Available tools
Pentest-Tools.com provides security tools organized into categories based on their purpose. For a conceptual overview of what tools produce and how they fit into the testing workflow, see Tools.Tool categories
Web reconnaissance
Fingerprint web technologies and discover exposed content.
Network & cloud reconnaissance
Map domains, subdomains, hosts, and open ports.
Web vulnerability scanners
Find vulnerabilities in web applications.
Network scanners
Assess network infrastructure security.
Offensive tools
Validate and exploit discovered vulnerabilities.
Exploit handlers
Support tools for exploitation workflows.
Utilities
Helper tools for common tasks.
Web reconnaissance
| Tool | Description |
|---|---|
| Google Hacking | Find exposed data using Google dorks |
| Website Recon | Fingerprint web technologies |
| URL Fuzzer | Discover hidden paths and files |
| WAF Detector | Identify web application firewalls |
| People Hunter | Discover email addresses and social media profiles |
Network & cloud reconnaissance
| Tool | Description |
|---|---|
| Domain Finder | Discover related domains |
| Subdomain Finder | Enumerate subdomains |
| Virtual Hosts Finder | Discover virtual hosts on servers |
| Port Scanner | Identify open TCP and UDP ports |
Web vulnerability scanners
| Tool | Description |
|---|---|
| Website Scanner | Web application security testing |
| API Scanner | Test REST and GraphQL APIs |
| WordPress Scanner | WordPress-specific vulnerabilities |
| Drupal Scanner | Drupal-specific vulnerabilities |
| Joomla Scanner | Joomla-specific vulnerabilities |
| SharePoint Scanner | SharePoint security testing |
Network scanners
| Tool | Description |
|---|---|
| Network Scanner | Network infrastructure assessment |
| Password Auditor | Test for weak credentials |
| SSL/TLS Scanner | Analyze SSL/TLS configuration |
| Cloud Scanner | Cloud infrastructure security |
| Kubernetes Scanner | Kubernetes cluster security testing |
Offensive tools
| Tool | Description |
|---|---|
| Sniper | Automated exploitation framework |
| SQLi Exploiter | Exploit SQL injection vulnerabilities |
| Subdomain Takeover | Detect subdomain takeover risks |
Exploit handlers
| Tool | Description |
|---|---|
| XSS Exploiter | Capture XSS payload executions |
| HTTP Request Logger | Capture OOB HTTP callbacks |
Utilities
| Tool | Description |
|---|---|
| ICMP Ping | Test host reachability |
| WHOIS Lookup | Domain registration lookup |