Skip to content

Pentesting toolset

This is a list of our toolset that we recommend for running pentests. You know or you want to know something else? Ask us!

Helper tools

For this We use this
Screenshots Flameshot, ksnip, Skitch (MacOS)
Note Taking Joplin, One Note

Pentests in general

For this We use this
Data Leak Lookup Dehashed, HIBP
Vulnerability Scans Nessus Professional
Source Code Scanning SonarQube
PW Cracking hashcat
PW Lists Weakpass
PW Cracking (non-sensitive hashes) OnlineHashCrack
Open TCP Ports portquiz

Web tests

For this We use this
Web App Testing Burp Professional
Directory and File Search dirsearch, wfuzz, gobuster
Web Spider and Endpoint Detection gospider
Web Vuln Scanner Burp Professional, nuclei
SSL Inspection sslyze, tls-scanner
SQLi Exploitation sqlmap

Burp Plugins

For this We use this
Authorization Testing Auth Analyzer
JWT Testing JSON Web Tokens
Additional Vuln Scans Active Scan++, Upload Scanner
HTTP Request Smuggling HTTP Request Smuggler
ViewState Editing ViewState Editor
Java Platform Scanner J2EEScan
Pingback Detection Collaborator Everywhere
sqlmap Integration SQLiPy Sqlmap Integration

Active Directory & Windows Tests

For this We use this
AD Enumeration BloodHound, ADRecon, CrackMapExec
AD CS abuse Certify, Certipy
AD Queries PowerView, SeatBelt
AD Analysis PingCastle
DNS Dump adidnsdump
Windows Password Extraction mimikatz, lsassy
Local Credential Extraction LaZagne
Powershell Runspace Stracciatella
Post Exploitation Powershell Empire
MachineAccountQuota/DNS Exploitation Powermad
Kerberos Interactions Rubeus
Network Protocol Attacks Impacket, Responder, Inveigh
Local Privesc Detect SharpUp, WinPEAS, LinPEAS
Local Process Monitoring Process Monitor