Introducing Cosmos

Named Leader of the GigaOm Radar for the third year in a row!

Cosmos Overview

Meet Cosmos: The continuous offensive security solution designed to provide proactive defense.

Cosmos Attack Surface Management

Get Cosmos Attack Surface Management (CASM) for unmatched visibility into your changing external attack surface with continuous discovery and mapping.

Cosmos Application Penetration Testing

Cosmos Application Penetration Testing (CAPT) strengthens the security of business-critical applications with in-depth assessments.

Cosmos External Penetration Testing

Cosmos External Penetration Testing (CEPT) builds on Cosmos Attack Surface Management to provide the highest level of attack surface protection with post-exploitation activities.

The Best Defense is a Great Offense

See Why We're the Leaders in Offensive Security

Explore Services

Application Security

Ensure your applications are secure and improve your DevSecOps practices.

Red Team & Readiness

Get a holistic view of your ability to defend against a real-world attack.

IoT & Product Security

Validate interconnected devices and products are secure against attackers.

Assess cloud security posture with expert testing and analysis of your environment.

Network Security

Get insight into how skilled adversaries could establish network access and put sensitive systems and data at risk.

AI/ML Security Assessment

Fortify the security of rapidly evolving AI/ML applications, models, and supporting infrastructures.

Compliance, Regulations, & Frameworks

Satisfy governance, risk, and compliance programs with our testing services.

Assessments for Our Partners

We're proud to work with Google, Facebook, and Amazon to increase security in their partner ecosystems.

A Ponemon Institute Report

The State of Offensive Security

Get the blueprint. Insights into how mature security organizations invest in offensive strategies.

Resource Center

Discover new offensive security resources, ranging from reports and eBooks to slide decks from speaking gigs.

Bulletins & Advisories

Explore the latest security bulletins and advisories released by our team.

Exploit for Fortinet CVE-2022-42475
Latest
View All

Dive into our blog for insights and perspectives from our offensive security experts.

Bishop Fox Labs

Learn more about our research and some of the most popular open-source security tools. Check them out here!

Why Partner with Us?

Join Forces with the Leaders in Offensive Security

Independent Assessment by TAG Cyber

Partner Program Overview

Learn about our partner programs and see how we can work together to provide best-in-class security offerings.

Check out our awesome ecosystem of trusted partners to find the right solution for your needs.

Become a Partner

Explore partnership opportunities and apply to join forces with Bishop Fox.

Assessments for Our Partners

We're proud to work with Google, Facebook, and Amazon to increase the security of their partner ecosystems.

We're Hiring!

Want to Work with the Best Minds in Offensive Security?

Be part of an elite team and work on projects that have a real impact.

Explore Openings

Company Overview

Get to know us. Learn about our roots and see why we're on a mission to improve security for all.

Join us at an upcoming event or peruse our speaking engagements, past and present.

Read the latest articles, announcements, and press releases from Bishop Fox.

Want to get in touch? We're ready to connect.

Career Opportunities

We're hiring! Explore our open positions and discover why the Fox Den is a great place to build your career.

Intern & Educational Programs

Starting your offensive security journey? Check out our internships and educational programs.

Bishop Fox Mexico

¡Celebramos! Bishop Fox is now in Mexico. Learn more about our expansion.

8 Network Pen Testing Tools for Your Hacker Arsenal

By: Britt Kemp, Community Manager

Share

After sharing our favorite fuzzers and cloud pen testing tools, we thought it was about time we explored some of our picks for top network penetration testing tools (and besides, a few of you requested it!) So, let’s get on with it; below are eight of our favorite tools to lean on when conducting network pen tests.

#1 Nmap: Discovering Networks and Auditing Security

Creator: Gordon Fyodor Lyon

Why We Like It: The most fitting way to kick off is with arguably the most valuable of all network pen testing tools: Nmap AKA Network Mapper, this is an extremely flexible pen testing tool that can be used to scan both large and small networks on a wide range of operating systems. Nmap is versatile and easy to use, and provides a quick, simple way to uncover information.

