This is a list of available software and hardware tools that are designed for or are particularly suited to various kinds of
security assessment and
security testing
Security testing is a process intended to reveal flaws in the security mechanisms of an information system that protect data and maintain functionality as intended. Due to the logical limitations of security testing, passing the security testing ...
.
Operating systems and tool suites
Several operating systems and tool suites provide bundles of tools useful for various types of security assessment.
Operating system distributions
*
Kali Linux
Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security.
Kali Linux has around 600 penetration-testing programs (tools), including Armitage (a gr ...
(formerly
BackTrack
BackTrack was a Linux distribution that focused on security, based on the Knoppix Linux distribution aimed at digital forensics and penetration testing use. In March 2013, the Offensive Security team rebuilt BackTrack around the Debian distribut ...
), a penetration-test-focused
Linux distribution
A Linux distribution (often abbreviated as distro) is an operating system made from a software collection that includes the Linux kernel and, often, a package management system. Linux users usually obtain their operating system by downloading one ...
based on
Debian
Debian (), also known as Debian GNU/Linux, is a Linux distribution composed of free and open-source software, developed by the community-supported Debian Project, which was established by Ian Murdock on August 16, 1993. The first version of D ...
*
Pentoo, a penetration-test-focused
Linux distribution
A Linux distribution (often abbreviated as distro) is an operating system made from a software collection that includes the Linux kernel and, often, a package management system. Linux users usually obtain their operating system by downloading one ...
based on
Gentoo
*
ParrotOS, a Linux distro focused on penetration testing, forensics, and online anonymity.
Tools
{, class="wikitable"
!Tool
!Vendor
!Type
!License
!Tasks
!Commercial status
, -
,
Aircrack-ng
Aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs. It works with any wireless network interface controller whose driver supports raw monito ...
,
,
,
GPL
The GNU General Public License (GNU GPL or simply GPL) is a series of widely used free software licenses that guarantee end users the four freedoms to run, study, share, and modify the software. The license was the first copyleft for general u ...
,
Packet sniffer
A packet analyzer, also known as packet sniffer, protocol analyzer, or network analyzer, is a computer program or computer hardware such as a packet capture appliance, that can intercept and log traffic that passes over a computer network or p ...
and
injector
An injector is a system of ducting and nozzles used to direct the flow of a high-pressure fluid in such a way that a lower pressure fluid is entrained in the jet and carried through a duct to a region of higher pressure. It is a fluid-dynamic ...
; WEP encryption key recovery
, Free
, -
,
Metasploit
The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7.
It ...
,
Rapid7
The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7.
It ...
, application, framework
,
EULA
An end-user license agreement or EULA () is a legal contract between a software supplier and a customer or end-user, generally made available to the customer via a retailer acting as an intermediary. A EULA specifies in detail the rights and restr ...
, Vulnerability scanning, vulnerability development
, Multiple editions with various licensing terms, including one free-of-charge.
, -
,
Nessus
, ,
Tenable Network Security
Tenable, Inc. is a cybersecurity company based in Columbia, Maryland. It is known as the creator of the vulnerability scanning software Nessus.
History
Tenable was founded in 2002 as Tenable Network Security, Inc. The original co-founders of ...
,
,