What Is This Resource?
‘Vulnerability Exploitation Tools’ is the name of the game on this resource on our site.
Finding Vulnerabilities or ‘holes’ in a system, network or machine (‘OS’) is the holy grail of being a successful and competent Ethical Hacker or Penetration Tester. If you are serious about Penetration Testing or are keen to become a Pentester then we’d strongly recommend that you at least familiarise yourself with these tools.
To submit a tool please click here or for further information on the range of hacking tools and software that we list please follow this link.
It's all well and good knowing the tools, but what about using Vulnerability Exploitation Tools on laptops, raspbery pi's and mobiles!
Click here for more information.
Last Updated: September 23rd, 2017
What is Beef?
Browser Exploitation Framework (Beef) is another great professional security tool. This tool will give the experience penetration tester pioneering techniques and unlike other tools, Beef focuses on leveraging browser vulnerabilities to check the security posture of a target. This tool is created solely for penetration testing and lawful research.
Is Beef Free?
Beef is free to use.
Does Beef Work on all Operating Systems?
Beef is available for Windows, Linux and MAC OS X operating systems.
What are the Typical Uses for Beef?
This tool that can demonstrate the collecting of browser vulnerabilities or zombie browsers in real-time. It gives a control and command interface which facilitates the targeting of groups or individuals of zombie browsers. It is build to make the creation of new exploit modules easy.
What is Core Impact?
Core Impact is considered to be the greatest explotation tool available. It has a huge and regularly updated database of exploits and can do neat tricks like exploiting one computer system then building an encrypted tunnel through that system to reach and exploit other machines.
Is Core Impact Free?
No, and this tool is expensive (about $30,000).
Does Core Impact Work on all Operating Systems?
Core Impact is natively working on Microsoft Windows.
What are the Typical Uses for Core Impact?
With this tool, users can: Leverage true multi-vector testing capabilities across network, web, mobile, and wireless. Run and check for a high level of unique CVEs (in some cases more than other multi purpose tools) and validate patching efforts to ensure vulnerabilities were remediated correctly.
What is Dradis?
Dradis Framework is an open-source tool that enable users to have an effective information and data sharing especially during security assessments. Features include an easy report generation, attachment support, integration with existing systems and tools through server plugins and platform independent.
Is Dradis Free?
Dradis is free.
Does Dradis Work on all Operating Systems?
Dradis is compatible with Linux, MAC OS X and Windows operating system.
What are the Typical Uses for Dradis?
Dradis is used to enable effecting sharing of information or data among participants in a penetration test. Dradis is also a self contained web tool that gives a centralised repository of data to keep track of what has been done and what is still ahead.
What is Metasploit?
In 2003, H.D. Moore, (a Cyber Security Researcher and Program Developer from the US) started the Metasploit Project with the intention being to create a public and freely accessible resource to obtain exploitable code for research and development. The Metasploit Project is credited with the creation of the Metasploit Framework, which has become an open-source exploit framework used for IT Security penetration testing and research.
In 2009, Metasploit was acquired by Rapid7, but was still managed by HD until 2013 when he handed management of the Metasploit department in order to expand Rapid7’s research capabilities. In early 2016 HD left Rapid7 for a new venture.
Metasploit is awesome. Like the other top ten tools mentioned in our mega post it is a ‘must-learn’ security tool. The Metasploit Framework gives data about security vulnerabilities and helps in IDS signature development and penetration testing.
The tool has been completely rewritten in Ruby. If you are new to Metasploit or are a beginner to the Metasploit Framework then you should consider this tool as being a “Vulnerability Exploitation Tool”.
Is Metasploit Free?
Yes and no…the Metasploit Framework is free and can be downloaded here. Since the tool was acquired by Rapid7 there are two core proprietary editions called Metasploit Pro and Metasploit Express. If you’re new to pentesting and are looking to get started in Cyber Security then we’d highly encourage you to get started with the Metasploit Framework because you’ll absolutely learn a ton.
What’s the Difference between Metasploit Framework and Metasploit Pro Framework?
