Our Favorite Pen Testing Tools: 2024 Edition

Purple toolbox with teal tools and title of blog post.

Share

It's time for another hacking tool roundup! We’ve polled our team of experts to bring you the most powerful and innovative penetration testing tools. With so many different options to choose from, we thought it would be helpful to share some of our favorite go-to’s. Whether you're focused on networks, cloud, APIs, or LLMs, we've got you covered.

For those looking to get more hands-on training, we have included something for you at the end. Check it out!

COMMUNITY-SOURCED TOOLS:

#1 Certipy

    Creator: Oliver Lyak (@ly4k)

    “An offensive tool for enumerating and abusing Active Directory Certificate Services (AD CS).”

    Why We Like It: This tool is designed to help you better access the security posture of your Active Directory Certificate Services environments. With Certipy, you can identify vulnerable certificate templates that can be used to obtain sensitive information or elevate AD domain. Certipy can extract credentials, perform shadow credentials attack, and create Golden Tickets for high-level privileges to any user in the domain.

    #2 Freeway

      Creator: FLOCK4H

      “A Python scapy-based tool for WiFi penetration that aims to help ethical hackers and pentesters develop their skills and knowledge in auditing and securing home or enterprise networks.

      Why We Like It: Freeway has a user-friendly command-line interface (CLI) that makes it accessible to new and experienced users alike. Freeway features various attack, sniffing, and auditing techniques to help you improve your skills.

      #3 BloodHound

        Creator: Andy Robbins, Rohan Vazarkar, and Will Shroeder (@_wald0, @CptJesus, and @harmj0y)

        “A single-page Javascript web application that uses graph theory to reveal the hidden and often unintended relationships within an Active Directory or Azure environment.”

        Why We Like It: BloodHound is specifically designed to visualize and analyze Active Directory or Azure environments. It maps the relationships providing a clear picture of potential attack paths that could be exploited. If you are looking for an open-source tool that gives you the ability to identify weakness and see an attacker’s potential movements in the instance of a breach, BloodHound is a great tool to consider.

        #4 Impacket

          Creator: SecureAuth

          “A collection of Python classes for working with network protocols.”

          Why We Like It: A powerful Python library with a wide range of capabilities for security professionals and pen testers (though threat actors are also utilizing it). Impacket provides implementations of various Windows network protocols, allowing true versatility with Windows system. Some of the main use cases include password cracking, privilege escalation, lateral movement once in the network, and credential extraction from memory. Impacket has a strong community of users and developers, so you can get support and resources as you use it.

          #5 Paramalyzer

            Creator: PortSwigger

            “A Burp Suite extension that improves efficiency of manual parameter analysis for web penetration tests of either complex or numerous applications.”

            Why We Like It: Paramalyzer is your propellant when doing manual web application analysis. Paramalyzer helps you analyze the baseline application inputs from your proxy history and can identify sensitive data, hash algorithms, and decoding parameters.

            #6 Hackvertor

              Creator: Gareth Heyes (@hackvertor)

              “A tag-based conversion tool written in Java implemented as a Burp Suite extension.”

              Why We Like It: Another Burp Suite extension, Hackvertor is a great tool for automated testing to identify potential vulnerabilities, including SQL injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), vulnerability scanning for exploits and known vulnerabilities, and custom testing to target specific vulnerabilities. It’s an easy-to-use yet powerful tool, pretty flexible for creating custom tests, and provides some solid automation.

              #7 Response-Overview

                Creator: Tobias "Floyd" Ospelt (@floyd_ch)

                “A tag-based conversion tool written in Java, implemented as a Burp Suite extension.”

                Why We Like It: Response-Overview gives you, as the name implies, a detailed overview of your security posture. It allows you to identify vulnerabilities, understand the potential impact including data loss and disruption, and prioritize remediation based on severity with guidance. The comprehensive overview is one of the greatest call outs for this tool.

                BISHOP FOX TOOLS:

                Not to toot our own horn, but the following are Bishop Fox tools that will help you test and improve your security posture. From tools that tests your cloud environment and APIs to LLMs, we have a range of new options for you to use..

                #1 CloudFox

                  Creator: Bishop Fox – Seth Art, Carlos Vendramini, and David Bravo

                  “A command line tool created to help penetration testers and other offensive security professionals find exploitable attack paths in cloud infrastructure.”

