Useful Tools for Ethical Hacking/Penetration Testing

A great proportion of hackers prefer the Linux operating system. Linux is loved by the hacking community, mostly because of the amount of control it puts into the user’s hands and it’s open source nature, Linux is also deemed more secure than windows, and less susceptible to attacks.

A larger number of hacking tools are built tailored for Linux. Some of these tools can be used in the command line. As a hacker or an aspiring one, there are a bunch of Linux command line tools available to aid your tasks, most of which are available in Kali or with a simple Git clone command.

Network Penetration Testing Tools

  • Nmap – A port scanning tool. Used for network scanning and security auditing.
  • Masscan – A super fast tool for scanning a large range of IP addresses within a matter of minutes
  • Nikto – Great for finding web server vulnerabilities
  • Nessus – The defacto all round tool for finding mostly network based vulnerabilities
  • Metasploit – Auxiliary modules for mapping as well as of course the many exploit modules
  • Tcpdump -A versatile packet analyzer which runs under the command line. It permits the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.
  • Httptunnel- A tunneling software that can tunnel network connections through restrictive HTTP proxies over pure HTTP “GET” and “POST” requests.
  • Proxytunnel- This is program to stealthily tunnel a connection through a standard HTTPS proxy.
  • Ettercap – For capturing and redirecting traffic on a network. Perfect for man-in-the-middle attacks.

We have a  networking hacking course that is of a similar level to OSCP, get an exclusive  95% discount HERE

Web Application Penetration Testing Tools

  • BurpSuite – The only web proxy you will ever need for manually finding web app vulnerabilities, use the pro version for more features.
  • w3af_console – A pretty nice tool for doing some web app scanning for common vulnerabilities
  • Fuser- A Linux utility to identify processes using files or sockets
  • SQLMap – An automated database exploitation tool

WiFi Hacking / Penetration Testing Tools

  • Airgeddon – A script containing many of the below tools mentioned, a Swiss army knife of WiFi hacking tools essentially!.
  • Reaver- A tool for brute forcing attacks against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases.

If you would like learn all about WiFi ethical hacking from the ground up, we have a 7.5 hour online course with a totally bonkers discount. Get it HERE.

Password Cracking Tools

  • Hashcat – Used to crack hashes. Password cracking tool can also used for recovering passwords, reviewing password security, benchmarking, and/or identifying data in a hash.
  • JTR – John The Ripper is a great tool customising password attacks, we recommend using the Jumbo add on.
  • Aircrack-ng – A tool tailored for hacking wireless networks. The most poplar tool for WiFi penetration testing.

Social Engineering Tools

  • SocialFish – A script that produces a number of different phishing related pages for pen test engagements
  • SET – Stands for social engineering toolkit, it’s been around for a while, so is likely to be nicely polished by now
  • Blackeye – Another Phishing based framework tool that offers a multitude of different templates to choose from, perfect for red team engagements.


Get in touch if you know of any other great tools we can include in the list!





Related posts

Microsoft Rolls Out AI-Powered Scareware Blocker In Edge Browser

CISA Warns Of Actively Exploited Vulnerability In Microsoft Outlook

Gcore Radar report reveals 56% year-on-year increase in DDoS attacks