- Nmap: Network Mapper (or Nmap) is an open-source network scanning software that can be used to find hosts and services in a network and scan for vulnerabilities and open ports.
- Metasploit: Metasploit allows you to create and execute exploit code against a target computer. It can be used for testing the system’s security by containing a lot of exploits, payloads and encoders.
- Burp Suite: Burp Suite can be used for web application security testing and vulnerability detection.
- Aircrackng: Aircrackng is a wireless security tool that can crack WEP/WPA/WPA2 keys, and perform security assessments of wireless networks.
- John the Ripper: John the Ripper can be used to crack passwords and recover forgotten or lost passwords. It can be used for testing the strength of password hashes or to identify weak passwords.
- Wireshark: Wireshark can be used to analyze and capture network traffic. It is used to diagnose network problems, analyze packets and perform security assessments.
- sqlmap: sqlmap, an open-source tool that automates the detection and exploiting of SQL injection vulnerabilities, is available.
- Maltego: Maltego can be used as a digital intelligence and forensics tool to find relationships between data. It also allows you to visualize these relationships in graph format. It can be used for reconnaissance and hidden connections as well as to identify potential threats.
- Nessus: Nessus can be used to scan networks and systems for vulnerabilities.
- dnsmap: DNSmap is a scanning tool that allows you to scan domain names (DNS) and perform subdomain brute force attacks.
- BeEF: The Browser Exploitation Framework (BeEF) is a tool that allows you to exploit web browsers and test their security.
- HydroPTT: HydroPTT can be used to assess security on Point-to-Point Tunneling Protocol VPN (PPTP VPN) systems.
- THC Hydra: THC Hydra can be used to crack passwords against a variety of protocols including HTTP, FTP and Telnet.
- Acunetix: Acunetix, a web-based security testing tool, can be used to detect vulnerabilities in web applications. It includes SQL injection, cross site scripting (XSS), as well as other types of attacks.
- Malwarebytes: Malwarebytes can be used to detect and eliminate malware from computers.
- Ophcrack: Ophcrack can be used to crack passwords and recover passwords that have been forgotten or lost, especially for Windows systems.
- Pyrit: Pyrit can be used to attack WPA/WPA2-PSK networks, and to test security of wireless networks.
- Metasploitable – Metasploitable can be used to test the Metasploit framework as well as perform security assessments.
- OpenVAS: OpenVAS, an open-source vulnerability scanning tool and management tool that identifies vulnerabilities in networks and systems, is called OpenVAS.
- Spaghetti: Spaghetti, an open-source vulnerability scanner for web applications, can be used to detect vulnerabilities in web apps, such as SQL injection and cross-site scripting.