mirror of
https://github.com/The-Art-of-Hacking/h4cker.git
synced 2024-10-01 01:25:43 -04:00
34 KiB
34 KiB
Latest Cool Tools
The following are a collection of recently-released pen test tools. I update this list every time that there is a new post and when I find a new one around the Internet. The rest of the repository has hundreds of additional cybersecurity and pen test tools.
- dnsFookup - DNS Rebinding Toolkit
- BadBlood - Fills A Microsoft Active Directory Domain With A Structure And Thousands Of Objects
- Xencrypt - A PowerShell Script Anti-Virus Evasion Tool
- Subfinder - A Subdomain Discovery Tool That Discovers Valid Subdomains For Websites
- Extended-SSRF-Search - Smart SSRF Scanner Using Different Methods Like Parameter Brute Forcing In Post And Get...
- IoTGoat - A Deliberately Insecure Firmware Based On OpenWrt
- Polyshell - A Bash/Batch/PowerShell Polyglot!
- Mouse Framework - An iOS And macOS Post Exploitation Surveillance Framework That Gives You A Command Line Session With Extra Functionality Between You And A Target Machine Using Only A Simple Mouse Payload
- Multi-Juicer - Run Capture The Flags And Security Trainings With OWASP Juice Shop
- Progress-Burp - Burp Suite Extension To Track Vulnerability Assessment Progress
- Faraday presents the latest version of their Security Platform for Vulnerability Management Automation
- ABD - Course Materials For Advanced Binary Deobfuscation
- Wifi-Hacker - Shell Script For Attacking Wireless Connections Using Built-In Kali Tools
- get_Team_Pass - Get Teamviewer's ID And Password From A Remote Computer In The LAN
- Faraday presents the latest version of their Security Platform for Vulnerability Management Automation
- Dnssearch - A Subdomain Enumeration Tool
- Liffy - Local File Inclusion Exploitation Tool
- DLLPasswordFilterImplant - DLL Password Filter Implant With Exfiltration Capabilities
- Ohmybackup - Scan Victim Backup Directories & Backup Files
- Gadgetinspector - A Byte Code Analyzer For Finding Deserialization Gadget Chains In Java Applications
- OWASP D4N155 - Intelligent And Dynamic Wordlist Using OSINT
- TaskManager-Button-Disabler - Simple Way To Disable/Rename Buttons From A Task Manager
- SUDO_KILLER - A Tool To Identify And Exploit Sudo Rules' Misconfigurations And Vulnerabilities Within Sudo
- Adama - Searches For Threat Hunting And Security Analytics
- Metabigor - Intelligence Tool But Without API Key
- Rabid - A CLI Tool And Library Allowing To Simply Decode All Kind Of BigIP Cookies
- 0L4Bs - Cross-site Scripting Labs For Web Application Security Enthusiasts
- CVE Api - Parse & filter the latest CVEs from cve.mitre.org
- NekoBot - Auto Exploiter With 500+ Exploit 2000+ Shell
- Gospider - Fast Web Spider Written In Go
- DecryptTeamViewer - Enumerate And Decrypt TeamViewer Credentials From Windows Registry
- DrSemu - Malware Detection And Classification Tool Based On Dynamic Behavior
- Syborg - Recursive DNS Subdomain Enumerator With Dead-End Avoidance System
- Manul - A Coverage-Guided Parallel Fuzzer For Open-Source And Blackbox Binaries On Windows, Linux And MacOS
- Fuzzowski - The Network Protocol Fuzzer That We Will Want To Use
- Nray - Distributed Port Scanner
- BurpSuite Random User-Agents - Burp Suite Extension For Generate A Random User-Agents
- CTFTOOL - Interactive CTF Exploration Tool
- Aduket - Straight-forward HTTP Client Testing, Assertions Included
- OpenRelayMagic - Tool To Find SMTP Servers Vulnerable To Open Relay
- Hashcracker - Python Hash Cracker
- KawaiiDeauther - Jam All Wifi Clients/Routers
- Agente - Distributed Simple And Robust Release Management And Monitoring System
- XSS-Freak - An XSS Scanner Fully Written In Python3 From Scratch
- IPv6Tools - A Robust Modular Framework That Enables The Ability To Visually Audit An IPv6 Enabled Network
- Pytm - A Pythonic Framework For Threat Modeling
- Netdata - Real-time Performance Monitoring
- InjuredAndroid - A Vulnerable Android Application That Shows Simple Examples Of Vulnerabilities In A CTF Style
- FockCache - Minimalized Test Cache Poisoning
- Acunetix v13 - Web Application Security Scanner
- SEcraper - Search Engine Scraper Tool With BASH Script.
