mirror of
https://github.com/enaqx/awesome-pentest.git
synced 2025-01-10 14:39:30 -05:00
commit
7db54665d1
@ -10,4 +10,4 @@ install:
|
||||
- gem install awesome_bot
|
||||
|
||||
script:
|
||||
- awesome_bot README.md --allow-redirect --white-list "www.0day.today,mvfjfugdwgc5uwho.onion,creativecommons.org,netsparker.com,www.shodan.io,www.mhprofessional.com,ghostproject.fr,www.zoomeye.org"
|
||||
- awesome_bot README.md --allow-redirect --white-list "www.defcon.org,www.0day.today,mvfjfugdwgc5uwho.onion,creativecommons.org,netsparker.com,www.shodan.io,www.mhprofessional.com,ghostproject.fr,www.zoomeye.org"
|
||||
|
177
README.md
177
README.md
@ -19,20 +19,21 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [Operating Systems](#operating-systems)
|
||||
* [Penetration Testing Report Templates](#penetration-testing-report-templates)
|
||||
* [Code examples for Penetration Testing](#code-examples-for-penetration-testing)
|
||||
* [Tools](#tools)
|
||||
* [Penetration Testing Distributions](#penetration-testing-distributions)
|
||||
* [Docker for Penetration Testing](#docker-for-penetration-testing)
|
||||
* [Multi-paradigm Frameworks](#multi-paradigm-frameworks)
|
||||
* [Network vulnerability scanners](#network-vulnerability-scanners)
|
||||
* [Network vulnerability scanners](#network-vulnerability-scanners)
|
||||
* [Static Analyzers](#static-analyzers)
|
||||
* [Web Vulnerability Scanners](#web-vulnerability-scanners)
|
||||
* [Network Tools](#network-tools)
|
||||
* [Network Tools](#network-tools)
|
||||
* [Exfiltration Tools](#exfiltration-tools)
|
||||
* [Network Reconnaissance Tools](#network-reconnaissance-tools)
|
||||
* [Protocol Analyzers and Sniffers](#protocol-analyzers-and-sniffers)
|
||||
* [Proxies and MITM Tools](#proxies-and-mitm-tools)
|
||||
* [Wireless Network Tools](#wireless-network-tools)
|
||||
* [Transport Layer Security Tools](#transport-layer-security-tools)
|
||||
* [DDoS Tools](#ddos-tools)
|
||||
* [Tools](#tools)
|
||||
* [Penetration Testing Distributions](#penetration-testing-distributions)
|
||||
* [Docker for Penetration Testing](#docker-for-penetration-testing)
|
||||
* [Multi-paradigm Frameworks](#multi-paradigm-frameworks)
|
||||
* [Web Exploitation](#web-exploitation)
|
||||
* [Hex Editors](#hex-editors)
|
||||
* [File Format Analysis Tools](#file-format-analysis-tools)
|
||||
@ -41,7 +42,6 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [Windows Utilities](#windows-utilities)
|
||||
* [GNU/Linux Utilities](#gnulinux-utilities)
|
||||
* [macOS Utilities](#macos-utilities)
|
||||
* [DDoS Tools](#ddos-tools)
|
||||
* [Social Engineering Tools](#social-engineering-tools)
|
||||
* [OSINT Tools](#osint-tools)
|
||||
* [Anonymity Tools](#anonymity-tools)
|
||||
@ -126,52 +126,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
|
||||
* [goHackTools](https://github.com/dreddsa5dies/goHackTools) - Hacker tools on Go (Golang).
|
||||
|
||||
## Tools
|
||||
|
||||
### Penetration Testing Distributions
|
||||
|
||||
* [Kali](https://www.kali.org/) - GNU/Linux distribution designed for digital forensics and penetration testing.
|
||||
* [ArchStrike](https://archstrike.org/) - Arch GNU/Linux repository for security professionals and enthusiasts.
|
||||
* [BlackArch](https://www.blackarch.org/) - Arch GNU/Linux-based distribution for penetration testers and security researchers.
