diff --git a/.travis.yml b/.travis.yml index f944386..79c2ff5 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,4 +10,4 @@ install: - gem install awesome_bot script: - - awesome_bot README.md --allow-redirect --white-list "www.0day.today,mvfjfugdwgc5uwho.onion,creativecommons.org,netsparker.com,www.shodan.io,www.mhprofessional.com,ghostproject.fr,www.zoomeye.org" + - awesome_bot README.md --allow-redirect --white-list "www.defcon.org,www.0day.today,mvfjfugdwgc5uwho.onion,creativecommons.org,netsparker.com,www.shodan.io,www.mhprofessional.com,ghostproject.fr,www.zoomeye.org" diff --git a/README.md b/README.md index ae9224a..be54020 100644 --- a/README.md +++ b/README.md @@ -19,20 +19,21 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Operating Systems](#operating-systems) * [Penetration Testing Report Templates](#penetration-testing-report-templates) * [Code examples for Penetration Testing](#code-examples-for-penetration-testing) +* [Network vulnerability scanners](#network-vulnerability-scanners) + * [Static Analyzers](#static-analyzers) + * [Web Vulnerability Scanners](#web-vulnerability-scanners) +* [Network Tools](#network-tools) + * [Exfiltration Tools](#exfiltration-tools) + * [Network Reconnaissance Tools](#network-reconnaissance-tools) + * [Protocol Analyzers and Sniffers](#protocol-analyzers-and-sniffers) + * [Proxies and MITM Tools](#proxies-and-mitm-tools) + * [Wireless Network Tools](#wireless-network-tools) + * [Transport Layer Security Tools](#transport-layer-security-tools) + * [DDoS Tools](#ddos-tools) * [Tools](#tools) * [Penetration Testing Distributions](#penetration-testing-distributions) * [Docker for Penetration Testing](#docker-for-penetration-testing) * [Multi-paradigm Frameworks](#multi-paradigm-frameworks) - * [Network vulnerability scanners](#network-vulnerability-scanners) - * [Static Analyzers](#static-analyzers) - * [Web Vulnerability Scanners](#web-vulnerability-scanners) - * [Network Tools](#network-tools) - * [Exfiltration Tools](#exfiltration-tools) - * [Network Reconnaissance Tools](#network-reconnaissance-tools) - * [Protocol Analyzers and Sniffers](#protocol-analyzers-and-sniffers) - * [Proxies and MITM Tools](#proxies-and-mitm-tools) - * [Wireless Network Tools](#wireless-network-tools) - * [Transport Layer Security Tools](#transport-layer-security-tools) * [Web Exploitation](#web-exploitation) * [Hex Editors](#hex-editors) * [File Format Analysis Tools](#file-format-analysis-tools) @@ -41,7 +42,6 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Windows Utilities](#windows-utilities) * [GNU/Linux Utilities](#gnulinux-utilities) * [macOS Utilities](#macos-utilities) - * [DDoS Tools](#ddos-tools) * [Social Engineering Tools](#social-engineering-tools) * [OSINT Tools](#osint-tools) * [Anonymity Tools](#anonymity-tools) @@ -126,52 +126,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [goHackTools](https://github.com/dreddsa5dies/goHackTools) - Hacker tools on Go (Golang). -## Tools - -### Penetration Testing Distributions - -* [Kali](https://www.kali.org/) - GNU/Linux distribution designed for digital forensics and penetration testing. -* [ArchStrike](https://archstrike.org/) - Arch GNU/Linux repository for security professionals and enthusiasts. -* [BlackArch](https://www.blackarch.org/) - Arch GNU/Linux-based distribution for penetration testers and security researchers. -* [Network Security Toolkit (NST)](http://networksecuritytoolkit.org/) - Fedora-based bootable live operating system designed to provide easy access to best-of-breed open source network security applications. -* [BackBox](https://backbox.org/) - Ubuntu-based distribution for penetration tests and security assessments. -* [Parrot](https://www.parrotsec.org/) - Distribution similar to Kali, with multiple architecture. -* [Buscador](https://inteltechniques.com/buscador/) - GNU/Linux virtual machine that is pre-configured for online investigators. -* [The