Nmap (Network Mapper)An open-source tool for network discovery and security auditing. Nmap uses raw IP packets to determine available hosts, their services, operating systems, packet filters/firewalls in use, and other characteristics. It supports TCP SYN, UDP, TCP connect, FIN, and numerous other scan types.
Metasploit FrameworkAn open-source penetration testing platform that provides exploit code, payloads, auxiliary modules, and post-exploitation tools. It enables testers to verify vulnerabilities by actually exploiting them in a controlled manner and is the most widely used exploitation framework.
Burp SuiteA leading web application security testing platform that provides tools for intercepting HTTP traffic, scanning for vulnerabilities, and manually testing web application security.
SQL InjectionA code injection technique that exploits vulnerabilities in database-driven applications by inserting malicious SQL statements into input fields, potentially allowing attackers to access or modify database contents.
Cross-Site Scripting (XSS)A vulnerability where an attacker injects malicious client-side scripts into web pages viewed by other users, potentially stealing session cookies, credentials, or performing actions on behalf of victims.
Privilege EscalationThe act of exploiting a vulnerability to gain elevated access (higher permissions) than what was originally granted. Can be vertical (user to admin) or horizontal (accessing another user's resources).
PayloadIn penetration testing, the code that is executed on a target system after a vulnerability is successfully exploited. Payloads can range from simple command shells to sophisticated remote access tools.
CVE (Common Vulnerabilities and Exposures)A standardized naming system for publicly known cybersecurity vulnerabilities, enabling security professionals to share and reference vulnerability information consistently.
Port ScanningThe process of sending packets to specific port numbers on a target host to determine which ports are open (accepting connections), closed, or filtered (blocked by a firewall). Open ports reveal running services that may be vulnerable to exploitation.
Social EngineeringThe psychological manipulation of people into performing actions or divulging confidential information. Often the most effective attack vector, as it exploits human trust rather than technical vulnerabilities.
Brute Force AttackA method of cracking passwords or encryption by systematically trying every possible combination. Tools like Hydra automate brute force and dictionary attacks against various services (SSH, FTP, HTTP, database logins). Rate limiting and account lockout policies defend against these attacks.
Reverse ShellA type of payload where the target machine initiates a connection back to the attacker's machine, providing the attacker with command-line access. This bypasses firewalls that block incoming connections.
Zero-Day VulnerabilityA software vulnerability that is unknown to the vendor and has no available patch. Zero-day exploits are the most dangerous because there is no defense against them until they are discovered and patched.
Lateral MovementAfter gaining initial access to a system, the technique of moving through the network to access additional systems, escalate privileges, and reach valuable targets like database servers or domain controllers.
OSINT (Open Source Intelligence)The practice of collecting and analyzing publicly available information from the internet, social media, government records, and other open sources to gather intelligence about a target during the reconnaissance phase.
NiktoAn open-source web server scanner that tests web servers for dangerous files, outdated software versions, server configuration problems, and other vulnerabilities. It checks for over 6,700 potentially dangerous files and programs.
HydraA fast and flexible online password cracking tool that supports numerous protocols including SSH, FTP, HTTP, HTTPS, SMB, SMTP, and many database services. It performs dictionary and brute-force attacks against authentication mechanisms to test password strength.
Kali LinuxA Debian-based Linux distribution designed for digital forensics and penetration testing. It comes pre-installed with hundreds of security tools including Nmap, Metasploit, Burp Suite, and Wireshark.
Rules of Engagement (ROE)A formal document that defines the scope, boundaries, and constraints of a penetration test. ROE specifies which systems can be tested, what techniques are permitted, testing windows, emergency contacts, and how findings should be reported.
MeterpreterAn advanced, dynamically extensible payload within the Metasploit framework that provides an interactive shell on a compromised system. It runs entirely in memory, supports encrypted communications, and provides capabilities like file system access, screenshot capture, and privilege escalation.
Vulnerability ScannerAn automated tool that scans systems for known vulnerabilities by checking software versions, configurations, and applying known exploit patterns. Examples include Nessus, OpenVAS, and Qualys.
PivotingA technique where a compromised system is used as a relay point to attack other systems on internal networks that are not directly accessible from the attacker's position. Pivoting extends the reach of a penetration test into segmented network environments.
Credential StuffingAn attack that uses lists of stolen username-password pairs (from data breaches) to attempt logins on other services, exploiting the common practice of password reuse. Penetration testers use this technique to assess the risk of compromised credentials across an organization's services.
MetasploitThe world's most widely used open-source penetration testing framework, providing tools for exploit development, payload delivery, and post-exploitation activities in authorized security testing.
OWASP Top 10A regularly updated list of the ten most critical web application security risks published by the Open Web Application Security Project, serving as a standard awareness document for web security.
Red Team / Blue TeamA security exercise where the Red Team simulates attackers trying to breach defenses while the Blue Team defends. Purple Team combines both perspectives to improve overall security posture.
NmapNetwork Mapper - a free, open-source tool for network discovery and security auditing. Nmap uses raw IP packets to discover hosts, services, operating systems, and security vulnerabilities on networks.
Buffer OverflowA vulnerability that occurs when a program writes data beyond the boundaries of allocated memory, potentially overwriting adjacent data and allowing attackers to execute arbitrary code or crash the system.
Man-in-the-Middle (MITM) AttackAn attack where the adversary intercepts and potentially alters communication between two parties who believe they are communicating directly with each other, often used to steal credentials or modify data.
FuzzingAn automated software testing technique that provides random, unexpected, or invalid data as input to a program to discover security vulnerabilities, crashes, and edge cases.
PTES (Penetration Testing Execution Standard)A comprehensive standard that defines the methodology for conducting penetration tests, covering seven phases from pre-engagement interactions through reporting.
Threat ModelingA structured approach to identifying, quantifying, and addressing security risks by analyzing potential threats, vulnerabilities, and the impact of potential attacks on a system or application.
Bug Bounty ProgramA program offered by organizations that rewards security researchers for responsibly reporting vulnerabilities. Platforms like HackerOne and Bugcrowd connect ethical hackers with companies seeking security testing.
WAF (Web Application Firewall)A security solution that monitors, filters, and blocks HTTP traffic to and from a web application, protecting against common attacks like SQL injection, XSS, and CSRF.
CSRF (Cross-Site Request Forgery)An attack that forces authenticated users to submit unwanted requests to a web application. The attacker exploits the trust that a site has in the user's browser by crafting malicious requests.
Authentication BypassA vulnerability that allows an attacker to access protected resources or functionality without providing valid credentials, circumventing the authentication mechanism entirely.
WiresharkA free, open-source network protocol analyzer used to capture and inspect network traffic in real-time. Essential for understanding network communications and identifying security issues during penetration tests.
PhishingA social engineering attack that uses deceptive emails, websites, or messages to trick victims into revealing sensitive information like passwords, credit card numbers, or installing malware.
RansomwareMalicious software that encrypts a victim's data and demands payment for the decryption key. Understanding ransomware attack vectors helps penetration testers assess an organization's resilience.