Category:Penetration Testing Tools

Jump to: navigation, search
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.

Penetration Testing Tools

Information Gathering Tools

  • Fingerprinting
Name Owner Licence Platforms
httprint NetSquare Inc no cost for personal, educational and non-commercial use. Win, Lin, Mac, FreeBSD

httprecon Marc Ruef GPL Win

Netcraft Netcraft Inc N/A WebBased

WebRecon Aung Khant GPL WebBased

Configuration Management Testing Tools

  • SSL Testing
Name Owner Licence Platforms
OpenSSL OpenSSL Software Foundation Apache-style license Win, Lin, Mac, FreeBSD

SSL Digger Intel Corporation McAfee Software royalty-Free License Win, Windows .NET Framework
  • DB Listener Testing
Name Owner Licence Platforms
TNS Listener

Toad Dell Inc.

Authentication Testing Tools

  • Password Brute Force Testing
Name Owner Licence Platforms
Burp Intruder


Cain & Abel oxid Freeware Windows

John the Ripper


THC Hydra The Hacker's Choise Lin

Session Management Testing Tools

Name Owner Licence Platforms

Authorization Testing Tools

Data Validation Testing Tools

  • Fuzzers
  • SQL Injection Testing
  • XSS Testing
  • Buffer Overflow Testing
Name Owner Licence Platforms
Skipfish N/A Apache Linux

w3af NA GPL v2 Python required (cross platform)

Denial of Service Testing Tools

Web Services Testing Tools

Ajax Testing Tools

HTTP Traffic Monitoring

  • Web Proxies
Name Owner Licence Platforms
Burp Suite

Paros Proxy



Tamper Data


Suru Web Proxy



JS Commander

  • Sniffers

Encoders / Decoders

  • CAPTCHA Decoders
Name Owner Licence Platforms

The Captcha Breaker

Web Testing Frameworks

Name Owner Licence Platforms
w3af Andres Riancho and w3af team GPLv2 Windows, Linux

Websecurify GNUCITIZEN / Websecurify GPLv2 Windows, Mac OS, Linux

ZeroDayScan Free Online, Cloud

This category currently contains no pages or media.