WAV, AU). Supports encryption and is ideal for CTF challenges and secure data embedding. Runs on Linux, Windows, macOS. Interface: Terminal. http://steghide.sourceforge.net/
• OpenStego: Free, open-source desktop app for data hiding and watermarking in images. Supports LSB techniques and is cross-platform for pentesting scenarios. Runs on Windows, Linux, macOS. Interface: GUI. https://www.openstego.com/
• Stegsolve: Java-based GUI tool for analyzing and decoding steganography in images, including bit plane slicing and color channel manipulations. Useful for steganalysis in CTFs. Runs on Windows, Linux, macOS. Interface: GUI. https://github.com/zardus/stegsolve
• Binwalk: Firmware analysis tool that detects and extracts embedded files from images and binaries. Integrated in Kali Linux for forensic steganography detection. Runs on Linux, Windows, macOS. Interface: Terminal. https://github.com/ReFirmLabs/binwalk
• Zsteg: Command-line tool for detecting and extracting LSB steganography in PNG and BMP images. Popular in CTF for quick analysis. Runs on Linux, Windows, macOS (with Ruby). Interface: Terminal. https://github.com/zed-0xff/zsteg
• Outguess: Advanced steganography tool for embedding data in JPEG images, resistant to statistical analysis. Runs on Linux, Windows, macOS. Interface: Terminal. http://outguess.sourceforge.net/
• Stegano: Python library for hiding messages in images using LSB method. Easy to integrate into custom pentest scripts. Runs on Linux, Windows, macOS (with Python). Interface: Terminal. https://steghide.sourceforge.io/
• Xiao Steganography: Simple free app for hiding text in BMP images or WAV audio files. Portable and lightweight for quick tests. Runs on Windows. Interface: GUI. https://www.chip.de/downloads/Xiao-Steganography_22249637.html
• OpenPuff: Free tool supporting steganography in images, audio, and video. Allows splitting messages across files for advanced hiding. Runs on Windows. Interface: GUI. http://embeddedsw.net/OpenPuff_Steganography_Home.html
• Aperi'Solve: Online tool for steganalysis on images (PNG, JPG, etc.), using zsteg, steghide, binwalk, and more for automated detection. Runs on any OS with a web browser. Interface: Web GUI. https://aperisolve.fr/
• StegOnline: Web-based tool for embedding and extracting data via LSB techniques in images. Great for quick online demos. Runs on any OS with a web browser. Interface: Web GUI. https://stegonline.georgeom.net/
• Stylesuxx Steganography: Browser-based online encoder/decoder for hiding text in images. Supports variable message lengths based on image size. Runs on any OS with a web browser. Interface: Web GUI. https://stylesuxx.github.io/steganography/
• Futureboy Steganographic Decoder: Online interface compatible with steghide for encoding/decoding in images and audio. Runs on any OS with a web browser. Interface: Web GUI. http://futureboy.us/stegano.html
• Manytools Steganography: Online tool for embedding text or files into images, with watermarking options for secure sharing. Runs on any OS with a web browser. Interface: Web GUI. https://manytools.org/hacker-tools/steganography/
• Image Steganography (Incoherency): JavaScript-based web tool for hiding entire images inside other images using LSB. Runs on any OS with a web browser. Interface: Web GUI. https://incoherency.co.uk/image-steganography/

