Name | Website | Source | Description | Programming language | Price | Online |
---|---|---|---|---|---|---|
Adversary Emulation Library | [Source] | A library of adversary emulation plans to allow organizations to evaluate their defensive capabilities against the real-world threats they face | C | Free | False | |
Atomic Red Team | [Source] | A library of tests mapped to the MITRE ATT&CK® framework used to quickly, portably, and reproducibly test their environments | Powershell | Free | False | |
Caldera | [Source] | Cyber security platform designed to easily automate adversary emulation, assist manual red-teams, and automate incident response | Python | Free | False | |
Infection Monkey | [Website] | [Source] | Adversary emulation platform; test a data center's resiliency to perimeter breaches and internal server infection | Python | Free | False |
Invoke-Apex | [Source] | PowerShell-based toolkit consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks | PowerShell | Free | False | |
Manticore | [Source] | Adversary emulation command line tool is parsing complex scenarios from Manticore public-threats repository and run these scenarios | Go | Free | False | |
MITRE ATT&CK Defender | [Source] | ATT&CK training and certification program produced by MITRE’s own ATT&CK subject matter experts | Python | Free | False | |
Sliver | [Source] | Cross-platform adversary emulation/red team framework used by organizations of all sizes to perform security testing | Go | Free | False | |
Stratus Red Team | [Source] | Stratus Red Team is 'Atomic Red Team' for the cloud, allowing to emulate offensive attack techniques in a granular and self-contained manner | Go | Free | False |
Tools
Note: Paid softwares may exist in a free limited version or a demo version
Adversary Simulation
Binary Exploitation
Name | Website | Source | Description | Programming language | Price | Online |
---|---|---|---|---|---|---|
ASLRay | [Source] | Tool for ASLR bypass with stack-spraying | Shell | Free | False | |
heaphopper | [Website] | [Source] | Bounded model checking framework for Heap-implementations | Python | Free | False |
libformatstr | [Source] | Library to simplify format string exploitation | Python | Free | False | |
pwntools | [Source] | Framework and exploit development library | Python | Free | False | |
pwntools-ruby | [Source] | Framework and exploit development library, ported onto ruby | Ruby | Free | False | |
ROPgadget | [Website] | [Source] | Framework for ROP exploitation | Python | Free | False |
Bug Bounty
Name | Website | Source | Description | Programming language | Price | Online |
---|---|---|---|---|---|---|
bbr | [Source] | Generation of bug bounty reports based on user provided templates | Go | Free | False | |
bbrecon | [Website] | [Source] | Service enumerating all targets on Internet covered by a bug bounty program | Python | Free | True |
BBstats | [Source] | Aggregate reports/bounties from different platforms in order to create combined stats and graphs | PHP | Free | False | |
Bounty Dashboard | [Source] | Aggregate reports/bounties from different platforms in order to create combined stats and graphs, report and template management system, invoice creation system | PHP | Free | False | |
bounty-targets | [Source] | Crawls bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) hourly and dumps them into another git repo | Ruby | Free | False | |
BountyDash | [Source] | Dashboard to combine rewards from all platforms, giving insights about progress and bug hunting patterns | PHP | Free | False | |
bountyplz | [Source] | Automated bug bounty reporting/submission, supports HackerOne and Bugcrowd | Shell | Free | False | |
BugBounty Web App | [Source] | App that helps bug bounty hunters to manage their bounties and target list | Python | Free | False | |
Bugbountydash | [Source] | Terminal dashboard for bug bounty hunters that use HackerOne and Bugcrowd | JavaScript | Free | False | |
Hackerone::Client | [Source] | A limited client library for interacting with HackerOne | Ruby | Free | False | |
Needle | [Source] | Chrome extension for instant access to bug bounty submission dashboard of various platforms and publicly disclosed reports | HTML | Free | False |
Cloud
Name | Website | Source | Description | Programming language | Price | Online |
---|---|---|---|---|---|---|
AWS Extender CLI | [Source] | Test S3 buckets as well as Google Storage buckets and Azure Storage containers for common misconfiguration issues | Python | Free | False | |
aws_pwn | [Source] | Collection of AWS penetration testing scripts | Python | Free | False | |
AzureADRecon | [Source] | Gathers information about the Azure Active Directory and generates a report which can provide a holistic picture of the current state of the target environment | PowerShell | Free | False | |
CloudGPT | [Source] | Vulnerability scanner for AWS customer managed policies using ChatGPT | Python | Free | False | |
CloudMapper | [Source] | Analyze AWS environments auditing for security issues | Python | Free | False | |
CloudTracker | [Source] | Find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies | Python | Free | False | |
IMDSpoof | [Source] | Cyber deception; spoofs the AWS IMDS service to return HoneyTokens that can be alerted on | Go | Free | False | |
Pacu | [Website] | [Source] | AWS exploitation framework | Python | Free | False |
Quiet Riot | [Source] | Unauthenticated enumeration of cloud principals | Python | Free | False | |
Smogcloud | [Source] | Identify AWS cloud assets | Go | Free | False |
Code Analysis
Name | Website | Source | Description | Programming language | Price | Online |
---|---|---|---|---|---|---|
Adhrit | [Website] | [Source] | Android APK reversing and analysis suite | Python | Free | False |
AndroBugs Framework | [Source] | Android APK vulnerability analyzer | Python | Free | False | |
APKHunt | [Source] | Static code analysis for Android apps that is based on the OWASP MASVS framework | Go | Free | False | |
APKLeaks | [Source] | Scanning APK file for URIs, endpoints and secrets | Python | Free | False | |
Bearer | [Website] | [Source] | Static application security testing tool that helps discover, filter, and prioritize security risks and vulnerabilities | Go | Free | False |
Brakeman | [Website] | [Source] | Static analysis security vulnerability scanner for Ruby on Rails applications | Ruby | Free | False |
cIFrex | [Website] | [Source] | Regexp static code analysis | PHP | Free | False |
CodeCat | [Source] | Automatic code static analysis tool to detect bugs and vulnerabilities | Python | Free | False | |
CodeQL | [Website] | [Source] | Semantic code analysis engine; discover vulnerabilities across a codebase, lets you query code as though it were data, write a query to find all variants of a vulnerability | Free | False | |
Dawnscanner | [Source] | Sstatic analysis security scanner for ruby written web applications; supports Sinatra, Padrino and Ruby on Rails frameworks | Ruby | Free | False | |
Joern | [Website] | [Source] | Code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs | Scala | Free | False |
Kube-hunter | [Website] | [Source] | Scanner for security weaknesses in Kubernetes clusters | Python | Free | False |
LICMA | [Website] | [Source] | Language Independent Crypto-Misuse Analysis; multi-language analysis tool to identify incorrect initialization of crypto functions | Java | Free | False |
MobSF | [Website] | [Source] | Android APK vulnerability analyzer | Python | Free | False |
NodeJsScan | [Source] | Static security code scanner for Node.js applications | Python | Free | False | |
QARK | [Source] | Android APK vulnerability analyzer | Python | Free | False | |
Semgrep | [Website] | [Source] | Static analysis engine for detecting vulnerabilities for many languages | Ocaml | Paid | False |
SonarQube | [Website] | [Source] | Automatic code review tool to detect bugs, vulnerabilities; continuous code inspection automated with static code analysis rules | Java | Free | False |
StaCoAn | [Source] | Mobile applications static code analysis tool | Python | Free | False | |
SUPER | [Website] | [Source] | Android APK vulnerability analyzer | Rust | Free | False |
Tfsec | [Website] | [Source] | Misconfiguration scanner for terraform code | Go | Free | False |
Trivy | [Website] | [Source] | Vulnerability and misconfiguration scanner for containers (OS and language-specific packages) | Go | Free | False |
weggli | [Source] | Semantic search tool for C and C++ designed to help security researchers identify interesting functionality in large codebases | Rust | Free | False | |
wpBullet | [Source] | Static code analysis for WordPress Plugins and Themes (and PHP) | Python | Free | False |
Collaboration and Report
Name | Website | Source | Description | Programming language | Price | Online |
---|---|---|---|---|---|---|
APTRS | [Source] | Collaborative penetration test, vulnerability database and reporting platform | Python | Free | False | |
Archery | [Website] | [Source] | Vulnerability Assessment and Management tool, run scan and manage vulnerabilities | Python | Free | False |
AttackForge.com | [Website] | Penetration test collaboration platform: vulnerability database and reporting | Paid | True | ||
Bulwark | [Source] | Collaborative penetration test, vulnerability database and reporting platform | JavaScript | Free | False | |
Canopy | [Website] | Penetration test platform: vulnerability database and reporting | Paid | False | ||
Cervantes | [Website] | [Source] | Collaborative penetration test, vulnerability database and reporting platform | CSharp | Free | False |
CTFNote | [Source] | Collaborative platform for CTF teams, event planning, credentials sharing, tasks management, notes taking | JavaScript | Free | False | |
DART | [Source] | Documentation And Reporting Tool; Collaborative penetration test and vulnerability database platform | Python | Free | False | |
DefectDojo | [Website] | [Source] | Vulnerability management application built for DevOps and continuous security integration | Python | Free | False |
Dradis CE | [Website] | [Source] | Collaborative penetration test, vulnerability database and reporting platform; Community edition | Ruby | Free | False |
Dradis Pro | [Website] | Collaborative penetration test, vulnerability database and reporting platform; Pro edition | Ruby | Paid | False | |
Echidna | [Source] | Collaborative penetration test platform; terminal sharing, target information extraction, command suggestion, exploit searching, chatting, graph visualization | JavaScript | Free | False | |
envizon | [Website] | [Source] | Vulnerability management and reporting platform | Ruby | Free | False |
Faraday | [Website] | [Source] | Collaborative penetration test and reporting platform | Python | Paid | False |
Ghostwriter | [Website] | [Source] | Project management and reporting engine | Python | Free | False |
hackOx | [Source] | Modular web based pentesting interface designed to run on Raspberry Pi | PHP | Free | False | |
Hackuity | [Website] | Risk Based Vulnerablity Management platform | Paid | False | ||
Hive | [Website] | Collaborative penetration test and reporting platform | Paid | False | ||
Kvasir | [Source] | Pentest data management tool | Python | Free | False | |
Lair | [Website] | [Source] | Collaborative penetration test and vulnerability management framework | JavaScript | Free | False |
MISP | [Website] | [Source] | Malware Information Sharing Platform, an Open Source threat intelligence platform and open standards for threat information sharing | PHP | Free | False |
NightWriter | [Source] | Modern real-time collaborative editing tool secured by end-to-end encryption | Go | Free | False | |
OSCP Exam Report Template in Markdown | [Website] | [Source] | Markdown templates for OSCP exam report | Markdown | Free | False |
OWASP PenText | [Website] | [Source] | Collection of XML templates, XML schemas and XSLT code, to generate IT security documents including test reports, offers and invoices | Free | False | |
PatrOwl | [Website] | [Source] | Security operations orchestration and continuous threat management platform | Python | Free | False |
PeTeReport | [Source] | Collaborative penetration test, vulnerability database and reporting platform | Python | Free | False | |
Pentest Collaboration Framework | [Source] | Collaborative penetration test, vulnerability database and reporting platform | Python | Free | False | |
PentestPad | [Website] | Collaborative penetration test between team members and end-clients, vulnerability database and reporting platform | Paid | True | ||
PenTest.WS | [Website] | Collaborative penetration test, vulnerability database and reporting platform | Paid | False | ||
PlexTrac | [Website] | Collaborative penetration test reporting and vulnerability database platform | Paid | False | ||
Pollenisator | [Source] | Collaborative penetration test and reporting platform (DB + clients, no WebUI) | Python | Free | False | |
Prithvi | [Website] | [Source] | Report generation tool for pentester with provided OWASP data | JavaScript | Free | False |
PTART | [Source] | PenTests, Audits, and Reporting Tool; Collaborative penetration test, vulnerability database and reporting platform; fork of Sh00t | Python | Free | False | |
PurpleOps | [Website] | [Source] | Self-hosted purple team management web application | Python | Free | False |
PwnDoc | [Website] | [Source] | Collaborative penetration test reporting platform | JavaScript | Free | False |
PwnDoc-ng | [Website] | [Source] | Collaborative penetration test reporting platform; fork and improvement of PwnDoc | JavaScript | Free | False |
Reconmap | [Website] | Penetration test planning, automation and reporting | PHP | Paid | False | |
Reporter | [Website] | Collaborative penetration test reporting platform | Paid | True | ||
Serpico | [Source] | SimplE RePort wrIting and CollaboratiOn tool, penetration testing report generation and collaboration tool | Ruby | Free | False | |
Serpico-NG | [Source] | SimplE RePort wrIting and CollaboratiOn tool NEXT-GENERATION, penetration testing report generation and collaboration tool, fork of Serpico | Ruby | Free | False | |
Sh00t | [Source] | Pentesting platform with dynamic task manager, checklists, bug template & bug report | Python | Free | False | |
Smersh | [Website] | [Source] | Pentest oriented collaborative tool used to track the progress of your company's engagements and generate reports | PHP | Free | False |
SwiftnessX | [Source] | Cross-platform note-taking and target-tracking app for penetration testers | JavaScript | Free | False | |
SysReptor | [Website] | [Source] | Collaborative penetration test, vulnerability database and reporting platform; supports findings in markdown, customized reports in HTML and VueJS, rendering to PDF, MFA, note-taking, data encryption, SSO | Python | Free | False |
vcr | [Source] | Vulnerability Compliance Report; parse Nessus CIS benchmark scan files and generate HTML reports | PowerShell | Free | False | |
vuldash | [Website] | [Source] | Vulnerability Dashboard; vulnerability database, project management and report generation | PHP | Free | False |
VULNREPO | [Website] | [Source] | Vulnerability report generator | JavaScript | Free | False |
Vulnreport | [Website] | [Source] | Pentesting management and automation platform | Ruby | Free | False |
WriteHat | [Website] | [Source] | Collaborative penetration test reporting platform | Python | Free | False |
ZinnoX Reporting Tool | [Website] | ZRT; project management, vulnerability management and pentest report creation application | Paid | False |
Configuration Audit
Name | Website | Source | Description | Programming language | Price | Online |
---|---|---|---|---|---|---|
CIS CAT Lite | [Website] | Asses systems against CIS Benchmarks | Free | False | ||
CIS CAT Pro | [Website] | Asses systems against CIS Benchmarks | Paid | False | ||
Iniscan | [Source] | php.ini scanner for security best practices | PHP | Free | False | |
Local PHP Security Checker | [Source] | CLI tool that checks if your PHP application depends on PHP packages with known security vulnerabilities | PHP | Free | False | |
Lynis | [Website] | [Source] | Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional. | Shell | Free | False |
Master librarian | [Source] | Audit Unix/*BSD/Linux system libraries to find public security vulnerabilities | Python | Free | False | |
Nipper Studio | [Website] | Tool that parse router, switch, firewall configuration to discover vulnerabilities | Paid | False | ||
Nipper-ng | [Source] | Tool that parse router, switch, firewall configuration to discover vulnerabilities | CPlusPlus | Free | False | |
pcc | [Source] | PHP Secure Configuration Checker; parse php.ini to find security misconfiguration | PHP | Free | False | |
PingCastle | [Website] | [Source] | Assess the Active Directory security level with a methodology based on risk assessment | CSharp | Paid | False |
YASAT | [Source] | TYet Another Stupid Audit Tool; check general Linux system and common softwares configuration | Shell | Free | False |
Cracking
Name | Website | Source | Description | Programming language | Price | Online |
---|---|---|---|---|---|---|
bkcrack | [Source] | Crack legacy zip encryption with Biham and Kocher's known plaintext attack | CPlusPlus | Free | False | |
BEWGor | [Source] | Bull's Eye Wordlist Generator, password wordlist generator based on target information | Python | Free | False | |
Bopscrk | [Source] | Before Outset PaSsword CRacKing, password wordlist generator with exclusive features like lyrics based mode | Python | Free | False | |
CeWL | [Source] | Custom wordlist generator based on website crawling | Ruby | Free | False | |
ComPP | [Source] | Company Passwords Profiler helps making a bruteforce wordlist for a targeted company | Python | Free | False | |
cook | [Source] | Wordlist generator: create permutations and combinations of words with predefined sets of extensions, words and patterns/function to create complex endpoints, wordlists and passwords | Go | Free | False | |
Cracken | [Source] | Password wordlist generator, Smartlist creation and password hybrid-mask | Rust | Free | False | |
CrackerJack | [Website] | [Source] | Hashcat WebUI; session management, mask generation, API, notifications, local and LDAP authentication | Python | Free | False |
Cracklord | [Website] | [Source] | Scalable, pluggable, and distributed system for hash cracking, supports Hashcat | Go | Free | False |
CrackQ | [Source] | Hashcat cracking queue system, API and WebUI | Python | Free | False | |
crackpkcs12 | [Source] | Multithreaded program to crack PKCS#12 files (p12 and pfx extensions) | C | Free | False | |
CrackStation | [Website] | [Source] | Pre-computed lookup tables to crack password hashes | PHP | Free | True |
crunch | [Source] | Wordlist generator | C | Free | False | |
CUPP | [Source] | Common User Passwords Profiler, wordlist generator based on user profiling | Python | Free | False | |
Duplicut | [Source] | Remove duplicates from massive wordlist, without sorting it (for dictionary-based password cracking) | C | Free | False | |
