Pentesting tools

This page lists tools Fluid Attacks’ pentesters may use. Expert security analysts leverage automation enabled by tools to maximize their security testing speed.

Aircrack-ng : A suite of tools to assess WiFi network security, including tools for capturing packets and cracking encryption keys.
AltServer : A companion application that allows AltStore to sideload apps onto IOs devices.
Amass : Known as the OWASP Amass Project, it uses open-source information gathering and active reconnaissance techniques to perform network mapping of attack surfaces and external asset discovery.
Android Studio : The official IDE for the development of Android apps.
APKLab : A set of scripts and tools to perform reverse engineering on Android applications from VS Code.
Apktool : A tool for reverse engineering Android APK files.
AWS CLI : A unified tool for managing AWS services.
BeEF : The Browser Exploitation Framework, a penetration testing tool to assess the security posture of web browsers.
bettercap : A versatile network hacking tool written in Go that simplifies reconnaissance in, and attacks against, WiFi networks, Bluetooth Low Energy devices, wireless HID devices, and IPv4/IPv6 networks
BloodHound : A tool that reveals the hidden relationships within an Active Directory or Azure environment, allowing for the quick identification of highly complex attack paths.
Burp Suite Professional : A toolkit to automate, find and assist web vulnerability discovery and exploitation.
Checkra1n : A jailbreaking tool for iOS devices based on the checkm8 BootROM exploit.
Ciphey : An automated decryption tool that uses artificial intelligence to identify encryption types and deliver the plaintext.
Covenant : A .NET command and control framework for red teamers.
CrackMapExec : A post-exploitation tool that helps automate assessing the security of large Active Directory networks.
Dbeaver : A multi-platform tool for database management.
dnSpy : A tool to debug and edit .NET and Unity assemblies even when no source code is available.
DNSRecon : A Python script to perform DNS attacks, including Zone transfers, DNS records enumeration, TLD expansion, and Wildcard resolution, among other techniques.
enumerate-iam : A program to attempt the discovery of all API calls allowed by an IAM policy via brute force (this is done without risk of destruction, as only get* and list* calls are performed).
ffuf : A tool for quick web fuzzing written in Go.
Fiddler : A proxy tool for web debugging available for Windows, macOS, and Linux.
Frida : A dynamic instrumentation toolkit to intercept and debug closed-source or locked-down software.
GDB-PEDA : A tool offering Python exploit development assistance for GNU Debugger (GDB).
Ghidra : A suite of tools developed by the National Security Agency (NSA) Research Directorate for software reverse engineering (SRE).
Gitleaks : An open-source SAST tool for detecting secrets and sensitive data in Git repositories.
hashcat : A fast, efficient, and versatile hacking tool that assists in offline brute-force attacks.
hashID : A tool that identifies the type of hash used to encrypt data.
Hydra : A proof-of-concept code for researchers and security consultants to demonstrate how easy it could be to gain unauthorized access to a system remotely.
Hopper : A reverse engineering tool for disassembling, decompiling, and debugging applications.
HTTP Toolkit : An open-source toolkit for debugging, testing, and building with HTTP(S) on Windows, Linux, and macOS (useful for intercepting, inspecting, and rewriting HTTP(S) traffic).
Interactsh : An open-source tool for the detection of vulnerabilities that cause out-of-band (OOB) interactions.
jadx : Command-line and GUI tools for decompiling Android Dex and APK files to Java source code.
JMeter : An open-source software application in Java to load test functional behavior and measure performance.
John the Ripper : A password security auditing and recovery tool.
Magisk : A suite of open-source software for customizing Android versions later than the 6.0 release.
Magisk Modules : These provide a simple way to apply system-level mods to devices without manually changing system files.
Metasploit : A framework to help launch and develop exploits and perform offensive tasks.
mimikatz : A program to extract passwords, hashes, PINs, and Kerberos tickets from memory in Windows x32/x64.
mitmproxy : A free and open-source intercepting HTTPS proxy.
MobSF : The Mobile Security Framework, a tool for pentesting, malware analysis and security assessment of Android, iOS and Windows (it supports both static and dynamic analysis).
ngrok : A cross-platform application to expose local server ports to the Internet.
Nmap : A tool for network discovery and security auditing.
Objection : A runtime mobile exploration toolkit that allows assessing the security posture of mobile apps, without needing a jailbreak.
OpenVAS : The Open Vulnerability Assessment Scanner, a security testing tool whose capabilities include unauthenticated and authenticated testing.
OWASP ZAP : Zed Attack Proxy, a “man-in-the-middle proxy” that sits between the browser and the web application to intercept and inspect messages, modify the contents, and forward those packets to the destination (available for use as a standalone application and a daemon process).
Pacu framework : An open source AWS Exploitation Framework designed to aid in exfiltration, enumeration, lateral movement, escalation, persistence, exploitation, and evasion.
Postman : An API platform for building and using APIs.
Pwndbg : A plugin for GDB that focuses on enhancing features needed by low-level software developers, hardware hackers, reverse-engineers, and exploit developers for debugging.
reFlutter : A framework that helps with reverse engineering of apps created in Flutter. Among its features are the usage of the patched version of the Flutter library already compiled and ready for app repacking, and a modified snapshot deserialization process to allow performing dynamic analysis.
Rubeus : A C# toolset useful for raw Kerberos interaction and abuses.
SoapUI : A testing tool for SOAP and REST APIs.
sqlmap : A tool to automate SQL injection and database takeover.
TruffleHog : A tool for uncovering high entropy strings and secrets in Git history.
Uber Apk Signer : A command-line tool that simplifies the process of signing, zip aligning, and verifying Android application packages (APKs) using either debug or provided release certificates.
Vega : A web application security scanner and platform that helps detect vulnerabilities conducive to SQLi, XSS, etc.
Wireshark : An open-source tool designed to analyze network traffic in real time and intercept it, as well as detect security issues in networks.
x64dbg : An open-source, highly extensible debugger for Windows that supports both 32-bit and 64-bit programs.
WinDbg : The Windows default debugger, which Fluid Attacks uses for kernel debugging.
WPScan : A black-box vulnerability scanner that helps identify security weaknesses in WordPress websites.