|
||||
* [Network Security Toolkit (NST)](http://networksecuritytoolkit.org/) - Fedora-based bootable live operating system designed to provide easy access to best-of-breed open source network security applications.
|
||||
* [BackBox](https://backbox.org/) - Ubuntu-based distribution for penetration tests and security assessments.
|
||||
* [Parrot](https://www.parrotsec.org/) - Distribution similar to Kali, with multiple architecture.
|
||||
* [Buscador](https://inteltechniques.com/buscador/) - GNU/Linux virtual machine that is pre-configured for online investigators.
|
||||
* [The Pentesters Framework](https://github.com/trustedsec/ptf) - Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that eliminates often unused toolchains.
|
||||
* [AttifyOS](https://github.com/adi0x90/attifyos) - GNU/Linux distribution focused on tools useful during Internet of Things (IoT) security assessments.
|
||||
* [PentestBox](https://pentestbox.org/) - Opensource pre-configured portable penetration testing environment for Windows OS.
|
||||
* [Android Tamer](https://androidtamer.com/) - OS for Android Security Professionals. Includes all the tools required for Android security testing.
|
||||
|
||||
### Docker for Penetration Testing
|
||||
|
||||
* `docker pull kalilinux/kali-linux-docker` - [Official Kali Linux](https://hub.docker.com/r/kalilinux/kali-linux-docker/).
|
||||
* `docker pull owasp/zap2docker-stable` - [Official OWASP ZAP](https://github.com/zaproxy/zaproxy).
|
||||
* `docker pull wpscanteam/wpscan` - [Official WPScan](https://hub.docker.com/r/wpscanteam/wpscan/).
|
||||
* `docker pull citizenstig/dvwa` - [Damn Vulnerable Web Application (DVWA)](https://hub.docker.com/r/citizenstig/dvwa/).
|
||||
* `docker pull wpscanteam/vulnerablewordpress` - [Vulnerable WordPress Installation](https://hub.docker.com/r/wpscanteam/vulnerablewordpress/).
|
||||
* `docker pull hmlio/vaas-cve-2014-6271` - [Vulnerability as a service: Shellshock](https://hub.docker.com/r/hmlio/vaas-cve-2014-6271/).
|
||||
* `docker pull hmlio/vaas-cve-2014-0160` - [Vulnerability as a service: Heartbleed](https://hub.docker.com/r/hmlio/vaas-cve-2014-0160/).
|
||||
* `docker pull vulnerables/cve-2017-7494` - [Vulnerability as a service: SambaCry](https://hub.docker.com/r/vulnerables/cve-2017-7494/).
|
||||
* `docker pull opendns/security-ninjas` - [Security Ninjas](https://hub.docker.com/r/opendns/security-ninjas/).
|
||||
* `docker pull diogomonica/docker-bench-security` - [Docker Bench for Security](https://hub.docker.com/r/diogomonica/docker-bench-security/).
|
||||
* `docker pull ismisepaul/securityshepherd` - [OWASP Security Shepherd](https://hub.docker.com/r/ismisepaul/securityshepherd/).
|
||||
* `docker pull webgoat/webgoat-7.1` - [OWASP WebGoat Project 7.1 docker image](https://hub.docker.com/r/webgoat/webgoat-7.1/).
|
||||
* `docker pull webgoat/webgoat-8.0` - [OWASP WebGoat Project 8.0 docker image](https://hub.docker.com/r/webgoat/webgoat-8.0/).
|
||||
* `docker-compose build && docker-compose up` - [OWASP NodeGoat](https://github.com/owasp/nodegoat#option-3---run-nodegoat-on-docker).
|
||||
* `docker pull citizenstig/nowasp` - [OWASP Mutillidae II Web Pen-Test Practice Application](https://hub.docker.com/r/citizenstig/nowasp/).
|
||||
* `docker pull bkimminich/juice-shop` - [OWASP Juice Shop](https://github.com/bkimminich/juice-shop#docker-container--).
