Penetration testing involves legal attempts by third parties to gain access to computer systems or networks in order to identify security vulnerabilities. There are two main types: black box testing, where no prior network knowledge is provided, and white box testing, where full information is given. Various tools are used in penetration testing including exploitation tools, frameworks like Metasploit, social engineering tools like the Social Engineering Toolkit, and SQL injection detection tools.