- Re2Pcap - Create PCAP file from raw HTTP request or response in seconds
- Takeover v0.2 - Sub-Domain TakeOver Vulnerability Scanner
- Misp-Dashboard - A Dashboard For A Real-Time Overview Of Threat Intelligence From MISP Instances
- Jaeles v0.4 - The Swiss Army Knife For Automated Web Application Testing
- Dufflebag - Search Exposed EBS Volumes For Secrets
- Qiling - Advanced Binary Emulation Framework
- Nfstream - A Flexible Network Data Analysis Framework
- WhatTheHack - A Collection Of Challenge Based Hack-A-Thons Including Student Guide, Proctor Guide, Lecture Presentations, Sample/Instructional Code And Templates
- Injectus - CRLF And Open Redirect Fuzzer
- PCFG Cracker - Probabilistic Context Free Grammar (PCFG) Password Guess Generator
- DVNA - Damn Vulnerable NodeJS Application
- GDA Android Reversing Tool - A New Decompiler Written Entirely In C++, So It Does Not Rely On The Java Platform, Which Is Succinct, Portable And Fast, And Supports APK, DEX, ODEX, Oat
- Project-Black - Pentest/BugBounty Progress Control With Scanning Modules
- RiskAssessmentFramework - Static Application Security Testing
- MassDNS - A High-Performance DNS Stub Resolver For Bulk Lookups And Reconnaissance (Subdomain Enumeration)
- S3Enum - Fast Amazon S3 Bucket Enumeration Tool For Pentesters
- See-SURF - Python Based Scanner To Find Potential SSRF Parameters
- Blinder - A Python Library To Automate Time-Based Blind SQL Injection
- Obfuscapk - A Black-Box Obfuscation Tool For Android Apps
- Kali Linux 2020.1 Release - Penetration Testing and Ethical Hacking Linux Distribution
- PythonAESObfuscate - Obfuscates A Python Script And The Accompanying Shellcode
- ApplicationInspector - A Source Code Analyzer Built For Surfacing Features Of Interest And Other Characteristics To Answer The Question 'What'S In It' Using Static Analysis With A Json Based Rules Engine
- CredNinja - A Multithreaded Tool Designed To Identify If Credentials Are Valid, Invalid, Or Local Admin Valid Credentials Within A Network At-Scale Via SMB, Plus Now With A User Hunter
- Mimir - Smart OSINT Collection Of Common IOC Types
- Socialscan - Check Email Address And Username Availability On Online Platforms With 100% Accuracy
- Aircrack-ng 1.6 - Complete Suite Of Tools To Assess WiFi Network Security
- Memhunter - Live Hunting Of Code Injection Techniques
- AgentSmith-HIDS - Open Source Host-based Intrusion Detection System (HIDS)
- Hershell - Multiplatform Reverse Shell Generator
- Check-LocalAdminHash - A PowerShell Tool That Attempts To Authenticate To Multiple Hosts Over Either WMI Or SMB Using A Password Hash To Determine If The Provided Credential Is A Local Administrator
- SharpStat - C# Utility That Uses WMI To Run "cmd.exe /c netstat -n", Save The Output To A File, Then Use SMB To Read And Delete The File Remotely
- KsDumper - Dumping Processes Using The Power Of Kernel Space
- YARASAFE - Automatic Binary Function Similarity Checks with Yara
- AlertResponder - Automatic Security Alert Response Framework By AWS Serverless Application Model
- TAS - A Tiny Framework For Easily Manipulate The Tty And Create Fake Binaries
- Corsy v1.0 - CORS Misconfiguration Scanner
- TeleGram-Scraper - Telegram Group Scraper Tool (Fetch All Information About Group Members)
- Grouper2 - Find Vulnerabilities In AD Group Policy
- Gophish - Open-Source Phishing Toolkit
- Aaia - AWS Identity And Access Management Visualizer And Anomaly Finder
- Scallion - GPU-based Onion Addresses Hash Generator
- Bluewall - A Firewall Framework Designed For Offensive And Defensive Cyber Professionals
- AntiCheat-Testing-Framework - Framework To Test Any Anti-Cheat