Pentesters Framework](https://github.com/trustedsec/ptf) - Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that eliminates often unused toolchains. -* [AttifyOS](https://github.com/adi0x90/attifyos) - GNU/Linux distribution focused on tools useful during Internet of Things (IoT) security assessments. -* [PentestBox](https://pentestbox.org/) - Opensource pre-configured portable penetration testing environment for Windows OS. -* [Android Tamer](https://androidtamer.com/) - OS for Android Security Professionals. Includes all the tools required for Android security testing. - -### Docker for Penetration Testing - -* `docker pull kalilinux/kali-linux-docker` - [Official Kali Linux](https://hub.docker.com/r/kalilinux/kali-linux-docker/). -* `docker pull owasp/zap2docker-stable` - [Official OWASP ZAP](https://github.com/zaproxy/zaproxy). -* `docker pull wpscanteam/wpscan` - [Official WPScan](https://hub.docker.com/r/wpscanteam/wpscan/). -* `docker pull citizenstig/dvwa` - [Damn Vulnerable Web Application (DVWA)](https://hub.docker.com/r/citizenstig/dvwa/). -* `docker pull wpscanteam/vulnerablewordpress` - [Vulnerable WordPress Installation](https://hub.docker.com/r/wpscanteam/vulnerablewordpress/). -* `docker pull hmlio/vaas-cve-2014-6271` - [Vulnerability as a service: Shellshock](https://hub.docker.com/r/hmlio/vaas-cve-2014-6271/). -* `docker pull hmlio/vaas-cve-2014-0160` - [Vulnerability as a service: Heartbleed](https://hub.docker.com/r/hmlio/vaas-cve-2014-0160/). -* `docker pull vulnerables/cve-2017-7494` - [Vulnerability as a service: SambaCry](https://hub.docker.com/r/vulnerables/cve-2017-7494/). -* `docker pull opendns/security-ninjas` - [Security Ninjas](https://hub.docker.com/r/opendns/security-ninjas/). -* `docker pull diogomonica/docker-bench-security` - [Docker Bench for Security](https://hub.docker.com/r/diogomonica/docker-bench-security/). -* `docker pull ismisepaul/securityshepherd` - [OWASP Security Shepherd](https://hub.docker.com/r/ismisepaul/securityshepherd/). -* `docker pull webgoat/webgoat-7.1` - [OWASP WebGoat Project 7.1 docker image](https://hub.docker.com/r/webgoat/webgoat-7.1/). -* `docker pull webgoat/webgoat-8.0` - [OWASP WebGoat Project 8.0 docker image](https://hub.docker.com/r/webgoat/webgoat-8.0/). -* `docker-compose build && docker-compose up` - [OWASP NodeGoat](https://github.com/owasp/nodegoat#option-3---run-nodegoat-on-docker). -* `docker pull citizenstig/nowasp` - [OWASP Mutillidae II Web Pen-Test Practice Application](https://hub.docker.com/r/citizenstig/nowasp/). -* `docker pull bkimminich/juice-shop` - [OWASP Juice Shop](https://github.com/bkimminich/juice-shop#docker-container--). -* `docker pull phocean/msf` - [docker-metasploit](https://hub.docker.com/r/phocean/msf/). - -### Multi-paradigm Frameworks - -* [Metasploit](https://www.metasploit.com/) - Software for offensive security teams to help verify vulnerabilities and manage security assessments. -* [Armitage](http://fastandeasyhacking.com/) - Java-based GUI front-end for the Metasploit Framework. -* [Faraday](https://github.com/infobyte/faraday) - Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments. -* [Pupy](https://github.com/n1nj4sec/pupy) - Cross-platform (Windows, Linux, macOS, Android) remote administration and post-exploitation tool. -* [AutoSploit](https://github.com/NullArray/AutoSploit) - Automated mass exploiter, which collects target by employing the Shodan.io API and programmatically chooses Metasploit exploit modules based on the Shodan query. -* [Decker](https://github.com/stevenaldinger/decker) - Penetration testing orchestration and automation framework, which allows writing declarative, reusable configurations capable of ingesting variables and using outputs of tools it has run as inputs to others. - -### Network vulnerability scanners +## Network vulnerability scanners * [Netsparker Application Security Scanner](https://www.netsparker.com/) - Application