HTTP/2 302 server: nginx date: Fri, 16 Jan 2026 11:55:49 GMT content-type: text/plain; charset=utf-8 content-length: 0 x-archive-redirect-reason: found capture at 20060711162450 location: https://web.archive.org/web/20060711162450/https://sectools.org/sploits.html server-timing: captures_list;dur=0.750969, exclusion.robots;dur=0.053151, exclusion.robots.policy;dur=0.037293, esindex;dur=0.015192, cdx.remote;dur=45.490208, LoadShardBlock;dur=202.495489, PetaboxLoader3.datanode;dur=95.570296, PetaboxLoader3.resolve;dur=23.870830 x-app-server: wwwb-app211-dc8 x-ts: 302 x-tr: 271 server-timing: TR;dur=0,Tw;dur=0,Tc;dur=0 set-cookie: wb-p-SERVER=wwwb-app211; path=/ x-location: All x-as: 14061 x-rl: 0 x-na: 0 x-page-cache: MISS server-timing: MISS x-nid: DigitalOcean referrer-policy: no-referrer-when-downgrade permissions-policy: interest-cohort=() HTTP/2 200 server: nginx date: Fri, 16 Jan 2026 11:55:50 GMT content-type: text/html; charset=UTF-8 x-archive-orig-date: Tue, 11 Jul 2006 16:24:48 GMT x-archive-orig-server: Apache/2.2.2 (Fedora) x-archive-orig-last-modified: Fri, 23 Jun 2006 02:21:34 GMT x-archive-orig-accept-ranges: bytes x-archive-orig-connection: close x-archive-guessed-content-type: text/html x-archive-guessed-charset: utf-8 memento-datetime: Tue, 11 Jul 2006 16:24:50 GMT link: ; rel="original", ; rel="timemap"; type="application/link-format", ; rel="timegate" content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org web-static.archive.org wayback-api.archive.org athena.archive.org analytics.archive.org pragma.archivelab.org wwwb-events.archive.org x-archive-src: 26_0_20060711153602_crawl30-c/26_0_20060711162438_crawl25.arc.gz server-timing: captures_list;dur=0.507866, exclusion.robots;dur=0.019799, exclusion.robots.policy;dur=0.008983, esindex;dur=0.010271, cdx.remote;dur=20.880364, LoadShardBlock;dur=207.664444, PetaboxLoader3.datanode;dur=173.195909, PetaboxLoader3.resolve;dur=152.450079, load_resource;dur=151.021817 x-app-server: wwwb-app211-dc8 x-ts: 200 x-tr: 444 server-timing: TR;dur=0,Tw;dur=0,Tc;dur=0 x-location: All x-as: 14061 x-rl: 0 x-na: 0 x-page-cache: MISS server-timing: MISS x-nid: DigitalOcean referrer-policy: no-referrer-when-downgrade permissions-policy: interest-cohort=() content-encoding: gzip

Nmap Security Scanner Intro Ref Guide Install Guide Download Changelog Docs Security Lists Nmap Hackers Nmap Dev Bugtraq Full Disclosure Pen Test Basics More Security Tools Pass crackers Sniffers Vuln Scanners Web scanners Wireless Exploitation Packet crafters More Site News Exploit World Advertising About/Contact Credits Sponsors:

Top 3 Vulnerability Exploitation Tools After the tremendously successful 2000 and 2003 security tools surveys, Insecure.Org is delighted to release this 2006 survey. I (Fyodor) asked users from the nmap-hackers mailing list to share their favorite tools, and 3,243 people responded. This allowed me to expand the list to 100 tools, and even subdivide them into categories. This is the category page for vulnerability exploitation tools -- the full network security list is available here. Anyone in the security field would be well advised to go over the list and investigate tools they are unfamiliar with. I discovered several powerful new tools this way. I also will be pointing newbies to this site whenever they write me saying “I don't know where to start”. Respondents were allowed to list open source or commercial tools on any platform. Commercial tools are noted as such in the list below. No votes for the Nmap Security Scanner were counted because the survey was taken on a Nmap mailing list. This audience also means that the list is slightly biased toward “attack” tools rather than defensive ones. Each tool is described by one ore more attributes: Did not appear on the 2003 list Generally costs money. A free limited/demo/trial version may be available. Works natively on Linux Works natively on OpenBSD, FreeBSD, Solaris, and/or other UNIX variants Works natively on Apple Mac OS X Works natively on Microsoft Windows Features a command-line interface Offers a GUI (point and click) interface Source code available for inspection. Please send updates and suggestions (or better tool logos) to Fyodor. If your tool is featured or you think your site visitors might enjoy this list, you are welcome to use our link banners. Now here is the list, starting with the most popular: #1 Metasploit Framework : Hack the Planet Metasploit took the security world by storm when it was released in 2004. No other new tool even broke into the top 15 of this list, yet Metasploit comes in at #5, ahead of many well-loved tools that have been developed for more than a decade. It is an advanced open-source platform for developing, testing, and using exploit code. The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the Metasploit Framework as an outlet for cutting-edge exploitation research. It ships with hundreds of exploits, as you can see in their online exploit building demo. This makes writing your own exploits easier, and it certainly beats scouring the darkest corners of the Internet for illicit shellcode of dubious quality. Similar professional exploitation tools, such as Core Impact and Canvas already existed for wealthy users on all sides of the ethical spectrum. Metasploit simply brought this capability to the masses. #2 Core Impact : An automated, comprehensive penetration testing product Core Impact isn't cheap (be prepared to spend tens of thousands of dollars), but it is widely considered to be the most powerful exploitation tool available. It sports a large, regularly updated database of professional exploits, and can do neat tricks like exploiting one machine and then establishing an encrypted tunnel through that machine to reach and exploit other boxes. If you can't afford Impact, take a look at the cheaper Canvas or the excellent and free Metasploit Framework. Your best bet is to use all three. Also categorized as: vulnerability scanners #3 Canvas : A Comprehensive Exploitation Framework Canvas is a commercial vulnerability exploitation tool from Dave Aitel's ImmunitySec. It includes more than 150 exploits and is less expensive than Core Impact, though it still costs thousands of dollars. You can also buy the optional VisualSploit Plugin for drag and drop GUI exploit creation. Zero-day exploits can occasionally be found within Canvas. Show All Top 100 Network Security Tools Or view by category: Application-Specific Scanners | Password Crackers | Encryption Tools | Disassemblers | Firewalls | Intrusion Detection Systems | Netcats | OS Detection Tools | Packet Crafting Tools | Port Scanners | Rootkit Detectors | Security-Oriented Operating Systems | Packet Sniffers | Vulnerability Exploitation Tools | Traceroute Tools | Traffic Monitoring Tools | Vulnerability Scanners | Web Vulnerability Scanners | Wireless Tools

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]