Whilst Metasploit Framework is free, its’ functionality is relatively basic. Professional security researchers, pentesters and ethical hackers would likely prefer to use Metasploit Pro which is the fully-fledged security solution for security programs and advanced penetration tests for SME’s and enterprise level organizations. Measploit Pro would be used for in-depth IT security auditing.
What Are Vulnerability Exploitation Tools?
Metasploit can be categorized in many ways, but we here at concise like to place this tool, or perhaps better said, ‘Framework’, as being a Vulnerability Exploitation Tool. Vulnerability Exploitation Tools are mainly used to discover if an attacker could find overflow weakness to install malware, or to discover fundamental operating and network system design flaws.
Does Metasploit Work on all Operating Systems?
Metasploit runs on Unix (including Linux and Mac OS X) and on Windows, and the Metasploit Framework has been translated in verbose to dozens of languages.
What are Typical Uses for Metasploit?
We’ve written a seperate blog post on the uses of Metasploit here, but as a summary, there are five uses, or ‘steps’ that a pentester or ethical hacker would use Metasploit for. They are:
Step 1: Choosing and configuring an exploit code
This step requires the professional to select code with the purpose of being able to penetrate a target system by taking advantage of a ‘vulnerability’ that is inherently embedded in the target box or network. Metasploit can pull nearly 1,000 exploits for Windows, Unix/Linux and Mac OS X systems
Step 2: Checking the Target
This step allows the hacker to discover with more accuracy if the target is penetrable with the chosen exploit. If not, then select another!
Step 3: Select and configure a payload to send to the target.
This could include, for instance, a remote shell or a VNC server.
Step 4: Get around the IDS/ IPS system (Intruston Detection System)
This step is all about using Metasploit to encode and encrypt the attack to essential go ‘under the radar.’
Step 5: Executing the exploit
This final step is all about the final and actual hack that can either pwn a box or network and/ or be able to remove data or deface a website (for example).
Recommended Metasploit Courses & Training
Like any learning, especially cyber security hacking/ pentesting training, the more ‘hands-on’ the course is, the more we recommend it. We’ve selected our preferred courses here.
What is Netsparker?
Netsparker labels itself within a hacking tool category of ‘Web Application Security Scanner’ which is designed to discover and audit web application vulnerabilities such as SQL Injection and Cross-site Scripting (XSS) possibilities. Netsparker works on hundreds of web applications and websites regardless of the Operating System and/ or technology.
Netsparker is used by professionals within the cybersecurity space and is considered by many as being easy to use. An interesting fact about Netsparker is that the developers claim that they have designed a ‘unique detection and safe exploitation technique’ that results in creating accurate reporting. The developers are very confident in that they label their software as being the ‘first and only False Positive Free web vulnerability scanner’.
Is Netsparker Free?
No, Netsparker is a paid tool.
Does Netsparker Work on all Operating Systems?
Netsparker is a Windows-only tool.
What are the Typical Uses for Netsparker?
Uses of this tool includes: Advanced Scanning. Proof-Based Scanning. Web Services Scanning that are frequently used by companies since communication between network, application and web based devices are improved. Its also used to report vulnerabilities with a high degree of accuracy and specificity and with this tool, you can actively exploit vulnerabilities.
What is Social Engineer Toolkit?
Written by the founder of TrustedSec, Social Engineer Toolkit (SET) is an open source Python-based tool aimed at penetration testing around Social Engineering. SET has been discussed and presented at conferences including DerbyCOn, Defcon, ShmooCon and Blackhat. This tool has over two million downloads, this engineering toolkit is the standard for penetration tests and is support by the security community. SET has also been featured in a number of books such as “Metasploit: The Penetrations Tester’s Guide” that is also writeen by TrustedSec’s founder as well as Devon Kearns, Jim O’Gorman, and Mati Aharoni.
Is Social Engineer Toolkit Free?
Yes, all official versions are free of use.
Does Social Engineer Toolkit Work on all Operating Systems?
SET works on Linux, MAC OS X and Microsoft operating systems.
What are the Typical Uses for Social Engineer Toolkit?
The main purpose of set is to improve and automate on a lot of the social engineering attacks out there. This tool can automatically generate exploit hiding email messages or web pages.
