We changed our name from IT Central Station: Here's why

What are your recommended automated tools for penetration testing?

Hi peers,

Which automated tools for penetration testing would you recommend to your colleagues working for enterprises? 

Please share 1-3 reasons why you like those tools.

pentesting automation
ITCS user
35 Answers

author avatar
Top 5LeaderboardReal User

There are many automated DAST & SAST tools but from my perspective, there is no tool that can give you fully automated penetration testing, as most of the pentesting efforts are manual and depend on the professional and their way of thinking. 

Also, you can use a variety of open-source tools like ZAP, Kali Linux distro inbuilt Metasploit, Nmap, hands-on scripting languages like Python, Shell, Perl, knowledge on latest vulnerabilities trends, and exploitation techniques.

author avatar
Top 5LeaderboardConsultant

Hi Evgeny,

There is one automated penetration testing tool that performs way beyond VAPT. We are using an AI-based automated pentest platform (robot) that performs penetration testing without the intensity work from human pentester. 

The tool utilizes thousand of scenarios and custom scenarios to be built into the library which can be invoked during automated penetration testing. Several key powerful scenarios are as follows: 

1. Web to Database penetration testing, 

2. Ransomware penetration testing.

The tool that I am using is RidgeSecurity.ai

Let me know if you need more information, I'd be happy to explain further.



author avatarEvgeny Belenky
Community Manager

@John Rendy, thanks for your recommendation!
What significantly differentiates this pentesting tool from other commercial or open-sourced ones? 
Are you just a user or also a vendor of this tool?

author avatarJohn Rendy
Top 5LeaderboardConsultant

@Evgeny Belenky to be honest, I am consulting provider for banks, we sought after this solution to reduce our dependency on human-based pentest - so no human error. 
We provide this service for banks using this technology.
The system runs 24/7 with a pre-defined / custom workflow that we instilled based on its AI decision system engine. 

It could do repetitive and multi-layer / steps attack simulation just like how human pentester could do.

author avatar
Community Manager

@Alon Mantsur, @Olufemi Adalemo, @Hassan-Moussafir , @Bill Young. ​Can you please chime in? Tnx

Find out what your peers are saying about Veracode, Checkmarx, PortSwigger and others in Application Security Testing (AST). Updated: January 2022.
563,780 professionals have used our research since 2012.