elpscrk | [Source] | Wordlist generator based on user profiling | Python | Free | False | |
Fitcrack | [Website] | [Source] | Hashcat-based distributed password cracking system with WebUI | C | Free | False |
GAU | [Source] | Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, Common Crawl, and URLScan for any given domain | Go | Free | False | |
GeoWordlists | [Source] | Generate wordlists of passwords containing cities at a defined distance around the client city | Python | Free | False | |
GoCrack | [Source] | Management frontend for hash cracking tools, supporting hashcat | Go | Free | False | |
graphcat | [Source] | Generate graphs and charts based on password cracking results; supports hashcat and john the ripper potfile as well as ntds file | Python | Free | False | |
Hashcat | [Website] | [Source] | Hash cracking tool | C | Free | False |
hashcobra | [Source] | Hash cracking tool using rainbow tables | CPlusPlus | Free | False | |
HashKitty | [Source] | Web interface for Hashcat | TypeScript | Free | False | |
Hashpass | [Source] | Hashcat WebUI; queuing, local authentication, SMS and email notifications, map integration | Ruby | Free | False | |
Hashtopolis | [Source] | Hashcat wrapper for distributed hashcracking | PHP | Free | False | |
Hashview | [Website] | [Source] | Web-UI for managing, organizing, automating Hashcat commands/tasks | Python | Free | False |
John The Ripper | [Website] | Hash cracking tool | C | Free | False | |
John the Ripper, Jumbo version | [Website] | [Source] | Hash cracking tool, community-enhanced version of John The Ripper | C | Free | False |
johnny | [Website] | [Source] | GUI frontend to John the Ripper | CPlusPlus | Free | False |
kh2hc | [Website] | [Source] | Convert OpenSSH known_hosts file hashed with HashKnownHosts to hashes crackable by Hashcat | Ruby | Free | False |
Kraken | [Source] | Hashcat-based distributed password cracking system with WebUI; has a desktop client in addition | Java | Free | False | |
Kraker | [Source] | Distributed password brute-force system, supports Hashcat | PHP | Free | False | |
longtongue | [Source] | Password wordlist generator based on target information | Python | Free | False | |
lyricpass | [Source] | Tool to generate wordlists based on lyrics | Python | Free | False | |
Mentalist | [Source] | Graphical tool for custom wordlist generation, can output rules compatible with Hashcat and John the Ripper | Python | Free | False | |
Narthex | [Website] | [Source] | Modular personalized dictionary generator | C | Free | False |
npk | [Source] | Distributed hash cracking platform meant to be deployed on AWS (Cognito, DynamoDB, S3) so you pay only when you have a task running | JavaScript | Free | False | |
NTLM to password | [Website] | NTLM hash lookup table, billions of passwords indexed | Free | True | ||
Ophcrack | [Website] | [Source] | Windows hash cracker based on rainbow tables | Free | False | |
PACK | [Source] | A collection of utilities developed to aid in analysis of password lists in order to enhance password cracking through pattern detection of masks, rules, character-sets and other password characteristics | Python | Free | False | |
pnwgen | [Source] | Phone number wordlist generator | Python | Free | False | |
PowerSniper | [Source] | Password spraying script and helper for creating password lists | PowerShell | Free | False | |
pydictor | [Source] | Multi-method password wordlist generator | Python | Free | False | |
RubyHashcat | [Website] | [Source] | Command line wrapper, library, and REST API for oclHashcat | Ruby | Free | False |
rulesfinder | [Source] | Machine-learn password mangling rules; finds efficient password mangling rules (for John the Ripper or Hashcat) for a given dictionary and a list of passwords | Rust | Free | False | |
Spraygen | [Source] | Permutation-based password list generator | Python | Free | False | |
TTPassGen | [Source] | Flexible and scriptable password dictionary/wordlist generator | Python | Free | False | |
Wavecrack | [Source] | Hashcat WebUI; asynchronous task, chain tasks, statistics, export, segregation, local and LDAP authentication | Python | Free | False | |
WebHashcat | [Source] | Hashcat WebUI with distributed cracking sessions and analytics | Python | Free | False | |
WOG | [Website] | [Source] | Weakpass rule-based online generator; generates a wordlist based on a set of words entered by the user | JavaScript | Free | True |
wordlist.rb | [Source] | Library for reading, combining, manipulating, and building wordlists, efficiently | Ruby | Free | False | |
wordlistctl | [Source] | Fetch, install and search wordlist archives from websites and torrent peers | Python | Free | False | |
wordlistgen | [Source] | Generate context-specific wordlists for content discovery from lists of URLs or paths | Go | Free | False |
Crisis Management
Name | Website | Source | Description | Programming language | Price | Online |
---|---|---|---|---|---|---|
Codechella Crisis Response | [Source] | An application curated to crisis zones to facilitate the dissemination of accurate mission-critical information from sources on the ground to key partners with minimal lag time | Python | Free | False | |
Enki | [Source] | Crisis management platform | Python | Free | False | |
NTU Crysis | [Source] | Crisis management web application / project for software systems analysis and design | JavaScript | Free | False | |
OpenEx | [Source] | Platform allowing organizations to plan, schedule and conduct crisis exercises | JavaScript | Free | False | |
OASIS EMF | [Website] | [Source] | A reference implementation and toolkit for enabling standardized emergency information exchange using the OASIS Emergency Data Exchange Language (EDXL) | Free | False |
Cryptography
Name | Website | Source | Description | Programming language | Price | Online |
---|---|---|---|---|---|---|
c7decrypt | [Source] | Cisco password type-7 encryptor and decryptor | Ruby | Free | False | |
Cipher Suite Info | [Website] | [Source] | A searchable directory of TLS ciphersuites and related security details | Python | Free | True |
crypto-condor | [Website] | [Source] | Compliance testing of implementations of cryptographic primitives | Python | Free | False |
CryptoGuard | [Source] | Program analysis tool to find cryptographic misuse in Java and Android | Java | Free | False | |
crypto-identifier | [Source] | Tool that try to identify what cipher is used and uncipher the data | Python | Free | False | |
Crypton | [Source] | Library consisting of explanation and implementation of all the existing attacks on various Encryption Systems, Digital Signatures, Hashing Algorithms along with example challenges from CTFs | Python | Free | False | |
CRYPTOREX | [Source] | Large-scale firmware analysis of cryptographic misuse in IoT devices; supports ARM, MIPS, MIPSel architetures | Python | Free | False | |
Cryscanner | [Source] | Identify misuse of cryptographic libraries by collecting and analysing logs | Python | Free | False | |
Dcode | [Website] | Code and decode all kind of checksums, algorithms, codes or ciphers | Free | True | ||
FeatherDuster | [Source] | Cryptanalysis tool and library | Python | Free | False | |
Haiti | [Website] | [Source] | Hash type identifier (CLI & lib) | Ruby | Free | False |
hashID | [Source] | Identify the different types of hashes | Python | Free | False | |
houndsniff | [Website] | [Source] | Identify the different types of hashes | C | Free | False |
JWT-Key-Recovery | [Source] | Recover the public key used to sign JWT tokens | Python | Free | False | |
PkCrack | [Website] | Tool for breaking PkZip encryption | Free | False | ||
RsaCtfTool | [Source] | Tool to conduct manual or automated attack on RSA | Python | Free | False | |
RSATool | [Source] | Tool to calculate RSA parameters | Python | Free | False | |
RSHack | [Source] | RSA attack and key manipulation tool | Free | False | ||
XORTool | [Source] | Tool to analyze multi-byte xor cipher | Python | Free | False |
Defensive
Name | Website | Source | Description | Programming language | Price | Online |
---|---|---|---|---|---|---|
AnoMark | [Source] | Statistical learning algorithm to create a model on the command lines of the Process Creation events on Windows, in order to detect anomalies in future events | Python | Free | False | |
BlueHound | [Source] | Helps blue teams pinpoint the security issues that actually matter by combining information about user permissions, network access and unpatched vulnerabilities, to reveal the paths attackers would take if they were inside the network | TypeScript | Free | False | |
DARKSURGEON | [Source] | Windows project to empower incident response, digital forensics, malware analysis, and network defense with HashiCorp Packer and Vagrant | PowerShell | Free | False | |
Deming | [Source] | Management tool for the information security management system (ISMS); manage, plan, track and report the effectiveness of security controls | PHP | Free | False | |
DenyLocker | [Source] | Make the creation and maintenance of Applocker rules in blacklist mode easy and practical | PowerShell | Free | False | |
driftctl | [Source] | Measures infrastructure as code coverage, and tracks infrastructure drift | Go | Free | False | |
FalconHound | [Source] | Plug BloodHound with a SIEM or other log aggregation | Go | Free | False | |
GraphQL Armor | [Source] | GraphQL security layer for Apollo and Yoga / Envelop servers | TypeScript | Free | False | |
Have I Been Squatted? - Twistr | [Website] | [Source] | Generate all permutations of a domain which are enriched for typosquatting detection | Rust | Free | True |
Imagemagick Security Policy Evaluator | [Website] | [Source] | Allows developers and security experts to check if an Imagemagick XML Security Policy is hardened against a wide set of malicious attacks | JavaScript | Free | True |
libiris | [Source] | Cross-platform sandboxing library | Rust | Free | False | |
Mercator | [Source] | Web application to manage the mapping of an information system as described in the Mapping The Information System Guide of the ANSSI | PHP | Free | False | |
Pandora | [Website] | [Source] | Analysis framework that discovers if a file is suspicious and conveniently show the results | Python | Free | True |
Pandora-box | [Source] | Detect and remove malware from USB disks (based on Pandora) | Shell | Free | False | |
Santa | [Source] | Binary authorization system for macOS | ObjC | Free | False | |
usbsas | [Source] | Tool and framework for securely reading untrusted USB mass storage devices | Rust | Free | False | |
Wazuh | [Website] | [Source] | Security monitoring solution for threat detection, integrity monitoring, incident response and compliance; unified XDR and SIEM protection for endpoints and cloud workloads | C | Free | False |
WHIDS | [Source] | EDR for Windows | Go | Free | False |
Digital Forensics
Name | Website | Source | Description | Programming language | Price | Online |
---|---|---|---|---|---|---|
Andriller | [Source] | Software utility with a collection of forensic tools for smartphones; performs read-only, non-destructive acquisition | Python | Free | False | |
Cerbero Profiler | [Website] | File analyzer and inspector | Paid | False | ||
ds_store_exp | [Source] | Extract files from .DS_Store recursively | Python | Free | False | |
EML analyzer | [Website] | [Source] | Analyze EML files: headers, bodies, attachments; extract IOCs; identify suspicious attachments | Python | Free | False |
ExifTool | [Website] | [Source] | Library and CLI tool for reading, writing and editing metadata for a lot of file types | Perl | Free | False |
extundelete | [Website] | [Source] | Tool to recover deleted files from an ext3 or ext4 partition | Free | False | |
Fibratus | [Source] | Tool for exploration and tracing of the Windows kernel | Python | Free | False | |
Foremost | [Website] | [Source] | CLI tool to recover files based on their headers, footers, and internal data structures | Free | False | |
ForensicMiner | [Source] | DFIR automation for collecting and analyzing evidence | PowerShell | Free | False | |
FTK Imager | [Website] | Investigate electronic devices; full disk imaging capabilities: preview and image hard drives from Windows and Linux computers, CDs, DVDs, thumb drives, and other USB; forensic image mounting: mount an image for a read-only view that leverages file explorer; preview data; RAM capture | Paid | False | ||
Live Forensicator | [Source] | Assist forensic investigators and incidence responders in carrying out a quick live forensic investigation | PowerShell | Free | False | |
MVT | [Website] | [Source] | Mobile Verification Toolkit; collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices | Python | Free | False |
rekall | [Website] | [Source] | Volatile memory extraction utility | Python | Free | False |
rekall (Fireeye fork) | [Source] | Fork of rekall with support for Windows 10 memory compression | Python | Free | False | |
ResourcesExtract | [Website] | Scans dll/ocx/exe files and extract all resources found, Windows only | Free | False | ||
shellbags | [Source] | Shellbag parser (Windows Registry Keys) | Python | Free | False | |
Tracee | [Website] | [Source] | Linux runtime observability and forensics using eBPF to tap into the system and expose information as events that can be consumed | Go | Free | False |
Velociraptor | [Website] | [Source] | Endpoint visibility and collection tool | Go | Free | False |
volatility | [Website] | [Source] | Volatile memory extraction utility | Python | Free | False |
volatility (Fireeye fork) | [Source] | Fork of volatility with support for Windows 10 memory compression | Python | Free | False |
Hardware
Name | Website | Source | Description | Programming language | Price | Online |
---|---|---|---|---|---|---|
ChipWhisperer | [Website] | [Source] | Toolchain for side-channel power analysis and glitching attacks | C | Free | False |
SmmBackdoorNg | [Source] | System Management Mode (SMM) backdoor for UEFI based platforms | Python | Free | False |
Honeypot and Decoy
Name | Website | Source | Description | Programming language | Price | Online |
---|---|---|---|---|---|---|
broneypote | [Source] | Honeypot | Python | Free | False | |
Canarytokens | [Website] | [Source] | Quickly deployable honeypot with docker image, the online service allows to get alerted by email for URL token, DNS token, unique email address, custom image, MS word doc., Acrobat Reader PDF doc., and more | Python | Free | True |
DejaVU | [Source] | Deception framework which can be used to deploy decoys across the infrastructure | PHP | Free | False | |
Galah | [Source] | LLM-powered web honeypot using the OpenAI API | Go | Free | False | |
pypotomux | [Source] | Protocol demuxed honeypot and wordlists collected from it | Python | Free | False |
Incident Response
Name | Website | Source | Description | Programming language | Price | Online |
---|---|---|---|---|---|---|
DFIR ORC | [Website] | [Source] | Forensics artefact collection tool for systems running Microsoft Windows | CPlusPlus | Free | False |
DFIRTrack | [Source] | Incident response tracking web application, focused on handling one major incident with a lot of affected systems | Python | Free | False | |
Fenrir | [Source] | IOC scanner | Shell | Free | False | |
IntelMQ | [Source] | Solution for collecting and processing security feeds using a message queuing protocol | Python | Free | False | |
IRIS | [Website] | [Source] | Collaborative platform aiming to help incident responders sharing technical details during investigations | Python | Free | False |
Loki | [Source] | IOC scanner | Python | Free | False | |
Munin | [Source] | Online hash checker for Virustotal and other services | Python | Free | False | |
Osquery | [Website] | [Source] | Uses SQL queries to monitor and analyze operating systems, providing endpoint visibility for security | CPlusPlus | Free | False |
SCOT | [Website] | [Source] | Sandia Cyber Omni Tracker; cyber security incident response management system and knowledge base | Perl | Free | False |
Sigma | [Source] | Generic signature format for SIEM systems | Python | Free | False | |
ThreatHound | [Source] | Windows event log file viewer and analyser | Python | Free | False | |
uncoder.io | [Source] | Translate sigma rules into various SIEM, EDR, and XDR formats | Free | True | ||
YARA | [Website] | [Source] | Pattern matching helping malware researchers to identify and classify malware samples | C | Free | False |
yarAnalyzer | [Source] | Creates statistics on a yara rule set and files in a sample directory | Python | Free | False | |
Yara Toolkit | [Website] | Yara rules editor, generator, scanner | Python | Free | True | |
yarGen | [Source] | YARA rules generator | Python | Free | False | |
YAYA | [Source] | Yet Another Yara Automaton; automatically curate open source yara rules and run scans | Go | Free | False |
Intentionally Vulnerable Applications
Name | Website | Source | Description | Programming language | Price | Online |
---|---|---|---|---|---|---|
Bodhi | [Source] | Client-side vulnerability playground, CTF style application, a bot program which simulates the real-world victim | Python | Free | False | |
Bust-A-Kube | [Website] | Intentionally-vulnerable Kubernetes cluster, intended to help people self-train on attacking and defending Kubernetes clusters | PHP | Free | False | |
bWAPP | [Website] | [Source] | Buggy Web Application, insecure webapp for security trainings | PHP | Free | False |
DVIA | [Website] | [Source] | Damn Vulnerable iOS App, insecure webapp for mobile security trainings | Swift | Free | False |
DVGA | [Source] | Damn Vulnerable GraphQL Application, insecure webapp for GraphQL security trainings | Python | Free | False | |
DVWA | [Website] | [Source] | Damn Vulnerable Web Application, insecure webapp for security trainings | PHP | Free | False |
Google Gruyere | [Website] | [Source] | Codelab for white-box and black-box hacking | Python | Free | True |
Hackazon | [Source] | Intentionally vulnerable web shopping application using modern technologies and containing configurable areas | PHP | Free | False | |
Metasploitable | [Source] | VM that is built from the ground up with a large amount of security vulnerabilities | Free | False | ||
OWASP Juice Shop | [Website] | [Source] | Insecure web application with >85 challenges; supports CTFs, custom themes, tutorial mode etc. | JavaScript | Free | False |
OWASP Mutillidae II | [Website] | [Source] | Intentionally vulnerable web-application containing some OWASP Top Ten vulnerabilities, with hints and switch for secure version of the code | PHP | Free | False |
OWASP WebGoat | [Website] | [Source] | Deliberately insecure web application to teach web application security lessons | Java | Free | False |
simulator | [Source] | Distributed systems and infrastructure simulator for attacking and debugging Kubernetes, creates a Kubernetes cluster in AWS and runs scenarios which misconfigure it or leave it vulnerable to compromise to train in mitigating against these vulnerabilities | Python | Free | False | |
VAmPI | [Source] | Vulnerable REST API with OWASP top 10 vulnerabilities for security testing | Python | Free | False | |