|
||||
* `docker pull phocean/msf` - [docker-metasploit](https://hub.docker.com/r/phocean/msf/).
|
||||
|
||||
### Multi-paradigm Frameworks
|
||||
|
||||
* [Metasploit](https://www.metasploit.com/) - Software for offensive security teams to help verify vulnerabilities and manage security assessments.
|
||||
* [Armitage](http://fastandeasyhacking.com/) - Java-based GUI front-end for the Metasploit Framework.
|
||||
* [Faraday](https://github.com/infobyte/faraday) - Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.
|
||||
* [Pupy](https://github.com/n1nj4sec/pupy) - Cross-platform (Windows, Linux, macOS, Android) remote administration and post-exploitation tool.
|
||||
* [AutoSploit](https://github.com/NullArray/AutoSploit) - Automated mass exploiter, which collects target by employing the Shodan.io API and programmatically chooses Metasploit exploit modules based on the Shodan query.
|
||||
* [Decker](https://github.com/stevenaldinger/decker) - Penetration testing orchestration and automation framework, which allows writing declarative, reusable configurations capable of ingesting variables and using outputs of tools it has run as inputs to others.
|
||||
|
||||
### Network vulnerability scanners
|
||||
## Network vulnerability scanners
|
||||
|
||||
* [Netsparker Application Security Scanner](https://www.netsparker.com/) - Application security scanner to automatically find security flaws.
|
||||
* [Nexpose](https://www.rapid7.com/products/nexpose/) - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
|
||||
@ -179,7 +134,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [OpenVAS](http://www.openvas.org/) - Free software implementation of the popular Nessus vulnerability assessment system.
|
||||
* [Vuls](https://github.com/future-architect/vuls) - Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go.
|
||||
|
||||
#### Static Analyzers
|
||||
### Static Analyzers
|
||||
|
||||
* [Brakeman](https://github.com/presidentbeef/brakeman) - Static analysis security vulnerability scanner for Ruby on Rails applications.
|
||||
* [cppcheck](http://cppcheck.sourceforge.net/) - Extensible C/C++ static analyzer focused on finding bugs.
|
||||
@ -189,7 +144,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [Progpilot](https://github.com/designsecurity/progpilot) - Static security analysis tool for PHP code.
|
||||
* [RegEx-DoS](https://github.com/jagracey/RegEx-DoS) - Analyzes source code for Regular Expressions susceptible to Denial of Service attacks.
|
||||
|
||||
#### Web Vulnerability Scanners
|
||||
### Web Vulnerability Scanners
|
||||
|
||||
* [Netsparker Application Security Scanner](https://www.netsparker.com/) - Application security scanner to automatically find security flaws.
|
||||
* [Nikto](https://cirt.net/nikto2) - Noisy but fast black box web server and web application vulnerability scanner.
|
||||
@ -205,7 +160,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [SQLmate](https://github.com/UltimateHackers/sqlmate) - A friend of sqlmap that identifies sqli vulnerabilities based on a given dork and website (optional).
|
||||
* [JCS](https://github.com/TheM4hd1/JCS) - Joomla Vulnerability Component Scanner with automatic database updater from exploitdb and packetstorm.
|
||||
|
||||
### Network Tools
|
||||
## Network Tools
|
||||
|
||||
* [pig](https://github.com/rafael-santiago/pig) - GNU/Linux packet crafting tool.
|
||||
* [Network-Tools.com](http://network-tools.com/) - Website offering an interface to numerous basic network utilities like `ping`, `traceroute`, `whois`, and more.
|
||||
@ -226,7 +181,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [rshijack](https://github.com/kpcyrd/rshijack) - TCP connection hijacker, Rust rewrite of `shijack`.
|
||||
* [Legion](https://github.com/GoVanguard/legion) - Graphical semi-automated discovery and reconnaissance framework based on Python 3 and forked from SPARTA.
