What is pentesting?

Penetration testing, or pentesting, is the process of breaking into infrastructure, systems, and applications. Opposed to black hat hacking, pentesting is done with the consent of the owner of said environment. Pentesting is more than just the technical side, as it involved project scoping and providing a report to the client with the findings.

Tool categories

There are 2 tool collections available that cover pentesting:

Security tools

The following security tools are linked to pentesting and are worth investigating.

  • APT2 (automation of pentest tasks)
  • BeEF (browser exploitation framework)
  • Faraday (collaboration tool for penetration testing)
  • Gloom (Linux penetration testing framework)
  • InstaRecon (automated digital reconnaissance)
  • Metasploit Framework (penetration toolkit)
  • OWTF (offensive web testing framework)
  • PTF (manage your pentesting toolbox)
  • SearchSploit (exploit search tool)
  • Sn1per (automated pentest recon scanner)
  • TheDoc (automation tool for sqlmap)
  • WarBerryPi (hardware implant for pentesting or red teaming)
  • domain (setup script for Recon-ng and altdns)
  • fsociety (penetration testing framework)
  • p0f (passive fingerprinting tool)