mirror of
https://github.com/The-Art-of-Hacking/h4cker.git
synced 2024-10-01 01:25:43 -04:00
e348d754be
Signed-off-by: Bryon Nevis <bryon.nevis@intel.com>
153 KiB
153 KiB
More Cool Tools
The following are a collection of recently-released pen test tools. I update this list every time that there is a new post and when I find a new one around the Internet. The rest of the repository has hundreds of additional cybersecurity and pen test tools.
- GhostDelivery - This Tool Creates A Obfuscated .vbs Script To Download A Payload Hosted On A Server To %TEMP% Directory, Execute Payload And Gain Persistence
- ReverseTCPShell - PowerShell ReverseTCP Shell, Client & Server
- ripVT - Virus Total API Maltego Transform Set For Canari
- Vulners Scanner for Android - Passive Vulnerability Scanning Based On Software Version Fingerprint
- ANDRAX v3 - The First And Unique Penetration Testing Platform For Android Smartphones
- PcapXray v2.5 - A Network Forensics Tool To Visualize A Packet Capture Offline As A Network Diagram
- Python-Iocextract - Advanced Indicator Of Compromise (IOC) Extractor
- Vthunting - A Tiny Script Used To Generate Report About VirusTotal Hunting And Send It By Email, Slack Or Telegram
- Facebash - Facebook Brute Forcer In Shellscript Using TOR
- Finshir - A Coroutines-Driven Low And Slow Traffic Sender, Written In Rust
- autoPwn - Automate Repetitive Tasks For Fuzzing
- Metabigor - Command Line Search Engines Without Any API Key
- Userrecon-Py - Find Usernames In Social Networks
- Amass - In-depth DNS Enumeration And Network Mapping
- Wpbullet - A Static Code Analysis For WordPress (And PHP)
- PhoneSploit - Using Open Adb Ports We Can Exploit A Devive
- Kubolt - Utility For Scanning Public Kubernetes Clusters
- Brutality - A Fuzzer For Any GET Entries
- P4wnP1 A.L.O.A. - Framework Which Turns A Rapsberry Pi Zero W Into A Flexible, Low-Cost Platform For Pentesting, Red Teaming And Physical Engagements
- Sniffglue - Secure Multithreaded Packet Sniffer
- H2Buster - A Threaded, Recursive, Web Directory Brute-Force Scanner Over HTTP/2
- CMSeeK v1.1.2 - CMS Detection And Exploitation Suite - Scan WordPress, Joomla, Drupal And Over 170 Other CMSs
- SSHD-Poison - A Tool To Get Creds Of Pam Based SSHD Authentication
- HiddenWall - Linux Kernel Module Generator For Custom Rules With Netfilter (Block Ports, Hidden Mode, Rootkit Functions, Etc)
- IPFinder CLI - The Official Command Line Client For IPFinder
- VulnX - CMS And Vulnerabilites Detector And An Intelligent Auto Shell Injector
- TeleShadow v3 - Telegram Desktop Session Stealer (Windows)
- Crosslinked - LinkedIn Enumeration Tool To Extract Valid Employee Names From An Organization Through Search Engine Scraping
- Graffiti - A Tool To Generate Obfuscated One Liners To Aid In Penetration Testing
- Kali Linux 2019.2 Release - Penetration Testing and Ethical Hacking Linux Distribution
- Versionscan - A PHP Version Scanner For Reporting Possible Vulnerabilities
- XSSCon - Simple XSS Scanner Tool
- Hydra 9.0 - Fast and Flexible Network Login Hacker
- Flashsploit - Exploitation Framework For ATtiny85 Based HID Attacks
- Scavenger - Crawler Searching For Credential Leaks On Different Paste Sites
- OSIF - Open Source Information Facebook
- Bandit - Tool Designed To Find Common Security Issues In Python Code
- Brutemap - Tool That Automates Testing Accounts To The Site's Login Page
- Acunetix Vulnerability Scanner Now With Network Security Scans
- Project iKy - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
- Miteru - An Experimental Phishing Kit Detection Tool
- SecurityRAT - Tool For Handling Security Requirements In Development
- JWT Tool - A Toolkit For Testing, Tweaking And Cracking JSON Web Tokens
- Trigmap - A Wrapper For Nmap To Automate The Pentest
- Machinae v1.4.8 - Security Intelligence Collector
- WAFW00F v1.0.0 - Detect All The Web Application Firewall!
- Horn3t - Powerful Visual Subdomain Enumeration At The Click Of A Mouse
- Pacbot - Platform For Continuous Compliance Monitoring, Compliance Reporting And Security Automation For The Cloud
- Findomain - A Cross-Platform Tool That Use Certificate Transparency Logs To Find Subdomains
- Sn1per v7.0 - Automated Pentest Framework For Offensive Security Experts
- PAnalizer - Pornography Analizer And Face Searching
- FinalRecon - OSINT Tool For All-In-One Web Reconnaissance
- iCULeak - Tool To Find And Extract Credentials From Phone Configuration Files Hosted On Cisco CUCM
- DumpTheGit - Searches Through Public Repositories To Find Sensitive Information Uploaded To The Github Repositories
- Vulmap - Online Local Vulnerability Scanners Project
- AutoSource - Automated Source Code Review Framework Integrated With SonarQube
- Kerbrute - A Tool To Perform Kerberos Pre-Auth Bruteforcing
- Hackuna - The First Mobile App to Track Hackers
- Joy - A Package For Capturing And Analyzing Network Flow Data And Intraflow Data, For Network Research, Forensics, And Security Monitoring
- Kostebek - Reconnaissance Tool Which Uses Firms Trademark Information To Discover Their Domains
- Termshark - A Terminal UI For Tshark, Inspired By Wireshark
- PeekABoo - Tool To Enable Remote Desktop On The Targeted Machine
- 10Minutemail - Python Temporary Email
- BruteDum - Brute Force Attacks SSH, FTP, Telnet, PostgreSQL, RDP, VNC With Hydra, Medusa And Ncrack
- Cynet Free IR Tool Offering Empowers Responders to Know and Act Against Active Attacks
- CQTools - The New Ultimate Windows Hacking Toolkit
- ExtAnalysis - Browser Extension Analysis Framework
- QRGen - Simple Script For Generating Malformed QRCodes
- ReconT - Reconnaisance / Footprinting / Information Disclosure
- Bashter - Web Crawler, Scanner, And Analyzer Framework
- Adidnsdump - Active Directory Integrated DNS Dumping By Any Authenticated User
- Twint - An Advanced Twitter Scraping And OSINT Tool
- HostHunter - A Recon Tool For Discovering Hostnames Using OSINT Techniques
- Flerken - Obfuscated Command Detection Tool
- ScanQLi - Scanner To Detect SQL Injection Vulnerabilities
- OSINT-Search - Useful For Digital Forensics Investigations Or Initial Black-Box Pentest Footprinting
- Parrot Security 4.6 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind
- Evil Clippy - A Cross-Platform Assistant For Creating Malicious MS Office Documents
- ParamPamPam - Brute Force Discover GET And POST Parameters
- Osmedeus - Fully Automated Offensive Security Tool For Reconnaissance And Vulnerability Scanning
- Okadminfinder3 - Admin Panel Finder / Admin Login Page Finder
- Cutter - Free And Open-Source GUI For Radare2 Reverse Engineering Framework
- NAXSI - An Open-Source, High Performance, Low Rules Maintenance WAF For NGINX
- Raptor WAF v0.6 - Web Application Firewall using DFA
- FTPBruter - A FTP Server Brute Forcing Tool
- Freddy - Automatically Identify Deserialisation Issues In Java And .NET Applications By Using Active And Passive Scans
- Findomain - A Tool That Use Certificate Transparency Logs To Find Subdomains
- Anevicon - A High-Performant UDP-based Load Generator
- Reverie - Automated Pentest Tools Designed For Parrot Linux
- EasySploit - Metasploit Automation (EASIER And FASTER Than EVER)
- PyWhatCMS - Unofficial WhatCMS API Package
- Kubebot - A Security Testing Slackbot Built With A Kubernetes Backend On The Google Cloud Platform
- drAFL - AFL + DynamoRIO = Fuzzing Binaries With No Source Code On Linux
- Ttyd - Share Your Terminal Over The Web
- mongoBuster - Hunt Open MongoDB Instances
- Parameth - This Tool Can Be Used To Brute Discover GET And POST Parameters
- EfiGuard - Disable PatchGuard And DSE At Boot Time
- fireELF - Fileless Linux Malware Framework
- FLASHMINGO - Automatic Analysis Of SWF Files Based On Some Heuristics
- Platypus - A Modern Multiple Reverse Shell Sessions Manager Written In Go
- SilkETW - Flexible C# Wrapper For ETW (Event Tracing for Windows)
- Instantbox - Get A Clean, Ready-To-Go Linux Box In Seconds
- Pepe - Collect Information About Email Addresses From Pastebin
- W12Scan - A Simple Asset Discovery Engine For Cybersecurity
- Instainsane - Multi-threaded Instagram Brute Forcer
- Zeebsploit - Web Scanner / Exploitation / Information Gathering
