Best Penetration Testing Software

Penetration testing tools are used to test vulnerabilities within computer systems and applications. They work by simulating cyberattacks that target known vulnerabilities, as well as general application components, in an attempt to breach core systems. Companies practice penetration tests to uncover new defects and test the security of communication channels and integrations. These tools are related to other application security and vulnerability management solutions, but only these tools specifically perform penetration tests. There are also a number of cybersecurity services providers that provide pentration testing in the form of a managed service.

To qualify for inclusion in the Penetration Testing software category, a product must:

  • Simulate cyberattacks on computer systems or applications
  • Gather intelligence on potential known vulnerabilities
  • Analyze exploits and report on test outcomes
G2 Grid® for Penetration Testing
High Performers
Market Presence
Star Rating

Penetration Testing reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.

Compare Penetration Testing Software

G2 takes pride in showing unbiased ratings on user satisfaction. G2 does not allow for paid placement in any of our ratings.
Results: 38
Filter Results
Filter by:
Sort by
Star Rating
Sort By:
Results: 38

    Automatic SQL injection and database takeover tool

    Burp Suite is a toolkit for web application security testing.

    Netsparker develops an industry leading automated web application security solution. Available as Windows software, online and on-premises service, the Netsparker scanner can automatically detect SQL Injection, Cross-site Scripting and other vulnerabilities in any type of modern HTML5, Single Page Application (SPA), Web 2.0 web application and web services, regardless of the technology they are built with. The Netsparker scanner does not just report the vulnerabilities, it also generates a proo

    IBM Security AppScan Standard protects against web application attacks and expensive data breaches by automating application security vulnerability testing. Avoid security vulnerabilities Use automated dynamic security testing and advanced static analysis – “black box” and “white box” – to detect developing security issues. Empower accurate scanning Scan websites to identify embedded vulnerabilities. Simplify interpretation of scan results with scan-specific explanations of each issue. Get qu

    Metasploit Pro is a penetration testing tool that increases penetration tester's productivity, prioritizes and demonstrates risk through closed-loop vulnerability validation, and measures security awareness through simulated phishing emails.

    Acunetix leads the market in automatic web security testing technology that accurately scans and audits all web applications, including HTML5, JavaScript and Single Page applications (SPAs). It offers a cost-effective entry into the web scanning market with a simple, scalable, and high availability solution, without compromising quality. Acunetix can report on a wide range of web vulnerabilities, including SQLi and XSS and provides the only technology on the market that can automatically detect

    (8)3.9 out of 5
    Optimized for quick response
    Optimized for quick response

    Bugcrowd is the #1 crowdsourced security company. More Fortune 500 organizations trust Bugcrowd to manage their bug bounty, vulnerability disclosure, and next gen pen test programs. Bugcrowd’s award-winning platform, Crowdcontrol, combines actionable, contextual intelligence with the skill and experience of the world’s most elite hackers to help leading organizations solve security challenges, protect customers, and make the digitally connected world a safer place. Bugcrowd Next Gen Pen Test (

    A Proactive Vulnerability Scanner, For Your External Infrastructure: Intruder is a cloud-based vulnerability scanner that finds cyber security weaknesses in your most exposed systems, to avoid costly data breaches.

    Veracode is the world's best automated, on-demand application security testing and code review solution.

    BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.

    Provides automated security testing and security scan of web applications to identify vulnerabilities, scans your network and devices and suggest to you recommendations on how they can be fixed, and provides a source code analysis to identify and resolve security weaknesses and vulnerabilities

    HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be exploited. The U.S. Department of Defense, General Motors, Google, Twitter, GitHub, Qualcomm, Starbucks, Dropbox, Intel,and over 1,200 other organizations have partnered with HackerOne to resolve over 90,000 vulnerabilities and award over $42M in bug bounties.

