I am often asked what tools I use during my pentesting, so I decided to share a list of the eight tools that I use every pentest. You might be surprised what is listed, since most of them aren’t mentioned often when discussing hacker tools.

So, in no certain order, the eight tools I use in every pentest are…

  1. Netcat
  2. OpenSSL
  3. Nmap
  4. Ettercap
  5. Tcpdump
  6. Burp suite
  7. Nikto
  8. OpenVAS

To give reason to this list, let’s start with netcat and openSSL – these two tools are used to verify banners from vulnerability scans, as well as trying to identify unknown protocols. Pretty straight forward, but essential tasks.

I primarily use Nmap as a vulnerability scanner, not just to identify targets. The “-A” option is a must-use flag that adds additional depth to output from better-known vulnerability scanners, like openVAS (also on my list – seems to be more up-to-date than some of the others… plus I’m a firm believer in open source projects; they have propelled this industry farther along than any commercial software ever has).

I also use nikto and Burp Suite to find things missed. I cannot count how many times Burp Suite saved my butt during a pentest – the one commercial product I buy with my own money.

That leaves ettercap and tcpdump, which only belong in the list when conducting internal pentests. If you aren’t conducting ARP spoofing attacks, you aren’t doing an in-depth pentest. Soooo much traffic crosses the wire that it’s inevitable to capture sensitive data.

Naturally, there are some tools that I use most of the time (e.g. Metasploit, JTR, medusa, etc.), but not every time… hence the exclusion from the list.

Now that I listed my top eight, I have to say I’m stuck in my ways, and there are probably tools I’m ignoring. Let me know what you think should be added to this list of must-use hacker tools. I may be old, but I can still learn new tricks.

About the Author

One Response to 8 “hacker” tools I use in every pentest
  1. Thanks for the list! Im curious though, if your not using your password/vuln attack apps “every time”, does that mean that you run into a fair amount of “non Intrusive” pen-tests?

    Thanks for the list again! Going to have to spend the dough on Burp Suite. Out of all the tools we’ve used in the Dojo, this seems to be one of the most important that you’ve suggest all of us purchase!

    Enjoying the Blog!


Comments are closed.