Star Rating
Languages Supported
Pricing Options

Penetration Testing reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.

Best Penetration Testing Software

    Penetration testing tools are used to test vulnerabilities within computer systems and applications. They work by simulating cyberattacks that target known vulnerabilities, as well as general application components, in an attempt to breach core systems. Companies practice penetration tests to uncover new defects and test the security of communication channels and integrations. These tools are related to other application security and vulnerability management solutions, but only these tools specifically perform penetration tests. There are also a number of cybersecurity services providers that provide pentration testing in the form of a managed service.

    To qualify for inclusion in the Penetration Testing software category, a product must:

    Simulate cyberattacks on computer systems or applications
    Gather intelligence on potential known vulnerabilities
    Analyze exploits and report on test outcomes

    Top 8 Penetration Testing Software

    • Acunetix Vulnerability Scanner
    • SQLmap
    • Metasploit
    • Appknox
    • Netsparker
    • Intruder
    • Bugcrowd

    Compare Penetration Testing Software

    G2 takes pride in showing unbiased reviews on user satisfaction in our ratings and reports. We do not allow paid placements in any of our ratings, rankings, or reports. Learn about our scoring methodologies.
    Sort By:
    Results: 46
    View Grid®
    Adv. Filters
    (28)4.8 out of 5
    Entry Level Price:0 Free light scans

    Use the platform to quickly detect and report vulnerabilities in websites and network infrastructures! ✔ 25+ tightly integrated penetration testing and ethical hacking tools for easier, faster, and more effective engagements ✔ Built for pentesters, sysadmins, web devs, MSPs, business owners, and other professionals seeking to automate and save time ✔ Painless vulnerability management: add manual findings, change risk levels, delete obsolete targets, create and export customiza

    (79)4.2 out of 5
    Optimized for quick response

    Acunetix leads the market in automatic web security testing technology that accurately scans and audits all web applications, including HTML5, JavaScript and Single Page applications (SPAs). It offers a cost-effective entry into the web scanning market with a simple, scalable, and high availability solution, without compromising quality. Acunetix can report on a wide range of web vulnerabilities, including SQLi and XSS and provides the only technology on the market that can automatically detec

    (34)4.3 out of 5

    Automatic SQL injection and database takeover tool

    (30)4.5 out of 5

    Metasploit Pro is a penetration testing tool that increases penetration tester's productivity, prioritizes and demonstrates risk through closed-loop vulnerability validation, and measures security awareness through simulated phishing emails.

    (38)4.5 out of 5
    Optimized for quick response

    Appknox is an on-demand mobile application security platform that helps businesses detect and fix security vulnerabilities using an Automated Security Testing suite. We have been successfully reducing delivery timelines, manpower costs & mitigating security threats for Global Banks and Enterprises in 10 + countries.

    (34)4.5 out of 5
    Optimized for quick response

    Founded in 2009, Netsparker Ltd develops a leading-edge web application security solution. The combination of dead accurate scanning with proprietary automatic exploitation technology brought Netsparker early success, and the company is now a recognized leading player in the web application security industry. Netsparker can identify vulnerabilities in all types of modern web applications, regardless of the underlying architecture or platform. Upon identifying an exploitable vulnerability, the N

    (23)4.9 out of 5
    Entry Level Price:Starting from $108/month

    Intruder is a cloud-based vulnerability scanner that helps to find weaknesses in your online systems before the hackers do. It saves you time by proactively scanning for new threats as well as offering a unique threat interpretation system that makes vulnerability management easy.

    (17)3.9 out of 5

    Bugcrowd is the #1 crowdsourced security company. More Fortune 500 organizations trust Bugcrowd to manage their bug bounty, vulnerability disclosure, and next gen pen test programs. Bugcrowd’s award-winning platform, Crowdcontrol, combines actionable, contextual intelligence with the skill and experience of the world’s most elite hackers to help leading organizations solve security challenges, protect customers, and make the digitally connected world a safer place. Bugcrowd Next Gen Pen Test (

    Veracode helps companies that innovate through software deliver secure code on time. Unlike on-premise solutions that are hard to scale and focused on finding rather than fixing, Veracode comprises a unique combination of SaaS technology and on-demand expertise that enables DevSecOps through integration with your pipeline,empower developers to fix security defects, and scales your program through best practices to achieve your desired outcomes. Veracode covers your all your AppSec needs in one s

    (12)4.9 out of 5
    Optimized for quick response
    Entry Level Price:€ 70 Annual Subscription

    Detectify is the first company of its kind to automate the cutting-edge knowledge of the best ethical hackers in the world to secure public web applications. Users check web applications against 2000+ known vulnerabilities beyond the OWASP Top 10. In a fast-paced tech environment, the potential attack surface increases with each release and new app created. Using Detectify, you can monitor your subdomains for potential takeovers and remediate security issues in staging and production, and find v

    (16)4.8 out of 5
    Entry Level Price:$0.00 1 license

    Defendify is the only all-in-one SaaS-delivered cybersecurity platform designed specifically for growing businesses. It features 13 cybersecurity tools in 1 easy-to-use SaaS platform with automated program management, risk scoring, alerts, notifications, reports, recommendations, containment, and more. As a single pane of glass, Defendify provides multiple layers of ongoing protection to continuously improve the strength of your security posture against evolving cyber threats.