XVNA | [Source] | Extreme Vulnerable Node Application, insecure webapp for security trainings | JavaScript | Free | False |
Networking
Name | Website | Source | Description | Programming language | Price | Online |
---|---|---|---|---|---|---|
ActiveDirectoryEnumeration | [Source] | Enumerate AD through LDAP with a collection of helpfull scripts being bundled: ASREPRoasting, Kerberoasting, dump AD as BloodHound JSON files, searching GPOs in SYSVOL for cpassword and decrypting, run without creds | Python | Free | False | |
Adalanche | [Source] | Active Directory ACL visualizer and explorer; similar to BloodHound | Go | Free | False | |
ad-ldap-enum | [Source] | LDAP based Active Directory user and group enumeration tool | Python | Free | False | |
ADCSKiller | [Source] | ADCS exploitation automation by weaponizing Certipy and Coercer | Python | Free | False | |
ADenum | [Source] | Find misconfiguration through the LDAP protocol and exploit some weaknesses with kerberos | Python | Free | False | |
adfsbrute | [Source] | Test credentials against Active Directory Federation Services (ADFS), allowing password spraying or bruteforce attacks | Python | Free | False | |
adidnsdump | [Source] | Enumeration and exporting of all DNS records in ADIDNS domain or forest DNS zones | Python | Free | False | |
ADMiner | [Source] | Active Directory audit tool that extract data from Bloodhound to uncover security weaknesses and generate an HTML report | Python | Free | False | |
ADRecon | [Source] | Gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment | PowerShell | Free | False | |
archtorify | [Source] | Script for Arch Linux which use iptables settings to create a transparent proxy through Tor Network | Shell | Free | False | |
Arecibo | [Source] | Endpoint for Out-of-Band Exfiltration (DNS & HTTP) | Python | Free | False | |
arp-scan | [Source] | Discover hosts on your network using ARP requests | C | Free | False | |
ASNmap | [Source] | CLI and Library for quickly mapping organization network ranges using ASN information | Go | Free | False | |
beanshooter | [Source] | JMX enumeration and attacking; helps to identify common vulnerabilities on JMX endpoints | Java | Free | False | |
bettercap | [Website] | [Source] | MITM framework | Ruby | Free | False |
bettercap web UI | [Website] | [Source] | Web UI for bettercap | TypeScript | Free | False |
bloodyAD | [Source] | Active Directory privilege escalation framework | Python | Free | False | |
boofuzz | [Source] | Network protocol fuzzing framework | Python | Free | False | |
Boomerang | [Source] | Client/Server HTTP pivoting tool | Go | Free | False | |
bore | [Source] | Creates a TCP tunnel; exposing local ports to a remote server, bypassing standard NAT connection firewalls | Rust | Free | False | |
BruteSpray | [Source] | Takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa | Python | Free | False | |
BruteX | [Source] | Tool using nmap and hydra to automatically bruteforce network service accounts | Shell | Free | False | |
Carnivore | [Website] | [Source] | Assessment of on-premises Microsoft servers such as ADFS, Skype, Exchange, and RDWeb | CSharp | Free | False |
CapAnalysis | [Website] | [Source] | PCAP analyzer | C | Free | True |
Cerbrutus | [Source] | Network services credentials brute-forcer: SSH, FTP | Python | Free | False | |
Certipy | [Source] | Active Directory Certificate Services enumeration and exploitation | Python | Free | False | |
certsync | [Source] | Dump NTDS with golden certificates and UnPAC the hash | Python | Free | False | |
chisel | [Source] | Fast TCP tunneling over HTTP secured by SSH | Go | Free | False | |
CloudShark | [Website] | PCAP analyzer | Paid | True | ||
Coercer | [Source] | Coerce a Windows server to authenticate on an arbitrary machine through 12 methods | Python | Free | False | |
ConPass | [Source] | Password spraying in Active Directory checking the default domain password policy as well as PSO and the badpwdcount LDAP attribute to avoid account locking | Python | Free | False | |
CrackMapExec | [Source] | Post-exploitation tool to assess Active Directory networks | Python | Free | False | |
DC Detector | [Source] | Spot all domain controllers in a Microsoft Active Directory environment, find computer name, FQDN, and IP address(es) of all DCs | Ruby | Free | False | |
DnsFookup | [Source] | Create DNS request collector and inspector | Python | Free | False | |
DNS Rebinding Tool | [Website] | [Source] | Toolkit to test further DNS rebinding attacks | JavaScript | Free | True |
Evil-WinRM | [Source] | Enhanced WinRM shell | Ruby | Free | False | |
evilginx2 | [Source] | Man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication | Go | Free | False | |
Garfield | [Source] | Attack framework for distributed systems | Python | Free | False | |
Girsh | [Source] | Detect the OS and execute the correct commands to upgrade it to a full interactive reverse shell | Go | Free | False | |
Go-RouterSocks | [Source] | Socks proxy router to handle multi-clients on the same port | Go | Free | False | |
go-secdump | [Source] | Remotely dump secrets from the Windows registry (SAM hive, LSA secrets, SECURITY hive) | Go | Free | False | |
GoldenCopy | [Source] | Copy the properties and groups of a user from neo4j (bloodhound) to create an identical golden ticket | Python | Free | False | |
GoMapEnum | [Source] | User enumeration and password bruteforce on Azure, ADFS, OWA, O365 and gather emails on Linkedin | Go | Free | False | |
goddi | [Source] | Active Directory domain information dumper | Go | Free | False | |
Group3r | [Source] | Enumerate relevant settings in AD Group Policy, identify exploitable misconfigurations | CSharp | Free | False | |
HASSH | [Source] | Network fingerprinting standard which can be used to identify specific client and server SSH implementations | Python | Free | False | |
HEKATOMB | [Source] | Retrieve all computers and users informations from AD LDAP; download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them | Python | Free | False | |
HellRaiser | [Source] | Scan with nmap to correlate CPE's found with cve-search to enumerate vulnerabilities | Ruby | Free | False | |
HivExcavator | [Source] | Extracting the contents of Microsoft Windows Registry (hive) and display it as a colorful tree but mainly focused on parsing BCD files to extract WIM files path for PXE attacks | Ruby | Free | False | |
hoaxshell | [Source] | Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell | Python | Free | False | |
HTTPRebind | [Source] | Automatic DNS rebinding-based SSRF attacks | Python | Free | False | |
Hydra | [Website] | [Source] | Network login cracker | C | Free | False |
Ica2Tcp | [Source] | SOCKS proxy for Citrix | C | Free | False | |
ImproHound | [Source] | Identify the attack paths in BloodHound breaking AD tiering | CSharp | Free | False | |
Jaqen | [Source] | Abstracts away the complex steps required to perform a DNS rebind and exposes a HTML5 Fetch interface which transparently triggers a DNS rebind | Go | Free | False | |
kalitorify | [Source] | Script for Kali Linux which use iptables settings to create a transparent proxy through Tor Network | Shell | Free | False | |
Kerbrute | [Source] | Bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication | Go | Free | False | |
KRBJack | [Source] | DNS dynamic update abuse in ADIDNS via DSPROPERTY_ZONE_ALLOW_UPDATE set to ZONE_UPDATE_UNSECURE combined with MitM attack using Kerberos AP-REQ hijacking | Python | Free | False | |
Krbrelayx | [Website] | [Source] | Toolkit for abusing unconstrained delegation | Python | Free | False |
KubeHound | [Source] | Kubernetes attack graph tool allowing automated calculation of attack paths between assets in a cluster | Go | Free | False | |
LDAPmonitor | [Source] | Monitor creation, deletion and changes to LDAP objects live during pentest or system administration | Python | Free | False | |
ldeep | [Source] | Active Directory LDAP enumeration utility | Python | Free | False | |
Legba | [Source] | Multiprotocol credentials bruteforcer, password sprayer and enumerator | Rust | Free | False | |
Ligolo | [Source] | Pivot / reverse tunneling tool with SOCKS5 and TCP tunnel support | Go | Free | False | |
Ligolo-ng | [Source] | Pivoting via TCP/TLS reverse tunneling with TUN interface | Go | Free | False | |
linWinPwn | [Source] | Script that automates a number of Active Directory enumeration and vulnerability checks | Python | Free | False | |
Locksmith | [Source] | Find and fix common misconfigurations in AD CS | PowerShell | Free | False | |
lsassy | [Source] | CLI tool and library to extract credentials from lsass remotely | Python | Free | False | |
Mail.Rip V2 | [Source] | SMTP credentials bruteforcer / checker | Python | Free | False | |
Malifar | [Source] | GPU-accelerated NSEC3 zone dumper | Python | Free | False | |
MAN-SPIDER | [Source] | Crawl SMB shares for juicy information; supports file content searching and regex | Python | Free | False | |
Masscan | [Source] | Port scanner for massive networks | C | Free | False | |
Medusa | [Website] | [Source] | Network login cracker | C | Free | False |
Medusa-gui | [Source] | GUI for Medusa | Java | Free | False | |
modifyCertTemplate | [Website] | [Source] | Aid operators in modifying ADCS certificate templates so that a created vulnerable state can be leveraged for privilege escalation | Python | Free | False |
MSSQLRelay | [Website] | [Source] | MSSQL relay audit and abuse | Python | Free | False |
naabu | [Website] | [Source] | Port scanner with a focus on reliability and simplicity | Go | Free | False |
ncat | [Website] | [Source] | Improved reimplementation of Netcat by nmap team; Supports TCP and UDP, IPv4 and IPv6, SSL, proxy (HTTP and SOCKS4) | C | Free | False |
Ncrack | [Website] | [Source] | Reliable and adaptative network login cracker supporting a large number of protocols | CPlusPlus | Free | False |
nemesis | [Website] | [Source] | Packet manipulation CLI tool; craft and inject packets of several protocols | Python | Free | False |
NetExec | [Website] | [Source] | Windows / Active Directory environments pentest; fork of CrackMapExec | Python | Free | False |
Netfort Free Cloud Based PCAP Analysis | [Website] | PCAP analyzer; needs registration | Free | True | ||
NetworkMiner | [Website] | Network sniffer/packet capturing tool | Free | False | ||
NetworkTotal | [Website] | PCAP analyzer; using Suricata | Free | True | ||
ngocok | [Source] | ngrok collaborator link | Go | Free | False | |
Nipe | [Source] | Script to make TOR as default gateway | Perl | Free | False | |
Nmap | [Website] | [Source] | Tool for network discovery and security auditing | C | Free | False |
nmap-parse-output | [Source] | Converts / manipulates / extracts data from a nmap scan output | Shell | Free | False | |
NMapGUI | [Source] | Advanced GUI for Nmap | Java | Free | False | |
Nozzlr | [Source] | Multithreaded and modular bruteforce framework with network templates | Python | Free | False | |
nsec3map | [Source] | NSEC/NSEC3 zone dumper | Python | Free | False | |
ntlm_theft | [Source] | Generate multiple types of NTLMv2 hash theft files | Python | Free | False | |
onesixtyone | [Source] | SNMP scanner | C | Free | False | |
OOB-Server | [Source] | Bind9 DNS server for pentesters to use for Out-of-Band vulnerabilities | Shell | Free | False | |
owabrute | [Source] | Hydra wrapper for bruteforcing Microsoft Outlook Web Application | Shell | Free | False | |
PacketFu | [Source] | Packet manipulation library; forge, send, decode, capture packets of a wide number of protocols | Ruby | Free | False | |
PacketTotal | [Website] | PCAP analyzer; using Bro (Zeek), Suricata and Elasticsearch | Free | True | ||
PacketWhisper | [Source] | Stealthy Data exfiltration via DNS, without the need for attacker-controlled Name Servers or domain | Python | Free | False | |
Patator | [Source] | Multi-protocol bruteforce tool | Python | Free | False | |
PKINIT tools | [Source] | Kerberos PKINIT and relaying to AD CS | Python | Free | False | |
polarbearscan | [Website] | [Source] | Port scanner and banner grabber | C | Free | False |
PolarDNS | [Source] | Specialized authoritative DNS server suitable for penetration testing and vulnerability research | Python | Free | False | |
Polymorph | [Source] | Real-time network packet manipulation framework | Python | Free | False | |
PowerHuntShares | [Source] | Audit script to inventory, analyze, and report excessive privileges assigned to SMB shares on Active Directory domain joined computers | PowerShell | Free | False | |
PSPKIAudit | [Source] | AD CS auditing based on the PSPKI toolkit | PowerShell | Free | False | |
pty4all | [Source] | Persistent multi reverse shell handler | Shell | Free | False | |
pwncat | [Website] | [Source] | Sophisticated bind and reverse shell handler with many features as well as a drop-in replacement or compatible complement to netcat, ncat or socat | Python | Free | False |
pwncat-caleb | [Website] | [Source] | Fancy reverse and bind shell handler, can perform automated actions on the remote host including enumeration, implant installation and privilege escalation; attempt to spawn a pseudoterminal (pty) for a full interactive session | Python | Free | False |
pyGPOAbuse | [Source] | Partial python implementation of SharpGPOAbuse; modify an existing GPO by creating an immediate scheduled task as SYSTEM on the remote computer for computer GPO or logged in user for user GPO | Python | Free | False | |
pywerview | [Source] | A partial Python rewriting of PowerSploit's PowerView | Python | Free | False | |
PyWhisker | [Source] | Persistent and stealthy backdooring of user and computer Active Directory objects | Python | Free | False | |
PyWSUS | [Website] | [Source] | WSUS server designed to send malicious responses to clients | Python | Free | False |
rbndr | [Source] | Server for testing software against DNS rebinding vulnerabilities | C | Free | False | |
rdp-sec-check | [Source] | Script to enumerate security settings of an RDP Service | Perl | Free | False | |
reGeorg | [Source] | SOCKS proxies through the DMZ for pivoting | Python | Free | False | |
Responder | [Source] | LLMNR, NBT-NS and MDNS poisoner to intercept authentication requests/answers | Python | Free | False | |
Rebind | [Source] | Implements multiple A record DNS rebinding attack | Free | False | ||
RMIScout | [Website] | [Source] | Enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities through wordlist and bruteforce strategies | Java | Free | False |
RouterSploit | [Source] | Exploitation framework for embedded devices: exploits, default credentials, scanners, payloads | Python | Free | False | |
Rubeus | [Source] | Kerberos interaction and abuses | CSharp | Free | False | |
ruby-nmap | [Source] | Library for nmap, allows automating nmap and parsing nmap XML files | Ruby | Free | False | |
Rustcat | [Website] | [Source] | Port and reverse shell listener; less features than ncat, pwncat, pwncat-caleb but has command history | Rust | Free | False |
RustHound | [Website] | [Source] | Active Directory data collector for BloodHound | Rust | Free | False |
sandmap | [Website] | [Source] | Metasploit-like CLI interface for Nmap Script Engine (NSE) | Shell | Free | False |
Scapy | [Website] | [Source] | Packet manipulation library; forge, send, decode, capture packets of a wide number of protocols | Python | Free | False |
SCCMHunter | [Source] | Streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain | Python | Free | False | |
SELKS | [Website] | [Source] | IDS / IPS / NSM Debian distribution based on Suricata | Free | False | |
Seth | [Source] | RDP MitM tool | Python | Free | False | |
Shovel | [Source] | Traffic analyser; web interface to explore Suricata EVE outputs | Python | Free | False | |
SilentHound | [Source] | Quietly enumerates an Active Directory Domain via LDAP parsing users, admins, groups | Python | Free | False | |
SiLK | [Website] | System for Internet-Level Knowledge; collection of traffic analysis tools developed to facilitate security analysis of large networks | Free | False | ||
Singularity | [Website] | [Source] | DNS rebinding attack framework | Go | Free | False |
sJET | [Source] | JMX Exploitation Toolkit | Python | Free | False | |
smbclient-ng | [Source] | SMB shares interaction | Python | Free | False | |
Snaffler | [Source] | Find credentials and valuable information from windows active directory environments (shares, files) | CSharp | Free | False | |
SNMP Brute | [Source] | SNMP brute force, enumeration, CISCO config downloader and password cracking script | Python | Free | False | |
snmpbw.pl | [Source] | Multithreaded script for bulk walking targeted host systems for SNMP data | Perl | Free | False | |
Snort | [Website] | [Source] | Intrusion detection system that monitors network traffic for suspicious activities and threats | C | Free | False |
SprayHound | [Source] | Password spraying in Active Directory checking the default domain password policy and the badpwdcount LDAP attribute to avoid account locking, set pwned users as owned in Bloodhound and detect path to Domain Admins | Python | Free | False | |
ssh-audit | [Website] | [Source] | SSH scanner that detects protocol, version, grab banner, recognize software and operating system, output algorithm information and recommendations | Python | Free | False |
sshame | [Source] | Brute force SSH public-key authentication interactively | Python | Free | False | |
Sshimpanzee | [Website] | [Source] | Builds a static reverse SSH server for pivoting; supports HTTP and SOCKS5 proxies, DNS and ICMP tunnelling, HTTP encapsulation | Python | Free | False |
Suricata | [Website] | [Source] | Intrusion detection system and intrusion prevention system for network analysis and threat detection | C | Free | False |
Suricata Language Server | [Website] | [Source] | Implementation of the Language Server Protocol for Suricata signatures; real-time rule syntax checking and auto-completion | Python | Free | False |
Tsunami | [Source] | Network security scanner with an extensible plugin system | Java | Free | False | |
Turner | [Source] | Tunnels HTTP over a permissive/open TURN server; supports HTTP and SOCKS5 proxy | Go | Free | False | |
WebMap v1 | [Source] | A web dashboard for nmap XML report | Python | Free | False | |
WebMap v2 | [Source] | A web dashboard for nmap XML report | Python | Free | False | |
Whonow | [Source] | DNS Server for executing DNS Rebinding attacks | JavaScript | Free | False | |
windapsearch | [Source] | Script to enumerate users, groups and computers from a Windows domain through LDAP queries | Python | Free | False | |
Wireshark | [Website] | [Source] | Network protocol analyzer | CPlusPlus | Free | False |
WireSocks | [Source] | WireGuard socks proxy for pentest pivoting | Shell | Free | False | |
Whisker | [Source] | Take over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding Shadow Credentials to the target account | CSharp | Free | False | |
wmiexec-Pro | [Source] | Perform different ways of command execution via WMI protocol (port 135) for AV evasion | Python | Free | False | |
