mirror of
https://github.com/enaqx/awesome-pentest.git
synced 2025-01-10 14:39:30 -05:00
awesome-lint: fix header levels
This commit is contained in:
parent
c1b2d06543
commit
2dbb9edc6e
231
README.md
231
README.md
@ -19,18 +19,18 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [Operating Systems](#operating-systems)
|
||||
* [Penetration Testing Report Templates](#penetration-testing-report-templates)
|
||||
* [Code examples for Penetration Testing](#code-examples-for-penetration-testing)
|
||||
* [Tools](#tools)
|
||||
* [Penetration Testing Distributions](#penetration-testing-distributions)
|
||||
* [Docker for Penetration Testing](#docker-for-penetration-testing)
|
||||
* [Multi-paradigm Frameworks](#multi-paradigm-frameworks)
|
||||
* [Network vulnerability scanners](#network-vulnerability-scanners)
|
||||
* [Network vulnerability scanners](#network-vulnerability-scanners)
|
||||
* [Static Analyzers](#static-analyzers)
|
||||
* [Web Vulnerability Scanners](#web-vulnerability-scanners)
|
||||
* [Network Tools](#network-tools)
|
||||
* [Network Tools](#network-tools)
|
||||
* [Exfiltration Tools](#exfiltration-tools)
|
||||
* [Network Reconnaissance Tools](#network-reconnaissance-tools)
|
||||
* [Protocol Analyzers and Sniffers](#protocol-analyzers-and-sniffers)
|
||||
* [Proxies and MITM Tools](#proxies-and-mitm-tools)
|
||||
* [Tools](#tools)
|
||||
* [Penetration Testing Distributions](#penetration-testing-distributions)
|
||||
* [Docker for Penetration Testing](#docker-for-penetration-testing)
|
||||
* [Multi-paradigm Frameworks](#multi-paradigm-frameworks)
|
||||
* [Wireless Network Tools](#wireless-network-tools)
|
||||
* [Transport Layer Security Tools](#transport-layer-security-tools)
|
||||
* [Web Exploitation](#web-exploitation)
|
||||
@ -126,6 +126,115 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
|
||||
* [goHackTools](https://github.com/dreddsa5dies/goHackTools) - Hacker tools on Go (Golang).
|
||||
|
||||
## Network vulnerability scanners
|
||||
|
||||
* [Netsparker Application Security Scanner](https://www.netsparker.com/) - Application security scanner to automatically find security flaws.
|
||||
* [Nexpose](https://www.rapid7.com/products/nexpose/) - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
|
||||
* [Nessus](https://www.tenable.com/products/nessus-vulnerability-scanner) - Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable.
|
||||
* [OpenVAS](http://www.openvas.org/) - Free software implementation of the popular Nessus vulnerability assessment system.
|
||||
* [Vuls](https://github.com/future-architect/vuls) - Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go.
|
||||
|
||||
### Static Analyzers
|
||||
|
||||
* [Brakeman](https://github.com/presidentbeef/brakeman) - Static analysis security vulnerability scanner for Ruby on Rails applications.
|
||||
* [cppcheck](http://cppcheck.sourceforge.net/) - Extensible C/C++ static analyzer focused on finding bugs.
|
||||
* [FindBugs](http://findbugs.sourceforge.net/) - Free software static analyzer to look for bugs in Java code.
|
||||
* [sobelow](https://github.com/nccgroup/sobelow) - Security-focused static analysis for the Phoenix Framework.
|
||||
* [bandit](https://pypi.python.org/pypi/bandit/) - Security oriented static analyser for python code.
|
||||
* [Progpilot](https://github.com/designsecurity/progpilot) - Static security analysis tool for PHP code.
|
||||
* [RegEx-DoS](https://github.com/jagracey/RegEx-DoS) - Analyzes source code for Regular Expressions susceptible to Denial of Service attacks.
|
||||
|
||||
### Web Vulnerability Scanners
|
||||
|
||||
* [Netsparker Application Security Scanner](https://www.netsparker.com/) - Application security scanner to automatically find security flaws.
|
||||
* [Nikto](https://cirt.net/nikto2) - Noisy but fast black box web server and web application vulnerability scanner.
|
||||
* [Arachni](http://www.arachni-scanner.com/) - Scriptable framework for evaluating the security of web applications.
