Pentest - Exploitation tools
Below some tools you can use for exploitation while performing a penetration test:
acccheck: SMB brute forcer (login/password)
Aircrack: a suite of tools for 802.11a/b/g WEP and WPA cracking
Armitage: GUI front-end for the Metasploit Framework
backdoor-factory: patch win32/64 binaries with shellcode
BBQSQL: SQL injection tools highly customizable
BeEF: Browser Exploitation Framework, penetration testing tool that focuses on the web browser
Burp Suite: an integrated platform for performing security testing of web applications
cookie-cadger: catch web session on the network and reuse them to steal the session on a new browser
copy/merge-router-config: copy/merge config files from cisco router running snmp
CutyCapt: perform web site screenshots
DAVTest: webdav exploitation tool
DBPwAudit: java tool to perform db brute force
DotDotPwn: perform traversal directory detection
dsniff: a collection of tools for network auditing and penetration testing (arpspoof, dnsspoof, dsniff, filesnarf,macof, mailsnarf, msgsnarf, urlsnarf, webspy)
Evilgrade: a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates
Ghost Phisher: emulate wifi access points, http server, mitm, phishing
hexorbase: database administration and brute force
Hydra: a very fast network logon cracker which support many different services
jboss-autopwn: remote command execution script for jboss server
John the Ripper: a fast password cracker
jsql: database administration and sql injection
Linux Exploit Suggester: returns a suggestive list of possible exploits of a Linux operating systems release version
macchanger: an utility to manipulate MAC addresses
MDK3: is a proof-of-concept tool to exploit common IEEE 802.11 protocol weaknesses (ie. wifi)
Medusa: a speedy, massively parallel, modular, login brute-forcer
Metasploit: “world’s most used penetration testing software”
Ncrack: a high-speed network authentication cracking tool
Origami: a Ruby framework designed to parse, analyze, and forge PDF documents
PDFtk: PDF Tookit
Powerfuzzer: web fuzzer
Reaver: brute force attack against Wifi
SET: Social Engineering Toolkit
sfuzz: another fuzzer
ShellNoob: shellcode writing toolkit
sqlmap: automatic SQL injection and database takeover tool
Sqlninja: sql injection automation for Microsoft SQL Server
sqlsus: sql injection automation for MySQL
SSLScan: fast SSL/TLS scanner
Teensy USB: an USB-based microcontroller development system
twofi: create wordlist based on search term on twitter
w3af: a web application attack and audit framework
WebScarab: a framework for analysing applications that communicate using the HTTP and HTTPS protocols
Wfuzz: awesome web brute forcer
Wireshark: a network analysis tool formerly known as Ethereal
WPScan: Wordpress vulnerability scanner
XSSer: xss exploitation tools
Zed Attack Proxy: an easy to use integrated penetration testing tool for finding vulnerabilities in web applications
to be continued…