There are many different types of penetration test tools used in the information and network security industry. Some of the most common include port scanners that are used to find ports on a network and vulnerability scanners that can then look for weaknesses and vulnerabilities on those ports. Many penetration testers also utilize packet sniffers to analyze data transmitted to and from ports and intrusion detection systems to look for attacks or malicious activity within those packets. There are also a number of penetration test tools used to launch a virtual attack on a network, including password cracking software and exploitation tools.
Penetration test tools are used during penetration testing, in which an ethical hacker evaluates a network through scanning and a simulated attack upon it. One of the most commonly used tools in this process is a port scanner program, which can be used to scan a network to find available ports. These ports can then be utilized with vulnerability scanners to further document where potential weaknesses may exist on a network. While these scanners do not actually launch an attack, they are often used during initial penetration testing.
Packet sniffers are commonly used penetration test tools that allow a tester to watch packets of data being sent to and from a specific network. This can include packets sent by the tester, to evaluate how they are received, as well as those sent by other network users. Intrusion detection systems can then be used with the different network ports and the sniffed packets to look for malicious attacks that may already be occurring. These penetration test tools allow an ethical hacker to ensure that someone else is not already attacking a system for unethical reasons.
Once a penetration tester has found potential weaknesses and vulnerabilities in a system, then he or she can use various penetration test tools to launch an attack on it. Password crackers, for example, are often used to find passwords to more easily gain access to the network in the future. Exploitation tools allow someone to more quickly and easily automate the process of looking for common exploits in a system. A single program can attempt to use hundreds, or even thousands, of well known exploits during penetration testing.
All of these penetration test tools are available from a number of software developers, many of them as open source programs or freeware. There are a number of programs that are commercially available, which can be used by ethical and unethical hackers alike. Many penetration testers prefer to develop their own software, and a variety of plug-ins and add-ons for existing programs can be used to enhance or customize their performance.