|
||||
* [w3af](https://github.com/andresriancho/w3af) - Web application attack and audit framework.
|
||||
* [Wapiti](http://wapiti.sourceforge.net/) - Black box web application vulnerability scanner with built-in fuzzer.
|
||||
* [SecApps](https://secapps.com/) - In-browser web application security testing suite.
|
||||
* [WebReaver](https://www.webreaver.com/) - Commercial, graphical web application vulnerability scanner designed for macOS.
|
||||
* [WPScan](https://wpscan.org/) - Black box WordPress vulnerability scanner.
|
||||
* [cms-explorer](https://code.google.com/archive/p/cms-explorer/) - Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
|
||||
* [joomscan](https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project) - Joomla vulnerability scanner.
|
||||
* [ACSTIS](https://github.com/tijme/angularjs-csti-scanner) - Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.
|
||||
* [SQLmate](https://github.com/UltimateHackers/sqlmate) - A friend of sqlmap that identifies sqli vulnerabilities based on a given dork and website (optional).
|
||||
* [JCS](https://github.com/TheM4hd1/JCS) - Joomla Vulnerability Component Scanner with automatic database updater from exploitdb and packetstorm.
|
||||
|
||||
## Network Tools
|
||||
|
||||
* [pig](https://github.com/rafael-santiago/pig) - GNU/Linux packet crafting tool.
|
||||
* [Network-Tools.com](http://network-tools.com/) - Website offering an interface to numerous basic network utilities like `ping`, `traceroute`, `whois`, and more.
|
||||
* [Intercepter-NG](http://sniff.su/) - Multifunctional network toolkit.
|
||||
* [SPARTA](https://sparta.secforce.com/) - Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.
|
||||
* [Zarp](https://github.com/hatRiot/zarp) - Network attack tool centered around the exploitation of local networks.
|
||||
* [dsniff](https://www.monkey.org/~dugsong/dsniff/) - Collection of tools for network auditing and pentesting.
|
||||
* [scapy](https://github.com/secdev/scapy) - Python-based interactive packet manipulation program & library.
|
||||
* [Printer Exploitation Toolkit (PRET)](https://github.com/RUB-NDS/PRET) - Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
|
||||
* [Praeda](http://h.foofus.net/?page_id=218) - Automated multi-function printer data harvester for gathering usable data during security assessments.
|
||||
* [routersploit](https://github.com/reverse-shell/routersploit) - Open source exploitation framework similar to Metasploit but dedicated to embedded devices.
|
||||
* [CrackMapExec](https://github.com/byt3bl33d3r/CrackMapExec) - Swiss army knife for pentesting networks.
|
||||
* [impacket](https://github.com/CoreSecurity/impacket) - Collection of Python classes for working with network protocols.
|
||||
* [dnstwist](https://github.com/elceef/dnstwist) - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage.
|
||||
* [THC Hydra](https://github.com/vanhauser-thc/thc-hydra) - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more.
|
||||
* [IKEForce](https://github.com/SpiderLabs/ikeforce) - Command line IPSEC VPN brute forcing tool for Linux that allows group name/ID enumeration and XAUTH brute forcing capabilities.
|
||||
* [hping3](https://github.com/antirez/hping) - Network tool able to send custom TCP/IP packets.
|
||||
* [rshijack](https://github.com/kpcyrd/rshijack) - TCP connection hijacker, Rust rewrite of `shijack`.
|
||||
* [Legion](https://github.com/GoVanguard/legion) - Graphical semi-automated discovery and reconnaissance framework based on Python 3 and forked from SPARTA.
|
||||
|
||||
### Exfiltration Tools
|
||||
|
||||
* [DET](https://github.com/sensepost/DET) - Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.
|
||||
* [pwnat](https://github.com/samyk/pwnat) - Punches holes in firewalls and NATs.
|
||||
* [tgcd](http://tgcd.sourceforge.net/) - Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.
|
||||
* [Iodine](https://code.kryo.se/iodine/) - Tunnel IPv4 data through a DNS server; useful for exfiltration from networks where Internet access is firewalled, but DNS queries are allowed.
|
||||
* [Cloakify](https://github.com/TryCatchHCF/Cloakify) - Textual steganography toolkit that converts any filetype into lists of everyday strings.