- TeleKiller - A Tool Session Hijacking And Stealer Local Passcode Telegram Windows
- pwnedOrNot v1.1.7 - OSINT Tool To Find Passwords For Compromised Email Addresses
- 0D1N v2.6 - Web Security Tool To Make Fuzzing At HTTP/S
- CredsLeaker v3 - Tool to Display A Powershell Credentials Box
- GodOfWar - Malicious Java WAR Builder With Built-In Payloads
- XSStrike v3.1.4 - Most Advanced XSS Detection Suite
- Chkdfront - Check Domain Fronting
- QRLJacker v2.0 - QRLJacking Exploitation Framework
- Zeebsploit - Web Scanner / Exploitation / Information Gathering
- Mysql-Magic - Dump Mysql Client Password From Memory
- mXtract v1.2 - Memory Extractor & Analyzer
- DefectDojo v1.5.4 - Application Vulnerability Correlation And Security Orchestration Application
- Free Cynet Threat Assessment for Mid-sized and Large Organizations
- Beagle - An Incident Response And Digital Forensics Tool Which Transforms Security Logs And Data Into Graphs
- ISF - Industrial Control System Exploitation Framework
- Pocsuite3 - An Open-Sourced Remote Vulnerability Testing Framework
- XanXSS - A Simple XSS Finding Tool
- Pyrit - The Famous WPA Precomputed Cracker
- Faraday v3.7 - Collaborative Penetration Test and Vulnerability Management Platform
- PowerShellArsenal - A PowerShell Module Dedicated To Reverse Engineering
- Darksplitz - Exploit Framework
- CHAOS Framework v3.0 - Generate Payloads And Control Remote Windows Systems
- CHAOS Framework v2.0 - Generate Payloads And Control Remote Windows Systems
- ISeeYou - Bash And Javascript Tool To Find The Exact Location Of The Users During Social Engineering Or Phishing Engagements
- Instainsane - Multi-threaded Instagram Brute Forcer
- Evillimiter - Limits Bandwidth Of Devices On The Same Network
- Osmedeus - Fully Automated Offensive Security Tool For Reconnaissance And Vulnerability Scanning
- Mimikatz v2.2.0 - A Post-Exploitation Tool to Extract Plaintexts Passwords, Hash, PIN Code from Memory
- Commando VM - The First of Its Kind Windows Offensive Distribution
- IDArling - Collaborative Reverse Engineering Plugin For IDA Pro & Hex-Rays
- Wireshark Cheatsheet
- FFM (Freedom Fighting Mode) - Open Source Hacking Harness
- Just-Metadata - Tool That Gathers And Analyzes Metadata About IP Addresses
- phpMussel - PHP-based Anti-Virus Anti-Trojan Anti-Malware Solution
- WinPwn - Automation For Internal Windows Penetrationtest
- Reconerator - C# Targeted Attack Reconnaissance Tools
- Mutiny Fuzzing Framework - Network Fuzzer That Operates By Replaying PCAPs Through A Mutational Fuzzer
- Flightsim - A Utility To Generate Malicious Network Traffic And Evaluate Controls
- LAPSToolkit - Tool To Audit And Attack LAPS Environments
- Xori - An Automation-Ready Disassembly And Static Analysis Library For PE32, 32+ And Shellcode
- H2T - Scans A Website And Suggests Security Headers To Apply
- Got-Responded - A Simple Tool To Detect NBT-NS And LLMNR Spoofing
- WPScan v3.4.5 - Black Box WordPress Vulnerability Scanner
- Androwarn - Yet Another Static Code Analyzer For Malicious Android Applications
- FIR - Fast Incident Response
- Webtech - Identify Technologies Used On Websites
- Lynis 2.7.3 - Security Auditing Tool for Unix/Linux Systems
- SMS-Stack - Framework to provided TPC/IP based characteristics to the GSM Short Message Service
- Xerxes - DoS Tool Enhanced
- mXtract - Memory Extractor & Analyzer
- RapidRepoPull - Tool To Quickly Pull And Install Repos From A List
- Goscan - Interactive Network Scanner
- Remot3d v2.0 - Tool Created For Large Pentesters As Well As Just For The Pleasure Of Defacers To Control Server By Backdoors
- Dnsdmpstr - Unofficial API & Client For Dnsdumpster.Com And Hackertarget.Com
- Freevulnsearch - Free And Open NMAP NSE Script To Query Vulnerabilities Via The cve-search.org API
- Armory - A Tool Meant To Take In A Lot Of External And Discovery Data From A Lot Of Tools, Add It To A Database And Correlate All Of Related Information
- DOGE - Darknet Osint Graph Explorer
- Mad-Metasploit - Metasploit Custom Modules, Plugins & Resource Scripts
- Metaforge - An OSINT Metadata Analyzing Tool That Filters Through Tags And Creates Reports
- Hashboy-Tool - A Hash Query Tool
- CarbonCopy - A Tool Which Creates A Spoofed Certificate Of Any Online Website And Signs An Executable For AV Evasion
- Karma - Search of Emails and Passwords on Pwndb
- Arjun v1.3 - HTTP Parameter Discovery Suite
- SocialFish v2 - Educational Phishing Tool & Information Collector
- DNS-Shell - An Interactive Shell Over DNS Channel
- Decker - Declarative Penetration Testing Orchestration Framework
- PFQ - Functional Network Framework For Multi-Core Architectures
- Hostintel - A Modular Python Application To Collect Intelligence For Malicious Hosts
- IoT-Home-Guard - A Tool For Malicious Behavior Detection In IoT Devices
- Acunetix Web Application Vulnerability Report 2019
- Kage - Graphical User Interface For Metasploit Meterpreter And Session Handler
- rootOS - macOS Root Helper
- Vuls - Vulnerability Scanner For Linux/FreeBSD, Agentless, Written In Go
- Reverse Shell Cheat Sheet
- AutoRDPwn v4.8 - The Shadow Attack Framework
- Cat-Nip - Automated Basic Pentest Tool (Designed For Kali Linux)
- Goca Scanner - FOCA fork written in Go
- Chomp Scan - A Scripted Pipeline Of Tools To Streamline The Bug Bounty/Penetration Test Reconnaissance Phase
- Turbinia - Automation And Scaling Of Digital Forensics Tools
- Ghidra - Software Reverse Engineering Framework
- Legion - An Easy-To-Use, Super-Extensible And Semi-Automated Network Penetration Testing Tool That Aids In Discovery, Reconnaissance And Exploitation Of Information Systems
- Reload.sh - Reinstall, Restore And Wipe Your System Via SSH, Without Rebooting
- UserLAnd - The Easiest Way To Run A Linux Distribution or Application on Android
- Cuteit v0.2.1 - IP Obfuscator Made To Make A Malicious Ip A Bit Cuter
- Rpi-Hunter - Automate Discovering And Dropping Payloads On LAN Raspberry Pi's Via SSH
- CMSeeK v1.1.1 - CMS Detection And Exploitation Suite (Scan WordPress, Joomla, Drupal And 150 Other CMSs)
- Faraday v3.6 - Collaborative Penetration Test and Vulnerability Management Platform
- Phantom Evasion - Python AV Evasion Tool Capable To Generate FUD Executable Even With The Most Common 32 Bit Metasploit Payload (Exe/Elf/Dmg/Apk)
- Strelka - Scanning Files At Scale With Python And ZeroMQ
- Imago Forensics - Imago Is A Python Tool That Extract Digital Evidences From Images
- VSHG - Hardware resistance & enhanced security for GnuPG
- Angr - A Powerful And User-Friendly Binary Analysis Platform
- Ntopng - Web-based Traffic And Security Network Traffic Monitoring
- HT-WPS Breaker - High Touch WPS Breaker
- Ophcrack - A Windows Password Cracker Based On Rainbow Tables
- Metasploit Cheat Sheet
- SALT - SLUB ALlocator Tracer For The Linux Kernel
- Command Injection Payload List
- Reko - A General Purpose Binary Decompiler
- Iptables Essentials - Common Firewall Rules And Commands
- HexRaysCodeXplorer - Hex-Rays Decompiler Plugin For Better Code Navigation
- PHP Security Check List
- OSFClone - Open Source Utility To Create And Clone Forensic Disk Images
- Cheat Engine - A Development Environment Focused On Modding
- BeEF - The Browser Exploitation Framework Project
- Eraser - Secure Erase Files from Hard Drives on Windows
- SecLists - A Collection Of Multiple Types Of Lists Used During Security Assessments, Collected In One Place (Usernames, Passwords, URLs, Sensitive Data Patterns, Fuzzing Payloads, Web Shells, And Many More)
- GameGuardian - Android Game Hack/Alteration Tool
- OSINT-SPY - Search using OSINT (Open Source Intelligence)
- Maltego CE - An Interactive Data Mining Tool That Renders Directed Graphs For Link Analysis
- BoNeSi - The DDoS Botnet Simulator
- HoneyPy - A Low To Medium Interaction Honeypot
- Egress-Assess - Tool Used To Test Egress Data Detection Capabilities
- Fibratus - Tool For Exploration And Tracing Of The Windows Kernel
- TROMMEL - Sift Through Embedded Device Files To Identify Potential Vulnerable Indicators
- DCOMrade - Powershell Script For Enumerating Vulnerable DCOM Applications
- Ponce - IDA Plugin For Symbolic Execution Just One-Click Away!