|
||||
|
||||
#### Exfiltration Tools
|
||||
### Exfiltration Tools
|
||||
|
||||
* [DET](https://github.com/sensepost/DET) - Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.
|
||||
* [pwnat](https://github.com/samyk/pwnat) - Punches holes in firewalls and NATs.
|
||||
@ -234,7 +189,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [Iodine](https://code.kryo.se/iodine/) - Tunnel IPv4 data through a DNS server; useful for exfiltration from networks where Internet access is firewalled, but DNS queries are allowed.
|
||||
* [Cloakify](https://github.com/TryCatchHCF/Cloakify) - Textual steganography toolkit that converts any filetype into lists of everyday strings.
|
||||
|
||||
#### Network Reconnaissance Tools
|
||||
### Network Reconnaissance Tools
|
||||
|
||||
* [zmap](https://zmap.io/) - Open source network scanner that enables researchers to easily perform Internet-wide network studies.
|
||||
* [nmap](https://nmap.org/) - Free security scanner for network exploration & security audits.
|
||||
@ -254,7 +209,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [ScanCannon](https://github.com/johnnyxmas/ScanCannon) - Python script to quickly enumerate large networks by calling `masscan` to quickly identify open ports and then `nmap` to gain details on the systems/services on those ports.
|
||||
* [fierce](https://github.com/mschwager/fierce) - Python3 port of the original `fierce.pl` DNS reconnaissance tool for locating non-contiguous IP space.
|
||||
|
||||
#### Protocol Analyzers and Sniffers
|
||||
### Protocol Analyzers and Sniffers
|
||||
|
||||
* [tcpdump/libpcap](http://www.tcpdump.org/) - Common packet analyzer that runs under the command line.
|
||||
* [Wireshark](https://www.wireshark.org/) - Widely-used graphical, cross-platform network protocol analyzer.
|
||||
@ -265,7 +220,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [Netzob](https://github.com/netzob/netzob) - Reverse engineering, traffic generation and fuzzing of communication protocols.
|
||||
* [sniffglue](https://github.com/kpcyrd/sniffglue) - Secure multithreaded packet sniffer.
|
||||
|
||||
#### Proxies and MITM Tools
|
||||
### Proxies and MITM Tools
|
||||
|
||||
* [dnschef](https://github.com/iphelix/dnschef) - Highly configurable DNS proxy for pentesters.
|
||||
* [mitmproxy](https://github.com/mitmproxy/mitmproxy) - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
|
||||
@ -279,23 +234,6 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [Lambda-Proxy](https://github.com/puresec/lambda-proxy) - Utility for testing SQL Injection vulnerabilities on AWS Lambda serverless functions.
|
||||
* [Habu](https://github.com/portantier/habu) - Python utility implementing a variety of network attacks, such as ARP poisoning, DHCP starvation, and more.
|
||||
|
||||
### Wireless Network Tools
|
||||
|
||||
* [Aircrack-ng](http://www.aircrack-ng.org/) - Set of tools for auditing wireless networks.
|
||||
* [Kismet](https://kismetwireless.net/) - Wireless network detector, sniffer, and IDS.
|
||||
* [Reaver](https://code.google.com/archive/p/reaver-wps) - Brute force attack against WiFi Protected Setup.
|
||||
* [Wifite](https://github.com/derv82/wifite) - Automated wireless attack tool.
|
||||
* [Fluxion](https://github.com/FluxionNetwork/fluxion) - Suite of automated social engineering based WPA attacks.
|
||||
* [Airgeddon](https://github.com/v1s1t0r1sh3r3/airgeddon) - Multi-use bash script for Linux systems to audit wireless networks.
|
||||
* [Cowpatty](https://github.com/joswr1ght/cowpatty) - Brute-force dictionary attack against WPA-PSK.
|
||||
* [BoopSuite](https://github.com/MisterBianco/BoopSuite) - Suite of tools written in Python for wireless auditing.
|
||||
* [Bully](http://git.kali.org/gitweb/?p=packages/bully.git;a=summary) - Implementation of the WPS brute force attack, written in C.