|
||||
|
||||
### Network Reconnaissance Tools
|
||||
|
||||
* [zmap](https://zmap.io/) - Open source network scanner that enables researchers to easily perform Internet-wide network studies.
|
||||
* [nmap](https://nmap.org/) - Free security scanner for network exploration & security audits.
|
||||
* [scanless](https://github.com/vesche/scanless) - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.
|
||||
* [DNSDumpster](https://dnsdumpster.com/) - Online DNS recon and search service.
|
||||
* [CloudFail](https://github.com/m0rtem/CloudFail) - Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
|
||||
* [dnsenum](https://github.com/fwaeytens/dnsenum/) - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
|
||||
* [dnsmap](https://github.com/makefu/dnsmap/) - Passive DNS network mapper.
|
||||
* [dnsrecon](https://github.com/darkoperator/dnsrecon/) - DNS enumeration script.
|
||||
* [dnstracer](http://www.mavetju.org/unix/dnstracer.php) - Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
|
||||
* [passivedns-client](https://github.com/chrislee35/passivedns-client) - Library and query tool for querying several passive DNS providers.
|
||||
* [passivedns](https://github.com/gamelinux/passivedns) - Network sniffer that logs all DNS server replies for use in a passive DNS setup.
|
||||
* [Mass Scan](https://github.com/robertdavidgraham/masscan) - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
|
||||
* [smbmap](https://github.com/ShawnDEvans/smbmap) - Handy SMB enumeration tool.
|
||||
* [XRay](https://github.com/evilsocket/xray) - Network (sub)domain discovery and reconnaissance automation tool.
|
||||
* [ACLight](https://github.com/cyberark/ACLight) - Script for advanced discovery of sensitive Privileged Accounts - includes Shadow Admins.
|
||||
* [ScanCannon](https://github.com/johnnyxmas/ScanCannon) - Python script to quickly enumerate large networks by calling `masscan` to quickly identify open ports and then `nmap` to gain details on the systems/services on those ports.
|
||||
* [fierce](https://github.com/mschwager/fierce) - Python3 port of the original `fierce.pl` DNS reconnaissance tool for locating non-contiguous IP space.
|
||||
|
||||
### Protocol Analyzers and Sniffers
|
||||
|
||||
* [tcpdump/libpcap](http://www.tcpdump.org/) - Common packet analyzer that runs under the command line.
|
||||
* [Wireshark](https://www.wireshark.org/) - Widely-used graphical, cross-platform network protocol analyzer.
|
||||
* [netsniff-ng](https://github.com/netsniff-ng/netsniff-ng) - Swiss army knife for for network sniffing.
|
||||
* [Dshell](https://github.com/USArmyResearchLab/Dshell) - Network forensic analysis framework.
|
||||
* [Debookee](http://www.iwaxx.com/debookee/) - Simple and powerful network traffic analyzer for macOS.
|
||||
* [Dripcap](https://github.com/dripcap/dripcap) - Caffeinated packet analyzer.
|
||||
* [Netzob](https://github.com/netzob/netzob) - Reverse engineering, traffic generation and fuzzing of communication protocols.
|
||||
* [sniffglue](https://github.com/kpcyrd/sniffglue) - Secure multithreaded packet sniffer.
|
||||
|
||||
### Proxies and MITM Tools
|
||||
|
||||
* [dnschef](https://github.com/iphelix/dnschef) - Highly configurable DNS proxy for pentesters.
|
||||
* [mitmproxy](https://github.com/mitmproxy/mitmproxy) - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
|
||||
* [Morpheus](https://github.com/r00t-3xp10it/morpheus) - Automated ettercap TCP/IP Hijacking tool.
|
||||
* [mallory](https://github.com/justmao945/mallory) - HTTP/HTTPS proxy over SSH.
|
||||
* [SSH MITM](https://github.com/jtesta/ssh-mitm) - Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.
|
||||
* [evilgrade](https://github.com/infobyte/evilgrade) - Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
|
||||
* [Ettercap](http://www.ettercap-project.org) - Comprehensive, mature suite for machine-in-the-middle attacks.
|
||||
* [BetterCAP](https://www.bettercap.org/) - Modular, portable and easily extensible MITM framework.
|
||||
* [MITMf](https://github.com/byt3bl33d3r/MITMf) - Framework for Man-In-The-Middle attacks.