- Kaboom - Automatic Pentest
- SSRFmap - Automatic SSRF Fuzzer And Exploitation Tool
- Pompem - Exploit and Vulnerability Finder
- Lazygit - Simple Terminal UI For Git Commands
- Up (Ultimate Plumber) - Tool For Writing Linux Pipes With Instant Live Preview
- CDF - Crypto Differential Fuzzing
- Justniffer - Network TCP Packet Sniffer
- UEFI Firmware Parser - Parse BIOS/Intel ME/UEFI Firmware Related Structures: Volumes, FileSystems, Files, Etc
- PF_RING - High-Speed Packet Capture, Filtering And Analysis
- Pftriage - Python Tool And Library To Help Analyze Files During Malware Triage And Analysis
- nDPI - Open Source Deep Packet Inspection Software Toolkit
- Hontel - Telnet Honeypot
- Volatility Workbench - A GUI For Volatility Memory Forensics
- HTTrack Website Copier - Web Crawler And Offline Browser
- OSFMount - Mount Disk Images & Create RAM Drives
- Process Hacker - A Free, Powerful, Multi-Purpose Tool That Helps You Monitor System Resources, Debug Software And Detect Malware
- CANalyzat0r - Security Analysis Toolkit For Proprietary Car Protocols
- DFIRTrack - The Incident Response Tracking Application
- Goscan - Interactive Network Scanner
- RedELK - Easy Deployable Tool For Red Teams Used For Tracking And Alarming About Blue Team Activities As Well As Better Usability In Long Term Operations
- Fnord - Pattern Extractor For Obfuscated Code
- Bincat - Binary Code Static Analyser, With IDA Integration
- Bscan - An Asynchronous Target Enumeration Tool
- Modlishka - An Open Source Phishing Tool With 2FA Authentication
- Fwknop - Single Packet Authorization & Port Knocking
- Netsniff-Ng - A Swiss Army Knife For Your Daily Linux Network Plumbing
- Electronegativity - Tool To Identify Misconfigurations And Security Anti-Patterns In Electron Applications
- LOLBAS - Living Off The Land Binaries And Scripts (LOLBins And LOLScripts)
- XIP - Tool To Generate A List Of IP Addresses By Applying A Set Of Transformations Used To Bypass Security Measures E.G. Blacklist Filtering, WAF, Etc.
- Stenographer - A Packet Capture Solution Which Aims To Quickly Spool All Packets To Disk, Then Provide Simple, Fast Access To Subsets Of Those Packets
- Fierce - Semi-Lightweight Scanner That Helps Locate Non-Contiguous IP Space And Hostnames Against Specified Domains
- Bolt - CSRF Scanning Suite
- Pwndb - Search For Creadentials Leaked On Pwndb
- Pown Recon - A Powerful Target Reconnaissance Framework Powered By Graph Theory
- Uncle Spufus - A Tool That Automates Mac Address Spoofing
- CIRTKit - Tools For The Computer Incident Response Team
- ADAPT - Tool That Performs Automated Penetration Testing For WebApps
- Scanner-Cli - A Project Security/Vulnerability/Risk Scanning Tool
- Sn0Int - Semi-automatic OSINT Framework And Package Manager
- FTW - Framework For Testing WAFs
- identYwaf - Blind WAF Identification Tool
- Sh00T - A Testing Environment for Manual Security Testers
- WiGLE - Wifi Wardriving (Nethugging Client For Android)
- LeakLooker - Find Open Databases With Shodan
- SecureTea Project - The Purpose Of This Application Is To Warn The User (Via Various Communication Mechanisms) Whenever Their Laptop Accessed
- ProcDump - A Linux Version Of The ProcDump Sysinternals Tool
- Parrot Security 4.5 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind
- Jok3R - Network And Web Pentest Framework
- Beebug - A Tool For Checking Exploitability
- Conpot - An Open Industrial Control Honeypot
- WPintel - Chrome Extension Designed For WordPress Vulnerability Scanning And Information Gathering
- Malice - VirusTotal Wanna Be (Now With 100% More Hipster)
- Htcap - A Web Application Scanner Able To Crawl Single Page Application (SPA) In A Recursive Manner By Intercepting Ajax Calls And DOM Changes
- Remot3d - An Simple Exploit for PHP Language
- Tyton - Linux Kernel-Mode Rootkit Hunter for 4.4.0-31+
- Crashcast-Exploit - This Tool Allows You Mass Play Any YouTube Video With Chromecasts Obtained From Shodan.io
- Tool-X - A Kali Linux Hacking Tool Installer
- SQLMap v1.3 - Automatic SQL Injection And Database Takeover Tool
- Stretcher - Tool Designed To Help Identify Open Elasticsearch Servers That Are Exposing Sensitive Information
- Aztarna - A Footprinting Tool For Robots
- Hediye - Hash Generator & Cracker Online Offline
- Killcast - Manipulate Chromecast Devices In Your Network
- bypass-firewalls-by-DNS-history - Firewall Bypass Script Based On DNS History Records
- WiFi-Pumpkin v0.8.7 - Framework for Rogue Wi-Fi Access Point Attack
- H8Mail - Email OSINT And Password Breach Hunting
- Kube-Hunter - Hunt For Security Weaknesses In Kubernetes Clusters
- Metasploit 5.0 - The World’s Most Used Penetration Testing Framework
- Interlace - Easily Turn Single Threaded Command Line Applications Into Fast, Multi Threaded Ones With CIDR And Glob Support
- Twifo-Cli - Get User Information Of A Twitter User
- Sitadel - Web Application Security Scanner
- Pe-Sieve - Recognizes And Dumps A Variety Of Potentially Malicious Implants (Replaced/Injected PEs, Shellcodes, Hooks, In-Memory Patches)
- Malboxes - Builds Malware Analysis Windows VMs So That You Don'T Have To
- Snyk - CLI And Build-Time Tool To Find & Fix Known Vulnerabilities In Open-Source Dependencies
- Shed - .NET Runtime Inspector
- Stardox - Github Stargazers Information Gathering Tool
- Commix v2.7 - Automated All-in-One OS Command Injection And Exploitation Tool
- AutoSploit v3.0 - Automated Mass Exploiter
- Faraday v3.5 - Collaborative Penetration Test and Vulnerability Management Platform
- Recaf - A Modern Java Bytecode Editor
- dnSpy - .NET Debugger And Assembly Editor
- Trivy - A Simple And Comprehensive Vulnerability Scanner For Containers, Suitable For CI
- Mallory - HTTP/HTTPS Proxy Over SSH
- ezXSS - An Easy Way For Penetration Testers And Bug Bounty Hunters To Test (Blind) Cross Site Scripting
- Uptux - Linux Privilege Escalation Checks (Systemd, Dbus, Socket Fun, Etc)
- Fail2Ban - Daemon To Ban Hosts That Cause Multiple Authentication Errors
- Dr. Memory - Memory Debugger For Windows, Linux, Mac, And Android
- Gosec - Golang Security Checker
- Virtuailor - IDAPython Tool For Creating Automatic C++ Virtual Tables In IDA Pro
- AtomShields Cli - Security Testing Framework For Repositories And Source Code
- PESTO - PE (files) Statistical Tool
- UBoat - HTTP Botnet Project
- ThreatIngestor - Extract And Aggregate Threat Intelligence
- Pockint - A Portable OSINT Swiss Army Knife For DFIR/OSINT Professionals
- LinPwn - Interactive Post Exploitation Tool
- XORpass - Encoder To Bypass WAF Filters Using XOR Operations
- CloudUnflare - Reconnaissance Real IP Address For Cloudflare Bypass
- Cryptovenom - The Cryptography Swiss Army Knife
- Tor Browser v9.0 - Everything you Need to Safely Browse the Internet
- AutoSploit v4.0 - Automated Mass Exploiter
- Tails 4.0 - Live System to Preserve Your Privacy and Anonymity
- ATTACKdatamap - A Datasource Assessment On An Event Level To Show Potential Coverage Or The MITRE ATT&CK Framework
- JSONBee - A Ready To Use JSONP Endpoints/Payloads To Help Bypass Content Security Policy Of Different Websites
- Arjun v1.6 - HTTP Parameter Discovery Suite
- HomePwn - Swiss Army Knife for Pentesting of IoT Devices
- Femida - Automated Blind-Xss Search For Burp Suite
- Slither v0.6.7 - Static Analyzer For Solidity
- AutoMacTC - Automated Mac Forensic Triage Collector
- Password Lense - Reveal Character Types In A Password
- Osmedeus v2.1 - Fully Automated Offensive Security Framework For Reconnaissance And Vulnerability Scanning
- Snare - Super Next Generation Advanced Reactive honEypot
- UAC-A-Mola - Tool That Allows Security Researchers To Investigate New UAC Bypasses, In Addition To Detecting And Exploiting Known Bypasses
- SUID3NUM - A Script Which Utilizes Python'S Built-In Modules To Find SUID Bins, Separate Default Bins From Custom Bins, Cross-Match Those With Bins In GTFO Bin's Repository & Auto-Exploit Those
- FOCA - Tool To Find Metadata And Hidden Information In The Documents
- IoT-Implant-Toolkit - Toolkit For Implant Attack Of IoT Devices
- Discover - Custom Bash Scripts Used To Automate Various Penetration Testing Tasks Including Recon, Scanning, Parsing, And Creating Malicious Payloads And Listeners With Metasploit
