List of tools to be used during assessment

There are tons of tools available for performing various tasks throughout the penetration testing lifecycle. However, the following is a list of tools that are most commonly used during a penetration test:

Sr. no Penetration testing phase Tools
1 Information gathering SPARTA, NMAP, Dmitry, Shodan, Maltego, theHarvester, Recon-ng
2 Enumeration NMAP, Unicornscan
3 Vulnerability assessment OpenVAS, NExpose, Nessus
4 Gaining access

Metasploit, Backdoor-factory, John The Ripper, Hydra

5 Privilege escalation Metasploit
6 Covering tracks Metasploit
7 Web application security testing Nikto, w3af, Burp Suite, ZAP Proxy, SQLmap
8 Reporting KeepNote, Dradis