15. OSINT (Open-Source Intelligence)

• OSINT Framework: Web-based directory of OSINT tools and resources, categorized by data type (e.g., email, username, domain). Ideal for structuring reconnaissance workflows. Runs on any OS with a web browser. Interface: Web GUI. https://osintframework.com/
• Maltego: Advanced OSINT tool for visualizing relationships between entities like people, domains, and organizations using public data sources. Supports custom transforms for extended functionality. Runs on Windows, Linux, macOS. Interface: GUI. https://www.maltego.com/
• theHarvester: Python-based tool for gathering emails, subdomains, hosts, and employee names from public sources like search engines and social media. Supports API integration for enhanced OSINT. Runs on Linux, Windows, macOS (with Python). Interface: Terminal. https://github.com/laramies/theHarvester
• Spiderfoot: Automated OSINT tool for passive reconnaissance, collecting data on IPs, domains, and emails without direct target interaction. Offers web-based and CLI options. Runs on Linux, Windows, macOS (with Python). Interface: Both (Web GUI and CLI). https://www.spiderfoot.net/
• Recon-ng: Modular Python framework for web-based OSINT, mimicking Metasploit’s interface. Gathers data from APIs, social media, and public records. Runs on Linux, Windows, macOS (with Python). Interface: Terminal. https://github.com/lanmaster53/recon-ng
• Shodan: Search engine for discovering internet-connected devices, including servers, IoT, and webcams, with filters for vulnerabilities. Useful for mapping attack surfaces. Runs on any OS with a web browser. Interface: Web GUI. https://www.shodan.io/
• Censys: Search engine for scanning internet-connected devices and certificates, providing insights into hosts, ports, and protocols. Runs on any OS with a web browser. Interface: Web GUI. https://censys.io/
• Hunter: Web-based tool for finding and verifying email addresses associated with domains, ideal for targeting organizational contacts. Runs on any OS with a web browser. Interface: Web GUI. https://hunter.io/
• BuiltWith: Web tool for analyzing website technologies, frameworks, and hosting providers, useful for identifying tech stacks during reconnaissance. Runs on any OS with a web browser. Interface: Web GUI. https://builtwith.com/
• Whoisology: Domain research tool for reverse WHOIS lookups, uncovering domain ownership and historical registration data. Runs on any OS with a web browser. Interface: Web GUI. https://whoisology.com/
• IntelTechniques: Web-based OSINT resource hub with tools and guides for searching people, emails, usernames, and more across public platforms. Runs on any OS with a web browser. Interface: Web GUI. https://inteltechniques.com/
• Trace Labs: Community-driven OSINT platform for missing persons investigations, offering tools and methodologies for ethical reconnaissance. Runs on any OS with a web browser. Interface: Web GUI. https://www.tracelabs.org/
• Buscador: Linux VM preloaded with OSINT tools, optimized for reconnaissance tasks like social media and dark web searches. Runs on Linux (VM). Interface: Both (GUI and CLI). https://github.com/inteltechniques/Buscador
• Amass: Command-line tool for enumerating subdomains and mapping network attack surfaces using OSINT techniques and DNS queries. Runs on Linux, Windows, macOS (with Go). Interface: Terminal. https://github.com/OWASP/Amass
• Sherlock: Python-based tool for finding usernames across social media platforms and websites, ideal for profiling targets. Runs on Linux, Windows, macOS (with Python). Interface: Terminal. https://github.com/sherlock-project/sherlock

16. Map Coordinates and Geolocation Tools

• Google Maps: Versatile tool for plotting coordinates (e.g., "35.6682,138.5699"), visualizing satellite/street imagery, and generating plus codes. Ideal for pinpointing locations from CTF image metadata or GPS clues. Runs on any OS with a web browser. Interface: Web GUI. https://maps.google.com/
• OpenStreetMap: Open-source mapping platform for plotting coordinates (e.g., "?mlat=-51.620736&mlon=-69.229722") and identifying landmarks or cities from geotags in CTF challenges. Runs on any OS with a web browser. Interface: Web GUI. https://openstreetmap.org/
• LatLong.net: Converts addresses to coordinates, reverse-geocodes coordinates to addresses, and supports DMS/UTM formats. Useful for validating CTF flag coordinates like "crew{35.6682,138.5699}". Runs on any OS with a web browser. Interface: Web GUI. https://latlong.net/
• GPS-Coordinates.net: Interactive map for finding coordinates from addresses or clicks, with satellite view and bookmarking features for CTF geolocation tasks. Runs on any OS with a web browser. Interface: Web GUI. https://gps-coordinates.net/
• Coordinates-Converter.com: Converts between coordinate systems (WGS84, UTM, MGRS) with an integrated map. Helps decode binary or encoded coordinates in CTF puzzles. Runs on any OS with a web browser. Interface: Web GUI. https://coordinates-converter.com/
• EPSG.io/map: Transforms projected coordinates to lat/long and displays them on an interactive map. Ideal for advanced geospatial CTF challenges involving coordinate system transformations. Runs on any OS with a web browser. Interface: Web GUI. https://epsg.io/map
• Geohash.org: Encodes and decodes latitude/longitude to geohash strings, useful for handling compact coordinate formats in CTF challenges. Runs on any OS with a web browser. Interface: Web GUI. https://geohash.org/