- Rbuster - Yet Another Dirbuster
- XMLRPC Bruteforcer - An XMLRPC Brute Forcer Targeting Wordpress
- Dirstalk - Modern Alternative To Dirbuster/Dirb
- Cotopaxi - Set Of Tools For Security Testing Of Internet Of Things Devices Using Specific Network IoT Protocols
- Auto Re - IDA PRO Auto-Renaming Plugin With Tagging Support
- Gobuster v3.0 - Directory/File, DNS And VHost Busting Tool Written In Go
- RITA - Real Intelligence Threat Analytics
- Eaphammer v1.9.0 - Targeted Evil Twin Attacks Against WPA2-Enterprise Networks
- Postenum - A Clean, Nice And Easy Tool For Basic/Advanced Privilege Escalation Techniques
- Unicorn-Bios - Basic BIOS Emulator For Unicorn Engine
- uniFuzzer - A Fuzzing Tool For Closed-Source Binaries Based On Unicorn And LibFuzzer
- SMTPTester - Tool To Check Common Vulnerabilities In SMTP Servers
- Tylium - Primary Data Pipelines For Intrusion Detection, Security Analytics And Threat Hunting
- Fsmon - Monitor Filesystem On iOS / OS X / Android / FirefoxOS / Linux
- Traxss - Automated XSS Vulnerability Scanner
- DECAF - Short for Dynamic Executable Code Analysis Framework
- Mosca - Manual Search Tool To Find Bugs Like A Grep Unix Command
- MalConfScan - Volatility Plugin For Extracts Configuration Data Of Known Malware
- Ispy - Eternalblue (MS17-010) / Bluekeep (CVE-2019-0708) Scanner And Exploit
- Zeek - A Powerful Network Analysis Framework That Is Much Different From The Typical IDS You May Know
- Maryam - Open-source intelligence (OSINT) Framework
- box.js - A Tool For Studying JavaScript Malware
- FATT - A Script For Extracting Network Metadata And Fingerprints From Pcap Files And Live Network Traffic
- Penta - Open Source All-In-One CLI Tool To Automate Pentesting
- Tarnish - A Chrome Extension Static Analysis Tool To Help Aide In Security Reviews
- B2R2 - Collection Of Useful Algorithms, Functions, And Tools For Binary Analysis
- Userrecon-Py v2.0 - Username Recognition On Various Websites
- DNS Rebinding Tool - DNS Rebind Tool With Custom Scripts
- Fenrir - Simple Bash IOC Scanner
- ManaTI - A Web-Based Tool To Assist The Work Of The Intuitive Threat Analysts
- ThreadBoat - Program Uses Thread Execution Hijacking To Inject Native Shellcode Into A Standard Win32 Application
- SQLMap v1.3.10 - Automatic SQL Injection And Database Takeover Tool
- GiveMeSecrets - Use Regular Expressions To Get Sensitive Information From A Given Repository (GitHub, Pip Or Npm)
- Lockdoor Framework - A Penetration Testing Framework With Cyber Security Resources
- Sub.Sh - Online Subdomain Detect Script
- CryptonDie - A Ransomware Developed For Study Purposes
- Recomposer - Randomly Changes Win32/64 PE Files For 'Safer' Uploading To Malware And Sandbox Sites
- Terraform AWS Secure Baseline - Terraform Module To Set Up Your AWS Account With The Secure Baseline Configuration Based On CIS Amazon Web Services Foundations
- Syhunt Community 6.7 - Web And Mobile Application Scanner
- DumpsterFire - "Security Incidents In A Box!" A Modular, Menu-Driven, Cross-Platform Tool For Building Customized, Time-Delayed, Distributed Security Events
- SecurityNotFound - 404 Page Not Found Webshell
- HRShell - An Advanced HTTPS/HTTP Reverse Shell Built With Flask
- Kube-Alien - Tool To Launches Attack on K8s Cluster from Within
- Rebel-Framework - Advanced And Easy To Use Penetration Testing Framework
- FDsploit - File Inclusion And Directory Traversal Fuzzing, Enumeration & Exploitation Tool
- MemProcFS - The Memory Process File System
- Flare-Emu - Powered by IDA Pro and the Unicorn emulation framework that provides scriptable emulation features for the x86, x86_64, ARM, and ARM64 architectures to reverse engineers
- Firmware Analysis Toolkit - Toolkit To Emulate Firmware And Analyse It For Security Vulnerabilities
- Router Exploit Shovel - Automated Application Generation For Stack Overflow Types On Wireless Routers
- Tachyon - Fast HTTP Dead File Finder
- SKA - Simple Karma Attack
- ArmourBird CSF - Container Security Framework
- Juicy Potato - A Sugared Version Of RottenPotatoNG, With A Bit Of Juice, I.E. Another Local Privilege Escalation Tool, From A Windows Service Accounts To NT AUTHORITY\SYSTEM
- ScoutSuite - Multi-Cloud Security Auditing Tool
- Mitaka - A Browser Extension For OSINT Search
- Kirjuri - Web Application For Managing Cases And Physical Forensic Evidence Items
- SysAnalyzer - Automated Malcode Analysis System
- Pixload - Image Payload Creating/Injecting Tools
- Dolos Cloak - Automated 802.1X Bypass
- Dr. ROBOT - Tool To Enumerate The Subdomains Associated With A Company By Aggregating The Results Of Multiple OSINT Tools
- FudgeC2 - A Collaborative C2 Framework For Purple-Teaming Written In Python3, Powershell And .NET
- Aura-Botnet - A Super Portable Botnet Framework With A Django-based C2 Server
- Project iKy v2.2.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
- Stardox - Github Stargazers Information Gathering Tool
- ACT Platform - Open Platform For Collection And Exchange Of Threat Intelligence Information
- PrivExchange - Exchange Your Privileges For Domain Admin Privs By Abusing Exchange
- PostShell - Post Exploitation Bind/Backconnect Shell
- TinkererShell - A Simple Python Reverse Shell Written Just For Fun
- Stegify - Go Tool For LSB Steganography, Capable Of Hiding Any File Within An Image
- DetExploit - Software That Detect Vulnerable Applications, Not-Installed OS Updates And Notify To User
- Shodan-Eye - Tool That Collects All The Information About All Devices Directly Connected To The Internet Using The Specified Keywords That You Enter
- Anteater - CI/CD Gate Check Framework
- Pyrdp - RDP Man-In-The-Middle And Library For Python3 With The Ability To Watch Connections Live Or After The Fact
- Grapl - Graph Platform For Detection And Response
- Metame - Metame Is A Metamorphic Code Engine For Arbitrary Executables
- Botb - A Container Analysis And Exploitation Tool For Pentesters And Engineers
- gitGraber - Tool To Monitor GitHub To Search And Find Sensitive Data For Different Online Services Such As: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
- fileGPS - A Tool That Help You To Guess How Your Shell Was Renamed After The Server-Side Script Of The File Uploader Saved It
- ActiveReign - A Network Enumeration And Attack Toolset
- Revshellgen - Reverse Shell Generator Written In Python.
- LetsMapYourNetwork - Tool To Visualise Your Physical Network In Form Of Graph With Zero Manual Error
- OpenCTI - Open Cyber Threat Intelligence Platform
- BlackArch Linux v2019.09.01 - Penetration Testing Distribution
- Phishing-Simulation - Aims To Increase Phishing Awareness By Providing An Intuitive Tutorial And Customized Assessment
- PingCastle - Get Active Directory Security At 80% In 20% Of The Time
- Mondoo - Cloud-Native Security And Vulnerability Risk Management
- BLUESPAWN - Windows Based Active Defense Tool To Empower Blue Teams
- EMAGNET - Tool For Find Leaked Databases With 97.1% Accurate To Grab Mail + Password Together From Pastebin Leaks
- PyFuscation - Obfuscate Powershell Scripts By Replacing Function Names, Variables And Parameters
- Btlejack - Bluetooth Low Energy Swiss-army Knife
- mpDNS - Multi-Purpose DNS Server
- Ehtools - Framework Of Serious Wi-Fi Penetration Tools
- Wordlister - A Simple Wordlist Generator And Mangler Written In Python
- Barq - The AWS Cloud Post Exploitation Framework!
- Telegram C# C2 - A Command and Control Tool for Telegram Bot Communication
- HTTP Request Smuggler - Extension For Burp Suite Designed To Help You Launch HTTP Request Smuggling Attacks
- B-XSSRF - Toolkit To Detect And Keep Track On Blind XSS, XXE And SSRF
- 0xsp Mongoose v1.7 - Linux/Windows Privilege Escalation intelligent Enumeration Toolkit
- Constellation - A Graph-Focused Data Visualisation And Interactive Analysis Application
- Hashcatch - Capture Handshakes Of Nearby WiFi Networks Automatically
- Nuages - A Modular C2 Framework
- RedHunt OS v2 - Virtual Machine For Adversary Emulation And Threat Hunting
- Sudomy - Subdomain Enumeration & Analysis
- NebulousAD - Automated Credential Auditing Tool
- PHPStan - PHP Static Analysis Tool (Discover Bugs In Your Code Without Running It!)