security scanner to automatically find security flaws. * [Nexpose](https://www.rapid7.com/products/nexpose/) - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7. @@ -179,7 +134,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [OpenVAS](http://www.openvas.org/) - Free software implementation of the popular Nessus vulnerability assessment system. * [Vuls](https://github.com/future-architect/vuls) - Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go. -#### Static Analyzers +### Static Analyzers * [Brakeman](https://github.com/presidentbeef/brakeman) - Static analysis security vulnerability scanner for Ruby on Rails applications. * [cppcheck](http://cppcheck.sourceforge.net/) - Extensible C/C++ static analyzer focused on finding bugs. @@ -189,7 +144,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Progpilot](https://github.com/designsecurity/progpilot) - Static security analysis tool for PHP code. * [RegEx-DoS](https://github.com/jagracey/RegEx-DoS) - Analyzes source code for Regular Expressions susceptible to Denial of Service attacks. -#### Web Vulnerability Scanners +### Web Vulnerability Scanners * [Netsparker Application Security Scanner](https://www.netsparker.com/) - Application security scanner to automatically find security flaws. * [Nikto](https://cirt.net/nikto2) - Noisy but fast black box web server and web application vulnerability scanner. @@ -205,7 +160,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [SQLmate](https://github.com/UltimateHackers/sqlmate) - A friend of sqlmap that identifies sqli vulnerabilities based on a given dork and website (optional). * [JCS](https://github.com/TheM4hd1/JCS) - Joomla Vulnerability Component Scanner with automatic database updater from exploitdb and packetstorm. -### Network Tools +## Network Tools * [pig](https://github.com/rafael-santiago/pig) - GNU/Linux packet crafting tool. * [Network-Tools.com](http://network-tools.com/) - Website offering an interface to numerous basic network utilities like `ping`, `traceroute`, `whois`, and more. @@ -226,7 +181,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [rshijack](https://github.com/kpcyrd/rshijack) - TCP connection hijacker, Rust rewrite of `shijack`. * [Legion](https://github.com/GoVanguard/legion) - Graphical semi-automated discovery and reconnaissance framework based on Python 3 and forked from SPARTA. -#### Exfiltration Tools +### Exfiltration Tools * [DET](https://github.com/sensepost/DET) - Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time. * [pwnat](https://github.com/samyk/pwnat) - Punches holes in firewalls and NATs. @@ -234,7 +189,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Iodine](https://code.kryo.se/iodine/) - Tunnel IPv4 data through a DNS server; useful for exfiltration from networks where Internet access is firewalled, but DNS queries are allowed. * [Cloakify](https://github.com/TryCatchHCF/Cloakify) - Textual steganography toolkit that converts any filetype into lists of everyday strings. -#### Network Reconnaissance Tools +### Network Reconnaissance Tools * [zmap](https://zmap.io/) - Open source network scanner that enables researchers to easily perform Internet-wide network studies. * [nmap](https://nmap.org/) - Free security scanner for network exploration & security audits. @@ -254,7 +209,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [ScanCannon](https://github.com/johnnyxmas/ScanCannon) - Python script to quickly enumerate large networks by calling `masscan` to quickly identify open ports and then `nmap` to gain details on the systems/services on those ports. * [fierce](https://github.com/mschwager/fierce) - Python3 port of the original `fierce.pl` DNS reconnaissance tool for locating non-contiguous IP space. -#### Protocol Analyzers and Sniffers +### Protocol Analyzers and Sniffers * [tcpdump/libpcap](http://www.tcpdump.org/) - Common packet analyzer that runs under the command