As head of IT, I've been asked to do a penetration test. A search for free software was fruitless, except for Metasploit, but I'm concerned about running that in a production environment. It sounds as though it tests by being doing invasive and potentially harmful simulations of actual attacks. Obviously, I'm not looking to bring down my network. Is penetration, by default dangerous? What tools and software should I use? Please note, I'm not looking to do a security audit, but a penetration test, as though I was someone malicious trying to gain network access/harm the network. THank you.