XFLTReaT | [Source] | Tunnelling framework; supports TCP, UDP, ICMP, SOCKS, HTTP, SCTP, WebSocket, RDP | Python | Free | False | |
Xprobe2 | [Source] | Remote active operating system fingerprinting | CPlusPlus | Free | False | |
yersinia | [Source] | Framework for layer 2 attacks | C | Free | False | |
Zeek | [Website] | [Source] | Intrusion detection system for network traffic analysis and security monitoring; formerly Bro | CPlusPlus | Free | False |
Zenmap | [Website] | [Source] | GUI for Nmap | Python | Free | False |
Zmap | [Website] | [Source] | Collection of tools to scan and study massive networks | C | Free | False |
zone-walker | [Source] | NSEC zone dumper | JavaScript | Free | False |
OSINT and Reconnaissance
Name | Website | Source | Description | Programming language | Price | Online |
---|---|---|---|---|---|---|
alterx | [Source] | Customizable subdomain wordlist generator using DSL | Go | Free | False | |
Amass | [Website] | [Source] | DNS enumeration and network mapping tool suite: scraping, recursive brute forcing, crawling web archives, reverse DNS sweeping | Go | Free | False |
Argus | [Source] | All-in-one toolkit for information gathering and reconnaissance | Python | Free | False | |
Asnlookup | [Source] | Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it | Python | Free | False | |
AttackSurfaceMapper | [Source] | Subdomain enumerator | Python | Free | False | |
AutoRecon | [Source] | Multi-threaded network reconnaissance tool which performs automated enumeration of services | Python | Free | False | |
badKarma | [Source] | Advanced network reconnaissance tool | Python | Free | False | |
BBOT | [Source] | OSINT framework; subdomain enumeration, port scanning, web screenshots, vulnerability scanning | Python | Free | False | |
Belati | [Source] | OSINT tool, collect data and document actively or passively | Python | Free | False | |
Bitcrook | [Source] | Reconnaissance Apparatus; Information gathering, conglomerate of tools including custom algorithms, API wrappers | Go | Free | False | |
cariddi | [Source] | Takes a list of domains, crawls urls and scans for endpoints, secrets, api keys, file extensions, tokens | Go | Free | False | |
Certstream | [Website] | [Source] | Intelligence feed that gives real-time updates from the Certificate Transparency Log network | Elixir | Free | False |
Darkshot | [Source] | Lightshot scraper with multi-threaded OCR and auto categorizing screenshots | Python | Free | False | |
dataleaks | [Source] | Self-hosted data breach search engine | PHP | Free | False | |
datasploit | [Website] | [Source] | OSINT framework, find, aggregate and export data | Python | Free | False |
DeadTrap | [Website] | [Source] | Track down footprints of a phone number | Python | Free | False |
DNSDumpster | [Website] | Domain research tool that can discover hosts related to a domain | Free | True | ||
dnsenum | [Source] | DNS reconnaissance tool: AXFR, DNS records enumeration, subdomain bruteforce, range reverse lookup | Perl | Free | False | |
dnsenum2 | [Source] | Continuation of dnsenum project | Perl | Free | False | |
DNSRecon | [Source] | DNS reconnaissance tool: AXFR, DNS records enumeration, TLD expansion, wildcard resolution, subdomain bruteforce, PTR record lookup, check for cached records | Python | Free | False | |
dnsx | [Source] | Multi-purpose DNS toolkit allow to run multiple DNS queries | Go | Free | False | |
domainfinder | [Source] | Find a domain from an IP address | Python | Free | False | |
Domainim | [Source] | Domain reconnaissance for organizational network scanning | Nim | Free | False | |
EagleEye | [Source] | Image recognition on instagram, facebook and twitter | Python | Free | False | |
Espionage | [Source] | Domain information gathering: whois, history, dns records, web technologies, records | Python | Free | False | |
eTools.ch | [Website] | Metasearch engine, query 16 search engines in parallel | Free | True | ||
Facebook_OSINT_Dump | [Source] | OSINT tool, facebook profile dumper, windows and chrome only | Shell | Free | False | |
FinalRecon | [Source] | Web reconnaissance script | Python | Free | False | |
Findomain | [Source] | Fast subdomain enumerator | Rust | Free | False | |
FOCA | [Website] | [Source] | OSINT framework and metadata analyser | Csharp | Free | False |
Geolocation Estimation | [Website] | Automatic GEOINT using deep learning | Free | True | ||
GHunt | [Source] | Investigate Google accounts with emails and find name, usernames, Youtube Channel, probable location, Maps reviews, etc. | Python | Free | False | |
GitFive | [Source] | Investigate GitHub profiles; features: username history, email address to GitHub account, finds potential secondary GitHub accounts, dumps SSH public keys, etc. | Python | Free | False | |
gitGraber | [Source] | Monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe, etc. | Python | Free | False | |
GitHound | [Source] | Find sensitive information in git repositories | Go | Free | False | |
gittyleaks | [Source] | Find sensitive information (username, password, email) in git repositories | Python | Free | False | |
GooFuzz | [Source] | Passive reconaissance enumerating directories, files, subdomains or parameters using google dorks | Shell | Free | False | |
Gorecon | [Source] | Reconnaissance toolkit | Go | Free | False | |
GoSeek | [Source] | Username lookup comparable to Maigret/Sherlock, IP Lookup, License Plate & VIN Lookup, Info Cull, and Fake Identity Generator | Go | Free | False | |
gOSINT | [Source] | OSINT framework; find mails, dumps, retrieve Telegram history and info about hosts | Go | Free | False | |
h8mail | [Source] | Email OSINT & Password breach hunting tool; supports chasing down related email | Python | Free | False | |
Harpoon | [Source] | CLI tool; collect data and document actively or passively | Python | Free | False | |
holehe | [Source] | Check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function | Python | Free | False | |
Hunt3r | [Website] | [Source] | Automatic domain recognition (via amass) and vulnerability scan (via nuclei) platform with a WebUI | Ruby | Free | False |
Ignorant | [Source] | Check if a phone number is used on different sites like snapchat, instagram | Python | Free | False | |
IVRE | [Website] | [Source] | IVRE (Instrument de veille sur les réseaux extérieurs) or DRUNK (Dynamic Recon of UNKnown networks); network recon framework including tools ofr passive and active recon | Python | Free | False |
kitphishr | [Source] | Hunts for phishing kit source code by traversing URL folders and searching in open directories for zip files; supports list of URLs or PhishTank | Go | Free | False | |
Kostebek | [Source] | Tool to find firms domains by searching their trademark information | Python | Free | False | |
LeakDB | [Source] | Normalize, deduplicate, index, sort, and search leaked data sets on the multi-terabyte-scale | Go | Free | False | |
LeakIX | [Website] | Search engine for devices and services exposed on the Internet | Free | True | ||
LeakLooker | [Source] | Discover, browse and monitor database/source code leaks | Python | Free | False | |
leakScraper | [Source] | Set of tools to process and visualize huge text files containing credentials | Python | Free | False | |
LinEnum | [Source] | System script for local Linux enumeration and privilege escalation checks | Shell | Free | False | |
LinkedInDumper | [Source] | Dump company employees from LinkedIn API | Python | Free | False | |
LittleBrother | [Source] | Information gathering (OSINT) on a person (EU), checks social networks and Pages Jaunes | Python | Free | False | |
Maigret | [Source] | Collect a dossier on a person by username from a huge number of sites, and extract details from them | Python | Free | False | |
Malfrat's OSINT Map | [Source] | A web-based collection of tools and resources for OSINT; successor of OSINT Framework | JavaScript | Free | True | |
mantis | [Website] | [Source] | Command-line framework designed to automate the workflow of asset discovery, reconnaissance, and scanning | Python | Free | False |
MassDNS | [Source] | High-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration) | C | Free | False | |
Metabigor | [Source] | Searching information about IP address, ASN and organization; doesn't require any API key | Go | Free | False | |
mihari | [Source] | Aggregates results from Shodan, Censys, VirusTotal, SecurityTrail, etc. and extracts artifacts (IP addresses, domains, URLs or hashes) | Ruby | Free | False | |
Netflip | [Source] | Scrape sensitive information from paste sites | CSharp | Free | False | |
NExfil | [Source] | Finding profiles by username over 350 websites | Python | Free | False | |
Nmmapper | [Website] | Cybersecurity tools offered as SaaS: nmap, subdomain finder (Sublist3r, DNScan, Anubis, Amass, Lepus, Findomain, Censys), theHarvester, etc. | Paid | True | ||
nqntnqnqmb | [Source] | Retrieve information on linkedin profiles, companies on linkedin and search on linkedin companies/persons | Python | Free | False | |
Oblivion | [Source] | Data leak checker and monitoring | Python | Free | False | |
ODIN | [Source] | Observe, Detect, and Investigate Networks, Automated reconnaissance tool | Python | Free | False | |
Omnibus | [Source] | OSINT framework; collection of tools | Python | Free | False | |
OneForAll | [Source] | Subdomain enumeration tool | Python | Free | False | |
OnionSearch | [Source] | Script that scrapes urls on different .onion search engines | Python | Free | False | |
OSINT Framework | [Website] | [Source] | A web-based collection of tools and resources for OSINT | JavaScript | Free | True |
Osintgram | [Source] | Interactive shell to perform analysis on Instagram account of any users by their nickname | Python | Free | False | |
Osmedeus | [Website] | [Source] | Automated framework for reconnaissance and vulnerability scanning | Python | Free | False |
Photon | [Source] | Fast crawler designed for OSINT | Python | Free | False | |
PITT | [Source] | Web browser loaded with links and extensions for doing OSINT | Free | False | ||
ProjectDiscovery | [Website] | [Source] | Monitor, collect and continuously query the assets data via a simple webUI | Go | Free | True |
ReconDog | [Source] | Multi-purpose reconnaissance tool, CMS detection, reverse IP lookup, port scan, etc. | Python | Free | False | |
reconFTW | [Source] | Perform automated recon on a target domain by running set of tools to perform scanning and finding out vulnerabilities | Shell | Free | False | |
Recon-ng | [Source] | Web-based reconnaissance tool | Python | Free | False | |
Reconnoitre | [Source] | Tool made to automate information gathering and service enumeration while storing results | Python | Free | False | |
ReconScan | [Source] | Network reconnaissance and vulnerability assessment tools | Python | Free | False | |
Recsech | [Source] | Web reconnaissance and vulnerability scanner tool | PHP | Free | False | |
Redscan | [Source] | Mix of a security operations orchestration, vulnerability management and reconnaissance platform | Python | Free | False | |
Red Team Arsenal | [Source] | Automated reconnaissance scanner and security checks | Python | Free | False | |
reNgine | [Website] | [Source] | Automated recon framework for web applications; customizable scan engines & pipeline of reconnaissance | Python | Free | False |
reNgine-ng | [Website] | [Source] | Automated recon framework for web applications; customizable scan engines & pipeline of reconnaissance (reNgine Fork) | Python | Free | False |
SearchDNS | [Website] | Netcraft tool; Search and find information for domains and subdomains | Free | True | ||
Sherlock | [Website] | [Source] | Hunt down social media accounts by username across social networks | Python | Free | False |
Shodan | [Website] | Search devices connected to the internet; helps find information about desktops, servers, IoT devices; including metadata such as the software running | Free | True | ||
shosubgo | [Source] | Grab subdomains using Shodan api | Go | Free | False | |
shuffledns | [Source] | Wrapper around massdns that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support | Go | Free | False | |
SiteBroker | [Source] | Tool for information gathering and penetration test automation | Python | Free | False | |
Sn1per | [Source] | Automated reconnaissance scanner | Shell | Paid | False | |
spiderfoot | [Website] | [Source] | OSINT framework, collect and manage data, scan target | Python | Free | False |
Stalker | [Source] | Automated scanning of social networks and other websites, using a single nickname | Python | Free | False | |
SubDomainizer | [Source] | Find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github | Python | Free | False | |
subfinder | [Website] | [Source] | Discovers valid subdomains for websites, designed as a passive framework to be useful for bug bounties and safe for penetration testing | Go | Free | False |
Sublist3r | [Source] | Subdomains enumeration tool | Python | Free | False | |
subzuf | [Source] | DNS response-guided subdomain fuzzer | Python | Free | False | |
Sudomy | [Source] | Subdomain enumeration tool | Python | Free | False | |
Tempest | [Source] | Leverage paste sites as a medium for discovery of objectionable/infringing materials | Go | Free | False | |
Th3inspector | [Source] | Multi-purpose information gathering tool | Perl | Free | False | |
theHarvester | [Source] | Multi-purpose information gathering tool: emails, names, subdomains, IPs, URLs | Python | Free | False | |
tinfoleak | [Source] | Twitter intelligence analysis tool | Python | Free | False | |
Totem | [Source] | Retrieve information about ads of a facebook page, retrieve the number of people targeted, how much the ad cost and a lot of other information | Python | Free | False | |
trape | [Source] | Analysis and research tool, which allows people to track and execute intelligent social engineering attacks in real time | Python | Free | False | |
TruffleHog | [Source] | Find secret information in git repositories | Go | Free | False | |
TWINT | [Source] | Twitter Intelligence Tool; Twitter scraping & OSINT tool that doesn't use Twitter's API, allowing one to scrape a user's followers, following, Tweets and more while evading most API limitations | Python | Free | False | |
uncover | [Source] | Discover exposed hosts on the internet using multiple search engines | Go | Free | False | |
waymore | [Source] | Find links from Wayback Machine, Common Crawl, Alien Vault OTX and URLScan; download the archived responses for URLs on Wayback Machine | Python | Free | False | |
yar | [Source] | Find secret information (secrets, tokens, passwords) in git repositories | Go | Free | False |
Other
Name | Website | Source | Description | Programming language | Price | Online |
---|---|---|---|---|---|---|
ADB-Toolkit | [Source] | Wrapper around adb to ease certain tasks | Shell | Free | False | |
ADeleg | [Source] | Active Directory delegation management tool allowing to make a detailed inventory of delegations set up so far in a forest | Rust | Free | False | |
AppsecStudy | [Website] | [Source] | eLearning management system for information security | PHP | Free | True |
Atheris | [Source] | Coverage-guided Python fuzzing engine | Shell | Free | False | |
Avast Hack Check | [Website] | Service to check if an account has been compromised in a data breach, send an email with the breaches not the password | Free | True | ||
Axiom | [Source] | Dynamic infrastructure framework to distribute the workload of many different scanning tools with ease | Shell | Free | False | |
BHQW | [Source] | Extract information from BloodHound and Neo4J | Python | Free | False | |
BQM | [Website] | Bloodhound Query Merger; deduplicate custom BloudHound queries from different datasets and merge them in one customqueries.json file | Ruby | Free | False | |
BreachDirectory | [Website] | Service to check if an account has been compromised in a data breach, display the breaches, partial password and hash | Free | True | ||
Cameradar | [Website] | RTSP stream access; detect open hosts, device model, automated dictionary attacks on stream route and credentials | Ruby | Free | False | |
ccs | [Source] | Code Credential Scanner; scan a large, diverse codebase for hard-coded credentials, or credentials present in configuration files | Python | Free | False | |
changedetection.io | [Source] | Self-hosted website change detection tracking, monitoring and notification service | Python | Free | False | |
ConvertHound | [Source] | Convert BloodHound output files into nmap XML that can be imported into reporting software like Dradis and Plextrac | Python | Free | False | |
ctf-party | [Website] | [Source] | Library to enhance and speed up script/exploit writing for CTF players | Ruby | Free | False |
CyberChef | [Website] | [Source] | Data manipulation toolkit in web browser | JavaScript | Free | False |
cybernews personal data leak check | [Website] | Service to check if an account has been compromised in a data breach, only tells if the account is compromised | Free | True | ||
DeHashed | [Website] | Service to check if an account has been compromised in a data breach | Paid | True | ||
discover | [Source] | Scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit | Shell | Free | False | |
DoubleTap | [Source] | Headless browser in order to load pages and execute JavaScript that often generates things like dynamic nonces that validate the page was actually rendered by a human for password spraying | Ruby | Free | False | |
doxycannon | [Source] | Proxycannon and botnet, using docker, ovpn files, tor nodes, and dante socks5 proxies that may be used for password spraying | Python | Free | False | |
Exegol | [Website] | [Source] | Disposable hacking environments using docker | Python | Free | False |
Firefox Monitor | [Website] | Service to check if an account has been compromised in a data breach, display the breaches not the password | Free | True | ||
F-Secure Identity Theft Checker | [Website] | Service to check if an account has been compromised in a data breach, send an email with the breaches not the password | Free | True | ||
getsploit | [Source] | CLI utility for searching and downloading exploits from Exploit-DB, Metasploit, Packetstorm and others | Python | Free | False | |
GOAD | [Source] | Game Of Active Directory is a test environment lab that includes all the common vulnerabilities of an active directory | Powershell | Free | False | |
Godehashed | [Source] | Uses the dehashed.com API to search for compromised assets | Go | Free | False | |
gtfo | [Source] | CLI for searching gtfobins and lolbas from the terminal | Python | Free | False | |
GTFOBLookup | [Source] | CLI for earching gtfobins and lolbas from the terminal; allows more advanced search than gtfo | Python | Free | False | |
HackTools | [Source] | Web browser extension (Chromium, Firefox, Safari) including common functions for web pentest | JavaScript | Free | False | |
Have I been pwned? | [Website] | Service to check if an account has been compromised in a data breach, display the breaches not the password | Free | True | ||