line. * [Wireshark](https://www.wireshark.org/) - Widely-used graphical, cross-platform network protocol analyzer. @@ -265,7 +220,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Netzob](https://github.com/netzob/netzob) - Reverse engineering, traffic generation and fuzzing of communication protocols. * [sniffglue](https://github.com/kpcyrd/sniffglue) - Secure multithreaded packet sniffer. -#### Proxies and MITM Tools +### Proxies and MITM Tools * [dnschef](https://github.com/iphelix/dnschef) - Highly configurable DNS proxy for pentesters. * [mitmproxy](https://github.com/mitmproxy/mitmproxy) - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers. @@ -279,23 +234,6 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Lambda-Proxy](https://github.com/puresec/lambda-proxy) - Utility for testing SQL Injection vulnerabilities on AWS Lambda serverless functions. * [Habu](https://github.com/portantier/habu) - Python utility implementing a variety of network attacks, such as ARP poisoning, DHCP starvation, and more. -### Wireless Network Tools - -* [Aircrack-ng](http://www.aircrack-ng.org/) - Set of tools for auditing wireless networks. -* [Kismet](https://kismetwireless.net/) - Wireless network detector, sniffer, and IDS. -* [Reaver](https://code.google.com/archive/p/reaver-wps) - Brute force attack against WiFi Protected Setup. -* [Wifite](https://github.com/derv82/wifite) - Automated wireless attack tool. -* [Fluxion](https://github.com/FluxionNetwork/fluxion) - Suite of automated social engineering based WPA attacks. -* [Airgeddon](https://github.com/v1s1t0r1sh3r3/airgeddon) - Multi-use bash script for Linux systems to audit wireless networks. -* [Cowpatty](https://github.com/joswr1ght/cowpatty) - Brute-force dictionary attack against WPA-PSK. -* [BoopSuite](https://github.com/MisterBianco/BoopSuite) - Suite of tools written in Python for wireless auditing. -* [Bully](http://git.kali.org/gitweb/?p=packages/bully.git;a=summary) - Implementation of the WPS brute force attack, written in C. -* [infernal-twin](https://github.com/entropy1337/infernal-twin) - Automated wireless hacking tool. -* [krackattacks-scripts](https://github.com/vanhoefm/krackattacks-scripts) - WPA2 Krack attack scripts. -* [KRACK Detector](https://github.com/securingsam/krackdetector) - Detect and prevent KRACK attacks in your network. -* [wifi-arsenal](https://github.com/0x90/wifi-arsenal) - Resources for Wi-Fi Pentesting. -* [WiFi-Pumpkin](https://github.com/P0cL4bs/WiFi-Pumpkin) - Framework for rogue Wi-Fi access point attack. - ### Transport Layer Security Tools * [SSLyze](https://github.com/nabla-c0d3/sslyze) - Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations. @@ -339,6 +277,80 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [WhatWaf](https://github.com/Ekultek/WhatWaf) - Detect and bypass web application firewalls and protection systems. * [badtouch](https://github.com/kpcyrd/badtouch) - Scriptable network authentication cracker. +### DDoS Tools + +* [LOIC](https://github.com/NewEraCracker/LOIC/) - Open source network stress tool for Windows. +* [JS LOIC](http://metacortexsecurity.com/tools/anon/LOIC/LOICv1.html) - JavaScript in-browser version of LOIC. +* [SlowLoris](https://github.com/gkbrk/slowloris) - DoS tool that uses low bandwidth on the attacking side. +* [HOIC](https://sourceforge.net/projects/high-orbit-ion-cannon/) - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures. +* [T50](https://gitlab.com/fredericopissarra/t50/) - Faster network stress tool. +* [UFONet](https://github.com/epsylon/ufonet) - Abuses OSI layer 7 HTTP to create/manage 'zombies' and to conduct different attacks using; `GET`/`POST`, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc. +* [Memcrashed](https://github.com/649/Memcrashed-DDoS-Exploit) - DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API. +* [Anevicon](https://github.com/Gymmasssorla/anevicon) - The most powerful UDP-based load generator, written