- EVABS - Extremely Vulnerable Android Labs
- 4CAN - Open Source Security Tool to Find Security Vulnerabilities in Modern Cars
- AIL Framework - Framework for Analysis of Information Leaks
- Airgeddon v9.21 - A Multi-use Bash Script for Linux Systems to Audit Wireless Networ
- Sublert - Security And Reconnaissance Tool Which Leverages Certificate Transparency To Automatically Monitor New Subdomains Deployed By Specific Organizations And Issued TLS/SSL Certificate
- IPRotate - Extension For Burp Suite Which Uses AWS API Gateway To Rotate Your IP On Every Request
- LDAPDomainDump - Active Directory Information Dumper Via LDAP
- Covenant - A .NET Command And Control Framework For Red Teamers
- AutoRDPwn v5.0 - The Shadow Attack Framework
- PoshC2 - C2 Server and Implants
- Hacktronian - All In One Hacking Tool For Linux & Android
- Pyshark - Python Wrapper For Tshark, Allowing Python Packet Parsing Using Wireshark Dissectors
- Applepie - A Hypervisor For Fuzzing Built With WHVP And Bochs
- PEpper - An Open Source Script To Perform Malware Static Analysis On Portable Executable
- goDoH - A DNS-over-HTTPS C2
- Truegaze - Static Analysis Tool For Android/iOS Apps Focusing On Security Issues Outside The Source Code
- pwnedOrNot v1.2.6 - OSINT Tool to Find Passwords for Compromised Email Addresses
- "Can I Take Over XYZ?" - A List Of Services And How To Claim (Sub)Domains With Dangling DNS Records
- Eyeballer - Convolutional Neural Network For Analyzing Pentest Screenshots
- "Can I Take Over XYZ?" - A List Of Services And How To Claim (Sub)Domains With Dangling DNS Records.
- Dow Jones Hammer - Protect The Cloud With The Power Of The cloud(AWS)
- Firmware Slap - Discovering Vulnerabilities In Firmware Through Concolic Analysis And Function Clustering
- Iris - WinDbg Extension To Perform Basic Detection Of Common Windows Exploit Mitigations
- Diaphora - The Most Advanced Free And Open Source Program Diffing Tool
- Airflowscan - Checklist And Tools For Increasing Security Of Apache Airflow
- DockerSecurityPlayground - A Microservices-based Framework For The Study Of Network Security And Penetration Test Techniques
- DrMITM - Program Designed To Globally Log All Traffic Of A Website
- Sampler - A Tool For Shell Commands Execution, Visualization And Alerting (Configured With A Simple YAML File)
- Findomain v0.2.1 - The Fastest And Cross-Platform Subdomain Enumerator
- Goop - Google Search Scraper (Bypass CAPTCHA)
- ThreatHunting - A Splunk App Mapped To MITRE ATT&CK To Guide Your Threat Hunts
- HackerTarget ToolKit v2.0 - Tools And Network Intelligence To Help Organizations With Attack Surface Discovery
- Seccomp Tools - Provide Powerful Tools For Seccomp Analysis
- AbsoluteZero - Python APT Backdoor
- Osmedeus v1.5 - Fully Automated Offensive Security Framework For Reconnaissance And Vulnerability Scanning
- WAES - Auto Enums Websites And Dumps Files As Result
- BADministration - Tool Which Interfaces with Management or Administration Applications from an Offensive Standpoint
- SQLMap v1.3.8 - Automatic SQL Injection And Database Takeover Tool
- Commando VM v2.0 - The First Full Windows-based Penetration Testing Virtual Machine Distribution
- Skadi - Collect, Process, And Hunt With Host Based Data From MacOS, Windows, And Linux
- KRF - A Kernelspace Randomized Faulter
- SET v8.0.1 - The Social-Engineer Toolkit
- Project iKy v2.1.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
- Project iKy v2.1.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
- Theo - Ethereum Recon And Exploitation Tool
- Malcolm - A Powerful, Easily Deployable Network Traffic Analysis Tool Suite For Full Packet Capture Artifacts (PCAP Files) And Zeek Logs
- AutoRecon - Multi-Threaded Network Reconnaissance Tool Which Performs Automated Enumeration Of Services
- WiFiBroot - A WiFi Pentest Cracking Tool For WPA/WPA2 (Handshake, PMKID, Cracking, EAPOL, Deauthentication)
- HELK - The Hunting ELK
- MemGuard - Secure Software Enclave For Storage Of Sensitive Information In Memory
- Usbrip - Simple Command Line Forensics Tool For Tracking USB Device Artifacts (History Of USB Events) On GNU/Linux
- MSNM-S - Multivariate Statistical Network Monitoring-Sensor
- W13Scan - Passive Security Scanner
- XSpear - Powerfull XSS Scanning And Parameter Analysis Tool
- Slurp - S3 Bucket Enumerator
- Buster - Find Emails Of A Person And Return Info Associated With Them
- Xssizer - The Best Tool To Find And Prove XSS Flaws
- WDExtract - Extract Windows Defender Database From Vdm Files And Unpack It
- WeebDNS - DNS Enumeration With Asynchronicity
- RedGhost v3.0 - Linux Post Exploitation Framework Written In Bash Designed To Assist Red Teams In Persistence, Reconnaissance, Privilege Escalation And Leaving No Trace
- Recon-ng v5.0.0 - Open Source Intelligence Gathering Tool Aimed At Reducing The Time Spent Harvesting Information From Open Sources
- Uncompyle6 - A Cross-Version Python Bytecode Decompiler
- OSXCollector - A Forensic Evidence Collection & Analysis Toolkit For OS X
- Vulnado - Purposely Vulnerable Java Application To Help Lead Secure Coding Workshops
- Orbit v2.0 - Blockchain Transactions Investigation Tool
- Cloudcheck - Checks Using A Test String If A Cloudflare DNS Bypass Is Possible Using CloudFail
- grapheneX - Automated System Hardening Framework
- O365-Attack-Toolkit - A Toolkit To Attack Office365
- Pyattck - A Python Module To Interact With The Mitre ATT&CK Framework
- Evil-Winrm - The Ultimate WinRM Shell For Hacking/Pentesting
- Airopy - Get Clients And Access Points
- AMIRA - Automated Malware Incident Response & Analysis
- VulnWhisperer - Create Actionable Data From Your Vulnerability Scans
- Dockernymous - A Script Used To Create A Whonix Like Gateway/Workstation Environment With Docker Containers
- HiddenEye - Modern Phishing Tool With Advanced Functionality (Android-Support-Available)
- SUDO_KILLER - A Tool To Identify And Exploit Sudo Rules Misconfigurations And Vulnerabilities Within Sudo
- Hvazard - Remove Short Passwords & Duplicates, Change Lowercase To Uppercase & Reverse, Combine Wordlists!