HiddenWall | [Source] | Linux kernel module generator for custom rules with netfilter | C | Free | False | |
hideNsneak | [Source] | CLI tool for ephemeral penetration testing, rapidly deploy and manage various cloud services | Go | Free | False | |
HoundSploit | [Source] | Graphical search engine for Exploit-DB | Python | Free | False | |
Identity Leak Checker | [Website] | Service to check if an account has been compromised in a data breach, send the breaches by email | Free | True | ||
inlite | [Website] | Scan QR-code, 1D, DataMatrix, Postal, PDF417, and more | Free | True | ||
Interlace | [Source] | Turn single threaded command line applications into a multi-threaded application with CIDR and glob support | Python | Free | False | |
itdis | [Website] | [Source] | Is This Domain In Scope; a small tool that allows you to check if a list of domains you have been provided is in the scope of your pentest or not | Ruby | Free | False |
Leak Lookup | [Website] | Service to check if an account has been compromised in a data breach, requires an account | Free | True | ||
LOAD | [Source] | Lord Of Active Directory is a test environment lab that includes all the common vulnerabilities of an active directory and deploys automatically on AWS; based on AWS-Redteam-Lab and GOAD | PowerShell | Free | False | |
Lookyloo | [Website] | [Source] | A web interface that allows you to capture a website page and display a tree of domains | Python | Free | True |
mec | [Source] | MassExploitConsole; mass reconnaissance and exploitation framework | Python | Free | False | |
Metasploit | [Website] | [Source] | Tool and framework for pentesting system, web and many more, contains a lot a ready to use exploit, 4 versions: Pro (paid), Express (paid), Community (free with GUI but on request), Framework (free, open source, CLI) | Ruby | Paid | False |
NameScan Email Compromised Check | [Website] | Service to check if an account has been compromised in a data breach, display the breaches not the password | Free | True | ||
Nord Stream | [Website] | Extract secrets stored inside CI/CD environments by deploying malicious pipelines | Python | Free | False | |
objection | [Source] | Runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak | Python | Free | False | |
OpenVAS | [Website] | [Source] | Open Vulnerability Assessment Scanner | C | Free | False |
Pass Station | [Website] | [Source] | CLI & library to search for default credentials among thousands of Products / Vendors | Ruby | Free | False |
PentestBox | [Website] | [Source] | Pre-configured portable penetration testing environment for Windows, all-in-one box | Free | False | |
PhoneSploit Pro | [Website] | [Source] | Remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session | Python | Free | False |
Pipal | [Website] | [Source] | Analyze password dump and return statistics about passwords' strength | Ruby | Free | False |
PWDQUERY | [Website] | Service to check if an account has been compromised in a data breach, doesn't display breaches, partially display password | Free | True | ||
rawsec_cli | [Website] | [Source] | Rawsec Inventory search CLI to find security tools and resources | Python | Free | False |
Reverse Shell Generator | [Website] | [Source] | Web-based reverse shell generator, includes features such as listener generation, raw mode, bind shell generation, msfvenom generation, payload encoding, many different languages, tools and shells supported | JavaScript | Free | True |
Ronin | [Website] | [Source] | Toolkit for security research and development allowing for the rapid development and distribution of code, exploits, payloads, etc, via 3rd party git repositories | Ruby | Free | False |
ronin-exploits | [Source] | A micro-framework for writing and running exploits | Ruby | Free | False | |
ronin-payloads | [Source] | A micro-framework for writing and running exploit payloads | Ruby | Free | False | |
ScatteredSecrets | [Website] | Service to check if an account has been compromised in a data breach | Paid | True | ||
search.0t.rocks self-hosted | [Source] | Service to check if an account has been compromised in a data breach; including the data in clear | TypeScript | Free | False | |
Scrounger | [Source] | Mobile application testing toolkit, the mobile metasploit-like framework | Python | Free | False | |
SearchSploit | [Website] | [Source] | CLI tool to search among Exploit-DB exploits | Shell | Free | False |
Seccubus | [Website] | [Source] | Vulnerability scanning, reporting and analysis | JavaScript | Free | False |
sploitctl | [Source] | Fetch, install and search exploit archives from exploit sites like Packet Storm or Exploit-DB | Python | Free | False | |
SprayingToolkit | [Source] | Password spraying scripts for Lync/S4B and OWA | Python | Free | False | |
Tool-X | [Source] | Kali linux hacking tool installer | Python | Free | False | |
unisec | [Website] | [Source] | Toolkit for security research manipulating Unicode: confusables, homoglyphs, hexdump, code point, UTF-8, UTF-16, UTF-32, properties, regexp search, size, grapheme, surrogates, version, ICU, CLDR, UCD | Ruby | Free | False |
Unredacter | [Website] | Bruteforce to reverse the text of image redacted with pixelation blur | TypeScript | Free | False | |
v0lt | [Source] | CTF toolkit / framework | Python | Free | False | |
VBSmin | [Website] | [Source] | VBScript minifier | Ruby | Free | False |
webqr | [Website] | Scan & create QR-code | Free | True | ||
ysoserial | [Source] | Tool for generating payloads that exploit unsafe Java object deserialization | Java | Free | False |
Plugins
Name | For | Website | Source | Description | Programming language | Price | Online |
---|---|---|---|---|---|---|---|
AWS Extender | Burp Suite | [Source] | Identify and test S3 buckets, Google Storage buckets and Azure Storage containers for common misconfiguration | Python | Free | False | |
BinExport | IDA / Binary Ninja / Ghidra | [Source] | Binary exporter, generates an export from the disassembly of a program that can be used without the disassembler | CPlusPlus | Free | False | |
BurpBounty | Burp Suite | [Source] | Scan Check Builder in BApp Store, improve the active and passive scanner by means of personalized rules through a graphical interface | Java | Free | False | |
CogniCrypt | Eclipse | [Source] | Supports Java developers in using Java Cryptographic APIs | Java | Free | False | |
Copy As FFUF | Burp Suite | [Source] | Copies the selected request(s) as FFUF skeleton | Java | Free | False | |
Copy As Go Request | Burp Suite | [Website] | [Source] | Copies the selected request(s) as Go Request invocations | Java | Free | False |
Copy as Node Request | Burp Suite | [Website] | [Source] | Copies the selected request(s) as Node.JS Request invocations | Java | Free | False |
Copy as PowerShell Requests | Burp Suite | [Website] | [Source] | Copies the selected request(s) as PowerShell invocation(s) | Java | Free | False |
Copy As Python-Requests | Burp Suite | [Website] | [Source] | Copies selected request(s) as Python-Requests invocations | Java | Free | False |
Copy As XMLHttpRequest | Burp Suite | [Source] | Copies selected request(s) as JavaScript XMLHttpRequest invocations | Java | Free | False | |
CSTC | Burp Suite | [Source] | Cyber Security Transformation Chef; chaining simple operations and formatting on each incoming or outgoing HTTP message | Java | Free | False | |
Exporter | Burp Suite | [Source] | Copies selected request(s) as cURL, wget, Python Request, Perl LWP, PHP HTTP_Request2, Go, NodeJS Request, jQuery AJAX, PowerShell, HTML Forms, Ruby Net::HTTP, JavaScript XHR invocations | Python | Free | False | |
HopLa | Burp Suite | [Source] | Adds autocompletion support and useful payloads in Burp Suite | Java | Free | False | |
http-screenshot-html | Nmap | [Source] | Nmap NSE script that scans for http server, takes a screenshot of them, and organizes the results into an HTML report | Lua | Free | False | |
Hyperpwn | Hyper | [Source] | Improve the display when debugging with GDB, needs GEF, pwndbg or peda to be loaded in GDB as a backend | JavaScript | Free | False | |
GEF | GDB | [Source] | GDB Enhanced Features, multi-architecture | Python | Free | False | |
IIS Tilde Enumeration Scanner | Burp Suite | [Source] | Check for the IIS tilde enumeration / IIS 8.3 short filename disclosure vulnerability and to exploit it by enumerating all the short names in an IIS web server | Java | Free | False | |
KeePwn | CrackMapExec | [Source] | Automate KeePass discovery and secret extraction | Python | Free | False | |
Matro7sh loaders | Havoc | [Source] | Encode Havoc shellcode (.bin) in XOR, chacha20, AES; supports 2 loaders: Myph, 221b | Python | Free | False | |
Mona | Immunity Debugger | [Source] | Set of commands for Immunity Debugger | Python | Free | False | |
PEDA | GDB | [Source] | Python Exploit Development Assistance, (only python2.7) | Python | Free | False | |
Pwndbg | GDB | [Website] | [Source] | Enhance GDB, for exploit development and reverse engineering | Python | Free | False |
PwnFox | Burp Suite / Firefox | [Source] | Allow to have multiple identities in the same browser using firefox containers and hightlight the profile used with different colors | JavaScript | Free | False | |
Quokka | IDA | [Source] | Binary exporter, generates an export from the disassembly of a program that can be used without the disassembler | Python | Free | False | |
Scavenger | Burp Suite | [Source] | Create target specific and tailored wordlist from burp history | Kotlin | Free | False | |
Sploitego | Maltego | [Source] | Maltego penetration testing Transforms | Python | Free | False | |
Stepper | Burp Suite | [Source] | Evolution of Burp Suite's Repeater tool, providing the ability to create sequences of steps and define regular expressions to extract values from responses | Java | Free | False | |
Tenet | IDA | [Website] | [Source] | Execution trace explorer | Python | Free | False |
ttddbg | IDA | [Source] | Time Travel Debugging IDA plugin | CPlusPlus | Free | False | |
volatility-gpg | Volatility3 | [Source] | Volatility3 plugins that can retrieve partial and full gpg passphrases from gpg-agent's cache | Python | Free | False | |
vulners | Burp Suite | [Website] | [Source] | Vulnerability scanner based on vulners.com search API | Java | Free | False |
XSSor | Burp Suite | [Source] | semi-automatic reflected and persistent XSS scanner | Python | Free | False | |
YesWeBurp | Burp Suite | [Source] | Access to all bug bounty programs directly inside Burp | Kotlin | Free | False |
Red Teaming
Name | Website | Source | Description | Programming language | Price | Online |
---|---|---|---|---|---|---|
221b | [Source] | Bake a windows payload from the C2 of your choice to bypass AV | Go | Free | False | |
AntiScan.Me | [Website] | Multi-AV checker that doesn't distribute the check results, based on Dyncheck.com | Paid | True | ||
AVET | [Source] | AntiVirus Evasion Tool; targeting windows machines with executable files | Free | False | ||
BadExclusions | [Source] | Identify folder custom or undocumented exclusions on AV/EDR | CPlusPlus | Free | False | |
BadExclusionsNWBO | [Source] | Identify folder custom or undocumented exclusions on AV/EDR; evolution of BadExclusions but with better opsec | CPlusPlus | Free | False | |
BOF.NET | [Source] | A .NET Runtime for Cobalt Strike's Beacon Object Files | CSharp | Free | False | |
Brute Ratel | [Website] | Command & Control server; DNS over HTTPS, external channels, indirect syscalls | Paid | False | ||
CarbonCopy | [Source] | Create a spoofed certificate of any online website and signs an executable for AV Evasion; works for Windows and Linux | Python | Free | False | |
ConfuserEx | [Source] | Protector for .NET applications | CSharp | Free | False | |
Cortex XDR Config Extractor | [Source] | Parse the Database Lock Files of the Cortex XDR Agent by Palo Alto Networks and extract Agent Settings, the Hash and Salt of the Uninstall Password, as well as possible Exclusions | Python | Free | False | |
Covenant | [Source] | Command & Control framework with multi-user collaboration | CSharp | Free | False | |
CredMaster | [Source] | Password spraying, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling | Python | Free | False | |
CSSG | [Source] | Cobalt Strike Shellcode Generator; script used to more easily generate and format beacon shellcode in Cobalt Strike | Python | Free | False | |
dnscat2 | [Source] | DNS tunnel meant for encrypted Command & Control channel, data exfiltration | Ruby | Free | False | |
Donut | [Source] | Generates x86_32, x86_64, or AMD64 position-independent shellcode that loads .NET Assemblies, PE files (EXE), VBScript, JScript, and DLL files from memory and runs them with parameters | C | Free | False | |
EDRSilencer | [Source] | Uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server | C | Free | False | |
fireELF | [Source] | Fileless linux malware framework | Python | Free | False | |
Freeze | [Source] | Payload creation tool used for circumventing EDR security controls to execute shellcode in a stealthy manner | Go | Free | False | |
gmailc2 | [Source] | Undetectable C2 server that communicates via Google SMTP to evade antivirus protections and network traffic restrictions | Python | Free | False | |
Gophish | [Website] | [Source] | Phishing toolkit providing the ability to setup and execute phishing engagements and security awareness training | Go | Free | True |
Go365 | [Source] | User enumeration and password guessing for Office 365 / Microsoft365 | Go | Free | False | |
gscript | [Source] | Genesis Scripting Engine; framework to rapidly implement custom droppers for all three major operating systems | Go | Free | False | |
Hades | [Source] | Shellcode loader that combines multiple evasion techniques with the aim of bypassing the defensive mechanisms commonly used by modern AV/EDRs | Go | Free | False | |
Hades C2 | [Source] | Basic Command and Control server | Python | Free | False | |
HardHat C2 | [Source] | Cross-platform, collaborative, Command & Control framework | CSharp | Free | False | |
Havoc | [Source] | Malleable post-exploitation command and control framework | Go | Free | False | |
JavaScript Obfuscator | [Website] | [Source] | JavaScript obfuscator; features: variables renaming, strings extraction and encryption, dead code injection, control flow flattening, various code transformations, etc. | TypeScript | Free | True |
Kage | [Source] | Graphical user interface for Metasploit Meterpreter and session handler | JavaScript | Free | False | |
King Phisher | [Source] | A tool for testing and promoting user awareness by simulating real world phishing attacks | Python | Free | False | |
Kubesploit | [Source] | Post-exploitation HTTP/2 Command & Control server and agent focused on containerized environments | Go | Free | False | |
lateralus | [Source] | Terminal based phishing campaign tool | Go | Free | False | |
LightsOut | [Source] | Generate an obfuscated DLL that will disable AMSI & ETW | Python | Free | False | |
link | [Source] | Command and control framework; HTTPS communication, process injection, in-memory .NET assembly execution, SharpCollection tools, sRDI implementation for shellcode generation, Windows link reloads DLLs from disk into current process | Rust | Free | False | |
LP-DB | [Website] | [Source] | Login Pages Database forms a knowledge base on login pages related to malicious activities (C2 panels, phishing kits...) | JavaScript | Free | False |
macro_pack | [Source] | Obfuscation and generation of retro formats such as MS Office documents or VBS like format | Python | Free | False | |
Mangle | [Source] | Manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs | Go | Free | False | |
Merlin | [Source] | Post-exploitation HTTP/2 Command & Control server and agent | Go | Free | False | |
MFASweep | [Source] | Check if MFA is enabled on multiple Microsoft services | PowerShell | Free | False | |
Mística | [Source] | Allows to embed data into application layer protocol fields, with the goal of establishing a bi-directional channel for arbitrary communications; supports encapsulation into HTTP, HTTPS, DNS and ICMP protocols | Python | Free | False | |
Modlishka | [Source] | HTTP reverse proxy designed for phishing | Go | Free | False | |
monomorph | [Source] | MD5-monomorphic shellcode packer, all payloads have the same MD5 hash | C | Free | False | |
Mythic | [Source] | Collaborative red teaming framework | Python | Free | False | |
Nighthawk | [Website] | Command & Control framework; multi-operator, API driven, malleable native implant | CSharp | Paid | False | |
Nimbo-C2 | [Source] | Simple and lightweight Command & Control framework | Nim | Free | False | |
NimPlant | [Source] | Light-weight first-stage Command & Control implant | Nim | Free | False | |
Octopus | [Source] | Pre-operation C2 server | Python | Free | False | |
Overlord | [Website] | [Source] | CLI used to build Red Teaming infrastructure in an automated way, supports AWS and Digital Ocean | Python | Free | False |
pe_to_shellcode | [Source] | Converts PE into a shellcode | CPlusPlus | Free | False | |
PEzor | [Website] | [Source] | Shellcode & PE Packer | CPlusPlus | Free | False |
phpsploit | [Source] | Command & Controll framework which silently persists on webserver via polymorphic PHP oneliner | Python | Free | False | |
PipeViewer | [Source] | Shows detailed information about named pipes in Windows and searching for insecure permissions | CSharp | Free | False | |
PoshC2 | [Source] | Proxy aware Command & Control framework | Python | Free | False | |
PowerShdll | [Source] | Run PowerShell with dlls only to bypass software restrictions; it can be run with rundll32.exe, installutil.exe, regsvcs.exe, regasm.exe, regsvr32.exe or as a standalone executable | CSharp | Free | False | |
ProtectMyTooling | [Website] | [Source] | Multi-Packer wrapper allowing daisy-chaining various packers and obfuscators; featured with artifacts watermarking, IOCs collection & PE backdooring | Python | Free | False |
Pupy | [Source] | Cross-platform, multi function Command & Control and post-exploitation framework; fileless/all-in-memory execution, low footprint, multi-transport | Python | Free | False | |
Quasar | [Source] | Remote Administration Tool (RAT) for Windows | CSharp | Free | False | |
Redcloud | [Source] | Automated Red Team Infrastructure deployment using Docker | Python | Free | False | |
RedELK | [Source] | Red Team's SIEM; used by Red Teams for tracking and alarming about Blue Team activities as well as better usability in long term operations | Free | False | ||
RedEye | [Source] | Red team C2 log visualization | TypeScript | Free | False | |
ReelPhish | [Source] | Real time phishing tool | Python | Free | False | |
Ruler | [Source] | Interact with Exchange servers remotely, through either the MAPI/HTTP or RPC/HTTP to abuse the client-side Outlook features and gain a shell | Go | Free | False | |
ScareCrow | [Source] | Payload creation framework designed around EDR bypass | Go | Free | False | |
SHAD0W | [Website] | [Source] | Modular C2 framework designed to successfully operate covertly on heavily monitored environments | Python | Free | False |