in Rust. + + +## Tools + +### Penetration Testing Distributions + +* [Kali](https://www.kali.org/) - GNU/Linux distribution designed for digital forensics and penetration testing. +* [ArchStrike](https://archstrike.org/) - Arch GNU/Linux repository for security professionals and enthusiasts. +* [BlackArch](https://www.blackarch.org/) - Arch GNU/Linux-based distribution for penetration testers and security researchers. +* [Network Security Toolkit (NST)](http://networksecuritytoolkit.org/) - Fedora-based bootable live operating system designed to provide easy access to best-of-breed open source network security applications. +* [BackBox](https://backbox.org/) - Ubuntu-based distribution for penetration tests and security assessments. +* [Parrot](https://www.parrotsec.org/) - Distribution similar to Kali, with multiple architecture. +* [Buscador](https://inteltechniques.com/buscador/) - GNU/Linux virtual machine that is pre-configured for online investigators. +* [The Pentesters Framework](https://github.com/trustedsec/ptf) - Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that eliminates often unused toolchains. +* [AttifyOS](https://github.com/adi0x90/attifyos) - GNU/Linux distribution focused on tools useful during Internet of Things (IoT) security assessments. +* [PentestBox](https://pentestbox.org/) - Opensource pre-configured portable penetration testing environment for Windows OS. +* [Android Tamer](https://androidtamer.com/) - OS for Android Security Professionals. Includes all the tools required for Android security testing. + +### Docker for Penetration Testing + +* [Official Kali Linux](https://hub.docker.com/r/kalilinux/kali-linux-docker/) - `docker pull kalilinux/kali-linux-docker`. +* [Official OWASP ZAP](https://github.com/zaproxy/zaproxy) - `docker pull owasp/zap2docker-stable`. +* [Official WPScan](https://hub.docker.com/r/wpscanteam/wpscan/) - `docker pull wpscanteam/wpscan`. +* [Damn Vulnerable Web Application (DVWA)](https://hub.docker.com/r/citizenstig/dvwa/) - `docker pull citizenstig/dvwa`. +* [Vulnerable WordPress Installation](https://hub.docker.com/r/wpscanteam/vulnerablewordpress/) - `docker pull wpscanteam/vulnerablewordpress`. +* [Vulnerability as a service: Shellshock](https://hub.docker.com/r/hmlio/vaas-cve-2014-6271/) - `docker pull hmlio/vaas-cve-2014-6271`. +* [Vulnerability as a service: Heartbleed](https://hub.docker.com/r/hmlio/vaas-cve-2014-0160/) - `docker pull hmlio/vaas-cve-2014-0160`. +* [Vulnerability as a service: SambaCry](https://hub.docker.com/r/vulnerables/cve-2017-7494/) - `docker pull vulnerables/cve-2017-7494`. +* [Security Ninjas](https://hub.docker.com/r/opendns/security-ninjas/) - `docker pull opendns/security-ninjas`. +* [Docker Bench for Security](https://hub.docker.com/r/diogomonica/docker-bench-security/) - `docker pull diogomonica/docker-bench-security`. +* [OWASP Security Shepherd](https://hub.docker.com/r/ismisepaul/securityshepherd/) - `docker pull ismisepaul/securityshepherd`. +* [OWASP WebGoat Project 7.1 docker image](https://hub.docker.com/r/webgoat/webgoat-7.1/) - `docker pull webgoat/webgoat-7.1`. +* [OWASP WebGoat Project 8.0 docker image](https://hub.docker.com/r/webgoat/webgoat-8.0/) - `docker pull webgoat/webgoat-8.0`. +* [OWASP NodeGoat](https://github.com/owasp/nodegoat#option-3---run-nodegoat-on-docker) - `docker-compose build && docker-compose up`. +* [OWASP Mutillidae II Web Pen-Test Practice Application](https://hub.docker.com/r/citizenstig/nowasp/) - `docker pull citizenstig/nowasp`. +* [OWASP Juice Shop](https://github.com/bkimminich/juice-shop#docker-container--) - `docker pull bkimminich/juice-shop`. +* [docker-metasploit](https://hub.docker.com/r/phocean/msf/) - `docker pull phocean/msf`. + +### Multi-paradigm Frameworks + +* [Metasploit](https://www.metasploit.com/) - Software for offensive security teams to help verify vulnerabilities and manage security