What is Sqlmap?
sqlmap is an open source tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It includes a powerful detection engine, a lot of niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
Is Sqlmap free?
Yes, sqlmap is free to use and works out of the box with Python version 2.6.x and 2.7.x on any platform/p>
1. Fully support MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB and Informix database management systems.
2. Fully support for 6 SQL injection techniques which are boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band.
3. Contains support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.
4. Contains support to enumerate users, password hashes, privileges, roles, databases, tables and columns.
5. Contains an automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.
6. Contains support to dump database tables entirely, a range of entries or specific columns as per user’s choice. The user can also choose to dump only a range of characters from each column’s entry.
7. Contains support to search for specific database names, specific tables across all databases or specific columns across all databases’ tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns’ names contain string like name and pass.
8. Contains support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
9. Contains support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
10. Contains support to create an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user’s choice.
11. Contains support for database process’ user privilege escalation via Metasploit’s Meterpreter getsystem command.
Some options for python sqlmap.py
-h, –help Show basic help message and exit
-hh Show advanced help message and exit
–version Show program’s version number and exit
-v VERBOSE Verbosity level: 0-6 (default 1)
Target: At least one of these options has to be provided to define the target(s)
-d DIRECT Connection string for direct database connection
-u URL, –url=URL Target URL (e.g. “http://www.site.com/vuln.php?id=1”)
-l LOGFILE Parse target(s) from Burp or WebScarab proxy log file
-x SITEMAPURL Parse target(s) from remote sitemap(.xml) file
-m BULKFILE Scan multiple targets given in a textual file
-r REQUESTFILE Load HTTP request from a file
-g GOOGLEDORK Process Google dork results as target URLs
-c CONFIGFILE Load options from a configuration INI file
What are the Typical Uses for sqlmap?
Sqlmap is written in python and is considered as one of the most powerful and popular sql injection automation tool out there. Given a vulnerable http request url, sqlmap can exploit the remote database and do a lot of hacking like extracting database names, tables, columns, all the data in the tables etc. This hacking tool can even read and write files on the remote file system under certain conditions. sqlmap is like metasploit of sql injections.
How To Install Sqlmap?
This tool works best on Linux, preferably something like Kali Linux, Backbox or any other flavours therein for Pentesting Purposes.
Step 1: sqlmap -u “http://www.yourwebsiteurl.com/section…(without quotation marks)” –dbs
Step 2: sqlmap -u “http://www.yourwebsiteurl.comsection….(without quotation marks)” -D database_name –tables
Step 3: sqlmap -u “http://www.yourwebsiteurl.com/section…(without quotation marks)” -D database_name -T tables_name –columns
Step 4: sqlmap -u “http://www.site.com/section.php?id=51(without quotation marks)” -D database_name -T tables_name -C column_name –dump
What is SQL Ninja?
Sql Ninja enables users to exploit web applications that use a Microsoft SQL server as its database backend. It focuses on getting a running shell on a remote host. This tool automates the exploitation process once an SQL injection has been discovered.
Is SQL Ninja Free?
Yes! all versions of this tool are free of charge.
Does SQL Ninja Work on all Operating Systems?
SQL Ninja works on Linux and MAC OS X operating systems.
What are the Typical Uses for SQL Ninja?
This tool is best used by cyber professionals to assist in automating the process of taking over a database server when a SQL Injection vulnerability has been discovered. If you are interested in this tool then you should go ahead and also take a look at SQL Map.
What is w3af?
w3af is one of the most popular, flexible and powerful tool for finding and exploting web application vulnerabilities. It is very easy to use and it offers dozens of features of exploitation and web assessments plugins. Others call it as a web-focused Metasploit. w3af is divided into 2 main parts which is the core and the plugins. Plugins are categorized into different types and these are discovery, bruteforce, audit, evasion, grep,Attack, output and mangle.
Is w3af Free?
All versions of this tool are free.
Does w3af Work on all Operating Systems?
It works on Windows, Linux and MAC OS X operating systems.
What are the Typical Uses for w3af?
The use of this goal is to create a framework that will help users secure web application by discovering and exploiting all web application vulnerabilities.
[continued from top of page]