The Top 20 Penetration Testing Tools, Part 2

In this article, we continue with the theme of examining the top 20 penetration testing tools that are available today. In our last installment, we covered the first five. Now let’s move on, beginning with number six:

6) Nagios

AppSec/API Security 2022

This is a penetration testing tool which can be used to check for the security vulnerabilities and weaknesses across an entire network infrastructure. This includes the following:

  • All network paths of communication
  • All endpoints
  • All servers
  • All of the network security devices (this includes routers, hubs, switches, firewalls, network intrusion devices and so forth)
  • All of the software applications which make use of the network infrastructure
  • All data-related network links
  • Any associated network-based nodes

It is cross-compatible with both Linux and Windows operating systems. As an open-source platform, it’s free, and can be downloaded

7) Aircrack-ng

This is a pentesting tool that is primarily used for testing WiFi-based network security. In this aspect, it focuses upon three key areas:

  • Network Monitoring: It can capture and quickly analyze data packets in real time
  • Network Attacking: The suite of tools can be used for conducting replay attacks, deauthentication, examining fake wireless access points and data packet injection
  • Network Cracking: It can also be used for testing WEP, WPA and PSK network-based protocols

It works across all open source OS platforms (FreeBSD, OpenBSD, NetBSD and Linux) as well as Windows and OS X. It can be downloaded here.

8) Wifiphisher

This is a pentesting tool used primarily in testing for rogue wireless access points in a WiFi-based network. Its key feature is that it can be used to launch “ethical” phishing attacks, which can identify many hidden security holes in the IT infrastructure of any business or corporation. Examples of these include login credential harvesting and determining other weak points which a (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Ravi Das (writer/revisions editor). Read the original post at: