Top 5 free pentesting tools for quick results

Being able to accurately perform a pentest on a network that you are not familiar with takes both knowledge about the underlying infrastructure (to be able to navigate) and the proper tools for the job. Just like a construction worker has his toolbox of tools needed to perform his duties, so will you. Here are my top 5 that are highly recommended in the industry.

Kali linux

This one is an absolute necessity for all pentesters. It is the stapling foundation of both ethical and malicious hacking alike. Kali Linux is one tool that both the attackers and defenders will use, and it is fit for the job. You are even able to get custom copies downloaded that have all of the tools listed below already preinstalled out the box. It is highly recommended you obtain a bootable copy of Kali and spend some time learning how to use it.

Nmap or Zenmap

These two allow you to discover the battlefield. They both do the same thing; one is just a GUI interface. NMAP will scan the network to tell you all open ports and all the IP addresses that are switched on. This step is vital to fully understanding your attack vectors in any engagement and being able to map out the network.

John the Ripper

At some point, you will discover that the easiest method to get access on a network is by going through someone who already has it. John the Ripper allows you to perform password cracking techniques to possibly crack some password hashes you have discovered while exploring. With each password you can crack, you have a higher potential for scoring an account with privileged access to do more damage on that particular network. The effectiveness of John the Ripper will depend on two things: the password hash complexity (basically how long the passwords are) and the resources you have available to perform these attacks.


Wireshark acts as another discovery tool, but it is tailored more for wireless networks. It does a great job breaking down all the netflow communication between devices on the network. You will need Wireshark's functionality to perform attacks like man-in-the-middle to see the open traffic ports and determine the best way to interject yourself into those communications to become a trusted entity on the network.

Cain and Abel

Now be warned, this tool is very loud and takes an aggressive approach to testing a network. If the security team on that network has proper logging and alerts set up, they should have no problem finding you. If not, it is the all-in-one solution. Its primary use is as a password cracker, but it can be used in other ways that John the Ripper cannot. For example, instead off just uploading a hash for it to crack, Cain can intercept network traffic keys on the fly and use several different methods to crack the key hash like dictionary or rainbow type attacks.