|
||||
* [infernal-twin](https://github.com/entropy1337/infernal-twin) - Automated wireless hacking tool.
|
||||
* [krackattacks-scripts](https://github.com/vanhoefm/krackattacks-scripts) - WPA2 Krack attack scripts.
|
||||
* [KRACK Detector](https://github.com/securingsam/krackdetector) - Detect and prevent KRACK attacks in your network.
|
||||
* [wifi-arsenal](https://github.com/0x90/wifi-arsenal) - Resources for Wi-Fi Pentesting.
|
||||
* [WiFi-Pumpkin](https://github.com/P0cL4bs/WiFi-Pumpkin) - Framework for rogue Wi-Fi access point attack.
|
||||
|
||||
### Transport Layer Security Tools
|
||||
|
||||
* [SSLyze](https://github.com/nabla-c0d3/sslyze) - Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.
|
||||
@ -339,6 +277,80 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [WhatWaf](https://github.com/Ekultek/WhatWaf) - Detect and bypass web application firewalls and protection systems.
|
||||
* [badtouch](https://github.com/kpcyrd/badtouch) - Scriptable network authentication cracker.
|
||||
|
||||
### DDoS Tools
|
||||
|
||||
* [LOIC](https://github.com/NewEraCracker/LOIC/) - Open source network stress tool for Windows.
|
||||
* [JS LOIC](http://metacortexsecurity.com/tools/anon/LOIC/LOICv1.html) - JavaScript in-browser version of LOIC.
|
||||
* [SlowLoris](https://github.com/gkbrk/slowloris) - DoS tool that uses low bandwidth on the attacking side.
|
||||
* [HOIC](https://sourceforge.net/projects/high-orbit-ion-cannon/) - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures.
|
||||
* [T50](https://gitlab.com/fredericopissarra/t50/) - Faster network stress tool.
|
||||
* [UFONet](https://github.com/epsylon/ufonet) - Abuses OSI layer 7 HTTP to create/manage 'zombies' and to conduct different attacks using; `GET`/`POST`, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
|
||||
* [Memcrashed](https://github.com/649/Memcrashed-DDoS-Exploit) - DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API.
|
||||
* [Anevicon](https://github.com/Gymmasssorla/anevicon) - The most powerful UDP-based load generator, written in Rust.
|
||||
|
||||
|
||||
## Tools
|
||||
|
||||
### Penetration Testing Distributions
|
||||
|
||||
* [Kali](https://www.kali.org/) - GNU/Linux distribution designed for digital forensics and penetration testing.
|
||||
* [ArchStrike](https://archstrike.org/) - Arch GNU/Linux repository for security professionals and enthusiasts.
|
||||
* [BlackArch](https://www.blackarch.org/) - Arch GNU/Linux-based distribution for penetration testers and security researchers.
|
||||
* [Network Security Toolkit (NST)](http://networksecuritytoolkit.org/) - Fedora-based bootable live operating system designed to provide easy access to best-of-breed open source network security applications.
|
||||
* [BackBox](https://backbox.org/) - Ubuntu-based distribution for penetration tests and security assessments.
|
||||
* [Parrot](https://www.parrotsec.org/) - Distribution similar to Kali, with multiple architecture.
|
||||
* [Buscador](https://inteltechniques.com/buscador/) - GNU/Linux virtual machine that is pre-configured for online investigators.
|
||||
* [The Pentesters Framework](https://github.com/trustedsec/ptf) - Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that eliminates often unused toolchains.
|
||||
* [AttifyOS](https://github.com/adi0x90/attifyos) - GNU/Linux distribution focused on tools useful during Internet of Things (IoT) security assessments.
|
||||
* [PentestBox](https://pentestbox.org/) - Opensource pre-configured portable penetration testing environment for Windows OS.
|
||||
* [Android Tamer](https://androidtamer.com/) - OS for Android Security Professionals. Includes all the tools required for Android security testing.