- GitGot - Semi-automated, Feedback-Driven Tool To Rapidly Search Through Troves Of Public Data On GitHub For Sensitive Secrets
- Git-Hound - Find Exposed Keys Across GitHub Using Code Search Keywords
- Parrot Security 4.7 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind
- Kali NetHunter App Store - The New Android Store Dedicated to Free Security Apps
- Userrecon v1.1.0 - Recognition Usernames In 187 Social Networks
- Brute_Force - BruteForce Gmail, Hotmail, Twitter, Facebook & Netflix
- Detect It Easy - Program For Determining Types Of Files For Windows, Linux And MacOS
- Shellsum - A Defense Tool - Detect Web Shells In Local Directories Via Md5Sum
- RedGhost v2.0 - Linux Post Exploitation Framework Designed To Assist Red Teams In Gaining Persistence, Reconnaissance And Leaving No Trace
- UACME - Defeating Windows User Account Control
- JShielder v2.4 - Hardening Script For Linux Servers/ Secure LAMP-LEMP Deployer/ CIS Benchmark G
- Project iKy v2.0.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
- Passpie - Multiplatform Command-Line Password Manager
- PasteHunter - Scanning Pastebin With Yara Rules
- Pown-Duct - Essential Tool For Finding Blind Injection Attacks
- Dwarf - Full Featured Multi Arch/Os Debugger Built On Top Of PyQt5 And Frida
- Ghostfuscator - The Python Password-Protected Obfuscator Using AES Encryption
- Objection v1.6.6 - Runtime Mobile Exploration
- Commando VM v1.3 - The First Full Windows-based Penetration Testing Virtual Machine Distribution
- Findomain - A Cross-Platform Tool That Use Certificate Transparency Logs To Find Subdomains
- Echidna - Ethereum Fuzz Testing Framework
- Cloud Security Audit - A Command Line Security Audit Tool For Amazon Web Services
- WinObjEx64 - Windows Object Explorer 64-Bit
- Regipy - An OS Independent Python Library For Parsing Offline Registry Hives
- Rifiuti2 - Windows Recycle Bin Analyser
- Linux-Smart-Enumeration - Linux Enumeration Tool For Pentesting And CTFs With Verbosity Levels
- Whonix v15 - Anonymous Operating System
- SneakyEXE - Embedding "UAC-Bypassing" Function Into Your Custom Payload
- NetSet - Operational Security Utility And Automator
- DarkScrape - OSINT Tool For Scraping Dark Websites
- Youzer - Fake User Generator For Active Directory Environments
- Rock-ON - An All In One Recon Tool That Will Just Get A Single Entry Of The Domain Name And Do All Of The Work Alone
- Wesng - Windows Exploit Suggester
- Fbchecker - Facebook Mass Account Checker
- Slackor - A Golang Implant That Uses Slack As A Command And Control Server
- Hash-Identifier - Software To Identify The Different Types Of Hashes Used To Encrypt Data And Especially Passwords
- MIG - Distributed And Real Time Digital Forensics At The Speed Of The Cloud
- Icebox - Virtual Machine Introspection, Tracing & Debugging
- SQLMap v1.3.7 - Automatic SQL Injection And Database Takeover Tool
- Sherlock - Find Usernames Across Social Networks
- 0xsp-Mongoose - Privilege Escalation Enumeration Toolkit (ELF 64/32), Fast, Intelligent Enumeration With Web API Integration
- Lst2X64Dbg - Extract labels from IDA .lst or Ghidra .csv file and export x64dbg database
- Spyse.Py - Python API Wrapper And Command-Line Client For The Tools Hosted On Spyse.Com
- PTF v2.3 - The Penetration Testers Framework Is A Way For Modular Support For Up-To-Date Tools
- Scapy - The Python-based Interactive Packet Manipulation Program & Library
- TwitterShadowBan - Twitter Shadowban Tests
- PivotSuite - A Network Pivoting Toolkit
- Lynis 2.7.5 - Security Auditing Tool for Unix/Linux Systems
- Project iKy - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
- Getwin - FUD Win32 Payload Generator And Listener
- Seccubus - Easy Automated Vulnerability Scanning, Reporting And Analysis
- Terminus - A Terminal For A More Modern Age
- Quarantyne - Modern Web Firewall: Stop Account Takeovers, Weak Passwords, Cloud IPs, DoS Attacks, Disposable Emails
- Prithvi - Report Generation Tool
- Kippo - SSH Honeypot
- Konan - Advanced Web Application Dir Scanner
- Seth - Perform A MitM Attack And Extract Clear Text Credentials From RDP Connections
- Rdpscan - A Quick Scanner For The CVE-2019-0708 "BlueKeep" Vulnerability
- DNSlivery - Easy Files And Payloads Delivery Over DNS
- GhostSquadHackers - Encrypt/Encode Your Javascript Code
- BackBox Linux 6.0 - Ubuntu-based Linux Distribution Penetration Test and Security Assessment
- URLextractor - Information Gathering and Website Reconnaissance
- MozDef - Mozilla Enterprise Defense Platform
- Sliver - Implant Framework
- Simplify - Generic Android Deobfuscator
- BoomER - Framework For Exploiting Local Vulnerabilities
- WhatBreach - OSINT Tool To Find Breached Emails And Databases
- BlueGhost - A Network Tool Designed To Assist Blue Teams In Banning Attackers From Linux Servers
- Vxscan - Comprehensive Scanning Tool
- RedGhost - Linux Post Exploitation Framework Designed To Gain Persistence And Reconnaissance And Leave No Trace
- One-Lin3r v2.0 - Gives You One-Liners That Aids In Penetration Testing Operations, Privilege Escalation And More
- Tourmaline - Telegram Bot Framework For Crystal
- VulnX v1.7 - An Intelligent Bot Auto Shell Injector That Detect Vulnerabilities In Multiple Types Of CMS
- Cryptr - A Simple Shell Utility For Encrypting And Decrypting Files Using OpenSSL
- Amass - In-depth DNS Enumeration And Network Mapping
- Userrecon-Py - Find Usernames In Social Networks
- Metabigor - Command Line Search Engines Without Any API Key
- autoPwn - Automate Repetitive Tasks For Fuzzing
- Finshir - A Coroutines-Driven Low And Slow Traffic Sender, Written In Rust
- Facebash - Facebook Brute Forcer In Shellscript Using TOR
- Vthunting - A Tiny Script Used To Generate Report About VirusTotal Hunting And Send It By Email, Slack Or Telegram
- Python-Iocextract - Advanced Indicator Of Compromise (IOC) Extractor
- PcapXray v2.5 - A Network Forensics Tool To Visualize A Packet Capture Offline As A Network Diagram
- ANDRAX v3 - The First And Unique Penetration Testing Platform For Android Smartphones
- Vulners Scanner for Android - Passive Vulnerability Scanning Based On Software Version Fingerprint
- ripVT - Virus Total API Maltego Transform Set For Canari
- ReverseTCPShell - PowerShell ReverseTCP Shell, Client & Server
- GhostDelivery - This Tool Creates A Obfuscated .vbs Script To Download A Payload Hosted On A Server To %TEMP% Directory, Execute Payload And Gain Persistence
- H8Mail v2.0 - Email OSINT And Password Breach Hunting
- PhoneSploit v1.2 - Using Open Adb Ports We Can Exploit A Andriod Device
- Zydra - File Password Recovery Tool And Linux Shadow File Cracker
- Recsech - Tool For Doing Footprinting And Reconnaissance On The Target Web
- LiveHiddenCamera - Library Which Record Live Video And Audio From Android Device Without Displaying A Preview
- Shellphish - Phishing Tool For 18 Social Media (Instagram, Facebook, Snapchat, Github, Twitter...)
- TOR Router - A Tool That Allow You To Make TOR Your Default Gateway And Send All Internet Connections Under TOR
- Userrecon - Find Usernames Across Over 75 Social Networks
- WhatWeb v0.5.0 - Next Generation Web Scanner
- Faraday v3.8 - Collaborative Penetration Test and Vulnerability Management Platform
- RecScanSec - Reconnaisance Scanner Security
- Crashcast-Exploit - This Tool Allows You Mass Play Any YouTube Video With Chromecasts Obtained From Shodan.io
- Tool-X - A Kali Linux Hacking Tool Installer
- SQLMap v1.3 - Automatic SQL Injection And Database Takeover Tool
- Stretcher - Tool Designed To Help Identify Open Elasticsearch Servers That Are Exposing Sensitive Information
- Aztarna - A Footprinting Tool For Robots
- Hediye - Hash Generator & Cracker Online Offline
- Killcast - Manipulate Chromecast Devices In Your Network
- bypass-firewalls-by-DNS-history - Firewall Bypass Script Based On DNS History Records
- WiFi-Pumpkin v0.8.7 - Framework for Rogue Wi-Fi Access Point Attack
- H8Mail - Email OSINT And Password Breach Hunting
- Kube-Hunter - Hunt For Security Weaknesses In Kubernetes Clusters
- Metasploit 5.0 - The World’s Most Used Penetration Testing Framework
- Interlace - Easily Turn Single Threaded Command Line Applications Into Fast, Multi Threaded Ones With CIDR And Glob Support
- Twifo-Cli - Get User Information Of A Twitter User
- Sitadel - Web Application Security Scanner
- Pe-Sieve - Recognizes And Dumps A Variety Of Potentially Malicious Implants (Replaced/Injected PEs, Shellcodes, Hooks, In-Memory Patches)
- Malboxes - Builds Malware Analysis Windows VMs So That You Don'T Have To
- Snyk - CLI And Build-Time Tool To Find & Fix Known Vulnerabilities In Open-Source Dependencies
- Shed - .NET Runtime Inspector
- Stardox - Github Stargazers Information Gathering Tool
- Commix v2.7 - Automated All-in-One OS Command Injection And Exploitation Tool
- AutoSploit v3.0 - Automated Mass Exploiter
- Faraday v3.5 - Collaborative Penetration Test and Vulnerability Management Platform
- Recaf - A Modern Java Bytecode Editor
- dnSpy - .NET Debugger And Assembly Editor
- FinalRecon v1.0.2 - OSINT Tool For All-In-One Web Reconnaissance
- ScoringEngine - Scoring Engine For Red/White/Blue Team Competitions
- Astra - Automated Security Testing For REST API's
- HTTPS Everywhere - A Browser Extension That Encrypts Your Communications With Many Websites That Offer HTTPS But Still Allow Unencrypted Connections
- uDork - Google Hacking Tool
- XXExploiter - Tool To Help Exploit XXE Vulnerabilities
- Maryam v1.4.0 - Open-source Intelligence(OSINT) Framework
- InstaSave - Python Script To Download Images, Videos & Profile Pictures From Instagram
- xShock - Shellshock Exploit
- Chepy - A Python Lib/Cli Equivalent Of The Awesome CyberChef Tool.