- Gowitness - A Golang, Web Screenshot Utility Using Chrome Headless
- Lsassy - Extract Credentials From Lsass Remotely
- LOLBITS - C# Reverse Shell Using Background Intelligent Transfer Service (BITS) As Communication Protocol
- Shell Backdoor List - PHP / ASP Shell Backdoor List
- Hakrawler - Simple, Fast Web Crawler Designed For Easy, Quick Discovery Of Endpoints And Assets Within A Web Application
- Gtfo - Search For Unix Binaries That Can Be Exploited To Bypass System Security Restrictions
- SWFPFinder - SWF Potential Parameters Finder
- laravelN00b - Automated Scan .env Files And Checking Debug Mode In Victim Host
- Andriller - Software Utility With A Collection Of Forensic Tools For Smartphones
- LAVA - Large-scale Automated Vulnerability Addition
- Heapinspect - Inspect Heap In Python
- CHAPS - Configuration Hardening Assessment PowerShell Script
- Karonte - A Static Analysis Tool To Detect Multi-Binary Vulnerabilities In Embedded Firmware
- IotShark - Monitoring And Analyzing IoT Traffic
- LNAV - Log File Navigator
- TuxResponse - Linux Incident Response
- Stowaway - Multi-hop Proxy Tool For Pentesters
- Git-Vuln-Finder - Finding Potential Software Vulnerabilities From Git Commit Messages
- WAFW00F v2.0 - Allows One To Identify And Fingerprint Web Application Firewall (WAF) Products Protecting A Website
- XposedOrNot - Tool To Search An Aggregated Repository Of Xposed Passwords Comprising Of ~850 Million Real Time Passwords
- Dsync - IDAPython Plugin That Synchronizes Disassembler And Decompiler Views
- RFCpwn - An Enumeration And Exploitation Toolkit Using RFC Calls To SAP
- LKWA - Lesser Known Web Attack Lab
- Multiscanner - Modular File Scanning/Analysis Framework
- Findomain v0.9.3 - The Fastest And Cross-Platform Subdomain Enumerator
- OKadminFinder - Admin Panel Finder / Admin Login Page Finder
- BetterBackdoor - A Backdoor With A Multitude Of Features
- Spraykatz - A Tool Able To Retrieve Credentials On Windows Machines And Large Active Directory Environments
- Shelly - Simple Backdoor Manager With Python (Based On Weevely)
- huskyCI - Performing Security Tests Inside Your CI
- AttackSurfaceMapper - A Tool That Aims To Automate The Reconnaissance Process
- Pylane - An Python VM Injector With Debug Tools, Based On GDB
- PAKURI - Penetration Test Achieve Knowledge Unite Rapid Interface
- Malwinx - Just A Normal Flask Web App To Understand Win32Api With Code Snippets And References
- Quark-Engine - An Obfuscation-Neglect Android Malware Scoring System
- nmapAutomator - Tool To Automate All Of The Process Of Recon/Enumeration
- RansomCoin - A DFIR Tool To Extract Cryptocoin Addresses And Other Indicators Of Compromise From Binaries
- Pown.js - A Security Testing An Exploitation Toolkit Built On Top Of Node.js And NPM
- Top 20 Most Popular Hacking Tools in 2019
- Turbolist3r - Subdomain Enumeration Tool With Analysis Features For Discovered Domains
- SQLMap v1.4 - Automatic SQL Injection And Database Takeover Tool
- AVCLASS++ - Yet Another Massive Malware Labeling Tool
- XSpear v1.3 - Powerfull XSS Scanning And Parameter Analysis Tool
- Kamerka GUI - Ultimate Internet Of Things/Industrial Control Systems Reconnaissance Tool
- SysWhispers - AV/EDR Evasion Via Direct System Calls
- S3Tk - A Security Toolkit For Amazon S3
- WindowsFirewallRuleset - Windows Firewall Ruleset Powershell Scripts
- AWS Report - Tool For Analyzing Amazon Resources
- Tishna - Complete Automated Pentest Framework For Servers, Application Layer To Web Security
- RedPeanut - A Small RAT Developed In .Net Core 2 And Its Agent In .Net 3.5/4.0
- DetectionLab - Vagrant And Packer Scripts To Build A Lab Environment Complete With Security Tooling And Logging Best Practices