|
||||
|
||||
### Docker for Penetration Testing
|
||||
|
||||
* [Official Kali Linux](https://hub.docker.com/r/kalilinux/kali-linux-docker/) - `docker pull kalilinux/kali-linux-docker`.
|
||||
* [Official OWASP ZAP](https://github.com/zaproxy/zaproxy) - `docker pull owasp/zap2docker-stable`.
|
||||
* [Official WPScan](https://hub.docker.com/r/wpscanteam/wpscan/) - `docker pull wpscanteam/wpscan`.
|
||||
* [Damn Vulnerable Web Application (DVWA)](https://hub.docker.com/r/citizenstig/dvwa/) - `docker pull citizenstig/dvwa`.
|
||||
* [Vulnerable WordPress Installation](https://hub.docker.com/r/wpscanteam/vulnerablewordpress/) - `docker pull wpscanteam/vulnerablewordpress`.
|
||||
* [Vulnerability as a service: Shellshock](https://hub.docker.com/r/hmlio/vaas-cve-2014-6271/) - `docker pull hmlio/vaas-cve-2014-6271`.
|
||||
* [Vulnerability as a service: Heartbleed](https://hub.docker.com/r/hmlio/vaas-cve-2014-0160/) - `docker pull hmlio/vaas-cve-2014-0160`.
|
||||
* [Vulnerability as a service: SambaCry](https://hub.docker.com/r/vulnerables/cve-2017-7494/) - `docker pull vulnerables/cve-2017-7494`.
|
||||
* [Security Ninjas](https://hub.docker.com/r/opendns/security-ninjas/) - `docker pull opendns/security-ninjas`.
|
||||
* [Docker Bench for Security](https://hub.docker.com/r/diogomonica/docker-bench-security/) - `docker pull diogomonica/docker-bench-security`.
|
||||
* [OWASP Security Shepherd](https://hub.docker.com/r/ismisepaul/securityshepherd/) - `docker pull ismisepaul/securityshepherd`.
|
||||
* [OWASP WebGoat Project 7.1 docker image](https://hub.docker.com/r/webgoat/webgoat-7.1/) - `docker pull webgoat/webgoat-7.1`.
|
||||
* [OWASP WebGoat Project 8.0 docker image](https://hub.docker.com/r/webgoat/webgoat-8.0/) - `docker pull webgoat/webgoat-8.0`.
|
||||
* [OWASP NodeGoat](https://github.com/owasp/nodegoat#option-3---run-nodegoat-on-docker) - `docker-compose build && docker-compose up`.
|
||||
* [OWASP Mutillidae II Web Pen-Test Practice Application](https://hub.docker.com/r/citizenstig/nowasp/) - `docker pull citizenstig/nowasp`.
|
||||
* [OWASP Juice Shop](https://github.com/bkimminich/juice-shop#docker-container--) - `docker pull bkimminich/juice-shop`.
|
||||
* [docker-metasploit](https://hub.docker.com/r/phocean/msf/) - `docker pull phocean/msf`.
|
||||
|
||||
### Multi-paradigm Frameworks
|
||||
|
||||
* [Metasploit](https://www.metasploit.com/) - Software for offensive security teams to help verify vulnerabilities and manage security assessments.
|
||||
* [Armitage](http://fastandeasyhacking.com/) - Java-based GUI front-end for the Metasploit Framework.
|
||||
* [Faraday](https://github.com/infobyte/faraday) - Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.
|
||||
* [Pupy](https://github.com/n1nj4sec/pupy) - Cross-platform (Windows, Linux, macOS, Android) remote administration and post-exploitation tool.
|
||||
* [AutoSploit](https://github.com/NullArray/AutoSploit) - Automated mass exploiter, which collects target by employing the Shodan.io API and programmatically chooses Metasploit exploit modules based on the Shodan query.
|
||||
* [Decker](https://github.com/stevenaldinger/decker) - Penetration testing orchestration and automation framework, which allows writing declarative, reusable configurations capable of ingesting variables and using outputs of tools it has run as inputs to others.
