Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

White Paper

Penetration Testing Tools

  • January 2007
  • By Ken Van Wyk (No Affiliation)293651
  • In this paper, Ken van Wyk provides a primer on the most commonly used tools for traditional penetration testing.
  • Publisher: CERT
  • Abstract

    This article provides a primer on the most commonly used tools for traditional penetration testing. (A related article provides an overview of penetration testing practices.) Although some tools are listed by name, these are merely intended to serve as examples of particular types of tools. The list is in no way intended to be comprehensive and should not be interpreted as an endorsement of the tools listed.

    That said, we start by looking at the most common tool types, port scanners and vulnerability scanners. Examples in the open source and commercial communities are provided for each, where appropriate.

    Next, we delve into the state of the commercial practice with regards to tool usage and how penetration testing services are provided. We then make a series of recommendations for selecting the right toolkit for the job and for training one’s testers in penetration testing and the tools used.
  • Download