    (3)4.2 out of 5

    BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.

    (3)4.2 out of 5

    Test running apps and services for common security weaknesses and vulnerabilities using malformed inputs to detect flaws. Leverage fully automated tests across 250+ test suites, protocol-specific attack patterns and automatic test mutation

    (5)3.6 out of 5

    HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be exploited. The U.S. Department of Defense, General Motors, Google, Twitter, GitHub, Qualcomm, Starbucks, Dropbox, Intel,and over 1,200 other organizations have partnered with HackerOne to resolve over 100,000 vulnerabilities and award over $80M in bug bounties.

    (1)3.5 out of 5

    Cobalt's Pen Testing as a Service (PTaaS) Platform transforms yesterday’s broken pen test model into a data-driven vulnerability management engine. Fueled by our global talent pool of certified freelancers, Cobalt's crowdsourced SaaS pen test platform delivers actionable results that empower agile teams to pinpoint, track, and remediate software vulnerabilities. Hundreds of organizations now benefit from high quality pen test findings, faster remediation times, and higher ROI for their pen test

    0 ratings

    Entersoft is a leading application security provider helping organizations worldwide protect their products against malicious threats and compliance concerns. We believe that application security is a journey, not just a goal, and work with business leaders as partners and advisors to safeguard their applications with an integrated, proactive and forward-thinking approach.

    0 ratings

    Dynamic Application Security Testing for DevOps Frequent changes to applications, whether built by in-house DevOps teams or outsourced from commercial suppliers, means risk evaluation must shift towards continuous testing. Our Dynamic Application Security Testing (DAST) solution, provides critical assessments during the SDLC rapidly and efficiently with quick-and-easy configuration assessments. With an accessible REST API, Selenium integration, and automated reporting, Scale is designed to del

    0 ratings

    0 ratings

    BreachLock is a security startup that offers a unique SaaS platform delivering on-demand, continuous and scalable security testing suitable for modern cloud and DevOps powered businesses.

    0 ratings

    Cobalt Strike is a penetration testing solution that enables companies to emulate the tactics and techniques of a cyberthief in an IT network to highlight weaknesses. Cobalt Strike gives you a post-exploitation agent and covert channels to emulate a quiet long-term embedded actor in your customer's network. Malleable C2 lets you change your network indicators to look like different malware each time

    0 ratings

    Core Impact is an easy-to-use penetration testing tool with commercially developed and tested exploits that enables security teams to exploit security weaknesses, increase productivity, and improve efficiencies. Core Impact gives you visibility into the effectiveness of your defenses and reveals where your most pressing risks exist in your environment. This enables you to assess your organization’s ability to detect, prevent, and respond to real-world, multi-staged threats against your infrastr

    0 ratings

    CrawlMonster is a comprehensive analytics tool, providing technical issues about your websites.

    0 ratings

    RamQuest’s solutions include our fully integrated closing, escrow accounting, imaging, transaction management, esigning, and digital marketplace solutions and are available on-premise or in a hosted environment

    (1)4.5 out of 5

    Prioritize remediation based on AI algorithm calculated cyber score, and get continuous reports on your security posture and security team performance.

    0 ratings

    GamaShield a cutting-edge virtual hacker technology to identify and eradicate dangerous malware threats and website application vulnerabilities, a pre-breach tool designed to detect and prevent cyber attacks. GamaSec provides a portfolio of services including web vulnerability scanning, daily malware detection, blacklist monitoring and application Firewall (WAF) with DDoS detection. This combination of a proprietary security platform and industry knowhow enables GamaSec to deliver industry-lead

    (1)0.0 out of 5

    ImmuniWeb® AI Platform illuminates your external attack surface and Dark Web exposure for well-informed, risk-based, and DevSecOps-enabled application penetration testing.

    0 ratings

    IrisLogic strives to be a globally respected company that delivers the most suitable and intelligent software & technology solutions.

    0 ratings

    MaxPatrol is an all-in-one vulnerability management solution designed to provide vulnerability and compliance management for applications, databases, network and operating systems, as well as ERP (SAP), ICS/SCADA, Core Telecom and Banking infrastructure.

    0 ratings

    Established in 2015 with offices in Israel, Boston, London and Zurich, Pcysys delivers an automated network penetration testing platform that assesses and helps reduce corporate cybersecurity risks. Hundreds of security professionals and service providers around the world use Pcysys to perform continuous, machine-based penetration tests that improve their immunity against cyber-attacks across their organizational networks. With close to 100 enterprise global customers across all industries, Pcys

    0 ratings

    An Opensource PreConfigured Portable Penetration Testing Environment for the Windows Operating System.

    Select Grid® View
    Select Company Size
    G2 Grid® for Penetration Testing
    Filter Grid®
    Filter Grid®
    Select Grid® View
    Select Company Size
    Check out the G2 Grid® for the top Penetration Testing Software products. G2 scores products and sellers based on reviews gathered from our user community, as well as data aggregated from online sources and social networks. Together, these scores are mapped on our proprietary G2 Grid®, which you can use to compare products, streamline the buying process, and quickly identify the best products based on the experiences of your peers.
    High Performers
    Acunetix Vulnerability Scanner
    Market Presence