assessments. +* [Armitage](http://fastandeasyhacking.com/) - Java-based GUI front-end for the Metasploit Framework. +* [Faraday](https://github.com/infobyte/faraday) - Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments. +* [Pupy](https://github.com/n1nj4sec/pupy) - Cross-platform (Windows, Linux, macOS, Android) remote administration and post-exploitation tool. +* [AutoSploit](https://github.com/NullArray/AutoSploit) - Automated mass exploiter, which collects target by employing the Shodan.io API and programmatically chooses Metasploit exploit modules based on the Shodan query. +* [Decker](https://github.com/stevenaldinger/decker) - Penetration testing orchestration and automation framework, which allows writing declarative, reusable configurations capable of ingesting variables and using outputs of tools it has run as inputs to others. + +### Wireless Network Tools + +* [Aircrack-ng](http://www.aircrack-ng.org/) - Set of tools for auditing wireless networks. +* [Kismet](https://kismetwireless.net/) - Wireless network detector, sniffer, and IDS. +* [Reaver](https://code.google.com/archive/p/reaver-wps) - Brute force attack against WiFi Protected Setup. +* [Wifite](https://github.com/derv82/wifite) - Automated wireless attack tool. +* [Fluxion](https://github.com/FluxionNetwork/fluxion) - Suite of automated social engineering based WPA attacks. +* [Airgeddon](https://github.com/v1s1t0r1sh3r3/airgeddon) - Multi-use bash script for Linux systems to audit wireless networks. +* [Cowpatty](https://github.com/joswr1ght/cowpatty) - Brute-force dictionary attack against WPA-PSK. +* [BoopSuite](https://github.com/MisterBianco/BoopSuite) - Suite of tools written in Python for wireless auditing. +* [Bully](http://git.kali.org/gitweb/?p=packages/bully.git;a=summary) - Implementation of the WPS brute force attack, written in C. +* [infernal-twin](https://github.com/entropy1337/infernal-twin) - Automated wireless hacking tool. +* [krackattacks-scripts](https://github.com/vanhoefm/krackattacks-scripts) - WPA2 Krack attack scripts. +* [KRACK Detector](https://github.com/securingsam/krackdetector) - Detect and prevent KRACK attacks in your network. +* [wifi-arsenal](https://github.com/0x90/wifi-arsenal) - Resources for Wi-Fi Pentesting. +* [WiFi-Pumpkin](https://github.com/P0cL4bs/WiFi-Pumpkin) - Framework for rogue Wi-Fi access point attack. + ### Hex Editors * [HexEdit.js](https://hexed.it) - Browser-based hex editing. @@ -413,17 +425,6 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Bella](https://github.com/kdaoudieh/Bella) - Pure Python post-exploitation data mining and remote administration tool for macOS. * [EvilOSX](https://github.com/Marten4n6/EvilOSX) - Modular RAT that uses numerous evasion and exfiltration techniques out-of-the-box. -### DDoS Tools - -* [LOIC](https://github.com/NewEraCracker/LOIC/) - Open source network stress tool for Windows. -* [JS LOIC](http://metacortexsecurity.com/tools/anon/LOIC/LOICv1.html) - JavaScript in-browser version of LOIC. -* [SlowLoris](https://github.com/gkbrk/slowloris) - DoS tool that uses low bandwidth on the attacking side. -* [HOIC](https://sourceforge.net/projects/high-orbit-ion-cannon/) - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures. -* [T50](https://gitlab.com/fredericopissarra/t50/) - Faster network stress tool. -* [UFONet](https://github.com/epsylon/ufonet) - Abuses OSI layer 7 HTTP to create/manage 'zombies' and to conduct different attacks using; `GET`/`POST`, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc. -* [Memcrashed](https://github.com/649/Memcrashed-DDoS-Exploit) - DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API. -* [Anevicon](https://github.com/Gymmasssorla/anevicon) - The most powerful UDP-based load generator, written in Rust. - ### Social Engineering Tools * [Social Engineer Toolkit (SET)](https://github.com/trustedsec/social-engineer-toolkit) - Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly.