Cyber Security Tools
- List of SecTools.Org: Top 125 Network Security Tools - For more than a decade, the Nmap Project has been cataloguing the network security community's favorite tools.
- Kali Tool List - Kali Linux Tools Listing.
- Metasploit - Software for offensive security teams to help verify vulnerabilities and manage security assessments.
- Armitage - Java-based GUI front-end for the Metasploit Framework.
- Faraday - Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.
- ExploitPack - Graphical tool for automating penetration tests that ships with many pre-packaged exploits.
- Pupy - Cross-platform (Windows, Linux, macOS, Android) remote administration and post-exploitation tool.
- AutoSploit - Automated mass exploiter, which collects target by employing the Shodan.io API and programmatically chooses Metasploit exploit modules based on the Shodan query.
- Decker - Penetration testing orchestration and automation framework, which allows writing declarative, reusable configurations capable of ingesting variables and using outputs of tools it has run as inputs to others.
- Netsparker Application Security Scanner - Application security scanner to automatically find security flaws.
- Nexpose - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
- Nessus - Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable.
- OpenVAS - Free software implementation of the popular Nessus vulnerability assessment system.
- Vuls - Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go.
- Brakeman - Static analysis security vulnerability scanner for Ruby on Rails applications.
- cppcheck - Extensible C/C++ static analyzer focused on finding bugs.
- FindBugs - Free software static analyzer to look for bugs in Java code.
- sobelow - Security-focused static analysis for the Phoenix Framework.
- bandit - Security oriented static analyser for python code.
- Progpilot - Static security analysis tool for PHP code.
- RegEx-DoS - Analyzes source code for Regular Expressions susceptible to Denial of Service attacks.
- Netsparker Application Security Scanner - Application security scanner to automatically find security flaws.
- Nikto - Noisy but fast black box web server and web application vulnerability scanner.
- Arachni - Scriptable framework for evaluating the security of web applications.
- w3af - Web application attack and audit framework.
- Wapiti - Black box web application vulnerability scanner with built-in fuzzer.
- SecApps - In-browser web application security testing suite.
- WebReaver - Commercial, graphical web application vulnerability scanner designed for macOS.
- WPScan - Black box WordPress vulnerability scanner.
- cms-explorer - Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
- joomscan - Joomla vulnerability scanner.
- ACSTIS - Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.
- SQLmate - A friend of sqlmap that identifies sqli vulnerabilities based on a given dork and website (optional).
- JCS - Joomla Vulnerability Component Scanner with automatic database updater from exploitdb and packetstorm.
- pig - GNU/Linux packet crafting tool.
- Network-Tools.com - Website offering an interface to numerous basic network utilities like
ping
,traceroute
,whois
, and more. - Intercepter-NG - Multifunctional network toolkit.
- SPARTA - Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.
- Zarp - Network attack tool centered around the exploitation of local networks.
- dsniff - Collection of tools for network auditing and pentesting.
- scapy - Python-based interactive packet manipulation program & library.
- Printer Exploitation Toolkit (PRET) - Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
- Praeda - Automated multi-function printer data harvester for gathering usable data during security assessments.
- routersploit - Open source exploitation framework similar to Metasploit but dedicated to embedded devices.
- CrackMapExec - Swiss army knife for pentesting networks.
- impacket - Collection of Python classes for working with network protocols.
- dnstwist - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage.
- THC Hydra - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more.
- IKEForce - Command line IPSEC VPN brute forcing tool for Linux that allows group name/ID enumeration and XAUTH brute forcing capabilities.
- hping3 - Network tool able to send custom TCP/IP packets.
- rshijack - TCP connection hijacker, Rust rewrite of
shijack
. - NetworkMiner - A Network Forensic Analysis Tool (NFAT).
- Paros - A Java-based HTTP/HTTPS proxy for assessing web application vulnerability.
- mitmsocks4j - Man-in-the-middle SOCKS Proxy for Java.
- Charles Proxy - A cross-platform GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live traffic.
- Habu - Python Network Hacking Toolkit.
- Wifi Jammer - Free program to jam all wifi clients in range.
- Firesheep - Free program for HTTP session hijacking attacks.
- Autopsy - A digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools
- sleuthkit - A library and collection of command-line digital forensics tools
- EnCase - The shared technology within a suite of digital investigations products by Guidance Software
- malzilla - Malware hunting tool
- PEview - A quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files
- HxD - A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size
- WinHex - A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security
- BinText - A small, very fast and powerful text extractor that will be of particular interest to programmers
- xortool - A tool to analyze multi-byte XOR cipher
- DET - Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.
