What is pentesting?

Penetration testing, or pentesting, is the process of breaking into infrastructure, systems, and applications. Opposed to black hat hacking, pentesting is done with the consent of the owner of said environment. Pentesting is more than just the technical side, as it involved project scoping and providing a report to the client with the findings.

Tool categories

There are 2 tool collections available that cover pentesting:

Security tools

The following security tools are linked to pentesting and are worth investigating.

  • APT2 (automation of pentest tasks)
  • BeEF (browser exploitation framework)
  • domain (setup script for Recon-ng and altdns)
  • Faraday (collaboration tool for penetration testing)
  • fsociety (penetration testing framework)
  • Gloom (Linux penetration testing framework)
  • InstaRecon (automated digital reconnaissance)
  • Metasploit Framework (penetration toolkit)
  • OWTF (offensive web testing framework)
  • p0f (passive fingerprinting tool)
  • PTF (manage your pentesting toolbox)
  • SearchSploit (exploit search tool)
  • Sn1per (automated pentest recon scanner)
  • TheDoc (automation tool for sqlmap)
  • WarBerryPi (hardware implant for pentesting or red teaming)