Penetration testing tools, which check for malicious codes and security loopholes in applications, databases or systems, are some of the most important tools in the security professional's arsenal. Open source pentest tools are especially popular because they are free or inexpensive and offer security pros far more flexibility than they will find in most proprietary tools.

  • 10 Open Source Pentest Tools

    Security pros rely heavily on pentest tools. Here are 10 useful ones and, bonus, they are open source.

    OWASP ZAP. Sometimes malicious codes are embedded in a Web application. OWASP ZAP (Zed Attack Proxy) can help a system administrator find them. OWASP ZAP lets an admin choose between automated and manual scanning. When starting the session for the first time, he will be asked whether he wants the session to be persisted. Windows and Linux versions require Java 7 (JRE 1.7.0) to run, while the Mac OS version includes Java 7.
  • Zenmap

    Zenmap. Command prompts like those used in Nmap are processed sequentially. This makes it more difficult for the administrator to track which commands were erroneously entered in previous steps. To make Nmap easier to use, the free open source application Zenmap is available as the multi-platform Nmap with a GUI interface. The admin can save frequently used scans as profiles that can be compared at different points of time. With Command Wizard, the administrator can interactively create and fix a set of Nmap command lines right on the spot. The latest version of Nmap offers some significant improvements.
  • Scapy

    Scapy. Many pentest tools are built for specific tasks. To gain greater flexibility of manipulating packets that the tools can't handle, a Python-savvy system administrator should consider Scapy. The administrator can interactively decode and inject packets and get answers. She can import the Scapy module inside a Python program. While open source pentest tool Scapy runs natively on Linux, it can be installed on Debian, Ubuntu, Fedora, MAC OX, OpenBSD and Windows. Optional packages include plotting, 3D graphics, WEP encryption and Web application fingerprinting.
  • BeEF

    BeEF. Assessments include a Web browser (on mobile or desktop) that could be used as an open door to attacks against the system. BeEF (Browser Exploitation Framework), a GUI-based open source pentest tool, skips the hardened network perimeter and examines how hackers could use the Web browser to exploit vulnerabilities. It can hook one or more Web browsers and use them as beachheads for launching further attacks against the system. It works with Ubuntu, Apple Mac OS X, Microsoft Windows and other platforms and requires Ruby and SQLite.
  • Firefox addons

    Firefox addons. Most system administrators favor the popular open source browser Firefox for their pentest Web browsing activities. Addons are easy to install. To save searching time, Mozilla has compiled a menu of 30 addons. A few good ones: Hackbar does what it says - hacking with SQL injection and XSS attacks in the address bar. ViewStatePeeker looks at the ASP.Net viewstate. Firebug tracks rogue Javacode code on servers.
  • sqlmap

    sqlmap. Clever attackers use SQL injections to take over a database server. To find out how they could do it, get sqlmap. This open source pentest tool with a command-line interface makes it easy to detect and exploit SQL injection flaws in Windows and Unix/Linux systems. It comes with boolean-based blind, time-based blind, stacked queries, out-of-band and other injection techniques. The open source pentest tool supports Oracle, IBM DB2, MS SQL Server, MS Access, Firebird, SAP MaxDB and HSQLDB. Informix and Ingres will be added later on. To embed sqlmap technology (written in Python) into proprietary software, alternate licenses are needed.
  • Social-Engineer Toolkit (SET)

    Social-Engineer Toolkit (SET). Computer-savvy social engineers take advantage of their skills to attack the system and steal information. Social engineers are not just hackers. They also include spies, identity thieves, disgruntled employees, information brokers, scam artists, executive recruiters and sales people. The SET is one way of finding out how they can get in. This open source toolkit has a command-line interface and works with Linux. It lets the system administrator use phishing, or elicitation, to coax unsuspecting employees to provide passwords or system access privileges.
  • Kali Linux NetHunter

    Kali Linux NetHunter. A system administrator does not always sit in front of his console. Assessments may require him to perform pentests while on the go. The Kali Linux NetHunter, a free open source pentest tool for Android, makes this possible on a Nexus mobile phone, mini-tablet or tablet. NetHunter lets the system administrator perform Wireless 802.11 frame injection, setup MANA Evil Access Point with one click and run USB HID (Human Interface Device) Keyboard attacks. The admin can run BadUSB MITM (man-in-the-middle) attacks, plug in NetHunter to a victim PC and get traffic relayed through it. He can define RF (radio frequency) hacks with NetHunter's supported Software Define Radio.
  • Wireshark

    Wireshark. Sometimes system administrators want to capture microscopic details about network protocols and packets. This is made possible with the free open source version of Wireshark, a network protocol analyzer that comes with free sample captures. It lets the administrator see what's going on in wired and wireless networks. Captured network data can be viewed through a GUI, or via the TTY-mode TShark utility on Windows, Linux, Mac OS X, Solaris, FreeBSD and other platforms. It reads and writes in many capture file formats, including tcpdump (libpcap), Catapult DCT2000 and Cisco Secure IDS iplog. Capture results can be exported into different formats. Wireshark's latest version features five big improvements.
  • wa3f

    wa3f. It is a good idea to use another open source pentest tool to perform SQL injections and cross-site scripting, to see how results of two or more similar tools will compare. With w3af, the system administrator can choose between command-line and GUI interfaces on Linux, Mac OS X, FreeBSD or OpenBSD. w3af's long name, Web Application Attack and Audit Framework, does what it says. The open source pentest tool takes a URL as input, returns one or more injection points, identifies vulnerabilities of those points and exploits them. For quick installation, the system administrator should use Docker.