Skip to content
Breachroad

Technologies

The tools, environments and standards we base our security testing, audits and system hardening on.

The tools and standards we work with

We combine proven, industry-standard tools with recognised methodologies. Automation speeds up the work, but a human confirms every meaningful finding.

B
Web apps

Burp Suite

The standard tool for testing web applications and APIs — intercepting, modifying and automating HTTP requests.

N
Networks

Nmap

Network scanning, service discovery and identification of hosts and open ports across the infrastructure.

M
Exploitation

Metasploit

A framework for controlled exploitation of vulnerabilities and verification of the real impact of findings.

Z
Web apps

OWASP ZAP

An open-source web application security scanner used to automate testing and catch regressions.

W
Traffic analysis

Wireshark

Network traffic and protocol analysis — essential when diagnosing incidents and unusual behaviour.

Nu
Scanning

Nuclei

Fast, template-based vulnerability scanning across applications and infrastructure at scale.

BH
Active Directory

BloodHound

Mapping attack paths and excessive privileges in Active Directory environments.

sq
Web apps

sqlmap

Detecting and confirming SQL injection vulnerabilities and assessing their real impact.

CIS
Standard

CIS Benchmarks

Recognised hardening guidelines for operating systems, services and the cloud, which we base our hardening on.

AT
Methodology

MITRE ATT&CK

A knowledge base of attacker techniques we map findings and red team scenarios to.

PT
Methodology

PTES / OWASP WSTG

Proven methodologies for conducting penetration tests and application security testing.

NI
Standard

NIST / ISO 27001

Frameworks for managing information security risk that we reference in audits and recommendations.

These are selected items from our toolkit. The specific techniques and tools are always tailored to the environment and scope of the project.

Working in an unusual environment?

We test legacy systems, OT/ICS infrastructure, hybrid clouds and non-standard integrations. Describe your stack — we'll adapt the methodology.

Services Book a consultation