Go to the Tool >>

#2 Pompem: Finding Exploits and Vulnerabilities

Creator: Rafael Francischini

Why We Like It: Because Pompem was developed in Python, it can perform advanced searches in a variety of databases. It helps to alleviate the more manual work that pen testers and ethical hackers do to find vulnerabilities and exploits in their respective databases, saving time and energy.

Go to the Tool >>

#3 NP: Combining Different Pen Testing Tools

Creator: Liam Somerville

Why We Like It: This open-source tool makes it easy to summarize and query the output of multiple different port scanners so you can spend more time hacking and less time grepping. And as a bonus – the creator is one of Bishop Fox’s own!

Go to the Tool >>

#4 Arp-Scan: Scanning for IP Hosts

Creator: Roy Hills

Why We Like It: Arp-Scan is a command line tool that makes discovering and detecting the characteristics of IP hosts much more accessible. The main benefits of using Arp-Scan according to the Kali Team include discovery of all IPV4 connected devices, its quick identification and mapping of IP addresses to MAC addresses, identification of duplicate IP addresses, isolation and location of rogue devices, and device identification by NIC vendor. Additionally, Arp-Scan works well in tandem with the other tools that the Kali Team has created, like Arpwatch.

Go to the Tool >>

#5 Wifite2: Auditing Encrypted Wireless Networks

Creator: derv82

Why We Like It: This tool is a rewrite of the network pen testing tool Wifite. Use Wifite2 to retrieve a router’s password via several different methods, such as by way of Offline Pixie-Dust attacks or the Online Brute-Force PIN attacks. Compared to the (slightly) older Wifite, this iteration offers less bugs, better speed, and increased accuracy.

Go to the Tool >>

#6 Aireplay-ng and Aircrack-ng: Leveraging This Tool Duo

Creators: Aireplay-ng / Aircrack-ng

Why We Like It: These wireless network pen testing tools go together like two peas in a pod. The aireplay tool works to generate traffic that the aircrack tool can later use to discover any network insecurities as well as to craft APR injections.

Go to the Tools >>

#7 Evilgophish: Building Upon Previous Resources

Creator: Dylan Evans

Creators of Previous Resources: Kuba Gretzky and Jordan Wright

Why We Like It: Dylan Evans had the spectacular idea to combine the best of both worlds in Evilgophish. Evilginx is a tool by Kuba Gretzky and GoPhish is a toolkit currently maintained by Jordan Wright (equally amazing tools in their own right). Both tools serve different and highly useful purposes; Evilginx is a proxy man-in-the-middle framework that can be used to circumvent 2FA. Meanwhile, GoPhish is a popular open-source social engineering framework. When they are together as Evilgophish, you can truly elevate your red teaming or pen testing engagements! Unlike the OG GoPhish, Evilgophish has SMS phishing capabilities and comes with a blacklist that contains IP addresses/blocks owned by the likes of ProofPoint, Microsoft, and Trend Micro.

Go to the Tool >>

#8 CloudFox: Automating the Enumeration Process for Cloud Pen Tests

Creators: Seth Art and Carlos Vendramini

Why We Like It: This tool straight from the Fox Den – inspired by existing tools like PowerView – helps hackers find attack paths in cloud environments that would otherwise be difficult to navigate. We love that this tool provides a different service than other popular tools that analyze cloud environments. Watch the creators themselves demo CloudFox in our Tool Talk recording from September 2022!

Go to the Tool >>

What Are Your Favorites? We Want to Know!

Tell us on Discord or at Mastodon which network pen testing tools you personally can’t live without that didn’t make this particular list. And make sure to check out our annual year-end recap blog covering our favorite tools of 2022!

Special thanks to our Discord server and Marketing intern Jane Acuff for the help with this blog post!

Subscribe to Bishop Fox's Security Blog

Be first to learn about latest tools, advisories, and findings.

Recommended Posts

You might be interested in these related posts.

Apr 02, 2024

Technology and Software: 2023 Insights From the Ponemon Institute

Apr 01, 2024

Practical Measures for AI and LLM Security: Securing the Future for Enterprises

Mar 12, 2024

Implementing the FDA's 2023 Requirements for Medical Device Cybersecurity

Feb 28, 2024

Unlocking Job Opportunities with LinkedIn and Artificial Intelligence

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.