- pwnat - Punches holes in firewalls and NATs.
- tgcd - Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.
- Iodine - Tunnel IPv4 data through a DNS server; useful for exfiltration from networks where Internet access is firewalled, but DNS queries are allowed.
- zmap - Open source network scanner that enables researchers to easily perform Internet-wide network studies.
- nmap - Free security scanner for network exploration & security audits.
- scanless - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.
- DNSDumpster - Online DNS recon and search service.
- CloudFail - Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
- dnsenum - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
- dnsmap - Passive DNS network mapper.
- dnsrecon - DNS enumeration script.
- dnstracer - Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
- passivedns-client - Library and query tool for querying several passive DNS providers.
- passivedns - Network sniffer that logs all DNS server replies for use in a passive DNS setup.
- Mass Scan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
- smbmap - Handy SMB enumeration tool.
- XRay - Network (sub)domain discovery and reconnaissance automation tool.
- ACLight - Script for advanced discovery of sensitive Privileged Accounts - includes Shadow Admins.
- ScanCannon - Python script to quickly enumerate large networks by calling
masscan
to quickly identify open ports and thennmap
to gain details on the systems/services on those ports. - fierce - Python3 port of the original
fierce.pl
DNS reconnaissance tool for locating non-contiguous IP space.
- tcpdump/libpcap - Common packet analyzer that runs under the command line.
- Wireshark - Widely-used graphical, cross-platform network protocol analyzer.
- netsniff-ng - Swiss army knife for for network sniffing.
- Dshell - Network forensic analysis framework.
- Debookee - Simple and powerful network traffic analyzer for macOS.
- Dripcap - Caffeinated packet analyzer.
- Netzob - Reverse engineering, traffic generation and fuzzing of communication protocols.
- sniffglue - Secure multithreaded packet sniffer.
- dnschef - Highly configurable DNS proxy for pentesters.
- mitmproxy - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
- Morpheus - Automated ettercap TCP/IP Hijacking tool.
- mallory - HTTP/HTTPS proxy over SSH.
- SSH MITM - Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.
- evilgrade - Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
- Ettercap - Comprehensive, mature suite for machine-in-the-middle attacks.
- BetterCAP - Modular, portable and easily extensible MITM framework.
- MITMf - Framework for Man-In-The-Middle attacks.
- Lambda-Proxy - Utility for testing SQL Injection vulnerabilities on AWS Lambda serverless functions.
- Aircrack-ng - Set of tools for auditing wireless networks.
- Kismet - Wireless network detector, sniffer, and IDS.
- Reaver - Brute force attack against WiFi Protected Setup.
- Wifite - Automated wireless attack tool.
- Fluxion - Suite of automated social engineering based WPA attacks.
- Airgeddon - Multi-use bash script for Linux systems to audit wireless networks.
- Cowpatty - Brute-force dictionary attack against WPA-PSK.
- BoopSuite - Suite of tools written in Python for wireless auditing.
- Bully - Implementation of the WPS brute force attack, written in C.
- infernal-twin - Automated wireless hacking tool.
- krackattacks-scripts - WPA2 Krack attack scripts.
- KRACK Detector - Detect and prevent KRACK attacks in your network.
- wifi-arsenal - Resources for Wi-Fi Pentesting.
- WiFi-Pumpkin - Framework for rogue Wi-Fi access point attack.
- SSLyze - Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.
- tls_prober - Fingerprint a server's SSL/TLS implementation.
- testssl.sh - Command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.
- crackpkcs12 - Multithreaded program to crack PKCS#12 files (
.p12
and.pfx
extensions), such as TLS/SSL certificates.
- OWASP Zed Attack Proxy (ZAP) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
- Fiddler - Free cross-platform web debugging proxy with user-friendly companion tools.
- Burp Suite - Integrated platform for performing security testing of web applications.
- autochrome - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup.
- Browser Exploitation Framework (BeEF) - Command and control server for delivering exploits to commandeered Web browsers.
- Offensive Web Testing Framework (OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
- Wordpress Exploit Framework - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
- WPSploit - Exploit WordPress-powered websites with Metasploit.
- SQLmap - Automatic SQL injection and database takeover tool.
- tplmap - Automatic server-side template injection and Web server takeover tool.
- weevely3 - Weaponized web shell.
- Wappalyzer - Wappalyzer uncovers the technologies used on websites.
- WhatWeb - Website fingerprinter.
