Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

The Pen Testing Tools We’re Thankful for This Season

Digitally20generated20 Snowflakes20hanging20against20blue20background


From the perspective of working at a security consultancy, a few of the things that we are grateful for this holiday season are: copious supplies of cold brew coffee, hacking alongside some brilliant folks, and of course, the tools we use daily that make our lives much easier.

And although this list isn’t the be-all and end-all, we’re grateful for them and believe that adding these solutions to your arsenal will amplify your hacking abilities.


Creator: @anshuman_bh

Its Use: This hacking tool allows you to detect and take over subdomains with dead DNS records. You can check to see if a dangling CNAME is pointing to a CMS provider that can be taken over, a non-existent domain name, or nameserver records that can be used to gain control of a subdomain’s DNS records.

Why We Like It: One of our consultants shared: “TKO-SUBs is very high on my list as I’ve easily done ~400 subdomain takeovers with it.” Enough said.

Install Instructions


Creators: @_wald0, @CptJesus, and @harmj0y

Its Use: This open source application is designed for Active Directory reconnaissance and auditing. By leveraging the power of graph theory, the tool highlights the existing relationships in an Active Directory environment. You can use BloodHound to identify complex attack paths that would otherwise be difficult to pinpoint.

Why We Like It: If you’re not already using BloodHound and you work with Active Directory at all, you need to check out this tool immediately. Red teamers will find BloodHound useful for identifying and visualizing the potential attack paths to the desired target, such as access control lists, users, groups, trust relationships, and AD objects. Some uses even surpass Active Directory-related needs (like password analysis).

Install Instructions


Creator: SecureAuth

Its Use: Impacket is a collection of Python classes for working with network protocol. It allows Python developers to craft and decode network packets in a simple and consistent manner.

Why We Like It: When it comes to conducting internal network penetration tests, this Python library is a necessity. It comes with plenty of useful scripts that allow you to hit the ground running when you start testing a network. Given the ubiquity of Python in writing scripts, nearly every pen tester can benefit from adding Impacket to their arsenal.

Install Instructions


Creator: Now Secure

Its Use: Frida is a framework that allows users to execute their own scripts in locked-down software. It is well known for its use with Android applications.

Why We Like It: “Like” cannot capture our feelings about Frida – “love” would be more accurate. It’s a Swiss Army Knife for monitoring and manipulating running programs on mobile and desktop platforms. Bishop Fox researcher Priyank Nigam recently leveraged Frida to reverse-engineer several mass transit ticketing mobile applications. (Read about it here).

Learn More


Creator: AttackForge

Its Use: AttackForge is a penetration testing management and collaboration platform that helps teams easily coordinate large-scale pen testing programs.

Why We Like It: There are a few platforms that are meant for collaborative pen tests - AttackForge is a newer contender. Its interface is incredibly user-friendly, and it serves as an excellent liaison between the in-the-weeds security researcher and the big-picture-thinking executive. It also integrates with Jira, which makes it perfect for any agile organization.

Sign Up


Creator: @The_Bumblesec

Its Use: This semi-automated, feedback-driven hacker tool scrapes GitHub for sensitive secrets that may be accidentally exposed.

Why We Like It: GitGot augments the work of a scanner by mixing in human ingenuity. Often used to improve the workflow of gathering leaked secrets, GitGot yields more positive identifications in less time, which empowers testers to work more efficiently without the fatigue of working from a traditional scanner output.

Install Instructions


Creator: khast3x

Its Use: h8mail is a password-hunting tool, used for OSINT.

Why We Like It: If you need to do recon (let’s say for a red teaming engagement), this tool gives you access to password dumps and other information leaked during a breach. Frequently updated, it’s an immensely helpful tool to have in your back pocket. (Plus, it’s kind of fun to use.)

Install Instructions


Creators: @LittleJoeTables and @rkervell

Its Use: Sliver is a general-purpose cross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS. It currently is still in its alpha stages, with updates planned for the near future.

Why We Like It: Sliver creates implants that can run on numerous architectures. It’s ideal for red teams, circumventing detection by leveraging DNS canaries to flag file discovery. Sliver’s features (which many other C2 tools lack) include Windows user token manipulation, anti-anti-anti forensics, and Let’s Encrypt integration among others. You can also have multiple operators running Sliver, giving you a leg up on the blue team.

Install Instructions

Subscribe to Bishop Fox's Security Blog

Be first to learn about latest tools, advisories, and findings.

Britt kemp

About the author, Britt Kemp

Community Manager

Britt Kemp is a Community Manager at Bishop Fox. Britt has been involved with the content, social media, and digital programs at the firm for the past several years. She has helped with some of the most popular Bishop Fox blog posts to date.

More by Britt

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.