|Army-Knife|[Metasploit](https://github.com/rapid7/metasploit-framework)|The world’s most used penetration testing framework|![](https://img.shields.io/github/stars/rapid7/metasploit-framework?label=%20)|[`pentest`](/categorize/tags/pentest.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Proxy|[EvilProxy](https://github.com/bbtfr/evil-proxy)|A ruby http/https proxy to do EVIL things.|![](https://img.shields.io/github/stars/bbtfr/evil-proxy?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Recon|[Hunt3r](https://github.com/EasyRecon/Hunt3r)|Made your bugbounty subdomains reconnaissance easier with Hunt3r the web application reconnaissance framework|![](https://img.shields.io/github/stars/EasyRecon/Hunt3r?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Recon|[intrigue-core](https://github.com/intrigueio/intrigue-core)|Discover Your Attack Surface |![](https://img.shields.io/github/stars/intrigueio/intrigue-core?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Scanner|[wpscan](https://github.com/wpscanteam/wpscan)|WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. |![](https://img.shields.io/github/stars/wpscanteam/wpscan?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Exploit|[XXEinjector](https://github.com/enjoiz/XXEinjector)|Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.|![](https://img.shields.io/github/stars/enjoiz/XXEinjector?label=%20)|[`xxe`](/categorize/tags/xxe.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Utils|[oxml_xxe](https://github.com/BuffaloWill/oxml_xxe)|A tool for embedding XXE/XML exploits into different filetypes |![](https://img.shields.io/github/stars/BuffaloWill/oxml_xxe?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Utils|[hbxss](https://github.com/hahwul/hbxss)|Security test tool for Blind XSS|![](https://img.shields.io/github/stars/hahwul/hbxss?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Env|[pentest-env](https://github.com/Sliim/pentest-env)|Pentest environment deployer (kali linux + targets) using vagrant and chef.|![](https://img.shields.io/github/stars/Sliim/pentest-env?label=%20)|[`pentest`](/categorize/tags/pentest.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|