We changed our name from IT Central Station: Here's why

What penetration testing tool (or tools) do you recommend for SMB/SME?

Hi cybersecurity professionals,

I'm looking for your recommendations about penetration testing tools for SMB/SME. 

What would be your choice? Please share a technical description of why would you choose this tool over others.

Thanks in advance.

ITCS user
35 Answers

author avatar
Top 5LeaderboardReal User

Kali Linux distro, using a red-teaming framework, starting with tools for reconnaissance, vulns, exploitation, reporting and re-thinking/remediation.

author avatar
Community Manager

@Chiheb Chebbi, can you please assist here?

author avatarRam-Chenna
Top 10MSP

@Evgeny Belenky Tooling is quite important when it comes to testing security vulnerabilities of the applications and the infrastructure that includes the Network, Servers, Storage, etc. 
Especially if the industry you are working with is Banking, Finance, Insurance, Retail, Govt, Legal, etc. It becomes quite important and critical if the applications are supposed to be compliant with Data Protection laws in the country and region. 
Listing some tools which our teams use:
1. Open VAS
2. Burp Suite

author avatarEvgeny Belenky
Community Manager

@Ram-Chenna thank you for chiming into the discussion.

author avatar
Top 5LeaderboardConsultant

Hi Elsayed,

I would personally recommend using a different approach for penetration testing.

As you know penetration testing relies heavily on humans. Today, there are already penetration testing tools that can provide you with continuous penetration testing (24x7) in an automated fashion because you will be able to utilize its AI, automated workflow, and scenario to run automated penetration testing (NOT Vulnerability Assessment)

These tools have the capabilities to actually mimick human interaction during penetration testing, running sets of AI-driven repetitive attacks while trying to find and exploit vulnerabilities just as a human penetration would do.

If you are looking into technical attacks type of penetration testing toward infrastructure and web application, you can consider Ridgesecurity.ai.

Thank you.