|
||||
|
||||
### Wireless Network Tools
|
||||
|
||||
* [Aircrack-ng](http://www.aircrack-ng.org/) - Set of tools for auditing wireless networks.
|
||||
* [Kismet](https://kismetwireless.net/) - Wireless network detector, sniffer, and IDS.
|
||||
* [Reaver](https://code.google.com/archive/p/reaver-wps) - Brute force attack against WiFi Protected Setup.
|
||||
* [Wifite](https://github.com/derv82/wifite) - Automated wireless attack tool.
|
||||
* [Fluxion](https://github.com/FluxionNetwork/fluxion) - Suite of automated social engineering based WPA attacks.
|
||||
* [Airgeddon](https://github.com/v1s1t0r1sh3r3/airgeddon) - Multi-use bash script for Linux systems to audit wireless networks.
|
||||
* [Cowpatty](https://github.com/joswr1ght/cowpatty) - Brute-force dictionary attack against WPA-PSK.
|
||||
* [BoopSuite](https://github.com/MisterBianco/BoopSuite) - Suite of tools written in Python for wireless auditing.
|
||||
* [Bully](http://git.kali.org/gitweb/?p=packages/bully.git;a=summary) - Implementation of the WPS brute force attack, written in C.
|
||||
* [infernal-twin](https://github.com/entropy1337/infernal-twin) - Automated wireless hacking tool.
|
||||
* [krackattacks-scripts](https://github.com/vanhoefm/krackattacks-scripts) - WPA2 Krack attack scripts.
|
||||
* [KRACK Detector](https://github.com/securingsam/krackdetector) - Detect and prevent KRACK attacks in your network.
|
||||
* [wifi-arsenal](https://github.com/0x90/wifi-arsenal) - Resources for Wi-Fi Pentesting.
|
||||
* [WiFi-Pumpkin](https://github.com/P0cL4bs/WiFi-Pumpkin) - Framework for rogue Wi-Fi access point attack.
|
||||
|
||||
### Hex Editors
|
||||
|
||||
* [HexEdit.js](https://hexed.it) - Browser-based hex editing.
|
||||
@ -413,17 +425,6 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [Bella](https://github.com/kdaoudieh/Bella) - Pure Python post-exploitation data mining and remote administration tool for macOS.
|
||||
* [EvilOSX](https://github.com/Marten4n6/EvilOSX) - Modular RAT that uses numerous evasion and exfiltration techniques out-of-the-box.
|
||||
|
||||
### DDoS Tools
|
||||
|
||||
* [LOIC](https://github.com/NewEraCracker/LOIC/) - Open source network stress tool for Windows.
|
||||
* [JS LOIC](http://metacortexsecurity.com/tools/anon/LOIC/LOICv1.html) - JavaScript in-browser version of LOIC.
|
||||
* [SlowLoris](https://github.com/gkbrk/slowloris) - DoS tool that uses low bandwidth on the attacking side.
|
||||
* [HOIC](https://sourceforge.net/projects/high-orbit-ion-cannon/) - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures.
|
||||
* [T50](https://gitlab.com/fredericopissarra/t50/) - Faster network stress tool.
|
||||
* [UFONet](https://github.com/epsylon/ufonet) - Abuses OSI layer 7 HTTP to create/manage 'zombies' and to conduct different attacks using; `GET`/`POST`, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
|
||||
* [Memcrashed](https://github.com/649/Memcrashed-DDoS-Exploit) - DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API.
|
||||
* [Anevicon](https://github.com/Gymmasssorla/anevicon) - The most powerful UDP-based load generator, written in Rust.
|
||||
|
||||
### Social Engineering Tools
|
||||
|
||||
* [Social Engineer Toolkit (SET)](https://github.com/trustedsec/social-engineer-toolkit) - Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly.
|
||||
|
Loading…
Reference in New Issue
Block a user