- Sshuttle - Transparent Proxy Server That Works As A Poor Man'S VPN. Forwards Over SSH
- Lazydocker - The Lazier Way To Manage Everything Docker
- Pypykatz - Mimikatz Implementation In Pure Python
- Token-Reverser - Word List Generator To Crack Security Tokens
- shuffleDNS - Wrapper Around Massdns Written In Go That Allows You To Enumerate Valid Subdomains
- AWSGen.py - Generates Permutations, Alterations And Mutations Of AWS S3 Buckets Names
- Jeopardize - A Low(Zero) Cost Threat Intelligence & Response Tool Against Phishing Domains
- TEA - Ssh-Client Worm
- Zelos - A Comprehensive Binary Emulation Platform
- Pickl3 - Windows Active User Credential Phishing Tool
- Betwixt - Web Debugging Proxy Based On Chrome DevTools Network Panel
- Dirble - Fast Directory Scanning And Scraping Tool
- Pentest Tools Framework - A Database Of Exploits, Scanners And Tools For Penetration Testing
- RedRabbit - Red Team PowerShell Script
- Sifter - A OSINT, Recon And Vulnerability Scanner
- FuzzBench - Fuzzer Benchmarking As A Service
- SSRF Sheriff - A Simple SSRF-testing Sheriff Written In Go
- Evil SSDP - Spoof SSDP Replies And Create Fake UPnP Devices To Phish For Credentials And NetNTLM Challenge/Response
- Proton Framework - A Windows Post Exploitation Framework Similar To Other Penetration Testing Tools Such As Meterpreter And Powershell Invader Framework
- NTLMRecon - A Tool To Enumerate Information From NTLM Authentication Enabled Web Endpoints
- HoneyBot - Capture, Upload And Analyze Network Traffic
- HTTP Asynchronous Reverse Shell - Asynchronous Reverse Shell Using The HTTP Protocol
- Entropy Toolkit - A Set Of Tools To Exploit Netwave And GoAhead IP Webcams
- SharpRDP - Remote Desktop Protocol .NET Console Application For Authenticated Command Execution
- Ghost Framework - An Android Post Exploitation Framework That Uses An Android Debug Bridge To Remotely Access A n Android Device
- Extended-XSS-Search - Scans For Different Types Of XSS On A List Of URLs
- Phonia Toolkit - One Of The Most Advanced Toolkits To Scan Phone Numbers Using Only Free Resources
- PrivescCheck - Privilege Escalation Enumeration Script For Windows
- TwitWork - Monitor Twitter Stream
- XCTR Hacking Tools - All in one tools for Information Gathering
- WiFi Passview v2.0 - An Open Source Batch Script Based WiFi Passview For Windows!
- dnsFookup - DNS Rebinding Toolkit
- BadBlood - Fills A Microsoft Active Directory Domain With A Structure And Thousands Of Objects
- Xencrypt - A PowerShell Script Anti-Virus Evasion Tool
- Subfinder - A Subdomain Discovery Tool That Discovers Valid Subdomains For Websites
- Extended-SSRF-Search - Smart SSRF Scanner Using Different Methods Like Parameter Brute Forcing In Post And Get...
- IoTGoat - A Deliberately Insecure Firmware Based On OpenWrt
- Polyshell - A Bash/Batch/PowerShell Polyglot!
- Mouse Framework - An iOS And macOS Post Exploitation Surveillance Framework That Gives You A Command Line Session With Extra Functionality Between You And A Target Machine Using Only A Simple Mouse Payload
- Multi-Juicer - Run Capture The Flags And Security Trainings With OWASP Juice Shop
- Progress-Burp - Burp Suite Extension To Track Vulnerability Assessment Progress
- Faraday presents the latest version of their Security Platform for Vulnerability Management Automation
- ABD - Course Materials For Advanced Binary Deobfuscation
- Wifi-Hacker - Shell Script For Attacking Wireless Connections Using Built-In Kali Tools
- get_Team_Pass - Get Teamviewer's ID And Password From A Remote Computer In The LAN
- Faraday presents the latest version of their Security Platform for Vulnerability Management Automation
- Dnssearch - A Subdomain Enumeration Tool
- Liffy - Local File Inclusion Exploitation Tool
- DLLPasswordFilterImplant - DLL Password Filter Implant With Exfiltration Capabilities
- Ohmybackup - Scan Victim Backup Directories & Backup Files
- Gadgetinspector - A Byte Code Analyzer For Finding Deserialization Gadget Chains In Java Applications
- OWASP D4N155 - Intelligent And Dynamic Wordlist Using OSINT
- TaskManager-Button-Disabler - Simple Way To Disable/Rename Buttons From A Task Manager
- SUDO_KILLER - A Tool To Identify And Exploit Sudo Rules' Misconfigurations And Vulnerabilities Within Sudo
- Adama - Searches For Threat Hunting And Security Analytics
- Metabigor - Intelligence Tool But Without API Key
- Rabid - A CLI Tool And Library Allowing To Simply Decode All Kind Of BigIP Cookies
- 0L4Bs - Cross-site Scripting Labs For Web Application Security Enthusiasts
- CVE Api - Parse & filter the latest CVEs from cve.mitre.org
- NekoBot - Auto Exploiter With 500+ Exploit 2000+ Shell
- Gospider - Fast Web Spider Written In Go
- DecryptTeamViewer - Enumerate And Decrypt TeamViewer Credentials From Windows Registry
- DrSemu - Malware Detection And Classification Tool Based On Dynamic Behavior
- Syborg - Recursive DNS Subdomain Enumerator With Dead-End Avoidance System
- Manul - A Coverage-Guided Parallel Fuzzer For Open-Source And Blackbox Binaries On Windows, Linux And MacOS
- Fuzzowski - The Network Protocol Fuzzer That We Will Want To Use
- Nray - Distributed Port Scanner
- BurpSuite Random User-Agents - Burp Suite Extension For Generate A Random User-Agents
- CTFTOOL - Interactive CTF Exploration Tool
- Aduket - Straight-forward HTTP Client Testing, Assertions Included
- OpenRelayMagic - Tool To Find SMTP Servers Vulnerable To Open Relay
- Hashcracker - Python Hash Cracker
- KawaiiDeauther - Jam All Wifi Clients/Routers
- Agente - Distributed Simple And Robust Release Management And Monitoring System
- XSS-Freak - An XSS Scanner Fully Written In Python3 From Scratch
- IPv6Tools - A Robust Modular Framework That Enables The Ability To Visually Audit An IPv6 Enabled Network
- Pytm - A Pythonic Framework For Threat Modeling
- Netdata - Real-time Performance Monitoring
- InjuredAndroid - A Vulnerable Android Application That Shows Simple Examples Of Vulnerabilities In A CTF Style
- FockCache - Minimalized Test Cache Poisoning
- Acunetix v13 - Web Application Security Scanner
- SEcraper - Search Engine Scraper Tool With BASH Script.
- Re2Pcap - Create PCAP file from raw HTTP request or response in seconds
- Takeover v0.2 - Sub-Domain TakeOver Vulnerability Scanner
- Misp-Dashboard - A Dashboard For A Real-Time Overview Of Threat Intelligence From MISP Instances
- Jaeles v0.4 - The Swiss Army Knife For Automated Web Application Testing
- Dufflebag - Search Exposed EBS Volumes For Secrets
- Qiling - Advanced Binary Emulation Framework
- Nfstream - A Flexible Network Data Analysis Framework
- WhatTheHack - A Collection Of Challenge Based Hack-A-Thons Including Student Guide, Proctor Guide, Lecture Presentations, Sample/Instructional Code And Templates
- Injectus - CRLF And Open Redirect Fuzzer
- PCFG Cracker - Probabilistic Context Free Grammar (PCFG) Password Guess Generator
- DVNA - Damn Vulnerable NodeJS Application
- GDA Android Reversing Tool - A New Decompiler Written Entirely In C++, So It Does Not Rely On The Java Platform, Which Is Succinct, Portable And Fast, And Supports APK, DEX, ODEX, Oat
- Project-Black - Pentest/BugBounty Progress Control With Scanning Modules
- RiskAssessmentFramework - Static Application Security Testing
- MassDNS - A High-Performance DNS Stub Resolver For Bulk Lookups And Reconnaissance (Subdomain Enumeration)
- S3Enum - Fast Amazon S3 Bucket Enumeration Tool For Pentesters
- See-SURF - Python Based Scanner To Find Potential SSRF Parameters
- Blinder - A Python Library To Automate Time-Based Blind SQL Injection
- Obfuscapk - A Black-Box Obfuscation Tool For Android Apps
- Kali Linux 2020.1 Release - Penetration Testing and Ethical Hacking Linux Distribution
- PythonAESObfuscate - Obfuscates A Python Script And The Accompanying Shellcode
- ApplicationInspector - A Source Code Analyzer Built For Surfacing Features Of Interest And Other Characteristics To Answer The Question 'What'S In It' Using Static Analysis With A Json Based Rules Engine
- CredNinja - A Multithreaded Tool Designed To Identify If Credentials Are Valid, Invalid, Or Local Admin Valid Credentials Within A Network At-Scale Via SMB, Plus Now With A User Hunter
- Mimir - Smart OSINT Collection Of Common IOC Types
- Socialscan - Check Email Address And Username Availability On Online Platforms With 100% Accuracy
- Aircrack-ng 1.6 - Complete Suite Of Tools To Assess WiFi Network Security
- Memhunter - Live Hunting Of Code Injection Techniques
- AgentSmith-HIDS - Open Source Host-based Intrusion Detection System (HIDS)
- Hershell - Multiplatform Reverse Shell Generator
