Our Favorite Pen Testing Tools: 2024 Edition

It's time for another hacking tool roundup! We’ve polled our team of experts to bring you the most powerful and innovative penetration testing tools. With so many different options to choose from, we thought it would be helpful to share some of our favorite go-to’s. Whether you're focused on networks, cloud, APIs, or LLMs, we've got you covered.

For those looking to get more hands-on training, we have included something for you at the end. Check it out!

COMMUNITY-SOURCED TOOLS:

#1 Certipy

Creator: Oliver Lyak (@ly4k)

“An offensive tool for enumerating and abusing Active Directory Certificate Services (AD CS).”

Why We Like It: This tool is designed to help you better access the security posture of your Active Directory Certificate Services environments. With Certipy, you can identify vulnerable certificate templates that can be used to obtain sensitive information or elevate AD domain. Certipy can extract credentials, perform shadow credentials attack, and create Golden Tickets for high-level privileges to any user in the domain.

#2 Freeway

Creator: FLOCK4H

“A Python scapy-based tool for WiFi penetration that aims to help ethical hackers and pentesters develop their skills and knowledge in auditing and securing home or enterprise networks.

Why We Like It: Freeway has a user-friendly command-line interface (CLI) that makes it accessible to new and experienced users alike. Freeway features various attack, sniffing, and auditing techniques to help you improve your skills.

#3 BloodHound

Creator: Andy Robbins, Rohan Vazarkar, and Will Shroeder (@_wald0, @CptJesus, and @harmj0y)

“A single-page Javascript web application that uses graph theory to reveal the hidden and often unintended relationships within an Active Directory or Azure environment.”

Why We Like It: BloodHound is specifically designed to visualize and analyze Active Directory or Azure environments. It maps the relationships providing a clear picture of potential attack paths that could be exploited. If you are looking for an open-source tool that gives you the ability to identify weakness and see an attacker’s potential movements in the instance of a breach, BloodHound is a great tool to consider.

#4 Impacket

Creator: SecureAuth

“A collection of Python classes for working with network protocols.”

Why We Like It: A powerful Python library with a wide range of capabilities for security professionals and pen testers (though threat actors are also utilizing it). Impacket provides implementations of various Windows network protocols, allowing true versatility with Windows system. Some of the main use cases include password cracking, privilege escalation, lateral movement once in the network, and credential extraction from memory. Impacket has a strong community of users and developers, so you can get support and resources as you use it.

#5 Paramalyzer

Creator: PortSwigger

“A Burp Suite extension that improves efficiency of manual parameter analysis for web penetration tests of either complex or numerous applications.”

Why We Like It: Paramalyzer is your propellant when doing manual web application analysis. Paramalyzer helps you analyze the baseline application inputs from your proxy history and can identify sensitive data, hash algorithms, and decoding parameters.

#6 Hackvertor

Creator: Gareth Heyes (@hackvertor)

“A tag-based conversion tool written in Java implemented as a Burp Suite extension.”

Why We Like It: Another Burp Suite extension, Hackvertor is a great tool for automated testing to identify potential vulnerabilities, including SQL injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), vulnerability scanning for exploits and known vulnerabilities, and custom testing to target specific vulnerabilities. It’s an easy-to-use yet powerful tool, pretty flexible for creating custom tests, and provides some solid automation.

#7 Response-Overview

Creator: Tobias "Floyd" Ospelt (@floyd_ch)

“A tag-based conversion tool written in Java, implemented as a Burp Suite extension.”

Why We Like It: Response-Overview gives you, as the name implies, a detailed overview of your security posture. It allows you to identify vulnerabilities, understand the potential impact including data loss and disruption, and prioritize remediation based on severity with guidance. The comprehensive overview is one of the greatest call outs for this tool.

BISHOP FOX TOOLS:

Not to toot our own horn, but the following are Bishop Fox tools that will help you test and improve your security posture. From tools that tests your cloud environment and APIs to LLMs, we have a range of new options for you to use..

#1 CloudFox

Creator: Bishop Fox – Seth Art, Carlos Vendramini, and David Bravo

“A command line tool created to help penetration testers and other offensive security professionals find exploitable attack paths in cloud infrastructure.”

CloudFox is a go-to tool for pen testers assessing cloud environments and it does so in an efficient and effective way. It automates many of the tasks involved such as enumeration and credential harvesting, allowing pen testers to focus on the more complicated aspects of their assessment. CloudFox is versatile and integrates with major cloud platforms like AWS, Azure, and GCP. Don’t take it from us, ask the strong community of active users contributing to the development.

#2 Broken Hill

Creator: Bishop Fox – Ben Lincoln

“A productionized Greedy Coordinate Gradient (GCG) attack tool for use against large language models (LLMs).”

This tool will help you understand and reduce adversarial attacks on LLMs and improve the robustness of AI models against real-world threats. Dare we say, it’s one of the first of its kind.

#3 Swagger Jacker

Creator: Bishop Fox – Tony West

“Swagger Jacker is a command line tool designed to assist with auditing of exposed Swagger/OpenAPI definition files by checking the associated API endpoints for weak authentication.”

Swagger Jacker reduces the tedious task of auditing API endpoints, helping you not get bogged down by hundreds of defined routes and manual testing that can be associated with API testing and assessments. It evaluates vulnerabilities such as injection attacks, authentication flaws, and authorization issues. 

#4 Asminject.py

Creator: Bishop Fox – Ben Lincoln

“Heavily modified fork of David Buchanan’s dlinject project, the tool injects arbitrary assembly (or precompiled binary) payloads directly into x86-64, and ARM32 Linux processes.”

Asminject.py gives you the ability to manipulate running Linux-trusted processes and containers by injecting arbitrary code through the Linux process filesystem interface to capture sensitive data. Pen testers can bypass security controls, create custom exploits that target specific vulnerability, and debug processes and analyze behavior in real-time for deeper root cause analysis. This tool allows you to protect your Linux environments.

#5 JSluice

Creator: Bishop Fox – Tom Hudson

“A Go package and command-line tool for extracting URLs, paths, secrets, and other interesting data from JavaScript source code.”

JSluice acts as a powerful tool to help you sift through vast amounts of JavaScript code, efficiently extracting valuable information and highlighting potential vulnerabilities. This JavaScript mining tool is worth its weight in gold.

BONUS RESOURCES:

For those that are looking for more hands-on learning, here are some bonus recommendations. These aren’t tools themselves but will give you the tools to become better (or the best) in your trade:

Book Recommendation: The Cyber Plumber's Handbook

Creator: opsdisk

Why We Like It: This is a great book to learn all about SHH tunnels and port redirection. It gives real-world examples and realistic use cases, many pairing tunneling techniques with pen test tools. You can download the PDF of the book free at GitHub.

Complementary Tool Recommendation: The Cyber Plumber's Lab Guide & Interactive Access

Creator: opsdisk

Why We Like It:  Get a real lab to practice SSH tunneling and port redirections that you will learn in The Cyber Plumber’s Handbook. With over 45 exercises, you will feel better equipped with this skill to access and exploit vulnerabilities within Linux and Windows devices.

We hope you have found value in the recommendations above. Not only do we love testing systems and helping our customers stay secure – but we also love sharing our knowledge with those interested in learning. Keep learning and happy hunting!