    Cobalt's Pen Testing as a Service (PTaaS) Platform transforms yesterday’s broken pen test model into a data-driven vulnerability management engine. Fueled by our global talent pool of certified freelancers, Cobalt's crowdsourced SaaS pen test platform delivers actionable results that empower agile teams to pinpoint, track, and remediate software vulnerabilities. Hundreds of organizations now benefit from high quality pen test findings, faster remediation times, and higher ROI for their pen test

    Test running apps and services for common security weaknesses and vulnerabilities using malformed inputs to detect flaws. Leverage fully automated tests across 250+ test suites, protocol-specific attack patterns and automatic test mutation

    Detectify is a web security scanner that performs fully automated tests to identify security issues on your website. It checks for SQL injections, XSS and 700+ other vulnerabilities. This is included: - A scanner that checks your site for 700+ vulnerabilities - The latest security tests submitted by ethical hackers - Unlimited number of scans - An extensive knowledge base with over 100 remediation tips - Team functionality so that you can easily share reports - Integrations with popular tools l

    Appsec Scale is an automated web application security testing solution. Its works with the same appsec engine as Outpost24's SWAT (the Secure Web Application Tactics) which means it always adapt itself to applications changes and new discovered threats. Appsec Scale test continuously the application but customers keep the control of the solution. Finally, Appsec Scale goes further than application testing and analyzes also the infrastructure. The solution can fit organizations of any size. It

    BreachLock is a security startup that offers a unique SaaS platform delivering on-demand, continuous and scalable security testing suitable for modern cloud and DevOps powered businesses.

    CAST Application Intelligence Platform (AIP) is an enterprise-grade software measurement and quality analysis solution designed to analyze multi-tiered, multi-technology applications for technical vulnerabilities and adherence to architectural and coding standards and then provide business relevant information to the IT organization through various dashboards and products built with end users in mind.

    CrawlMonster is a comprehensive analytics tool, providing technical issues about your websites.

    GamaSec's Web application scanner, which protects applications and servers from hackers, is an automated security service that searches for software vulnerabilities within Web applications. A Web application scanner crawls the entire website, analyzes in-depth each & every file, and displays the entire website structure. The scanner performs an automatic audit for common security vulnerabilities while launching a series of simulated Web attacks.

    Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry's first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.

    IrisLogic strives to be a globally respected company that delivers the most suitable and intelligent software & technology solutions.

    MaxPatrol is an all-in-one vulnerability management solution designed to provide vulnerability and compliance management for applications, databases, network and operating systems, as well as ERP (SAP), ICS/SCADA, Core Telecom and Banking infrastructure.

    Quickly identifies undiscovered vulnerabilities, so you can stay secure, harden your networks and prevent attacks in minutes.

    Pcysys delivers an automated penetration-testing platform that assesses and reduces corporate cybersecurity risks. Security officers and service providers around the world use Pcysys to perform continuous, machine-based penetration tests that improve their immunity against cyber attacks across their organizational networks.

    An Opensource PreConfigured Portable Penetration Testing Environment for the Windows Operating System.

    PT Application Inspector is designed to protect web applications of every scale: from landing pages and corporate portals to commerce, cloud services, and e-government systems.

    SAINT developed SAINTCloud® from the ground up to provide all of the power and capability offered in our fully-integrated vulnerability management solution, SAINT Security Suite, without the need to implement and maintain on-premise infrastructure and software. This means more time spent on reducing risk – less time managing the tools you use.

    Sakurity does penetration tests, source code audit and vulnerability assessment.

    SATAN is a tool to help systems administrators. It recognizes several common networking-related security problems, and reports the problems without actually exploiting them.

    SCYTHE™ enables organizations to continuously assess their risk posture and exposure. SCYTHE combines breach and attack simulation features with vulnerability assessment and penetration testing capabilities to deliver the ability to continuously assess the security posture of an entire organization without the need for costly training, technical expertise, or complex setup.

    Secudit combines user behavior monitoring, penetration testing, and cyber-threat intelligence to provide an enterprise with an ongoing assessment of enterprise IT cyber-security vulnerability.

    Synack is a crowdsourced penetration testing, vulnerability orchestration, analytics and risk reporting platform.

    Penetration testing is an important part of managing risk. It helps you probe for cyber vulnerabilities so you can put resources where theyre needed most. Assess your risks and measure the dangers, then use real-world scenarios to help you strengthen your security.

    Network-based penetration testing service, which is combined with vulnerability scanning tools, penetration testing tools, network protocol analysis tools, etc. to simulate possible attacks on target systems, and further discover systems and applications based on security vulnerability scanning. , web hidden security vulnerabilities, to prevent hackers from infiltrating the client system and stealing sensitive information. At the same time, repair guidance is provided based on the results of the

    ZeroDayScan is a free service for every webmaster. It scans Internet for hacked websites.

    Latest Penetration Testing Articles