Penetration testing is the process of testing a computer system, network or web application for vulnerabilities. A Penetration Tester uses security tools to help identify security vulnerabilities in a
Short for Network Mapping, this is an open source tool that is used for network exploration as well as security auditing. It is used to scan anything from a single host to a large network. It can give plenty of very important information such as open ports, services running on those ports, service versions, the Operating system, etc.
Wireshark is a tool that can be used to visuallize network protocols and see packets that are being sent around the network. It creates network captures that gather packets and the information they are holding. Packets are able to be inspected and broken down all the way to their hex code.
The Burp Suite is a set of tools that are used for penetration testing of web applications. Similar to Metasploit, there are many, many different modules and tools in this tool kit which can be explored in the manual.
Nessus is a tool that is used to create security scans and discovers vulnerabilities. It is also largely adaptable and allows for the addition of multiple premade modules, or custom made scripts. It is also open source allowing for free use of the tool for anyone.
Hydra is a tool used for brute forcing password cracking. Hydra uses many different protocols and methods in order to do this brute forcing. Depending on what specifics are provided about the username/password, the scan can range from about a minute to a multiple-day long scan.
Short for Directory Buster, this tool does exactly as it says, it brute forces web and application servers in order to map the directories and files. This provides useful information to whoever is penetration testing the application.