- BlindElephant - Web application fingerprinter.
- wafw00f - Identifies and fingerprints Web Application Firewall (WAF) products.
- fimap - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
- Kadabra - Automatic LFI exploiter and scanner.
- Kadimus - LFI scan and exploit tool.
- liffy - LFI exploitation tool.
- Commix - Automated all-in-one operating system command injection and exploitation tool.
- DVCS Ripper - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.
- GitTools - Automatically find and download Web-accessible
.git
repositories. - sslstrip - Demonstration of the HTTPS stripping attacks.
- sslstrip2 - SSLStrip version to defeat HSTS.
- NoSQLmap - Automatic NoSQL injection and database takeover tool.
- VHostScan - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
- FuzzDB - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
- EyeWitness - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
- webscreenshot - A simple script to take screenshots of list of websites.
- recursebuster - Content discovery tool to perform directory and file bruteforcing.
- Raccoon - High performance offensive security tool for reconnaissance and vulnerability scanning.
- WhatWaf - Detect and bypass web application firewalls and protection systems.
- badtouch - Scriptable network authentication cracker.
- HexEdit.js - Browser-based hex editing.
- Hexinator - World's finest (proprietary, commercial) Hex Editor.
- Frhed - Binary file editor for Windows.
- 0xED - Native macOS hex editor that supports plug-ins to display custom data types.
- Hex Fiend - Fast, open source, hex editor for macOS with support for viewing binary diffs.
- Bless - High quality, full featured, cross-platform graphical hex editor written in Gtk#.
- wxHexEditor - Free GUI hex editor for GNU/Linux, macOS, and Windows.
hexedit
- Simple, fast, console-based hex editor.
- Kaitai Struct - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
- Veles - Binary data visualization and analysis tool.
- Hachoir - Python library to view and edit a binary stream as tree of fields and tools for metadata extraction.
- Veil - Generate metasploit payloads that bypass common anti-virus solutions.
- shellsploit - Generates custom shellcode, backdoors, injectors, optionally obfuscates every byte via encoders.
- Hyperion - Runtime encryptor for 32-bit portable executables ("PE
.exe
s"). - AntiVirus Evasion Tool (AVET) - Post-process exploits containing executable files targeted for Windows machines to avoid being recognized by antivirus software.
- peCloak.py - Automates the process of hiding a malicious Windows executable from antivirus (AV) detection.
- peCloakCapstone - Multi-platform fork of the peCloak.py automated malware antivirus evasion tool.
- UniByAv - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key.
- Shellter - Dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.
- John the Ripper - Fast password cracker.
- Hashcat - The more fast hash cracker.
- CeWL - Generates custom wordlists by spidering a target's website and collecting unique words.
- JWT Cracker - Simple HS256 JWT token brute force cracker.
- Rar Crack - RAR bruteforce cracker.
- BruteForce Wallet - Find the password of an encrypted wallet file (i.e.
wallet.dat
). - StegCracker - Steganography brute-force utility to uncover hidden data inside files.
- Sysinternals Suite - The Sysinternals Troubleshooting Utilities.
- Windows Credentials Editor - Inspect logon sessions and add, change, list, and delete associated credentials, including Kerberos tickets.
- mimikatz - Credentials extraction tool for Windows operating system.
- PowerSploit - PowerShell Post-Exploitation Framework.
- Windows Exploit Suggester - Detects potential missing patches on the target.
- Responder - Link-Local Multicast Name Resolution (LLMNR), NBT-NS, and mDNS poisoner.
- Bloodhound - Graphical Active Directory trust relationship explorer.
- Empire - Pure PowerShell post-exploitation agent.
- Fibratus - Tool for exploration and tracing of the Windows kernel.
- wePWNise - Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software.
- redsnarf - Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers.
- Magic Unicorn - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or
certutil
(using fake certificates). - DeathStar - Python script that uses Empire's RESTful API to automate gaining Domain Admin rights in Active Directory environments.
- RID_ENUM - Python script that can enumerate all users from a Windows Domain Controller and crack those user's passwords using brute-force.
- MailSniper - Modular tool for searching through email in a Microsoft Exchange environment, gathering the Global Address List from Outlook Web Access (OWA) and Exchange Web Services (EWS), and more.
- Ruler - Abuses client-side Outlook features to gain a remote shell on a Microsoft Exchange server.
- SCOMDecrypt - Retrieve and decrypt RunAs credentials stored within Microsoft System Center Operations Manager (SCOM) databases.
