As part of Security Testing, the testing team can take the help of different tools for performing the below things:
- Vulnerability Assessment: As part of this the security testing team will identify the vulnerabilities in the system and provide a detailed assessment report with the list of identified vulnerabilities.
- Penetration Testing: As part of this the security testing team will exploit the identified vulnerabilities, to check whether they can be compromised to gain access and control on the system.
Types of Security Testing Tools: Security Testing tools can be categorized into two types:
- Scanners: These tools are used for identifying the vulnerabilities.
- Attackers: These tools are used for attacking the system with an intention of compromising the identified vulnerabilities to gain access and complete control.
Security Testing Tools: The following are the different scanning and attacking tools for performing Security Testing:
- Burp suite
- ZAP (Zed Attack Proxy)
- Runscope
- HP WebInspect
- Veracode
- IBM AppScan
- Netsparker
- Acunetix Web Vulnerability Scanner
- OWASP WebScarab
- Metasploit
- Nessus
- Charles Proxy
- Wireshark
- w3af
- Kali Linux
- Cain & Abel
- John The Ripper
- Retina
- Sqlmap
- Canvas
- Social Engineer Toolkit (SET)
- Sqlninja
- NMap (Zenmap)
- BeEF (Browser Exploitation Framework)
- Dradis
- Ettercap
- Hydra
- SATAN
- SHODAN
- Aircrack-ng
- Arachni
- PunkSPIDER
- Nagios
- Nikto
- WebScarab NG
- Maltego
- IronWASP
- HconSTF
- OpenVAS
- Secunia PSI (Personal Software Inspector)
- Skipfish
- Ratproxy
- Wfuzz
- Grendel-Scan
- Grabber
- Firefox Tamper Data Add-on
- Firefox Web Developer Tools
- Cookie Editor
- DOMinator Pro
- SQLInjector
- sqlpowerinjector
- SSL Digger
- THC-Hydra
- Brutus
- Ncat
- OlyDbg
- Spike
- NGSSQuirreL
- NTOSpider
- SOAP UI
- SearchDiggity
- FXCOP
- Splint
- Boon
- CORE Impact
- FlawFinder
- FindBugs
- Parasoft C/C++ test
- HP Fortify
- Armorize CodeSecure
- GrammaTech
- Knock Subdomain Scan
- Vega
- Wapiti
- Brakeman
- BFBTester
- Google Nogotofail
- Kiuwan Security
- nsiqcppstyle
- Oedipus
- Paros
- Wifiphisher
- CrackMapExec (CME)
- Impacket
- PowerSploit
- Luckystrike
- Immunity Inc.
- SecLists
- Watcher
- X5S
- Samurai framework
- Rapid 7
- Hping
- SuperScan
- ISS Scanner
- Scapy
- Security Onion
- Websecurify
- Kismet
- Kali
- D3coder
- OpenSSL
- Parrot Security
- Snort
- Backbox
- Site Spider
- Reputation Monitor Alert
- Safe3 scanner
- Foxy Proxy
- CloudFlare
- Bug Magnet
- OWASP Mantra
- OWASP SQLiX
- OWASP Orizon
- OWASP Dependency Check
- OWASP O2
- Other OWASP tools
- And many more
Conclusion: As part of Security Testing, the testing team will be using the tools for quickly identifying the vulnerabilities and performing exploitations to compromise the identified vulnerabilities. Hence the tools in Security Testing can be categorized into Scanners and Attackers. In this article, the complete list of Security Testing Tools (Scanners and Attackers) are provided for your reference.
Please leave your questions/comments/feedback below.
Happy Learning 🙂
Arun Motoori (www.QAFox.com)