SharpC2 | [Website] | [Source] | Command & Control framework | CSharp | Free | False |
SharpEDRChecker | [Source] | Detect and identify the presence of known defensive products such as AV's, EDR's and logging tools | CSharp | Free | False | |
Shellcrypt | [Source] | Obfuscate shellcode using encoding, encryption, compression | Python | Free | False | |
Shelltropy | [Source] | A technique to hide malicious shellcode based on low-entropy via Shannon encoding | CPlusPlus | Free | False | |
SILENTTRINITY | [Source] | Asynchronous, multiplayer and multiserver Command & Control framework | Python | Free | False | |
Sliver | [Source] | Cross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS; remote access tool (RAT) | Go | Free | False | |
SocialFish | [Source] | Phishing targeting social media logins; supports Ngrok tunneling and a mobile controller | Python | Free | False | |
Starkiller | [Source] | WebUI for Empire | JavaScript | Free | False | |
Synergy Httpx | [Source] | HTTP(S) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically | Python | Free | False | |
SysWhisper3 | [Source] | SysWhispers on Steroid, AV/EDR evasion via direct system calls | Assembly | Free | False | |
TeamsBreaker | [Source] | Automating the sending of phishing messages to MS Teams users; based on TeamsPhisher and TeamsEnum | Python | Free | False | |
TeamsEnum | [Source] | User enumeration of MS Teams users | Python | Free | False | |
TeamsImplant | [Source] | MS Teams implant persistent backdoor | C | Free | False | |
TeamsPhisher | [Source] | Facilitates the delivery of phishing messages and attachments to MS Teams users whose organizations allow external communications | Python | Free | False | |
TrevorC2 | [Source] | Command and control framework masking the activity by emulating legitimate website | Python | Free | False | |
UBoat | [Source] | HTTP botnet PoC | CPlusPlus | Free | False | |
Villain | [Source] | Distributed command and control framework | Python | Free | False | |
Warhorse | [Website] | [Source] | Ansible playbook to deploy infrastructure in the cloud for conducting Red Team assessments | Free | False | |
Zphisher | [Source] | Automated phishing tool with multiple tunneling options; fork of Shellphish | Shell | Free | False |
Reverse Engineering
Name | Website | Source | Description | Programming language | Price | Online |
---|---|---|---|---|---|---|
androguard | [Source] | Tool for reverse engineering and malware analysis of Android applications | Python | Free | False | |
angr | [Source] | Platform-agnostic binary analysis framework | Python | Free | False | |
ANY RUN | [Website] | Online virtual machine for malware hunting, sandbox with interactive access, real-time data-flow | Free | True | ||
Apk2Gold | [Source] | Android decompiler (wrapper for apktool, dex2jar, and jd-gui) | Shell | Free | False | |
Apktool | [Website] | [Source] | Android disassembler and rebuilder | Java | Free | False |
arm_now | [Source] | Tool that allows instant setup of virtual machines on various architectures for reverse, exploit, fuzzing and programming purpose | Python | Free | False | |
Barf | [Source] | Binary Analysis and Reverse engineering Framework | Python | Free | False | |
BinDiff | [Source] | Binary diffing for many architectures compatible with IDA Pro, Binary Ninja and Ghidra | CPlusPlus | Free | False | |
BOF launcher | [Source] | Beacon Object File (BOF) launcher; library for executing BOF files in C/C++/Zig applications | Zig | Free | False | |
bearparser | [Website] | [Source] | PE parsing library (from PE-bear) | CPlusPlus | Free | False |
Binary Ninja | [Website] | Crossplatform binary analysis framework | Python | Paid | False | |
binbloom | [Source] | Raw binary firmware analysis software; tries to determine the firmware loading address | C | Free | False | |
BinCAT | [Source] | Binary code static analyser, with IDA integration; performs value and taint analysis, type reconstruction, use-after-free and double-free detection | OCaml | Free | False | |
binutils | [Website] | [Source] | GNU collection of binary tools | C | Free | False |
binwalk | [Source] | Analyze, reverse engineer and extract firmware images (and other files, also usefull for Digital Forensics) | Python | Free | False | |
Dexcalibur | [Website] | [Source] | Android reverse engineering platform focus on instrumentation automation (decompile/disass intercepted bytecode at runtime, write hook code, search interesting pattern | JavaScript | Paid | False |
boomerang | [Source] | x86 binaries to C decompiler | CPlusPlus | Free | False | |
CAPEv2 | [Website] | [Source] | Malware sandbox derived from Cuckoo with the goal of adding automated malware unpacking, config and payload extraction | Python | Free | True |
Cerberus | [Source] | Unstrip Rust and Go binaries (ELF and PE) for static analysis; based on hashing and scoring systems, it can retrieve lots of symbol names | CPlusPlus | Free | False | |
ctf_import | [Website] | [Source] | Library to run basic functions from stripped binaries | C | Free | False |
CFF Explorer | [Website] | PE Editor | Free | False | ||
Cuckoo 3 | [Source] | Python 3 port of Cuckoo, automated malware analysis system | Python | Free | False | |
Cutter | [Source] | Qt and C++ GUI for radare2 | CPlusPlus | Free | False | |
DbgShell | [Source] | Front-end for the Windows debugger engine | PowerShell | Free | False | |
Decompiler.com | [Website] | C#, Python, Android and Java online decompiler | Free | True | ||
Decompiler Explorer | [Website] | [Source] | Multi-decompiler engine; supports angr, BinaryNinja, Boomerang, dewolf, Ghidra, Hex-Rays, RecStudio, Reko, Relyze, RetDec, Snowman | Python | Free | True |
Defuse online disassembler | [Website] | Online x86 (32/64 bits) assembler and disassembler | Free | True | ||
de4dot | [Source] | .NET deobfuscator and unpacker | CSharp | Free | False | |
dnSpy | [Source] | .NET assembly debugger, decompiler and editor | CSharp | Free | False | |
dnSpyEx | [Source] | .NET assembly debugger, decompiler and editor; fork of dnSpy | CSharp | Free | False | |
dotPeek | [Website] | .NET decompiler and assembly browser | CSharp | Free | False | |
DRAKVUF Sandbox | [Source] | Automated black-box hypervisor-level malware analysis system | Python | Free | False | |
Droidefense | [Website] | [Source] | Android apps/malware analysis/reversing tool | Java | Free | False |
DroidGuard VM Samples | [Website] | [Source] | Different versions of the DroidGuard VM as well as different version of the bytecode running through this VM | Free | False | |
edb | [Source] | Cross platform AArch32/x86/x86-64 debugger | CPlusPlus | Free | False | |
EMBA | [Website] | [Source] | Security analyzer for firmware of embedded devices | Shell | Free | False |
Flare | [Website] | Processes SWF and extract scripts from it | Free | False | ||
Flasm | [Website] | [Source] | Disassembler tool for SWF bytecode | Free | False | |
Flutter Spy | [Source] | Explore, analyze, and gain valuable data & insights from reverse engineered Flutter apps | Shell | Free | False | |
Frida | [Website] | [Source] | Dynamic code instrumentation toolkit | C | Free | False |
Frinet | [Website] | [Source] | Multi-platform Frida trace generatior | C | Free | False |
GDB | [Website] | [Source] | GNU debugger | CPlusPlus | Free | False |
gftrace | [Source] | Windows API tracing for Go binaries | C | Free | False | |
Ghidra | [Website] | [Source] | Software reverse engineering (SRE) suite of tools: disassembly, assembly, decompilation, graphing, scripting, etc. | Java | Free | False |
Hiew | [Website] | x86_64 disassembler for multiple formats | Paid | False | ||
Honggfuzz | [Website] | [Source] | Security oriented software fuzzer; supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based) | C | Free | False |
Hopper | [Website] | Disassembler, decompiler and debugger | Paid | False | ||
IDA Pro | [Website] | Disassembler and debugger | Paid | False | ||
ILSpy | [Source] | .NET assembly browser and decompiler to C# | CSharp | Free | False | |
ImHex | [Website] | [Source] | Hexadecimal editor tailored for reverse engineers; byte patching, data import / export, data inspector, huge file support, file hashing, disassembler for many architectures, data analyzer | CPlusPlus | Free | False |
ImmunityDbg | [Website] | Windows debugger with Python scripting support | Free | False | ||
jadx | [Source] | DEX to Java decompiler | Java | Free | False | |
Java Decompilers | [Website] | .JAR and .Class to Java decompiler | Free | True | ||
JD-GUI | [Website] | [Source] | GUI tool decompiling JAVA | Java | Free | False |
JEB | [Website] | Disassembler, decompiler and debugger | Paid | False | ||
JPEXS Free Flash Decompiler | [Source] | A.k.a ffdec, flash SWF decompiler | Java | Free | False | |
JSDetox | [Website] | [Source] | Javascript deobfustcator | Ruby | Free | False |
Kemon | [Source] | macOS kernel pre and post callback-based framework | C | Free | False | |
Krakatau | [Source] | Java decompiler, assembler, and disassembler | Java | Free | False | |
Kaitai Struct | [Website] | [Source] | Declarative language to generate binary data parsers in various languages | Free | False | |
ldd | [Website] | Tool that print shared library dependencies | Free | False | ||
Metasm | [Website] | [Source] | Assembler, disassembler, compiler and debugger | Ruby | Free | False |
Medusa | [Source] | Interactive multi-architecture and multi-formats disassembler running on Windows and Linux | CPlusPlus | Free | False | |
netzob | [Source] | Protocol reverse engineering, modeling and fuzzing | Python | Free | False | |
ODA | [Website] | Advanced multi-architecture online disassembler supporting a lot of architectures and object file formats | Free | True | ||
OllyDbg | [Website] | Windows debugger | Free | False | ||
PANDA | [Website] | [Source] | Platform for architecture-neutral dynamic analysis | C | Free | False |
PASTIS | [Website] | [Source] | Fuzzing framework aiming at combining various software testing techniques within the same workflow to perform collaborative fuzzing also called ensemble fuzzing; supported engines are Honggfuzz, AFL++, TritonDSE | Python | Free | False |
Pe-bear | [Website] | PE reverse tool: recognizes packers, fast disassembler, visualization of sections layout, selective comparing of two chosen PE files | Free | False | ||
PE Explorer Disassembler | [Website] | Windows disassembler | Paid | False | ||
PE Insider | [Website] | PE viewer, closed source and windows only | Free | False | ||
Plasma | [Source] | x86/ARM/MIPS interactive disassembler | Python | Free | False | |
QBinDiff | [Source] | Binary diffing; addressing the diffing as a Network Alignement Quadratic Problem | Python | Free | False | |
Qira | [Website] | [Source] | Timeless debugger (QIRA = QEMU Interactive Runtime Analyser) | C | Free | False |
RABCDAsm | [Website] | [Source] | ActionScript disassembler | D | Free | False |
radare2 | [Website] | [Source] | Crossplatform binary analysis framework, disassembler, decompiler and debugger, support collaborative analysis | C | Free | False |
rbkb | [Source] | Ruby BlackBag; a miscellaneous collection of command-line tools and ruby library helpers related to pen-testing and reversing | Ruby | Free | False | |
Recaf | [Website] | [Source] | Edit Java bytecode, insert single line Java statements into the bytecode, recompile decompiled code | Java | Free | False |
ReFlutter | [Website] | [Source] | Flutter reverse engineering framework: allow traffic monitoring and interception, print classes and functions, display absolute code offset for functions, etc. | Python | Free | False |
Relyze | [Website] | x86 and ARM graphical interactive disassembler with Ruby plugin framework | Paid | False | ||
RetDec | [Website] | [Source] | Multi file formats and architectures machine-code decompiler | CPlusPlus | Free | False |
sandsifter | [Source] | x86 processor fuzzer | Python | Free | False | |
Snowman | [Website] | [Source] | Native code to C/C++ decompiler, supporting x86, AMD64, and ARM architectures, exists as standalone app or as a plug-in | CPlusPlus | Free | False |
strace | [Source] | Debugger for Linux | Free | False | ||
Swftools | [Website] | [Source] | Collection of utilities to work with SWF files | C | Free | False |
theZoo | [Website] | [Source] | Repository of live malwares for malware analysis | Python | Free | False |
Triton | [Website] | [Source] | Dynamic binary analysis framework, automate reverse engineering | CPlusPlus | Free | False |
TritonDSE | [Website] | [Source] | Triton-based DSE library with loading and exploration capabilities | Python | Free | False |
TTD-Bindings | [Source] | Bindings for Microsoft WinDBG Time Travel Debugging (TTD) | CPlusPlus | Free | False | |
Tweezer | [Source] | Identifying function names in stripped binaries and un-named functions | Python | Free | False | |
UglifyJS2 | [Website] | [Source] | JavaScript obfuscator or beautifier toolkit | JavaScript | Free | False |
uncompyle | [Source] | Python 2.7 binaries (.pyc) decompiler | Python | Free | False | |
uncompyle6 | [Source] | Python 1.5, 2.1 to 2.7, 3.1 to 3.6 binaries (.pyc) decompiler | Python | Free | False | |
Vais | [Source] | SWF vulnerability and information scanner | Ruby | Free | False | |
WinDbg | [Website] | Windows debugger | Free | False | ||
x64dbg | [Website] | [Source] | Windows debugger | CPlusPlus | Free | False |
XenoScan | [Source] | Processes memory scanner | CPlusPlus | Free | False | |
Xori | [Website] | [Source] | Disassembly and static analysis library that provides triage analysis data | Rust | Free | False |
xxxswf | [Source] | Small script for carving, scanning, compressing, decompressing and analyzing SWF files | Python | Free | False |
Steganography
Name | Website | Source | Description | Programming language | Price | Online |
---|---|---|---|---|---|---|
Aperi'Solve | [Website] | [Source] | Steganalysis web platform with layer, zsteg, steghide and exiftool analysis | Python | Free | False |
Audacity | [Website] | [Source] | Tool to edit and analyze audio tracks | Free | False | |
Depix | [Source] | Recover plaintext from pixelized screenshots | Python | Free | False | |
exif | [Source] | Shows EXIF information for JPEG files only | C | Free | False | |
ExifTool | [Website] | [Source] | Library and CLI tool to read and write meta information (EXIF, GPS, IPTC, XMP, JFIF, …) in files (JPEG, PNG, SVG, MPEG, …) | Perl | Free | False |
Exiv2 | [Website] | [Source] | Library and CLI tool to read and write meta information (Exif, IPTC & XMP metadata and ICC Profile) in images (JPEG, TIFF, PNG, …) | CPlusPlus | Free | False |
ImageMagick | [Website] | [Source] | Software suite and library to create, edit, compose, or convert images | C | Free | False |
Outguess | Tool to hide messages in files (website down since 2004) | Free | False | |||
PNGtools | [Website] | [Source] | Suite of tools to work with PNG images | C | Free | False |
SHIT | [Source] | Stego Helper Identification Tool, multi-purpose image steganography tool | Python | Free | False | |
SmartDeblur | [Source] | To to restore defocused and blurred images (update binary only for Windows, Mac OS binary out of date) | CPlusPlus | Free | False | |
Sonic Visualiser | [Website] | [Source] | Tool to edit and analyze audio tracks | Free | False | |
Steganabara | [Source] | Steganography analysis tool | Java | Free | False | |
Steghide | [Website] | [Source] | Tool to hide messages in images | Free | False | |
StegOnline | [Website] | [Source] | Stego image toolsuite in the browser | JavaScript | Free | True |
StegoVeritas | [Source] | Automatic tool to bruteforce LSB, transform image, extract metadata or trailing data | Python | Free | False | |
StegSolve | GUI tool to analyse images | Java | Free | False | ||
zsteg | [Source] | Tool to detect hidden data in PNG and BMP | Ruby | Free | False |
System Exploitation
Name | Website | Source | Description | Programming language | Price | Online |
---|---|---|---|---|---|---|
abuseACL | [Source] | Automatically list vulnerable Windows ACEs/ACLs using DC's LDAP to list users/groups/computers/OU/certificate templates and their nTSecurityDescriptor to check for vulnerable rights | Python | Free | False | |
aclpwn | [Source] | Interacts with BloodHound to identify and exploit ACL based privilege escalation paths | Python | Free | False | |
ADFSDump | [Source] | Read information from Active Directory and ADFS Configuration Database; fed information into ADFSpoof to generate security tokens | CSharp | Free | False | |
ADFSpoof | [Source] | Using ADFSDump information, produce a usable key/cert pair for token signing, produce a signed security token that can be used to access a federated application | Python | Free | False | |
Android_Emuroot | [Source] | Grants root privileges on the fly to shells running on Android virtual machines that use google-provided emulator images called Google API Playstore | Python | Free | False | |
bkhive | [Source] | Dump the syskey bootkey from a Windows NT/2K/XP system hive, often used with samdump2, part of the ophcrack project | Free | False | ||
BloodHound | [Website] | [Source] | Tool to reveal the hidden and unintended relationships within an Active Directory environment | PowerShell | Free | False |
CoercedPotato | [Source] | Elevation of privileges automated exploitation using SeImpersonatePrivilege or SeImpersonatePrimaryToken | C | Free | False | |
cookie_crimes | [Website] | [Source] | Read local Chrome cookies without root or decrypting and display then in JSON | Python | Free | False |
CookieCrimesJS | [Source] | Read local Chrome cookies without root or decrypting and display then in JSON; Javascript implementation of cookie_crimes | JavaScript | Free | False | |
creddump | [Source] | Dump windows credentials | Python | Free | False | |
DCOMrade | [Source] | Script that is able to enumerate the possible vulnerable DCOM applications that might allow for lateral movement, code execution, data exfiltration, etc. | PowerShell | Free | False | |
DLLInjector | [Source] | Dll injection tool | CPlusPlus | Free | False | |
DLLPasswordFilterImplant | [Source] | Password filter DLL, triggered on password change to exfiltrate credentials | C | Free | False | |
DonPAPI | [Source] | Dumping DPAPI credentials remotely; dumps relevant information on compromised targets without AV detection | Python | Free | False | |
Empire | [Website] | [Source] | PowerShell and Python post-exploitation agent | Shell | Free | False |
Empire GUI | [Website] | [Source] | GUI for Empire framework | JavaScript | Free | False |
enum4linux | [Source] | Windows Samba enumeration tool | Perl | Free | False | |
enum4linux-ng | [Source] | Windows Samba enumeration tool, next generation version of enum4linux | Python | Free | False | |
FFM | [Source] | Freedom Fighting Mode (FFM), hacking harness, post-exploitation tool | Python | Free | False | |
GH DLL Injector | [Website] | [Source] | DLL injection library supporting x86, WOW64 and x64 injections; 5 injection methods, 4 shellcode execution methods and various additional options; session separation can be bypassed with all methods | CPlusPlus | Free | False |