- LaZagne - Credentials recovery project.
- Active Directory and Privilege Escalation (ADAPE) - Umbrella script that automates numerous useful PowerShell modules to discover security misconfigurations and attempt privilege escalation against Active Directory.
- Linux Exploit Suggester - Heuristic reporting on potentially viable exploits for a given GNU/Linux system.
- Lynis - Auditing tool for UNIX-based systems.
- unix-privesc-check - Shell script to check for simple privilege escalation vectors on UNIX systems.
- Hwacha - Post-exploitation tool to quickly execute payloads via SSH on one or more Linux systems simultaneously.
- checksec.sh - Shell script designed to test what standard Linux OS and PaX security features are being used.
- Bella - Pure Python post-exploitation data mining and remote administration tool for macOS.
- EvilOSX - Modular RAT that uses numerous evasion and exfiltration techniques out-of-the-box.
- LOIC - Open source network stress tool for Windows.
- JS LOIC - JavaScript in-browser version of LOIC.
- SlowLoris - DoS tool that uses low bandwidth on the attacking side.
- HOIC - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures.
- T50 - Faster network stress tool.
- UFONet - Abuses OSI layer 7 HTTP to create/manage 'zombies' and to conduct different attacks using;
GET
/POST
, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc. - Memcrashed - DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API.
- Social Engineer Toolkit (SET) - Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly.
- King Phisher - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content.
- Evilginx - MITM attack framework used for phishing credentials and session cookies from any Web service.
- Evilginx2 - Standalone man-in-the-middle attack framework.
- wifiphisher - Automated phishing attacks against WiFi networks.
- Catphish - Tool for phishing and corporate espionage written in Ruby.
- Beelogger - Tool for generating keylooger.
- FiercePhish - Full-fledged phishing framework to manage all phishing engagements.
- SocialFish - Social media phishing framework that can run on an Android phone or in a Docker container.
- ShellPhish - Social media site cloner and phishing tool built atop SocialFish.
- Gophish - Open-source phishing framework.
- phishery - TLS/SSL enabled Basic Auth credential harvester.
- ReelPhish - Real-time two-factor phishing tool.
- Modlishka - Flexible and powerful reverse proxy with real-time two-factor authentication.
- Maltego - Proprietary software for open source intelligence and forensics, from Paterva.
- theHarvester - E-mail, subdomain and people names harvester.
- SimplyEmail - Email recon made fast and easy.
- creepy - Geolocation OSINT tool.
- metagoofil - Metadata harvester.
- Google Hacking Database - Database of Google dorks; can be used for recon.
- GooDork - Command line Google dorking tool.
- dork-cli - Command line Google dork tool.
- Censys - Collects data on hosts and websites through daily ZMap and ZGrab scans.
- Shodan - World's first search engine for Internet-connected devices.
- recon-ng - Full-featured Web Reconnaissance framework written in Python.
- sn0int - Semi-automatic OSINT framework and package manager.
- github-dorks - CLI tool to scan GitHub repos/organizations for potential sensitive information leaks.
- vcsmap - Plugin-based tool to scan public version control systems for sensitive information.
- Spiderfoot - Multi-source OSINT automation tool with a Web UI and report visualizations.
- BinGoo - GNU/Linux bash based Bing and Google Dorking Tool.
- fast-recon - Perform Google dorks against a domain.
- snitch - Information gathering via dorks.
- Sn1per - Automated Pentest Recon Scanner.
- Threat Crowd - Search engine for threats.
- Virus Total - Free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
- PacketTotal - Simple, free, high-quality packet capture file analysis facilitating the quick detection of network-borne malware (using Bro and Suricata IDS signatures under the hood).
- DataSploit - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes.
- AQUATONE - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.
- Intrigue - Automated OSINT & Attack Surface discovery framework with powerful API, UI and CLI.
- ZoomEye - Search engine for cyberspace that lets the user find specific network components.
- gOSINT - OSINT tool with multiple modules and a telegram scraper.
- OWASP Amass - Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc.
- Hunter.io - Data broker providing a Web search interface for discovering the email addresses and other organizational details of a company.
- FOCA (Fingerprinting Organizations with Collected Archives) - Automated document harvester that searches Google, Bing, and DuckDuckGo to find and extrapolate internal company organizational structures.
- dorks - Google hack database automation tool.
- image-match - Quickly search over billions of images.
- OSINT-SPY - Performs OSINT scan on email addresses, domain names, IP addresses, or organizations.
