Integrated Tools and Scanners (54) 

penteston_logo_slogan. updated

Penteston Integrations

The Penteston workbench provides an easy to use interface to spawn a tool in a separate process and then the results are pulled into Penteston.

parallel-lint

PHP Parallel Lint

PHP Source

PHP Parallel Lint checks the syntax of PHP files faster than a serial check, with a fancier output.

Learn More

parallel-lint

Parse: A Static Security Scanner

PHP Source

The Parse scanner is a static scanning tool to review your PHP code for potential security-related issues. A static scanner means that the code is not executed and tested via a web interface (that’s dynamic testing). Instead, the scanner looks through your code and checks for certain markers and notifies you when any are found.

Learn More

androbugs

AndroBugs Framework

APK File

AndroBugs Framework is an Android vulnerability analysis system that helps developers or hackers find potential security vulnerabilities in Android applications. No splendid GUI interface, but the most efficient (less than 2 minutes per scan in average) and more accurate.

Learn More

sshdefaultscan

sshdefaultscan

SIP

Use sshdefaultscan to scan networks or hosts for SSH servers, try to connect using some default username and password. It uses Nmap to provide easy and powerful target selection and Paramiko to test credentials.

Learn More

shodan

Shodan

Shodan is the world's first search engine for Internet-connected devices.

Learn More

Nikto Web Scanner

Nikto Web Scanner

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

Learn More

uniscan

Uniscan - RFI, LFI and RCE vulnerability scanner

Uniscan is a simple Remote File Include, Local File Include, and Remote Command Execution vulnerability scanner.

Learn More

vbscan

OWASP VBulletin Vulnerability Scanner

OWASP VBScan is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analyses them.

Learn More

googlepdf

GooglePDF

For environments where this cannot be deployed, Google PDF Viewer offers the same capabilities in a standalone app. View, print, search and copy text from pdf documents while you're on the go.

Learn More

fimap

fimap - Automatic LFI/RFI scanner and exploiter

fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps.

Learn More

fierce

Fierce - Find mis-configured networks

A DNS reconnaissance tool for locating non-contiguous IP space.

Learn More

hsecscan

hsecscan - Scanner for HTTP response headers.

A security scanner for HTTP response headers.

Learn More

nessus

Nessus

Nessus is the de-facto industry standard vulnerability assessment solution for security practitioners.

Learn More

dnsrecon

DNSRecon

Learn More

twa

TWA

A tiny web auditor with strong opinions

Learn More

dnsmap

dnsmap

dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments.

Learn More

shcheck

shcheck

Just a small tool to check security headers.

Learn More

wap

WAP - Web Application Protection

OWASP WAP - Web Application Protection Project WAP is a tool to detect and correct input validation vulnerabilities in web applications written in PHP and predicts false positives.

Learn More

bandit

Bandit

Python Source

Bandit is a tool designed to find common security issues in Python code. To do this, Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files, it generates a report. 

Learn More

svmap

SIPVicious - svmap

SIP

Svmap is a free and Open Source scanner to identify sip devices and PBX servers on a target network. It can also be helpful for systems administrators when used as a network inventory tool. Svmap was designed to be faster than the competition by specifically targeting SIP over UDP.

Learn More

svwar

SIPVicious - svwar

SIP

Svwar is a free SIP PBX extension line scanner. In concept, it works similar to traditional wardialers by guessing a range of extensions or a given list of extensions.

Learn More

zmap

ZMap: The Internet Scanner

IP Range

The ZMap Project is a collection of open source tools that enable researchers to perform large-scale studies of the hosts and services that compose the public Internet.

Learn More

sqlier

SQLmap - automatic SQL injection and database takeover

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Learn More

whatweb

WhatWeb

WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1700 plugins, each to recognize something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more.

Learn More

 

zaproxy

OWASP Zed Attack Proxy (ZAP)

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications.

Learn More

sslyze

SSLyze

SSLyze is a Python library and a CLI tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive and should help organizations and testers identify mis-configurations affecting their SSL/TLS servers.

Learn More

 

cmsmap

CMSmap

CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.

Learn More

censys

Censys

Find and analyze every reachable server and device on the Internet.

Learn More

acunetix

Acunetix

Acunetix tests for SQL Injection, XSS, XXE, SSRF, Host Header Injection, and over 4500 other web vulnerabilities. It has the most advanced scanning techniques generating the least false positives possible. Simplifies the web application security process through its inbuilt vulnerability management features that help you prioritize and manage vulnerability resolution.

Learn More

webshag

Webshag

Multi-threaded web server audit tool.

Learn More

urlcrazy

URLCrazy

Generate and test domain typos and variations to detect and perform typosquatting, URL hijacking, phishing, and corporate espionage.

Learn More

th3inspector

Th3inspector

All in one tool for Information Gathering.

Learn More

 

qark

QARK Apk Scanner

APK File

Quick Android Review Kit - This tool is designed to look for several security-related Android application vulnerabilities, either in source code or packaged APKs. The tool is also capable of creating "Proof-of-Concept" deployable APKs and/or ADB commands, capable of exploiting many of the vulnerabilities it finds. There is no need to root the test device, as this tool focuses on vulnerabilities that can be exploited under otherwise secure conditions.

Learn More

openvas

OpenVAS

IP Range

OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.

Learn More

nmap

Nmap

IP Range

Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing.

Learn More

dmitry

DMitry

DMitry (Deepmagic Information Gathering Tool) is a UNIX/(GNU)Linux Command Line Application coded in C. DMitry has the ability to gather as much information as possible about a host. Base functionality is able to gather possible subdomains, email addresses, uptime information, tcp port scan, whois lookups, and more.

Learn More

blindelephant

BlindElephant

The BlindElephant Web Application Fingerprinter attempts to discover the version of a (known) web application by comparing static files at known locations against precomputed hashes for versions of those files in all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and highly automatable.

Learn More

dnsenum

dnsenum

Multithreaded perl script to enumerate DNS information of a domain and to discover non-contiguous ip blocks.

Learn More

joomscan

OWASP Joomla! Vulnerability Scanner

OWASP Joomla! Vulnerability Scanner (JoomScan) is an open source project, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployments.

Learn More

wikileaks

Wikileaks

WikiLeaks is a multi-national media organization and associated library. It was founded by its publisher Julian Assange in 2006.

Learn More

domainhistory

Domain Whois

Provides internet security services, including anti-fraud and anti-phishing services, application testing, code reviews, and automated penetration testing.

Learn More

 

jexboss

JexBoss

JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool

Learn More

darkjumper

Darkjumper

This tool will try to find every website that host at the same server at your target then check for every vulnerability of each website that host at the same server.

Learn More

emailhunter

Email Hunter

Email Hunter is the easiest way to find professional email addresses. Give a domain name and get the list of all the emails related to it found on the internet.

Learn More

sipsak

sipsak

Learn More

sqlier

SQLIer - Automated SQL injection exploiter

SQLIer is a script that brute forces passwords through 'true/false' SQL

Learn More

cge

Cisco Global Exploiter

Advanced, simple, and fast security testing tool.

Learn More

theharvester

TheHarvester

E-mails, subdomains and names Harvester - OSINT

Learn More

wascan

WAScan

WAScan ((W)eb (A)pplication (Scan)ner) is an Open Source web application security scanner.

Learn More

Tulpar

Tulpar

Tulpar is an open source web vulnerability scanner written to make web penetration testing automated.

Learn More