There are tons of tools available for performing various tasks throughout the penetration testing lifecycle. However, the following is a list of tools that are most commonly used during a penetration test:
| Sr. no | Penetration testing phase | Tools |
| 1 | Information gathering | SPARTA, NMAP, Dmitry, Shodan, Maltego, theHarvester, Recon-ng |
| 2 | Enumeration | NMAP, Unicornscan |
| 3 | Vulnerability assessment | OpenVAS, NExpose, Nessus |
| 4 | Gaining access |
Metasploit, Backdoor-factory, John The Ripper, Hydra |
| 5 | Privilege escalation | Metasploit |
| 6 | Covering tracks | Metasploit |
| 7 | Web application security testing | Nikto, w3af, Burp Suite, ZAP Proxy, SQLmap |
| 8 | Reporting | KeepNote, Dradis |