Editing Penetration test (section)

== Tools ==

A wide variety of [[List of security assessment tools|security assessment tools]] are available to assist with penetration testing, including free-of-charge, [[free software]], and [[commercial software]].

=== Specialized OS distributions ===

Several operating system distributions are geared towards penetration testing.<ref>{{cite book |last=Faircloth |first=Jeremy |title=Penetration Tester's Open Source Toolkit |edition=Third |year=2011 |publisher=[[Elsevier]] |isbn=978-1597496278 |chapter=Chapter 1:Tools of the Trade |chapter-url= http://zempirians.com/ebooks/Jeremy%20Faircloth-Penetration%20Tester's%20Open%20Source%20Toolkit,%20Third%20Edition%20%20-Elsevier%20Science%20(2011).pdf |access-date=4 January 2018}}{{Request quotation |date=May 2013 |reason=It would be good to know what this is referencing since this statement is not a concern. The next ones are.}}</ref> Such distributions typically contain a pre-packaged and pre-configured set of tools. The penetration tester does not have to hunt down each individual tool, which might increase the risk of complications—such as compile errors, dependency issues, and configuration errors. Also, acquiring additional tools may not be practical in the tester's context.

Notable penetration testing OS examples include:

* [[BlackArch]] based on [[Arch Linux]]
* [[BackBox]] based on [[Ubuntu (operating system)|Ubuntu]]
* [[Kali Linux]] (replaced [[BackTrack]] December 2012) based on [[Debian]]
* [[Parrot Security OS]] based on [[Debian]]
* [[Pentoo]] based on [[Gentoo Linux|Gentoo]]
* [[WHAX]] based on [[Slackware]]

Many other specialized operating systems facilitate penetration testing—each more or less dedicated to a specific field of penetration testing.

A number of Linux distributions include known OS and application vulnerabilities, and can be deployed as ''targets'' to practice against. Such systems help new security professionals try the latest security tools in a lab environment. Examples include Damn Vulnerable Linux (DVL), the OWASP Web Testing Environment (WTW), and Metasploitable.

=== Software frameworks ===

* [[BackBox]]
* [[Hping]]
* [[Metasploit Project]]
* [[Nessus (software)|Nessus]]
* [[Nmap]]
* [[OWASP ZAP]]
* [[SAINT (software)|SAINT]]
* [[w3af]]
* [[Burp Suite]]
* [[Wireshark]]
* [[John the Ripper]]
* [[Hashcat]]

=== Hardware tools ===
There are hardware tools specifically designed for penetration testing. However, not all hardware tools used in penetration testing are purpose-built for this task. Some devices, such as measuring and debugging equipment, are repurposed for penetration testing due to their advanced functionality and versatile capabilities.

* [[Proxmark3]] — multi-purpose hardware tool for radio-frequency identification (RFID) security analysis.

* [[BadUSB]] — toolset for exploiting vulnerabilities in USB devices to inject malicious keystrokes or payloads.
* [[Flipper Zero]] —  portable, open-source multi-functional device pentesting wireless protocols such as Sub-GHz, RFID, NFC, Infrared and Bluetooth.
* [[Raspberry Pi]] — a compact, versatile single-board computer commonly used in penetration testing for tasks like network reconnaissance and exploitation.
* [[Software-defined radio|SDR (Software-defined Radio)]]— versatile tool for analyzing and attacking radio communications and protocols, including intercepting, emulating, decoding, and transmitting signals.
* ChipWhisperer — specialized hardware tool for side-channel attacks, allowing analysis of cryptographic implementations and vulnerabilities through power consumption or electromagnetic emissions.