Pentest-Tools.com has over 25 security tools covering reconnaissance, vulnerability scanning, exploitation, and validation. Each tool produces different types of output.
Tools are grouped into seven categories based on their purpose in the testing workflow.
Web reconnaissance
Web reconnaissance tools gather information about web targets without testing for vulnerabilities.
| Tool | What it does |
|---|
| Google Hacking | Finds exposed data using Google dorks |
| Website Recon | Fingerprints web technologies, CMS platforms, and frameworks |
| WAF Detector | Identifies web application firewalls and attempts origin IP discovery |
| URL Fuzzer | Discovers hidden paths, files, and directories |
| People Hunter | Discovers email addresses and social media profiles via OSINT |
Network & cloud reconnaissance
Network and cloud reconnaissance tools map the infrastructure around your targets: domains, subdomains, virtual hosts, and open ports.
| Tool | What it does |
|---|
| Domain Finder | Discovers related domains via SSL certs, reverse whois, and other sources |
| Subdomain Finder | Enumerates subdomains using multiple discovery techniques |
| Virtual Hosts Finder | Discovers virtual hosts sharing the same server |
| Port Scanner | Identifies open TCP and UDP ports and running services |
Web vulnerability scanning
Web vulnerability scanners actively test web applications, APIs, and CMS platforms for security weaknesses. Most of these tools generate findings.
| Tool | What it does |
|---|
| Website Scanner | Web application vulnerability scanning with passive and active checks |
| API Scanner | Tests REST and GraphQL APIs for vulnerabilities |
| WordPress Scanner | WordPress-specific vulnerability detection |
| Drupal Scanner | Drupal-specific vulnerability detection |
| Joomla Scanner | Joomla-specific vulnerability detection |
| SharePoint Scanner | SharePoint security assessment |
The WordPress and Drupal scanners use version-based detection only. Because they identify vulnerabilities by matching component versions against known CVEs rather than actively confirming them, their findings are capped at high severity.
Network vulnerability scanning
Network vulnerability scanners assess infrastructure-level security, including network services, encryption, cloud configurations, and container orchestration.
| Tool | What it does |
|---|
| Network Scanner | Network infrastructure vulnerability assessment using multiple engines |
| Password Auditor | Tests for weak credentials across 17 service/interface types |
| SSL/TLS Scanner | Analyzes SSL/TLS configuration and checks for known vulnerabilities |
| Cloud Scanner | Tests cloud storage (AWS S3, Google Cloud Storage) for misconfigurations |
| Kubernetes Scanner | Kubernetes cluster security assessment |
Offensive
Offensive tools validate and exploit discovered vulnerabilities rather than just detecting them.
| Tool | What it does |
|---|
| Sniper | Automated exploitation framework that extracts system artifacts |
| SQLi Exploiter | Exploits SQL injection vulnerabilities to extract database contents |
| Subdomain Takeover | Detects subdomains pointing to unclaimed cloud resources |
Exploit handlers
Exploit handlers are callback endpoints for out-of-band testing. Unlike other tools, they don’t scan a target. They create persistent URLs that listen for incoming requests triggered by payloads you inject during testing.
| Tool | What it does |
|---|
| XSS Exploiter | Captures XSS payload executions (cookies, screenshots, keystrokes) |
| HTTP Request Logger | Captures HTTP callbacks for SSRF, XXE, blind SQLi, and command injection testing |
Utilities
Utility tools perform basic network checks and lookups.
| Tool | What it does |
|---|
| ICMP Ping | Tests host reachability via ICMP |
| WHOIS Lookup | Queries domain registration information |
Findings
Only vulnerability scanners generate findings: structured records of discovered security issues with severity ratings, descriptions, and remediation guidance. This includes all network vulnerability scanners and most web vulnerability scanners listed above.
The Joomla Scanner is an exception: it returns raw output rather than structured findings.
Offensive tools, exploit handlers, and utilities do not generate findings. Among reconnaissance tools, only Website Recon generates findings.
Attack surface data
Only four tools populate your attack surface view:
| Tool | What it adds |
|---|
| Port Scanner | Open ports and service fingerprints |
| Network Scanner | Ports, protocols, services, and technologies |
| Website Scanner | URLs, technologies, and screenshots |
| Website Recon | URLs, technologies, and screenshots |
Scans
Most tools create a scan object when you run them: a trackable job with a lifecycle (Waiting, Running, Finished, etc.) and results you can revisit.
Three tools are exceptions:
- Google Hacking does not create a scan. It runs entirely in your browser by opening Google search tabs with pre-built dorks. No server-side execution happens.
- XSS Exploiter and HTTP Request Logger create persistent handler endpoints, not scans. They have no scan lifecycle. They listen for callbacks until they expire.
Scan types
Many tools support different scan depths that let you control the tradeoff between speed and thoroughness. See Scan types and depth for details on how Light, Deep, and Custom modes work.
Not all tools follow this pattern:
- Standard Light / Deep / Custom modes are available in tools such as Website Scanner, API Scanner, Network Scanner, Port Scanner, URL Fuzzer, WordPress Scanner, SSL/TLS Scanner, Kubernetes Scanner, Domain Finder, and Subdomain Finder.
- Single-mode tools include Virtual Hosts Finder, Website Recon, WAF Detector, People Hunter, Drupal Scanner, Joomla Scanner, SharePoint Scanner, Cloud Scanner, Subdomain Takeover, ICMP Ping, and WHOIS Lookup.
- Sniper uses Unauthenticated / Authenticated modes instead
- Password Auditor uses Dictionary / Password Spray attack types instead
- SQLi Exploiter uses an Advanced toggle with Level and Risk settings
- Exploit handlers have no scan modes since they don’t create scans
Pentest robots
Pentest robots are automation workflows that run multiple tools in sequence, passing data between steps. For example, a robot can run a Subdomain Finder, then feed discovered subdomains into a Website Scanner.
Robots can be scheduled, shared with team members, and cloned.
