14. Social Engineer Toolkit (SET)
As the name suggests, SET is a pen testing framework geared towards social engineering. It's a popular tool, and has even been featured on television. Hackers were pleased to see some reality on TV when SET was actively used on USA Network's Mr. Robot.
There are two other tools from TrustedSec that are also worth mentioning: Unicorn, which is a tool for using PowerShell downgrade attacks and injecting code directly into memory (this works great with SET), and nps_payload, which generates payloads for intrusion detection avoidance.
The Metasploit Framework is so commonly used, we almost didn't add it to the list. However, it had more mentions than any other tool outside of Kali Linux. (Kali is a Linux distribution, and it has many of the tools mentioned here pre-installed.)
Metasploit has been the main tool for many pen testing professionals for years. Even after it was acquired by Rapid7, it remains fully supported as an open source project and is constantly being developed by an entire community of exploit developers and coders. If a vulnerability or exploit is in the news, Metasploit will have it. Need to assess the security of a network against older vulnerabilities? Metasploit can do that.
16. Penetration Testing Tools Cheat Sheet
The HighOn.Coffee blog's penetration tools cheat sheet offers a high-level reference for several common commands, from network configuration, to port scanning and attacking network services.
SecLists, as the name suggests, is a collection of lists (usernames, passwords, common data patterns, fuzzing payloads, shells, etc.) available on GitHub to help pen testers get a jump on their current assignment.
Sign up for Computerworld eNewsletters.