                  CloudFox is a go-to tool for pen testers assessing cloud environments and it does so in an efficient and effective way. It automates many of the tasks involved such as enumeration and credential harvesting, allowing pen testers to focus on the more complicated aspects of their assessment. CloudFox is versatile and integrates with major cloud platforms like AWS, Azure, and GCP. Don’t take it from us, ask the strong community of active users contributing to the development.

                  #2 Broken Hill

                    Creator: Bishop Fox – Ben Lincoln

                    “A productionized Greedy Coordinate Gradient (GCG) attack tool for use against large language models (LLMs).”

                    This tool will help you understand and reduce adversarial attacks on LLMs and improve the robustness of AI models against real-world threats. Dare we say, it’s one of the first of its kind.

                    #3 Swagger Jacker

                      Creator: Bishop Fox – Tony West

                      “Swagger Jacker is a command line tool designed to assist with auditing of exposed Swagger/OpenAPI definition files by checking the associated API endpoints for weak authentication.”

                      Swagger Jacker reduces the tedious task of auditing API endpoints, helping you not get bogged down by hundreds of defined routes and manual testing that can be associated with API testing and assessments. It evaluates vulnerabilities such as injection attacks, authentication flaws, and authorization issues. 

                      #4 Asminject.py

                        Creator: Bishop Fox – Ben Lincoln

                        “Heavily modified fork of David Buchanan’s dlinject project, the tool injects arbitrary assembly (or precompiled binary) payloads directly into x86-64, and ARM32 Linux processes.”

                        Asminject.py gives you the ability to manipulate running Linux-trusted processes and containers by injecting arbitrary code through the Linux process filesystem interface to capture sensitive data. Pen testers can bypass security controls, create custom exploits that target specific vulnerability, and debug processes and analyze behavior in real-time for deeper root cause analysis. This tool allows you to protect your Linux environments.

                        #5 JSluice

                          Creator: Bishop Fox – Tom Hudson

                          “A Go package and command-line tool for extracting URLs, paths, secrets, and other interesting data from JavaScript source code.”

                          JSluice acts as a powerful tool to help you sift through vast amounts of JavaScript code, efficiently extracting valuable information and highlighting potential vulnerabilities. This JavaScript mining tool is worth its weight in gold.

                          BONUS RESOURCES:

                          For those that are looking for more hands-on learning, here are some bonus recommendations. These aren’t tools themselves but will give you the tools to become better (or the best) in your trade:

                          Book Recommendation: The Cyber Plumber's Handbook

                            Creator: opsdisk

                            Why We Like It: This is a great book to learn all about SHH tunnels and port redirection. It gives real-world examples and realistic use cases, many pairing tunneling techniques with pen test tools. You can download the PDF of the book free at GitHub.

                            Complementary Tool Recommendation: The Cyber Plumber's Lab Guide & Interactive Access

                              Creator: opsdisk

                              Why We Like It:  Get a real lab to practice SSH tunneling and port redirections that you will learn in The Cyber Plumber’s Handbook. With over 45 exercises, you will feel better equipped with this skill to access and exploit vulnerabilities within Linux and Windows devices.


                              We hope you have found value in the recommendations above. Not only do we love testing systems and helping our customers stay secure – but we also love sharing our knowledge with those interested in learning. Keep learning and happy hunting!

                              Subscribe to Bishop Fox's Security Blog

                              Be first to learn about latest tools, advisories, and findings.


                              Bishop Fox Security Consultants

                              About the author, Bishop Fox

                              Security Experts

                              Due to the nature in which we conduct research and penetration tests, some of our security experts prefer to remain anonymous. Their work is published under our Bishop Fox name.

                              Bishop Fox is the leading authority in offensive security, providing solutions ranging from continuous penetration testing, red teaming, and attack surface management to product, cloud, and application security assessments. We’ve worked with more than 25% of the Fortune 100, half of the Fortune 10, eight of the top 10 global technology companies, and all of the top global media companies to improve their security. Our Cosmos platform, service innovation, and culture of excellence continue to gather accolades from industry award programs including Fast Company, Inc., SC Media, and others, and our offerings are consistently ranked as “world class” in customer experience surveys. We’ve been actively contributing to and supporting the security community for almost two decades and have published more than 16 open-source tools and 50 security advisories in the last five years. Learn more at bishopfox.com or follow us on Twitter.

                              More by Bishop

                              This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.