goddi | [Source] | Active Directory domain information dumper | Go | Free | False | |
GoodHound | [Source] | Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation | Python | Free | False | |
JAWS | [Source] | Just Another Windows (Enum) Script; quickly identify potential privilege escalation vectors on Windows systems | PowerShell | Free | False | |
LaZagne | [Source] | Password retriever | Python | Free | False | |
LinEnum | [Source] | Linux enumeration and privilege escalation script | Shell | Free | False | |
Linux Exploit Suggester 2 | [Source] | Linux kernel exploit suggester | Perl | Free | False | |
linux-exploit-suggester.sh | [Source] | Linux kernel exploit suggester | Shell | Free | False | |
linuxprivchecker.py | [Source] | Linux privilege escalation check script | Python | Free | False | |
Masky | [Source] | Library and CLI allowing to remotely dump domain user credentials via an ADCS without dumping the LSASS process memory | Python | Free | False | |
mimikatz | [Website] | [Source] | Extract plaintext passwords, hash, PIN code and kerberos tickets from memory; perform pass-the-hash, pass-the-ticket or build Golden tickets | C | Free | False |
minidump | [Source] | Library and CLI to parse and read Microsoft minidump file format | Python | Free | False | |
NanoDump | [Source] | Minimal LSASS dumper | C | Free | False | |
Nishang | [Source] | Framework, collection of scripts and payloads in PowerShell for offensive security, penetration testing and red teaming | PowerShell | Free | False | |
p0wnedShell | [Source] | PowerShell runspace post exploitation toolkit | CSharp | Free | False | |
PEASS | [Source] | Privilege Escalation Awesome Scripts SUITE; winPEAS and linPEAS are local privilege escalation scripts for Windows and Linux | Shell | Free | False | |
PlumHound | [Source] | Creates reports for blue and purple teams by extracting data from BloodHound | Python | Free | False | |
Powerless | [Source] | A Windows privilege escalation enumeration BAT script designed for legacy Windows machines without Powershell | Shell | Free | False | |
PowerSploit | [Source] | Powershell exploitation framework | Powershell | Free | False | |
pspy | [Source] | CLI tool designed to snoop on processes without need for root permissions; it allows to see commands run by other users, cron jobs, etc. as they execute | Go | Free | False | |
pypykatz | [Source] | Platform idependent Mimikatz implementation | Python | Free | False | |
RedSnarf | [Source] | Retrieves hashes and credentials from Windows workstations, servers and domain controllers using OpSec Safe Techniques | Python | Free | False | |
samdump2 | [Source] | Retrieves syskey and extract hashes from Windows 2k/NT/XP/Vista SAM, often used with bkhive, part of the ophcrack project | Free | False | ||
scavenger | [Source] | multi-threaded post-exploitation scanning tool for scavenging systems, finding most frequently used files and folders as well as interesting files containing sensitive information | Python | Free | False | |
SCShell | [Source] | Fileless lateral movement that relies on ChangeServiceConfigA to run commands | CSharp | Free | False | |
SharpShooter | [Source] | Payload Generation Framework for C# source code | VB | Free | False | |
ShellPop | [Source] | Tool to craft bind and reverse shells in several languages | Python | Free | False | |
TPMEE | [Source] | Help to exploit weak implementation of library or program that used TPM | Python | Free | False | |
unicorn | [Source] | Tool for using a PowerShell downgrade attack and inject shellcode into memory | Python | Free | False | |
WES-NG | [Source] | Windows Exploit Suggester - Next Generation; analyses Windows targets patch levels to find exploits and Metasploit modules; works well with newer system (eg Windows 10) thanks to MSRC support | Python | Free | False | |
Windows-Exploit-Suggester | [Source] | Analyses Windows targets patch levels to find exploits and Metasploit modules, works only for older systems (eg Windows XP, Vista, etc.) because it relies on MS Security KBs | Python | Free | False |
Threat Intelligence
Name | Website | Source | Description | Programming language | Price | Online |
---|---|---|---|---|---|---|
Intelligence X | [Website] | Threat intelligence search engine: email addresses, domains, URLs, IPs, CIDRs, Bitcoin addresses, IPFS hashes, etc.; it searches among darknet, document sharing platforms, whois data, public data leaks, etc. | Paid | True | ||
Hudson Rock Cybercrime Intelligence Tools | [Website] | Cybercrime intelligence toolset to check if a specific digital asset was compromised in global infostealer malware attacks | Free | True | ||
Maltego | [Website] | Interactive data mining tool that renders directed graphs for link analysis. The tool is used in online investigations for finding relationships between pieces of information from various sources located on the Internet (exists in Community Edition) | Paid | False | ||
MISP | [Website] | [Source] | Threat intelligence platform & open standards for threat information sharing (formerly known as Malware Information Sharing Platform) | PHP | Free | False |
Netglub | [Website] | [Source] | Maltego alternative | Free | False | |
OpenCTI | [Website] | [Source] | Platform designed for managing and analyzing cyber threat intelligence knowledge, centralizing data using the STIX2 standard and offering visualization and integration capabilities | TypeScript | Free | False |
PatrowlHears | [Website] | [Source] | Provides a unified source of vulnerability, exploit and threat Intelligence feeds; comprehensive and continuously updated vulnerability database scored and enriched with exploit and threat news information | Python | Paid | False |
Pulsedive | [Website] | CTI platform to search, scan, and enrich IPs, URLs, domains and other IOCs from OSINT feeds or submit your own | Free | True | ||
Redirect Tracker | [Website] | Track the HTTP redirect chains; 301 and 302, JavaScript and Meta fresh redirects | Free | True | ||
threatfeeds.io | [Website] | Open-source threat intelligence feeds; sharing malware URLs, IP reputation, bad IPs, etc. | Free | True | ||
ThreatIngestor | [Website] | [Source] | Extract and aggregate threat intelligence (IOCs from threat feeds) | Python | Free | False |
ThreatKB | [Source] | Knowledge base workflow management for YARA rules and C2 artifacts | Python | Free | False | |
Watcher | [Website] | [Source] | Automated platform for discovering new potentially cybersecurity threats targeting your assets (detects typosquatting domain names, monitor malicious domain names, detects data leaks...) | Python | Free | False |
Yeti | [Website] | [Source] | Organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository | Python | Free | False |
Vulnerability Assessment
Name | Website | Source | Description | Programming language | Price | Online |
---|---|---|---|---|---|---|
cve-search | [Source] | Tool to import CVE and CPE into a MongoDB to facilitate search and processing of CVEs | Python | Free | False | |
CVEMap | [Source] | CLI tool designed to provide a structured interface to various vulnerability databases | Go | Free | False | |
cvss-suite | [Source] | CVSS calculator library | Ruby | Free | False | |
go-cve-dictionary | [Source] | Self-hosted CVE feed server | Go | Free | False | |
GVM | [Website] | [Source] | The Greenbone Vulnerability Management (GVM) is a framework of several services: gvmd is the central service that consolidates plain vulnerability scanning into a full vulnerability management solution. The Greenbone Security Assistant (GSA) is the web interface of GVM. The main scanner (OpenVAS) is a full-featured scan engine that executes a continuously updated and extended feed of Network Vulnerability Tests (NVTs). Complementary to the web interface, GVM-Tools allows batch processing / scripting via the Greenbone Management Protocol (GMP). Additional scanners can be integrated via the Open Scanner Protocol (OSP) | C | Paid | False |
nvd_feed_api | [Website] | [Source] | A ruby API for NVD CVE feeds management, the library will help you to download and manage NVD Data Feeds, search for CVEs, build your vulerability assesment platform or vulnerability database | Ruby | Free | False |
SECMON | [Website] | [Source] | Web-based platform for the automation of infosec watching and vulnerability management | Python | Free | False |
ThreatMapper | [Website] | [Source] | Identify vulnerabilities in running containers, images, hosts and repositories | Go | Free | False |
VRT Ruby Wrapper | [Website] | [Source] | Wrapper for the Vulnerability Rating Taxonomy | Ruby | Free | False |
Vulnogram | [Website] | [Source] | Create and edit CVE information in CVE JSON format | JavaScript | Free | True |
Vuls | [Website] | [Source] | Agentless system vulnerability scanner for Linux/FreeBSD with a dashboard (VulsRepo) for analyzing the scan results | Go | Free | False |
Web Application Exploitation
Name | Website | Source | Description | Programming language | Price | Online |
---|---|---|---|---|---|---|
0d1n | [Source] | Automate customized attacks against web applications | C | Free | False | |
1u.ms | [Website] | [Source] | zero-configuration DNS utilities for assisting in detection and exploitation of SSRF-related vulnerabilities | Go | Free | True |
230-OOB | [Website] | [Source] | FTP server for OOB XXE attacks | Python | Free | False |
Acunetix | [Website] | Web application security scanner | Paid | True | ||
afrog | [Source] | Web vulnerability scanner, based on templates | Go | Free | False | |
Afuzz | [Source] | Web directory and file scanner (wordlist bruteforce) | Python | Free | False | |
altair | [Source] | Modular web vulnerability scanner | Python | Free | False | |
API-fuzzer | [Source] | Library to fuzz request attributes using common pentesting techniques and lists vulnerabilities | Ruby | Free | False | |
Aquatone | [Website] | [Source] | Domain flyover tool; visual inspection of websites across a large amount of hosts and is convenient for quickly gaining an overview of HTTP-based attack surface | Go | Free | False |
Arachni | [Website] | [Source] | Web application security scanner framework | Ruby | Free | False |
Arjun | [Source] | HTTP parameter discovery suite | Python | Free | False | |
AssassinGo | [Website] | [Source] | Web pentest framework for information gathering and vulnerability scanning | Go | Free | False |
Astra | [Website] | [Source] | REST API penetration testing tool | Python | Free | False |
Atlas | [Source] | Tool that suggests sqlmap tampers to bypass WAF/IDS/IPS based on status codes | Python | Free | False | |
b374k | [Source] | Webshell with many features: file manager, search, command execution, DB connection, SQL explorer, process list | PHP | Free | False | |
badsecrets | [Source] | A library for detecting known or weak cryptographic secrets across many web frameworks | Python | Free | False | |
BaRMIe | [Source] | Java RMI enumeration and attack tool | Java | Free | False | |
Beeceptor | [Website] | HTTP request collector and inspector | Paid | True | ||
BeEF | [Website] | [Source] | Browser exploitation framework; JS payload and supporting software to be used as XSS payload or post exploitation implant to monitor or exploit users as they use the targeted application | Ruby | Free | False |
BFAC | [Source] | Backup File Artifacts Checker; automated backup artifacts checker | Python | Free | False | |
Blazy | [Source] | Login page bruteforcer: CSRF, SQLi, Clickjacking, WAF detection | Python | Free | False | |
Burp Suite | [Website] | Intercepting proxy to replay, inject, scan and fuzz HTTP requests (a limited free version exists) | Java | Paid | False | |
bXSS | [Website] | Identify blind cross-site scripting | JavaScript | Free | False | |
Caido | [Website] | Intercepting proxy to replay, inject, scan and fuzz HTTP requests (a limited free version exists) | Rust | Paid | False | |
Cansina | [Source] | Web directory and file scanner (wordlist bruteforce) | Python | Free | False | |
Chankro | [Source] | Tool to bypass disable_functions and open_basedir in PHP by calling sendmail and setting LD_PRELOAD environment variable | Python | Free | False | |
Charles | [Website] | Intercepting proxy to replay, inject, scan and fuzz HTTP requests | Java | Paid | False | |
ChopChop | [Source] | Web application security scanner based on templates | Go | Free | False | |
clairvoyance | [Source] | Obtain GraphQL API schema even if the introspection is disabled by abusing the "did you mean" feature | Python | Free | False | |
CloakQuest3r | [Source] | Uncover the true IP address of websites safeguarded by Cloudflare and other CDNs | Python | Free | False | |
CloudFlair | [Website] | [Source] | Uncover the true IP address of websites safeguarded by Cloudflare and CloudFront | Python | Free | False |
CloudFrunt | [Source] | Scanner to identify misconfigured CloudFront domains | Python | Free | False | |
CMSeek | [Source] | CMS detection and exploitation suite; capable of detecting more than 180 CMS | Python | Free | False | |
CMSmap | [Source] | WordPress, Joomla, Drupal, Moodle CMS security scanner | Python | Free | False | |
CMSScan | [Source] | Wordpress, Drupal, Joomla, vBulletin CMS security scanner with dashboard | Python | Free | False | |
commix | [Website] | [Source] | Web-based command injection tester | Python | Free | False |
CrackQL | [Source] | GraphQL password brute-force and fuzzing utility | Python | Free | False | |
CSP Evaluator | [Website] | [Source] | Check Content Security Policy (CSP) configuration and assists with the reviewing process | JavaScript | Free | False |
CSPass | [Source] | Test for CSP bypass payloads | Python | Free | False | |
CSWSH | [Website] | Cross-Site WebSocket Hijacking Tester | Free | False | ||
Dalfox | [Website] | [Source] | XSS scanner and utility focused on automation | Go | Free | False |
dirb | [Website] | [Source] | Web directory and file scanner (wordlist bruteforce) | Free | False | |
dirbuster | [Website] | [Source] | Web directory and file scanner (wordlist bruteforce) | Java | Free | False |
dirsearch | [Source] | Web directory and file scanner (wordlist bruteforce) | Python | Free | False | |
distributed-jwt-cracker | [Website] | [Source] | HS256 JWT token distributed brute force cracker | JavaScript | Free | False |
docem | [Source] | Uility to embed XXE and XSS payloads in docx, odt, pptx, etc | Python | Free | False | |
DotDotPwn | [Website] | [Source] | Directory Traversal fuzzer | Perl | Free | False |
DotGit | [Source] | Web browser extension (Firefox and CHromium) checking if .git is exposed in visited websites | JavaScript | Free | False | |
droopescan | [Source] | CMS scanner supporting SilverStripe and Wordpress, having partial support for Joomla, Moodle, Drupal | Python | Free | False | |
drupwn | [Source] | Drupal CMS enumeration and exploitation tool | Python | Free | False | |
dtd-finder | [Source] | Identify DTDs on filesystem snapshot and build XXE payloads using those local DTDs | Kotlin | Free | False | |
DVCS-Pillage | [Source] | Dump web accessible (distributed) version control systems (DVCS/VCS): GIT, Mercurial/hg, Bazaar/bzr, … | Shell | Free | False | |
dvcs-ripper | [Source] | Dump web accessible (distributed) version control systems (DVCS/VCS): SVN, GIT, Mercurial/hg, Bazaar/bzr, … | Perl | Free | False | |
Enemies Of Symfony | [Source] | Loots information from a Symfony target using profiler | Python | Free | False | |
Eyeballer | [Source] | Convolutional neural network for analyzing pentest screenshots and automatically label them | Python | Free | False | |
EyeWitness | [Source] | Take screenshots of websites, provide some server header info, and identify default credentials if possible | Python | Free | False | |
ezXSS | [Source] | Identify blind cross-site scripting | PHP | Free | False | |
Fav-up | [Source] | Favicon fingerprinting using Shodan | Python | Free | False | |
FavFreak | [Source] | Favicon fingerprinting | Python | Free | False | |
Favinizer | [Source] | Favicon fingerprinting | Python | Free | False | |
feroxbuster | [Source] | Web directory and file scanner (wordlist bruteforce) | Rust | Free | False | |
ffuf | [Source] | Web directory and file scanner (wordlist bruteforce); but also a web fuzzer | Go | Free | False | |
Fingerprinter | [Source] | CMS version detection tool | Ruby | Free | False | |
Firefly | [Source] | Web directory and file scanner (wordlist bruteforce); but also a web fuzzer | Go | Free | False | |
Flask Session Cookie Decoder/Encoder | [Source] | A script that let you encode and decode a Flask session cookie | Python | Free | False | |
FockCache | [Source] | Test Cache Poisoning | Go | Free | False | |
Fuxi | [Source] | Penetration testing platform, automate some scan & attack | Python | Free | False | |
fuxploider | [Source] | Automates the process of detecting and exploiting file upload forms flaws | Python | Free | False | |
Fuzzapi | [Source] | Web-UI for API-fuzzer | Ruby | Free | False | |
Ghauri | [Source] | Automatic SQL injection and database takeover; inspired by SQLmap | Python | Free | False | |
git-dump | [Source] | Dump the contents of a remote git repository without directory listing enabled | JavaScript | Free | False | |
git-dumper | [Source] | Dump the contents of a remote git repository without directory listing enabled | Python | Free | False | |
GitTools | [Source] | 3 tools: Finder (find websites with .git repository exposed), Dumper (dump exposed .git), Extractor (extract commits and their content from a broken repository) | Shell | Free | False | |
Gobuster | [Source] | Web directory, file and DNS scanner (wordlist bruteforce) | Go | Free | False | |
gofingerprint | [Source] | Indentify web servers by checking their HTTP responses against a user defined list of fingerprints | Go | Free | False | |
goop | [Source] | Dump the contents of a remote git repository without directory listing enabled; focus on as-complete-as-possible dumps and handling as many edge-cases as possible | Go | Free | False | |
Gopherus | [Source] | Generates gopher link for exploiting SSRF and gaining RCE access from unprotected services | Python | Free | False | |
gowitness | [Source] | Take screenshots of websites | Go | Free | False | |
GraphCrawler | [Source] | GraphQL automated security testing | Python | Free | False | |
Graphicator | [Source] | GraphQL enumeration and extraction | Python | Free | False | |
Graphinder | [Source] | GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce | Python | Free | False | |
GraphQL Voyager | [Website] | [Source] | Represent any GraphQL API as an interactive graph | TypeScript | Free | False |
GraphMan | [Source] | Scaffold a postman collection for a GraphQL API; compatible with Postman and Insomnia | TypeScript | Free | False | |
GraphQL Cop | [Source] | Run common security tests against GraphQL | Python | Free | False | |
graphql-path-enum | [Source] | Lists the different ways of reaching a given type in a GraphQL schema | Rust | Free | False | |
graphql.security | [Website] | Runs a dozen of security checks against a given GraphQL endpoint | Free | True | ||