|
||||
* [Lambda-Proxy](https://github.com/puresec/lambda-proxy) - Utility for testing SQL Injection vulnerabilities on AWS Lambda serverless functions.
|
||||
* [Habu](https://github.com/portantier/habu) - Python utility implementing a variety of network attacks, such as ARP poisoning, DHCP starvation, and more.
|
||||
|
||||
|
||||
## Tools
|
||||
|
||||
### Penetration Testing Distributions
|
||||
@ -144,7 +253,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
|
||||
### Docker for Penetration Testing
|
||||
|
||||
* `docker pull kalilinux/kali-linux-docker` - [Official Kali Linux](https://hub.docker.com/r/kalilinux/kali-linux-docker/).
|
||||
* [`docker pull kalilinux/kali-linux-docker`](https://hub.docker.com/r/kalilinux/kali-linux-docker/) - Official Kali Linux.
|
||||
* `docker pull owasp/zap2docker-stable` - [Official OWASP ZAP](https://github.com/zaproxy/zaproxy).
|
||||
* `docker pull wpscanteam/wpscan` - [Official WPScan](https://hub.docker.com/r/wpscanteam/wpscan/).
|
||||
* `docker pull citizenstig/dvwa` - [Damn Vulnerable Web Application (DVWA)](https://hub.docker.com/r/citizenstig/dvwa/).
|
||||
@ -171,114 +280,6 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [AutoSploit](https://github.com/NullArray/AutoSploit) - Automated mass exploiter, which collects target by employing the Shodan.io API and programmatically chooses Metasploit exploit modules based on the Shodan query.
|
||||
* [Decker](https://github.com/stevenaldinger/decker) - Penetration testing orchestration and automation framework, which allows writing declarative, reusable configurations capable of ingesting variables and using outputs of tools it has run as inputs to others.
|
||||
|
||||
### Network vulnerability scanners
|
||||
|
||||
* [Netsparker Application Security Scanner](https://www.netsparker.com/) - Application security scanner to automatically find security flaws.
|
||||
* [Nexpose](https://www.rapid7.com/products/nexpose/) - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
|
||||
* [Nessus](https://www.tenable.com/products/nessus-vulnerability-scanner) - Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable.
|
||||
* [OpenVAS](http://www.openvas.org/) - Free software implementation of the popular Nessus vulnerability assessment system.
|
||||
* [Vuls](https://github.com/future-architect/vuls) - Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go.
|
||||
|
||||
#### Static Analyzers
|
||||
|
||||
* [Brakeman](https://github.com/presidentbeef/brakeman) - Static analysis security vulnerability scanner for Ruby on Rails applications.
|
||||
* [cppcheck](http://cppcheck.sourceforge.net/) - Extensible C/C++ static analyzer focused on finding bugs.
|
||||
* [FindBugs](http://findbugs.sourceforge.net/) - Free software static analyzer to look for bugs in Java code.
|
||||
* [sobelow](https://github.com/nccgroup/sobelow) - Security-focused static analysis for the Phoenix Framework.
|
||||
* [bandit](https://pypi.python.org/pypi/bandit/) - Security oriented static analyser for python code.
|
||||
* [Progpilot](https://github.com/designsecurity/progpilot) - Static security analysis tool for PHP code.
|
||||
* [RegEx-DoS](https://github.com/jagracey/RegEx-DoS) - Analyzes source code for Regular Expressions susceptible to Denial of Service attacks.
|
||||
|
||||
#### Web Vulnerability Scanners
|
||||
|
||||
* [Netsparker Application Security Scanner](https://www.netsparker.com/) - Application security scanner to automatically find security flaws.
|
||||
* [Nikto](https://cirt.net/nikto2) - Noisy but fast black box web server and web application vulnerability scanner.
|
||||
* [Arachni](http://www.arachni-scanner.com/) - Scriptable framework for evaluating the security of web applications.
|
||||
* [w3af](https://github.com/andresriancho/w3af) - Web application attack and audit framework.
|
||||
* [Wapiti](http://wapiti.sourceforge.net/) - Black box web application vulnerability scanner with built-in fuzzer.
|
||||
* [SecApps](https://secapps.com/) - In-browser web application security testing suite.
|
||||
* [WebReaver](https://www.webreaver.com/) - Commercial, graphical web application vulnerability scanner designed for macOS.
|
||||
* [WPScan](https://wpscan.org/) - Black box WordPress vulnerability scanner.
