This is a list of available software and hardware tools that are designed for or are particularly suited to various kinds of security assessment and security testing.
Several operating systems and tool suites provide bundles of tools useful for various types of security assessment.
Tool | Vendor | Type | License | Tasks | Commercial status |
---|---|---|---|---|---|
Aircrack-ng | GPL | Packet sniffer and injector; WEP encryption key recovery | Free | ||
Metasploit | Rapid7 | application, framework | EULA | Vulnerability scanning, vulnerability development | Multiple editions with various licensing terms, including one free-of-charge. |
Nessus | Tenable Network Security | Proprietary; GPL (2.2.11 and earlier) | Vulnerability scanner | ||
Nmap | terminal application | GPL v2 | computer security, network management | Free | |
OpenVAS | GPL | ||||
Nikto Web Scanner | GPL | ||||
SQLmap | |||||
Wireshark | Riverbed Technology (sponsor) | desktop application | GPL2 | Network sniffing, traffic analysis | Free. also offers limited vendor support, professional tools, and hardware for a fee |
A Linux distribution is an operating system made from a software collection that includes the Linux kernel and, often, a package management system. Linux users usually obtain their operating system by downloading one of the Linux distributions, which are available for a wide variety of systems ranging from embedded devices and personal computers to powerful supercomputers.
A penetration test, colloquially known as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. The test is performed to identify weaknesses, including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed.
nUbuntu or Network Ubuntu was a project to take the existing Ubuntu operating system LiveCD and Full Installer and remaster it with tools needed for penetration testing servers and networks. The main idea is to keep Ubuntu's ease of use and mix it with popular penetration testing tools. Besides usage for network and server testing, nUbuntu will be made to be a desktop distribution for advanced Linux users.
The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7.
Aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs. It works with any wireless network interface controller whose driver supports raw monitoring mode and can sniff 802.11a, 802.11b and 802.11g traffic. The program runs under Linux, FreeBSD, macOS, OpenBSD, and Windows; the Linux version is packaged for OpenWrt and has also been ported to the Android, Zaurus PDA and Maemo platforms; and a proof of concept port has been made to the iPhone.
BackTrack was a Linux distribution that focused on security, based on the Knoppix Linux distribution aimed at digital forensics and penetration testing use. In March 2013, the Offensive Security team rebuilt BackTrack around the Debian distribution and released it under the name Kali Linux.
EnGarde Secure Linux was an open source server-only Linux distribution developed by Guardian Digital. EnGarde incorporates open source tools such as Postfix, BIND, and the LAMP stack.
Offensive Security Certified Professional (OSCP) is an ethical hacking certification offered by Offensive Security that teaches penetration testing methodologies and the use of the tools included with the Kali Linux distribution. The OSCP is a hands-on penetration testing certification, requiring holders to successfully attack and penetrate various live machines in a safe lab environment. It is considered more technical than other ethical hacking certifications, and is one of the few certifications that requires evidence of practical penetration testing skills.
The Computing Technology Industry Association (CompTIA) is an American non-profit trade association, issuing professional certifications for the information technology (IT) industry. It is considered one of the IT industry's top trade associations. Based in Downers Grove, Illinois, CompTIA issues vendor-neutral professional certifications in over 120 countries. The organization releases over 50 industry studies annually to track industry trends and changes. Over 2.2 million people have earned CompTIA certifications since the association was established.
Pentoo is a Live CD and Live USB designed for penetration testing and security assessment. Based on Gentoo Linux, Pentoo is provided both as 32 and 64-bit installable live CD. Pentoo is also available as an overlay for an existing Gentoo installation. It features packet injection patched Wi-Fi drivers, GPGPU cracking software, and many tools for penetration testing and security assessment. The Pentoo kernel includes grsecurity and PAX hardening and extra patches - with binaries compiled from a hardened toolchain with the latest nightly versions of some tools available.
BackBox is a penetration test and security assessment oriented Ubuntu-based Linux distribution providing a network and informatic systems analysis toolkit. It includes a complete set of tools required for ethical hacking and security testing.
Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security.
Besides the Linux distributions designed for general-purpose use on desktops and servers, distributions may be specialized for different purposes including computer architecture support, embedded systems, stability, security, localization to a specific region or language, targeting of specific user groups, support for real-time applications, or commitment to a given desktop environment. Furthermore, some distributions deliberately include only free software. As of 2015, over four hundred Linux distributions are actively developed, with about a dozen distributions being most popular for general-purpose use.
Parrot OS is a Linux distribution based on Debian with a focus on security, privacy, and development.
Offensive Security is an American international company working in information security, penetration testing and digital forensics. Operating from around 2007, the company created open source projects, advanced security courses, ExploitDB and the Kali Linux distribution. The company was started by Mati Aharoni, and employs security professionals with experience in security penetration testing and system security evaluation. The company has provided security counseling and training to many technology companies.
Kali NetHunter is a free and open-source mobile penetration testing platform for Android devices, based on Kali Linux. Kali NetHunter is available for un-rooted devices, for rooted devices that have a standard recovery, and for rooted devices with custom recovery for which a NetHunter specific kernel is available (NetHunter). Official images are published by Offensive Security on their download page and are updated every quarter. NetHunter images with custom kernels are published for the most popular supported devices, such as Google Nexus, Samsung Galaxy and OnePlus. Many more models are supported, and images not published by Offensive Security can be generated using NetHunter build scripts. Kali NetHunter is maintained by a community of volunteers, and is funded by Offensive Security.
BlackArch is a penetration testing distribution based on Arch Linux that provides a large amount of cyber security tools. It is an open-source distro created specially for penetration testers and security researchers. The repository contains more than 2700 tools that can be installed individually or in groups. BlackArch Linux is compatible with existing Arch Linux installs.