Help the communities most affected by the California wildfires in only a few minutes. We'll donate $10 for every review you submit.

Best Penetration Testing Software

Penetration testing tools are used to test vulnerabilities within computer systems and applications. They work by simulating cyberattacks that target known vulnerabilities, as well as general application components, in an attempt to breach core systems. Companies practice penetration tests to uncover new defects and test the security of communication channels and integrations. These tools are related to other application security and vulnerability management solutions, but only these tools specifically perform penetration tests. There are also a number of cybersecurity services providers that provide pentration testing in the form of a managed service.

To qualify for inclusion in the Penetration Testing software category, a product must:

  • Simulate cyberattacks on computer systems or applications
  • Gather intelligence on potential known vulnerabilities
  • Analyze exploits and report on test outcomes
G2 Crowd Grid® for Penetration Testing
Leaders
High Performers
Contenders
Niche
Momentum Leaders
Momentum Score
Market Presence
Satisfaction
Filters
Features
Administration
Analysis
Testing
Star Rating

Penetration Testing reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.

Compare Penetration Testing Software
Results: 26
    G2 Crowd takes pride in showing unbiased ratings on user satisfaction. G2 Crowd does not allow for paid placement in any of our ratings.
    Sort By:

    IBM Security AppScan Standard protects against web application attacks and expensive data breaches by automating application security vulnerability testing. Avoid security vulnerabilities Use automated dynamic security testing and advanced static analysis – “black box” and “white box” – to detect developing security issues. Empower accurate scanning Scan websites to identify embedded vulnerabilities. Simplify interpretation of scan results with scan-specific explanations of each issue. Get quick remediation Fix high-priority problems first with streamlined remediation. Make fixes quickly with the provided remediation steps – including code examples and a task list.


    Netsparker develops an industry leading automated web application security solution. Available as Windows software, online and on-premises service, the Netsparker scanner can automatically detect SQL Injection, Cross-site Scripting and other vulnerabilities in any type of modern HTML5, Single Page Application (SPA), Web 2.0 web application and web services, regardless of the technology they are built with. The Netsparker scanner does not just report the vulnerabilities, it also generates a proof of exploit confirming they are real and not false positives. Therefore you do not have to waste time manually verifying the scanner’s findings and can easily scale up web application security and scan thousands of websites within a matter of hours. Netsparker is trusted and used by world renowned companies such as Samsung, Ernst & Young, Skype, NASA, ISACA and ING Bank.


    Metasploit Pro is a penetration testing tool that increases penetration tester's productivity, prioritizes and demonstrates risk through closed-loop vulnerability validation, and measures security awareness through simulated phishing emails.


    Acunetix leads the market in automatic web security testing technology that accurately scans and audits all web applications, including HTML5, JavaScript and Single Page applications (SPAs). It offers a cost-effective entry into the web scanning market with a simple, scalable, and high availability solution, without compromising quality. Acunetix can report on a wide range of web vulnerabilities, including SQLi and XSS and provides the only technology on the market that can automatically detect out-of-band vulnerabilities. Acunetix also includes integrated vulnerability management features for enterprises to comprehensively manage, prioritise and control vulnerability threats – ordered by business criticality. Used by many Government, Military, Educational, Telecommunications, Banking, Finance, and E-Commerce sectors, including many Fortune 500 companies it is available on Windows, Linux and Online


    Burp Suite is a toolkit for web application security testing.


    The Most Trusted Hacker-Powered Security Platform


    Cobalt's Pen Testing as a Service (PTaaS) Platform transforms yesterday’s broken pen test model into a data-driven vulnerability management engine. Fueled by our global talent pool of certified freelancers, Cobalt's crowdsourced SaaS pen test platform delivers actionable results that empower agile teams to pinpoint, track, and remediate software vulnerabilities. Hundreds of organizations now benefit from high quality pen test findings, faster remediation times, and higher ROI for their pen test budget.


    Detectify is a web security scanner that performs fully automated tests to identify security issues on your website. It checks for SQL injections, XSS and 700+ other vulnerabilities. This is included: - A scanner that checks your site for 700+ vulnerabilities - The latest security tests submitted by ethical hackers - Unlimited number of scans - An extensive knowledge base with over 100 remediation tips - Team functionality so that you can easily share reports - Integrations with popular tools like Slack, Jira and PagerDuty


    Appsec Scale is an automated web application security testing solution. Its works with the same appsec engine as Outpost24's SWAT (the Secure Web Application Tactics) which means it always adapt itself to applications changes and new discovered threats. Appsec Scale test continuously the application but customers keep the control of the solution. Finally, Appsec Scale goes further than application testing and analyzes also the infrastructure. The solution can fit organizations of any size. It is Cloud-based (SaaS) so easy to deploy. But Application security teams are available 24/7 to support. Know more > https://outpost24.com/appsec-scale


    BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.


    CAST Application Intelligence Platform (AIP) is an enterprise-grade software measurement and quality analysis solution designed to analyze multi-tiered, multi-technology applications for technical vulnerabilities and adherence to architectural and coding standards and then provide business relevant information to the IT organization through various dashboards and products built with end users in mind.


    Test running apps and services for common security weaknesses and vulnerabilities using malformed inputs to detect flaws. Leverage fully automated tests across 250+ test suites, protocol-specific attack patterns and automatic test mutation


    GamaSec's Web application scanner, which protects applications and servers from hackers, is an automated security service that searches for software vulnerabilities within Web applications. A Web application scanner crawls the entire website, analyzes in-depth each & every file, and displays the entire website structure. The scanner performs an automatic audit for common security vulnerabilities while launching a series of simulated Web attacks.


    Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry's first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.


    IrisLogic strives to be a globally respected company that delivers the most suitable and intelligent software & technology solutions.


    MaxPatrol is an all-in-one vulnerability management solution designed to provide vulnerability and compliance management for applications, databases, network and operating systems, as well as ERP (SAP), ICS/SCADA, Core Telecom and Banking infrastructure.


    Nexpose, Rapid7's on-premise option for vulnerability management software, monitors exposures in real-time and adapts to new threats with fresh data, ensuring you can always act at the moment of impact.


    Quickly identifies undiscovered vulnerabilities, so you can stay secure, harden your networks and prevent attacks in minutes.


    An Opensource PreConfigured Portable Penetration Testing Environment for the Windows Operating System.


    PT Application Inspector is designed to protect web applications of every scale: from landing pages and corporate portals to commerce, cloud services, and e-government systems.


    SATAN is a tool to help systems administrators. It recognizes several common networking-related security problems, and reports the problems without actually exploiting them.


    Secudit combines user behavior monitoring, penetration testing, and cyber-threat intelligence to provide an enterprise with an ongoing assessment of enterprise IT cyber-security vulnerability.


    Automatic SQL injection and database takeover tool


    Provides automated security testing and security scan of web applications to identify vulnerabilities, scans your network and devices and suggest to you recommendations on how they can be fixed, and provides a source code analysis to identify and resolve security weaknesses and vulnerabilities


    Veracode is the world's best automated, on-demand application security testing and code review solution.


    ZeroDayScan is a free service for every webmaster. It scans Internet for hacked websites.