|
||||
* [cms-explorer](https://code.google.com/archive/p/cms-explorer/) - Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
|
||||
* [joomscan](https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project) - Joomla vulnerability scanner.
|
||||
* [ACSTIS](https://github.com/tijme/angularjs-csti-scanner) - Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.
|
||||
* [SQLmate](https://github.com/UltimateHackers/sqlmate) - A friend of sqlmap that identifies sqli vulnerabilities based on a given dork and website (optional).
|
||||
* [JCS](https://github.com/TheM4hd1/JCS) - Joomla Vulnerability Component Scanner with automatic database updater from exploitdb and packetstorm.
|
||||
|
||||
### Network Tools
|
||||
|
||||
* [pig](https://github.com/rafael-santiago/pig) - GNU/Linux packet crafting tool.
|
||||
* [Network-Tools.com](http://network-tools.com/) - Website offering an interface to numerous basic network utilities like `ping`, `traceroute`, `whois`, and more.
|
||||
* [Intercepter-NG](http://sniff.su/) - Multifunctional network toolkit.
|
||||
* [SPARTA](https://sparta.secforce.com/) - Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.
|
||||
* [Zarp](https://github.com/hatRiot/zarp) - Network attack tool centered around the exploitation of local networks.
|
||||
* [dsniff](https://www.monkey.org/~dugsong/dsniff/) - Collection of tools for network auditing and pentesting.
|
||||
* [scapy](https://github.com/secdev/scapy) - Python-based interactive packet manipulation program & library.
|
||||
* [Printer Exploitation Toolkit (PRET)](https://github.com/RUB-NDS/PRET) - Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
|
||||
* [Praeda](http://h.foofus.net/?page_id=218) - Automated multi-function printer data harvester for gathering usable data during security assessments.
|
||||
* [routersploit](https://github.com/reverse-shell/routersploit) - Open source exploitation framework similar to Metasploit but dedicated to embedded devices.
|
||||
* [CrackMapExec](https://github.com/byt3bl33d3r/CrackMapExec) - Swiss army knife for pentesting networks.
|
||||
* [impacket](https://github.com/CoreSecurity/impacket) - Collection of Python classes for working with network protocols.
|
||||
* [dnstwist](https://github.com/elceef/dnstwist) - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage.
|
||||
* [THC Hydra](https://github.com/vanhauser-thc/thc-hydra) - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more.
|
||||
* [IKEForce](https://github.com/SpiderLabs/ikeforce) - Command line IPSEC VPN brute forcing tool for Linux that allows group name/ID enumeration and XAUTH brute forcing capabilities.
|
||||
* [hping3](https://github.com/antirez/hping) - Network tool able to send custom TCP/IP packets.
|
||||
* [rshijack](https://github.com/kpcyrd/rshijack) - TCP connection hijacker, Rust rewrite of `shijack`.
|
||||
* [Legion](https://github.com/GoVanguard/legion) - Graphical semi-automated discovery and reconnaissance framework based on Python 3 and forked from SPARTA.
|
||||
|
||||
#### Exfiltration Tools
|
||||
|
||||
* [DET](https://github.com/sensepost/DET) - Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.
|
||||
* [pwnat](https://github.com/samyk/pwnat) - Punches holes in firewalls and NATs.
|
||||
* [tgcd](http://tgcd.sourceforge.net/) - Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.
|
||||
* [Iodine](https://code.kryo.se/iodine/) - Tunnel IPv4 data through a DNS server; useful for exfiltration from networks where Internet access is firewalled, but DNS queries are allowed.
|
||||
* [Cloakify](https://github.com/TryCatchHCF/Cloakify) - Textual steganography toolkit that converts any filetype into lists of everyday strings.
|
||||
|
||||
#### Network Reconnaissance Tools
|
||||
|
||||
* [zmap](https://zmap.io/) - Open source network scanner that enables researchers to easily perform Internet-wide network studies.
|
||||
* [nmap](https://nmap.org/) - Free security scanner for network exploration & security audits.
|
||||
* [scanless](https://github.com/vesche/scanless) - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.
|
||||
* [DNSDumpster](https://dnsdumpster.com/) - Online DNS recon and search service.
