Penetration testing software is the toolset of penetration testers. These range from enumeration tools such as host and port discovery to exploitation tools such as password brute-force suites and exploit generation, as well as many more.
There are many tools out there that help with penetration testing, depending on the current target this toolset will vary.
In general, a penetration testing tool is not any different from any other tool. It was developed to solve a specific problem. If you would try to pull out a screw with a hammer, you will high likely not have success with that. The same applies to penetration testing tools, testers will choose the right toolset for each engagement individually or even develop their own tools if required by the target they are facing.
The toolset is then used to identify security holes and depending on the engagement also exploit the found security vulnerabilities. After the discovery of a security vulnerability, the client immediately will be notified by the security testing team, to take care of the vulnerable application or service.
To provide the penetration tester with knowledge about the identification of these vulnerabilities, different certification courses have been developed. These certifications help to develop and finally prove the knowledge of a subset of tools, by actively challenging the participant with problems this subset is useful for. In order to obtain the certification, the participant has to solve the presented problems.
If you like this blog post, find more content in our Glossary.