- Check-LocalAdminHash - A PowerShell Tool That Attempts To Authenticate To Multiple Hosts Over Either WMI Or SMB Using A Password Hash To Determine If The Provided Credential Is A Local Administrator
- SharpStat - C# Utility That Uses WMI To Run "cmd.exe /c netstat -n", Save The Output To A File, Then Use SMB To Read And Delete The File Remotely
- KsDumper - Dumping Processes Using The Power Of Kernel Space
- YARASAFE - Automatic Binary Function Similarity Checks with Yara
- AlertResponder - Automatic Security Alert Response Framework By AWS Serverless Application Model
- TAS - A Tiny Framework For Easily Manipulate The Tty And Create Fake Binaries
- Corsy v1.0 - CORS Misconfiguration Scanner
- TeleGram-Scraper - Telegram Group Scraper Tool (Fetch All Information About Group Members)
- Grouper2 - Find Vulnerabilities In AD Group Policy
- Gophish - Open-Source Phishing Toolkit
- Aaia - AWS Identity And Access Management Visualizer And Anomaly Finder
- Scallion - GPU-based Onion Addresses Hash Generator
- Bluewall - A Firewall Framework Designed For Offensive And Defensive Cyber Professionals
- AntiCheat-Testing-Framework - Framework To Test Any Anti-Cheat
- Gowitness - A Golang, Web Screenshot Utility Using Chrome Headless
- Lsassy - Extract Credentials From Lsass Remotely
- LOLBITS - C# Reverse Shell Using Background Intelligent Transfer Service (BITS) As Communication Protocol
- Shell Backdoor List - PHP / ASP Shell Backdoor List
- Hakrawler - Simple, Fast Web Crawler Designed For Easy, Quick Discovery Of Endpoints And Assets Within A Web Application
- Gtfo - Search For Unix Binaries That Can Be Exploited To Bypass System Security Restrictions
- SWFPFinder - SWF Potential Parameters Finder
- laravelN00b - Automated Scan .env Files And Checking Debug Mode In Victim Host
- Andriller - Software Utility With A Collection Of Forensic Tools For Smartphones
- LAVA - Large-scale Automated Vulnerability Addition
- Heapinspect - Inspect Heap In Python
- CHAPS - Configuration Hardening Assessment PowerShell Script
- Karonte - A Static Analysis Tool To Detect Multi-Binary Vulnerabilities In Embedded Firmware
- IotShark - Monitoring And Analyzing IoT Traffic
- LNAV - Log File Navigator
- TuxResponse - Linux Incident Response
- Stowaway - Multi-hop Proxy Tool For Pentesters
- Git-Vuln-Finder - Finding Potential Software Vulnerabilities From Git Commit Messages
- WAFW00F v2.0 - Allows One To Identify And Fingerprint Web Application Firewall (WAF) Products Protecting A Website
- XposedOrNot - Tool To Search An Aggregated Repository Of Xposed Passwords Comprising Of ~850 Million Real Time Passwords
- Dsync - IDAPython Plugin That Synchronizes Disassembler And Decompiler Views
- RFCpwn - An Enumeration And Exploitation Toolkit Using RFC Calls To SAP
- LKWA - Lesser Known Web Attack Lab
- Multiscanner - Modular File Scanning/Analysis Framework
- Findomain v0.9.3 - The Fastest And Cross-Platform Subdomain Enumerator
- OKadminFinder - Admin Panel Finder / Admin Login Page Finder
- BetterBackdoor - A Backdoor With A Multitude Of Features
- Spraykatz - A Tool Able To Retrieve Credentials On Windows Machines And Large Active Directory Environments
- Shelly - Simple Backdoor Manager With Python (Based On Weevely)
- huskyCI - Performing Security Tests Inside Your CI
- AttackSurfaceMapper - A Tool That Aims To Automate The Reconnaissance Process
- Pylane - An Python VM Injector With Debug Tools, Based On GDB
- PAKURI - Penetration Test Achieve Knowledge Unite Rapid Interface
- Malwinx - Just A Normal Flask Web App To Understand Win32Api With Code Snippets And References
- Quark-Engine - An Obfuscation-Neglect Android Malware Scoring System
- nmapAutomator - Tool To Automate All Of The Process Of Recon/Enumeration
- RansomCoin - A DFIR Tool To Extract Cryptocoin Addresses And Other Indicators Of Compromise From Binaries
- Pown.js - A Security Testing An Exploitation Toolkit Built On Top Of Node.js And NPM
- Top 20 Most Popular Hacking Tools in 2019
- Turbolist3r - Subdomain Enumeration Tool With Analysis Features For Discovered Domains
- SQLMap v1.4 - Automatic SQL Injection And Database Takeover Tool
- AVCLASS++ - Yet Another Massive Malware Labeling Tool
- XSpear v1.3 - Powerfull XSS Scanning And Parameter Analysis Tool
- Kamerka GUI - Ultimate Internet Of Things/Industrial Control Systems Reconnaissance Tool
- SysWhispers - AV/EDR Evasion Via Direct System Calls
- S3Tk - A Security Toolkit For Amazon S3
- WindowsFirewallRuleset - Windows Firewall Ruleset Powershell Scripts
- AWS Report - Tool For Analyzing Amazon Resources
- Tishna - Complete Automated Pentest Framework For Servers, Application Layer To Web Security
- RedPeanut - A Small RAT Developed In .Net Core 2 And Its Agent In .Net 3.5/4.0
- DetectionLab - Vagrant And Packer Scripts To Build A Lab Environment Complete With Security Tooling And Logging Best Practices
- Andor - Blind SQL Injection Tool With Golang
- SQL Injection Payload List
- WinPwn - Automation For Internal Windows Penetrationtest / AD-Security
- Ddoor - Cross Platform Backdoor Using Dns Txt Records
- Custom Header - Automatic Add New Header To Entire BurpSuite HTTP Requests
- SCShell - Fileless Lateral Movement Tool That Relies On ChangeServiceConfigA To Run Command
- Ultimate Facebook Scraper - A Bot Which Scrapes Almost Everything About A Facebook User'S Profile Including All Public Posts/Statuses Available On The User'S Timeline, Uploaded Photos, Tagged Photos, Videos, Friends List And Their Profile Photos
- FireProx - AWS API Gateway Management Tool For Creating On The Fly HTTP Pass-Through Proxies For Unique IP Rotation
- DNCI - Dot Net Code Injector
- RdpThief - Extracting Clear Text Passwords From Mstsc.Exe Using API Hooking
- Leprechaun - Tool Used To Map Out The Network Data Flow To Help Penetration Testers Identify Potentially Valuable Targets
- Glances - An Eye On Your System. A Top/Htop Alternative For GNU/Linux, BSD, Mac OS And Windows Operating Systems
- Sshtunnel - SSH Tunnels To Remote Server
- RE:TERNAL - Repo Containing Docker-Compose Files And Setup Scripts Without Having To Clone The Individual Reternal Components
- Antispy - A Free But Powerful Anti Virus And Rootkits Toolkit
- Flan - A Pretty Sweet Vulnerability Scanner By CloudFlare
- Corsy - CORS Misconfiguration Scanner
- Kali Linux 2019.4 Release - Penetration Testing and Ethical Hacking Linux Distribution
- XML External Entity (XXE) Injection Payload List
- ATFuzzer - Dynamic Analysis Of AT Interface For Android Smartphones
- Netstat2Neo4J - Create Cypher Create Statements For Neo4J Out Of Netstat Files From Multiple Machines
- BaseQuery - A Way To Organize Public Combo-Lists And Leaks In A Way That You Can Easily Search Through Everything
- Attack Monitor - Endpoint Detection And Malware Analysis Software
- Crashcast-Exploit - This Tool Allows You Mass Play Any YouTube Video With Chromecasts Obtained From Shodan.io
- Tool-X - A Kali Linux Hacking Tool Installer
- SQLMap v1.3 - Automatic SQL Injection And Database Takeover Tool
- Stretcher - Tool Designed To Help Identify Open Elasticsearch Servers That Are Exposing Sensitive Information
- Aztarna - A Footprinting Tool For Robots
- Hediye - Hash Generator & Cracker Online Offline
- Killcast - Manipulate Chromecast Devices In Your Network
- bypass-firewalls-by-DNS-history - Firewall Bypass Script Based On DNS History Records
- WiFi-Pumpkin v0.8.7 - Framework for Rogue Wi-Fi Access Point Attack
- H8Mail - Email OSINT And Password Breach Hunting
- Kube-Hunter - Hunt For Security Weaknesses In Kubernetes Clusters
- Metasploit 5.0 - The World’s Most Used Penetration Testing Framework
- Interlace - Easily Turn Single Threaded Command Line Applications Into Fast, Multi Threaded Ones With CIDR And Glob Support
- Twifo-Cli - Get User Information Of A Twitter User
- Sitadel - Web Application Security Scanner
- Pe-Sieve - Recognizes And Dumps A Variety Of Potentially Malicious Implants (Replaced/Injected PEs, Shellcodes, Hooks, In-Memory Patches)
- Malboxes - Builds Malware Analysis Windows VMs So That You Don'T Have To
- Snyk - CLI And Build-Time Tool To Find & Fix Known Vulnerabilities In Open-Source Dependencies
- Shed - .NET Runtime Inspector
- Stardox - Github Stargazers Information Gathering Tool
- Commix v2.7 - Automated All-in-One OS Command Injection And Exploitation Tool
- AutoSploit v3.0 - Automated Mass Exploiter
- Faraday v3.5 - Collaborative Penetration Test and Vulnerability Management Platform
- Recaf - A Modern Java Bytecode Editor
- dnSpy - .NET Debugger And Assembly Editor
- DotDotPwn - The Directory Traversal Fuzzer