|
||||
* [CloudFail](https://github.com/m0rtem/CloudFail) - Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
|
||||
* [dnsenum](https://github.com/fwaeytens/dnsenum/) - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
|
||||
* [dnsmap](https://github.com/makefu/dnsmap/) - Passive DNS network mapper.
|
||||
* [dnsrecon](https://github.com/darkoperator/dnsrecon/) - DNS enumeration script.
|
||||
* [dnstracer](http://www.mavetju.org/unix/dnstracer.php) - Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
|
||||
* [passivedns-client](https://github.com/chrislee35/passivedns-client) - Library and query tool for querying several passive DNS providers.
|
||||
* [passivedns](https://github.com/gamelinux/passivedns) - Network sniffer that logs all DNS server replies for use in a passive DNS setup.
|
||||
* [Mass Scan](https://github.com/robertdavidgraham/masscan) - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
|
||||
* [smbmap](https://github.com/ShawnDEvans/smbmap) - Handy SMB enumeration tool.
|
||||
* [XRay](https://github.com/evilsocket/xray) - Network (sub)domain discovery and reconnaissance automation tool.
|
||||
* [ACLight](https://github.com/cyberark/ACLight) - Script for advanced discovery of sensitive Privileged Accounts - includes Shadow Admins.
|
||||
* [ScanCannon](https://github.com/johnnyxmas/ScanCannon) - Python script to quickly enumerate large networks by calling `masscan` to quickly identify open ports and then `nmap` to gain details on the systems/services on those ports.
|
||||
* [fierce](https://github.com/mschwager/fierce) - Python3 port of the original `fierce.pl` DNS reconnaissance tool for locating non-contiguous IP space.
|
||||
|
||||
#### Protocol Analyzers and Sniffers
|
||||
|
||||
* [tcpdump/libpcap](http://www.tcpdump.org/) - Common packet analyzer that runs under the command line.
|
||||
* [Wireshark](https://www.wireshark.org/) - Widely-used graphical, cross-platform network protocol analyzer.
|
||||
* [netsniff-ng](https://github.com/netsniff-ng/netsniff-ng) - Swiss army knife for for network sniffing.
|
||||
* [Dshell](https://github.com/USArmyResearchLab/Dshell) - Network forensic analysis framework.
|
||||
* [Debookee](http://www.iwaxx.com/debookee/) - Simple and powerful network traffic analyzer for macOS.
|
||||
* [Dripcap](https://github.com/dripcap/dripcap) - Caffeinated packet analyzer.
|
||||
* [Netzob](https://github.com/netzob/netzob) - Reverse engineering, traffic generation and fuzzing of communication protocols.
|
||||
* [sniffglue](https://github.com/kpcyrd/sniffglue) - Secure multithreaded packet sniffer.
|
||||
|
||||
#### Proxies and MITM Tools
|
||||
|
||||
* [dnschef](https://github.com/iphelix/dnschef) - Highly configurable DNS proxy for pentesters.
|
||||
* [mitmproxy](https://github.com/mitmproxy/mitmproxy) - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
|
||||
* [Morpheus](https://github.com/r00t-3xp10it/morpheus) - Automated ettercap TCP/IP Hijacking tool.
|
||||
* [mallory](https://github.com/justmao945/mallory) - HTTP/HTTPS proxy over SSH.
|
||||
* [SSH MITM](https://github.com/jtesta/ssh-mitm) - Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.
|
||||
* [evilgrade](https://github.com/infobyte/evilgrade) - Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
|
||||
* [Ettercap](http://www.ettercap-project.org) - Comprehensive, mature suite for machine-in-the-middle attacks.
|
||||
* [BetterCAP](https://www.bettercap.org/) - Modular, portable and easily extensible MITM framework.
|
||||
* [MITMf](https://github.com/byt3bl33d3r/MITMf) - Framework for Man-In-The-Middle attacks.
|
||||
* [Lambda-Proxy](https://github.com/puresec/lambda-proxy) - Utility for testing SQL Injection vulnerabilities on AWS Lambda serverless functions.
|
||||
* [Habu](https://github.com/portantier/habu) - Python utility implementing a variety of network attacks, such as ARP poisoning, DHCP starvation, and more.
|
||||
|
||||
### Wireless Network Tools
|
||||
|
||||
* [Aircrack-ng](http://www.aircrack-ng.org/) - Set of tools for auditing wireless networks.
|
||||
|
Loading…
Reference in New Issue
Block a user