GraphQLmap | [Source] | Scripting engine to interact with a graphql endpoint for pentesting purposes | Python | Free | False | |
graphw00f | [Source] | GraphQL server engine fingerprinting | Python | Free | False | |
Guppy Proxy | [Source] | GUI HTTP intercepting proxy based on Pappy Proxy | Python | Free | False | |
headerpwn | [Source] | Fuzzer for analyzing how servers respond to different HTTP headers | Go | Free | False | |
Hetty | [Website] | [Source] | HTTP toolkit for security research; alternative to BurpSuite | Go | Free | False |
Hookbin | [Website] | [Source] | HTTP request collector and inspector | Java | Free | True |
http-garden | [Source] | Differential testing and fuzzing of HTTP servers and proxies | Python | Free | False | |
httpscreenshot | [Source] | Take screenshots of websites | Python | Free | False | |
httpx | [Source] | Multi-purpose HTTP toolkit allows to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads | Go | Free | False | |
HUNT | [Source] | HUNT Suite is a collection of Burp Suite Pro/Free and OWASP ZAP extensions | Python | Free | True | |
InQL | [Source] | GraphQL security audit | Python | Free | False | |
Intrigue Core | [Website] | [Source] | Framework for discovering attack surface | Ruby | Free | False |
Interactsh | [Website] | [Source] | HTTP request collector and inspector; OOB interaction gathering server and client library; DNS / HTTP / SMTP interaction support | Go | Free | True |
IronWASP | [Website] | [Source] | Web security/vulnerability scanner (native for Windows only) | C | Free | False |
Jaeles | [Website] | [Source] | Framework for building your own Web Application Scanner | Go | Free | False |
JAST | [Source] | Take screenshots of websites | Python | Free | False | |
JS-Tap | [Source] | Browser exploitation framework; JS payload and supporting software to be used as XSS payload or post exploitation implant to monitor or exploit users as they use the targeted application | Python | Free | False | |
JSONBee | [Source] | JSONP endpoints/payloads to help bypass content security policy of different websites | PHP | Free | False | |
JWT cracker | [Source] | Multi-threaded JWT brute-force cracker | C | Free | False | |
jwt-cracker | [Website] | [Source] | HS256 JWT token brute force cracker | JavaScript | Free | False |
jwt-hack | [Source] | A toolkit for JWT tokens security testing | Go | Free | False | |
jwt_tool | [Source] | A toolkit for validating, forging and cracking JWT tokens | Python | Free | False | |
jwtcat | [Source] | JWT brute-force cracker | Python | Free | False | |
Katana | [Source] | Crawling and spidering framework, supporting headless mode, JavaScript, customizable automatic form filling and scope control | Go | Free | False | |
Kraken | [Source] | Modular multi-language webshell focused on web post-exploitation and defense evasion; supports PHP, JSP and ASPX | Python | Free | False | |
Liffy | [Source] | LFI exploitation tool | Python | Free | False | |
LFI Freak | [Source] | LFI scan and exploit tool | Python | Free | False | |
LFI Suite | [Source] | Automatic LFI scanner and exploiter | Python | Free | False | |
LightBulb | [Website] | [Source] | Framework for auditing web application firewalls and filters | Python | Free | False |
LinkFinder | [Website] | [Source] | Find URL endpoints and their parameters in JavaScript files | Python | Free | False |
Lulzbuster | [Source] | Web directory and file scanner (wordlist bruteforce) | C | Free | False | |
Kadimus | [Source] | LFI, RFI, RCE scanner | C | Free | False | |
Malzilla | [Website] | [Source] | Web oriented deobfuscating tool | Free | False | |
mitmproxy | [Website] | [Source] | Interactive HTTPS proxy | Python | Free | False |
Mockbin | [Website] | [Source] | HTTP request collector and inspector | JavaScript | Free | True |
monsoon | [Website] | [Source] | Web directory and file scanner (wordlist bruteforce) | Go | Free | False |
MyJWT | [Source] | A toolkit for signing, forging and cracking JWT tokens | Python | Free | False | |
Netsparker | [Website] | Web application security scanner | Paid | True | ||
nikto | [Website] | [Source] | Very light web security scanner | Perl | Free | False |
noir | [Website] | [Source] | Attack surface detector that identifies endpoints by static analysis and then conduct dynamic analysis on them | Crystal | Free | False |
NoSQLMap | [Source] | Automated NoSQL database enumeration and web application exploitation tool | Python | Free | False | |
Nosql-Exploitation-Framework | [Source] | NoSQL scanning and exploitation framework | Python | Free | False | |
Nuclei | [Website] | [Source] | Web application security scanner based on templates | Go | Free | False |
NtHiM | [Source] | Now, the Host is Mine!; sub-domain takeover detection | Rust | Free | False | |
otori | [Website] | On The Outside, Reaching In, exploitation toolbox for XXE attacks | Python | Free | False | |
OWASP JoomScan | [Source] | Joomla vulnerability scanner | Perl | Free | False | |
OWASP ZAP | [Website] | [Source] | OWASP Zed Attack Proxy, intercepting proxy to replay, inject, scan and fuzz HTTP requests | Java | Free | False |
oxml_xxe | [Source] | Tool for embedding XXE/XML exploits into different filetypes (docx/xlsx, odt/ods, svg, xml, etc.) | Ruby | Free | False | |
Panoptic | [Website] | [Source] | Automatic LFI and Path Traversal exploitation tool | Python | Free | False |
Pappy Proxy | [Website] | [Source] | Proxy Attack Proxy ProxY, HTTP intercepting proxy | Python | Free | False |
parameth | [Source] | HTTP parameter discovery suite | Python | Free | False | |
ParamSpider | [Source] | Finds parameters from web archives of the entered domain | Python | Free | False | |
Paros | [Source] | Intercepting proxy to replay, inject, scan and fuzz HTTP requests | Java | Free | False | |
PeepingTom | [Source] | Take screenshots of websites | Python | Free | False | |
PHPGGC | [Source] | PHP Generic Gadget Chains, library of unserialize() payloads along with a tool to generate them, supporting various PHP frameworks | PHP | Free | False | |
Pinkerton | [Source] | Crawl JavaScript file to find secret | Python | Free | False | |
Portswigger Labs Inspector | [Website] | Javascript expression evaluator and inspector | JavaScript | Free | True | |
PowerUpSQL | [Source] | Toolkit for attacking MS SQL Server, discovery, configuration auditing, privilege escalation, post exploitation | Powershell | Free | False | |
ppfuzz | [Source] | Scan for client-side prototype pollution | Rust | Free | False | |
pphack | [Source] | Client-side prototype pollution scanner | Go | Free | False | |
Rabid | [Website] | [Source] | CLI tool and library allowing to simply decode all kind of BigIP cookies | Ruby | Free | True |
RequestBin | [Website] | [Source] | HTTP request collector and inspector | Python | Free | True |
RequestCatcher | [Website] | [Source] | HTTP request collector and inspector | Go | Free | True |
Request Inspector | [Website] | HTTP request collector and inspector | Free | True | ||
Rogue JNDI | [Source] | A malicious LDAP server for JNDI injection attacks | Java | Free | False | |
Retire.js | [Website] | [Source] | Scanner detecting the use of JavaScript libraries with known vulnerabilities | JavaScript | Free | False |
ronin-vulns | [Source] | Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects | Ruby | Free | False | |
rustbuster | [Source] | Web directory, file and DNS scanner (wordlist bruteforce); but also a web fuzzer | Rust | Free | False | |
Scout | [Source] | Web directory and file scanner (wordlist bruteforce) | Go | Free | False | |
secureCodeBox | [Website] | [Source] | Continuous security scans based on kubernetes; orchestrate and automate a bunch of security-testing tools | Go | Free | False |
See-SURF | [Source] | SSRF scanner to find entry points | Python | Free | False | |
Session Hijacking Visual Exploitation | [Source] | Hijack user sessions by injecting malicious JavaScript code | JavaScript | Free | False | |
ShapeShifter | [Source] | GraphQL schema extraction to JSON file with introspection | Python | Free | False | |
Simple Local File Inclusion Exploiter | [Website] | [Source] | LFI exploit tool | Python | Free | False |
Sitadel | [Source] | Web application security scanner, rewrite and newer version of WAScan | Python | Free | False | |
sj | [Source] | Swagger Jacker; audit API endpoints defined in exposed (Swagger/OpenAPI) definition files | Go | Free | False | |
SleuthQL | [Source] | Tool that parses Burp history to discover potential SQL injection points and prepare SQLmap request files | Python | Free | False | |
Smuggler | [Source] | HTTP request smuggling, desync testing | Python | Free | False | |
snallygaster | [Source] | Web scanner that looks for files accessible on web servers that shouldn't be public | Python | Free | False | |
spidr | [Source] | Web spidering library that can spider a site, multiple domains, certain links or infinitely | Ruby | Free | False | |
SQLiv | [Source] | SQL injection scanner, find vulnerable entry points | Python | Free | False | |
sqlmap | [Website] | [Source] | Automatic SQL injection and database takeover | Python | Free | False |
SqliSniper | [Source] | Time-based blind SQL injection fuzzer for HTTP headers | Python | Free | False | |
ssllabs-scan | [Website] | [Source] | CLI reference-implementation client for Qualys SSL Labs APIs, designed for automated and/or bulk testing | Go | Free | False |
sslscan2 | [Source] | Tests SSL/TLS enabled services to discover supported cipher suites | C | Free | False | |
SSLyze | [Source] | SSL analysis library and a CLI tools | Python | Free | False | |
SSRF Proxy | [Source] | Facilitates tunneling HTTP communications through servers vulnerable to SSRF | Ruby | Free | False | |
SSRFmap | [Source] | Automatic SSRF fuzzer and exploitation tool | Python | Free | False | |
SSRF Sheriff | [Source] | Genereate custom endpoint to test SSRF; support any HTTP method, content-specific responses, configurable secret token | Go | Free | False | |
STEWS | [Source] | Security Testing and Enumeration of WebSockets; tool suite for security testing WebSockets: discover endpoints, fingerprint server, detect vulnerabilities | Python | Free | False | |
Surf | [Source] | Escalate SSRF vulnerabilities on modern cloud environments, enumerate reachable hosts | Go | Free | False | |
testssl.sh | [Website] | [Source] | TLS/SSL scanner to find weak ciphers, protocols or flaws | Shell | Free | False |
TIDoS Framework | [Source] | Comprehensive web-app audit framework | Python | Free | False | |
TLS map | [Website] | [Source] | CLI & library for mapping TLS cipher algorithm names: IANA, OpenSSL, GnUTLS, NSS | Ruby | Free | False |
toxssin | [Source] | XSS exploitation command-line interface and payload generator | Python | Free | False | |
Tracy | [Source] | Tool that help to manually find XSS | Go | Free | False | |
TrashCompactor | [Source] | Remove URLs with duplicate funcionality based on script resources included | Go | Free | False | |
tplmap | [Source] | SSTI and code injection detection and exploitation tool | Python | Free | False | |
Typo3Scan | [Source] | Enumerate Typo3 version and extensions | Python | Free | False | |
Uniscan | [Source] | RFI, LFi and RCE scanner | Perl | Free | False | |
V3n0M | [Source] | Web dork and vulnerability scanner | Python | Free | False | |
vaf | [Source] | Web directory and file scanner (wordlist bruteforce); but also a web fuzzer | Nim | Free | False | |
Vega | [Website] | [Source] | Multi-platform web scanner and intercepting proxy | Java | Free | False |
VOOKI | [Website] | Windows only web application and REST API vulnerability scanner | Free | False | ||
w3af | [Website] | [Source] | Web application attack and audit framework, web-oriented security scanner | Python | Free | False |
WAFNinja | [Source] | WAF bypassing tool | Python | Free | False | |
wapiti | [Website] | [Source] | Web-oriented vulnerability scanner, can generates reports | Free | False | |
WappaGo | [Source] | Web technologies detection; assemble different features from HTTPX, Naabu, GoWitness and Wappalyzer | Go | Free | False | |
WAScan | [Source] | Web application security scanner | Python | Free | False | |
webanalyze | [Source] | Port of Wappalyzer (uncovers technologies used on websites) to automate mass scanning | Go | Free | False | |
Webhook Tester | [Website] | [Source] | HTTP request collector and inspector | PHP | Free | True |
Weevely | [Source] | Web shell for post-exploitation working with a PHP agent | Python | Free | False | |
Wfuzz | [Website] | [Source] | Web directory and file scanner (wordlist bruteforce); but also a web fuzzer | Python | Free | False |
What CMS | [Website] | Service able to detect more than 430 CMS, find version used for some CMS, has an API for batch detection | Free | True | ||
WhatWeb | [Website] | [Source] | Web scanner, recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices, also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more; more than 1800 plugins | Ruby | Free | False |
wikto | [Source] | Nikto for Windows; web security scanner | CSharp | Free | False | |
WitnessMe | [Source] | Take screenshots of websites, provide some server header info, and identify default credentials if possible | Python | Free | False | |
WPScan | [Website] | [Source] | WordPress CMS vulnerability scanner | Ruby | Free | True |
wrapwrap | [Website] | [Source] | Generates a php://filter chain that adds a prefix and a suffix to the contents of a file | Python | Free | False |
WS-Attacker | [Source] | Modular framework for SOAP web services penetration testing | Java | Free | False | |
WSFuzzer | [Website] | [Source] | Fuzzing penetration testing tool for testing HTTP SOAP based web services | Python | Free | False |
wsrepl | [Website] | [Source] | Interactive websocket REPL designed specifically for penetration testing | Python | Free | False |
WSSAT | [Website] | [Source] | Web Service Security Assessment Tool; WS, REST API, SOAP API dynamic scanner | CSharp | Free | False |
x8 | [Source] | HTTP parameter discovery suite | Rust | Free | False | |
XCat | [Website] | [Source] | Automate XPath injection/XXE attacks to retrieve documents | Python | Free | False |
Xenotix | [Website] | [Source] | XSS detection and exploit framework (Windows only) | Python | Free | False |
xnLinkFinder | [Source] | Discover endpoints and potential parameters for a given target | Python | Free | False | |
Xray | [Website] | [Source] | Web security scanner (XSS, SQLi, SSRF, XXE, etc.) | Go | Free | False |
XSinator | [Website] | [Source] | XS-Leak browser test suite | JavaScript | Free | False |
XSpear | [Source] | XSS Scanner | Ruby | Free | False | |
XSRFProbe | [Source] | Advanced Cross Site Request Forgery (CSRF/XSRF) audit and exploitation toolkit | Python | Free | False | |
XSS hunter | [Website] | XSS probes host for finding blind XSS | Free | True | ||
XSS Hunter Express | [Source] | XSS probes host for finding blind XSS | Free | False | ||
XSS'OR | [Website] | [Source] | Multi-purpose tool for XSS or JavaScript analysis | JavaScript | Free | True |
XSS'OR 2 | [Website] | [Source] | Multi-purpose tool for XSS or JavaScript analysis | JavaScript | Free | True |
XSSCon | [Source] | XSS automatic scanner | Python | Free | False | |
XSSer | [Website] | [Source] | XSS automatic scanner and exploiter | Python | Free | False |
XSStrike | [Source] | XSS detection tool, parser, payload generator, fuzzing engine, crawler | Python | Free | False | |
XXEinjector | [Source] | Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods | Ruby | Free | False | |
xxeserv | [Source] | HTTP and FTP server for OOB XXE attacks | Go | Free | False | |
XXExploiter | [Website] | [Source] | Generates XML payloads, and automatically starts a server to serve the needed DTD's or to do data exfiltration for XXE attacks | JavaScript | Free | False |
xxxpwn | [Source] | XPath injection tool, designed for blind injection | Python | Free | False | |
xxxpwn_smart | [Source] | XPath injection tool, fork of xxxpwn adding further optimizations and tweaks, uses predictive text based on a dictionary of words/phrases vs frequencies of occurrence | Python | Free | False | |
YASUO | [Source] | Scans for vulnerable & exploitable 3rd-party web applications | Ruby | Free | False | |
Yoga | [Website] | [Source] | Your OSINT Graphical Analyzer; project to help people understand different courses of action to take based upon the data | JavaScript | Free | False |
Wireless
Name | Website | Source | Description | Programming language | Price | Online |
---|---|---|---|---|---|---|
Aircrack-Ng | [Website] | [Source] | Suite of tools to assess WiFi network security (cracking WEP and WPA PSK) | C | Free | False |
airgeddon | [Source] | Wireless network audit script | Shell | Free | False | |
BtleJack | [Source] | Bluetooth Low Energy Swiss-army knife | Python | Free | False | |
Crunch-Cracker | [Source] | Wordlist generator and Wi-Fi cracker | Shell | Free | False | |
Fluxion | [Website] | [Source] | MITM WPA attack tool | Shell | Free | False |
FruityWiFi | [Source] | Wireless network auditing tool controlled by a web interface | PHP | Free | False | |
Hijacker | [Source] | Android GUI for Aircrack, Airodump, Aireplay, MDK3 and Reaver | Java | Free | False | |
Infernal-Wireless | [Source] | Automated wireless hacking tool | Python | Free | False | |
intel-wifi-research-tools | [Source] | Research tools developed for Intel Wi-Fi chips : decode firmware files, communicate with the chip through Linux's debug filesystem | Python | Free | False | |
Kismet | [Website] | [Source] | Sniffer, WIDS, and wardriving tool for Wi-Fi, Bluetooth, Zigbee, RF | CPlusPlus | Free | False |
MDK3-master | [Source] | PoC tool to exploit common IEEE 802.11 protocol weaknesses | C | Free | False | |
MDK4 | [Source] | PoC tool to exploit common IEEE 802.11 protocol weaknesses | C | Free | False | |
Modmobjam | [Source] | Cellular networks jamming PoC for mobile equipments | Python | Free | False | |
Modmobmap | [Source] | Tool to retrieve information of cellular networks | Python | Free | False | |
Oasis | [Source] | Framework allowing to write, build and patch instrumentation modules for Bluetooth Low Energy (BLE) controllers | C | Free | False | |
QCSuper | [Source] | Communicate with Qualcomm-based phones and modems, allowing to capture raw 2G/3G/4G radio frames | Python | Free | False | |
reaver-wps | [Source] | Bruteforce WPS tool | C | Free | False | |
reaver-wps (t6x fork) | [Source] | Bruteforce WPS tool | C | Free | False | |
RF Swift | [Source] | Toolbox for HAM radio enthusiasts and RF professionals | Go | Free | False | |
trackerjacker | [Source] | Tool for mapping and tacking wifi networks and devices through raw 802.11 monitoring | Python | Free | False | |
Wifi-Biter | [Source] | Dictionary generator used to generate dictionaries/wordlist for Wireless Router Passwords | Python | Free | False | |
wifijammer | [Source] | Script to jam wifi clients and access points | Python | Free | False | |
wifite2 | [Source] | Script for auditing wireless networks that runs existing wireless-auditing tools | Python | Free | False |