- Andor - Blind SQL Injection Tool With Golang
- SQL Injection Payload List
- WinPwn - Automation For Internal Windows Penetrationtest / AD-Security
- Ddoor - Cross Platform Backdoor Using Dns Txt Records
- Custom Header - Automatic Add New Header To Entire BurpSuite HTTP Requests
- SCShell - Fileless Lateral Movement Tool That Relies On ChangeServiceConfigA To Run Command
- Ultimate Facebook Scraper - A Bot Which Scrapes Almost Everything About A Facebook User'S Profile Including All Public Posts/Statuses Available On The User'S Timeline, Uploaded Photos, Tagged Photos, Videos, Friends List And Their Profile Photos
- FireProx - AWS API Gateway Management Tool For Creating On The Fly HTTP Pass-Through Proxies For Unique IP Rotation
- DNCI - Dot Net Code Injector
- RdpThief - Extracting Clear Text Passwords From Mstsc.Exe Using API Hooking
- Leprechaun - Tool Used To Map Out The Network Data Flow To Help Penetration Testers Identify Potentially Valuable Targets
- Glances - An Eye On Your System. A Top/Htop Alternative For GNU/Linux, BSD, Mac OS And Windows Operating Systems
- Sshtunnel - SSH Tunnels To Remote Server
- RE:TERNAL - Repo Containing Docker-Compose Files And Setup Scripts Without Having To Clone The Individual Reternal Components
- Antispy - A Free But Powerful Anti Virus And Rootkits Toolkit
- Flan - A Pretty Sweet Vulnerability Scanner By CloudFlare
- Corsy - CORS Misconfiguration Scanner
- Kali Linux 2019.4 Release - Penetration Testing and Ethical Hacking Linux Distribution
- XML External Entity (XXE) Injection Payload List
- ATFuzzer - Dynamic Analysis Of AT Interface For Android Smartphones
- Netstat2Neo4J - Create Cypher Create Statements For Neo4J Out Of Netstat Files From Multiple Machines
- BaseQuery - A Way To Organize Public Combo-Lists And Leaks In A Way That You Can Easily Search Through Everything
- Attack Monitor - Endpoint Detection And Malware Analysis Software
- Crashcast-Exploit - This Tool Allows You Mass Play Any YouTube Video With Chromecasts Obtained From Shodan.io
- Tool-X - A Kali Linux Hacking Tool Installer
- SQLMap v1.3 - Automatic SQL Injection And Database Takeover Tool
- Stretcher - Tool Designed To Help Identify Open Elasticsearch Servers That Are Exposing Sensitive Information
- Aztarna - A Footprinting Tool For Robots
- Hediye - Hash Generator & Cracker Online Offline
- Killcast - Manipulate Chromecast Devices In Your Network
- bypass-firewalls-by-DNS-history - Firewall Bypass Script Based On DNS History Records
- WiFi-Pumpkin v0.8.7 - Framework for Rogue Wi-Fi Access Point Attack
- H8Mail - Email OSINT And Password Breach Hunting
- Kube-Hunter - Hunt For Security Weaknesses In Kubernetes Clusters
- Metasploit 5.0 - The World’s Most Used Penetration Testing Framework
- Interlace - Easily Turn Single Threaded Command Line Applications Into Fast, Multi Threaded Ones With CIDR And Glob Support
- Twifo-Cli - Get User Information Of A Twitter User
- Sitadel - Web Application Security Scanner
- Pe-Sieve - Recognizes And Dumps A Variety Of Potentially Malicious Implants (Replaced/Injected PEs, Shellcodes, Hooks, In-Memory Patches)
- Malboxes - Builds Malware Analysis Windows VMs So That You Don'T Have To
- Snyk - CLI And Build-Time Tool To Find & Fix Known Vulnerabilities In Open-Source Dependencies
- Shed - .NET Runtime Inspector
- Stardox - Github Stargazers Information Gathering Tool
- Commix v2.7 - Automated All-in-One OS Command Injection And Exploitation Tool
- AutoSploit v3.0 - Automated Mass Exploiter
- Faraday v3.5 - Collaborative Penetration Test and Vulnerability Management Platform
- Recaf - A Modern Java Bytecode Editor
- dnSpy - .NET Debugger And Assembly Editor