Software Engineering Institute

This article provides a primer on the most commonly used tools for traditional penetration testing. (A related article provides an overview of penetration testing practices.) Although some tools are listed by name, these are merely intended to serve as examples of particular types of tools. The list is in no way intended to be comprehensive and should not be interpreted as an endorsement of the tools listed.

That said, we start by looking at the most common tool types, port scanners and vulnerability scanners. Examples in the open source and commercial communities are provided for each, where appropriate.

Next, we delve into the state of the commercial practice with regards to tool usage and how penetration testing services are provided. We then make a series of recommendations for selecting the right toolkit for the job and for training one’s testers in penetration testing and the tools used.