- pagodo - Automate Google Hacking Database scraping.
- surfraw - Fast UNIX command line interface to a variety of popular WWW search engines.
- GyoiThon - GyoiThon is an Intelligence Gathering tool using Machine Learning.
- Tor - Free software and onion routed overlay network that helps you defend against traffic analysis.
- OnionScan - Tool for investigating the Dark Web by finding operational security issues introduced by Tor hidden service operators.
- I2P - The Invisible Internet Project.
- Nipe - Script to redirect all traffic from the machine to the Tor network.
- What Every Browser Knows About You - Comprehensive detection page to test your own Web browser's configuration for privacy and identity leaks.
- dos-over-tor - Proof of concept denial of service over Tor stress test tool.
- oregano - Python module that runs as a machine-in-the-middle (MITM) accepting Tor client requests.
- kalitorify - Transparent proxy through Tor for Kali Linux OS.
- Interactive Disassembler (IDA Pro) - Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, IDA Free.
- WDK/WinDbg - Windows Driver Kit and WinDbg.
- OllyDbg - x86 debugger for Windows binaries that emphasizes binary code analysis.
- Radare2 - Open source, crossplatform reverse engineering framework.
- x64dbg - Open source x64/x32 debugger for windows.
- Immunity Debugger - Powerful way to write exploits and analyze malware.
- Evan's Debugger - OllyDbg-like debugger for GNU/Linux.
- Medusa - Open source, cross-platform interactive disassembler.
- plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
- peda - Python Exploit Development Assistance for GDB.
- dnSpy - Tool to reverse engineer .NET assemblies.
- binwalk - Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
- PyREBox - Python scriptable Reverse Engineering sandbox by Cisco-Talos.
- Voltron - Extensible debugger UI toolkit written in Python.
- Capstone - Lightweight multi-platform, multi-architecture disassembly framework.
- rVMI - Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool.
- Frida - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
- boxxy - Linkable sandbox explorer.
- pwndbg - GDB plug-in that eases debugging with GDB, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers, and exploit developers.
- LAN Turtle - Covert "USB Ethernet Adapter" that provides remote access, network intelligence gathering, and MITM capabilities when installed in a local network.
- USB Rubber Ducky - Customizable keystroke injection attack platform masquerading as a USB thumbdrive.
- Poisontap - Siphons cookies, exposes internal (LAN-side) router and installs web backdoor on locked computers.
- WiFi Pineapple - Wireless auditing and penetration testing platform.
- Proxmark3 - RFID/NFC cloning, replay, and spoofing toolkit often used for analyzing and attacking proximity cards/readers, wireless keys/keyfobs, and more.
- PCILeech - Uses PCIe hardware devices to read and write from the target system memory via Direct Memory Access (DMA) over PCIe.
- AT Commands - Use AT commands over an Android device's USB port to rewrite device firmware, bypass security mechanisms, exfiltrate sensitive information, perform screen unlocks, and inject touch events.
- Bash Bunny - Local exploit delivery tool in the form of a USB thumbdrive in which you write payloads in a DSL called BunnyScript.
- Packet Squirrel - Ethernet multi-tool designed to enable covert remote access, painless packet captures, and secure VPN connections with the flip of a switch.
- Industrial Exploitation Framework (ISF) - Metasploit-like exploit framework based on routersploit designed to target Industrial Control Systems (ICS), SCADA devices, PLC firmware, and more.
- s7scan - Scanner for enumerating Siemens S7 PLCs on a TCP/IP or LLC network.
- ChipWhisperer - Complete open-source toolchain for side-channel power analysis and glitching attacks.
- ctf-tools - Collection of setup scripts to install various security research tools easily and quickly deployable to new machines.
- Pwntools - Rapid exploit development framework built for use in CTFs.
- RsaCtfTool - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks.
- shellpop - Easily generate sophisticated reverse or bind shell commands to help you save time during penetration tests.
- Public Pentesting Reports - Curated list of public penetration test reports released by several consulting firms and academic security groups.
- T&VS Pentesting Report Template - Pentest report template provided by Test and Verification Services, Ltd.
- Web Application Security Assessment Report Template - Sample Web application security assessment reporting template provided by Lucideus.
- Target Scanner - Target Scanner is a penetration testing utility that quickly automates common tasks when assessing a target.
- exploit-db-search - Exploitdb Search.
- punk.py - unix SSH post-exploitation 1337 tool.
- tulpar - Web Vulnerability Scanner.
- dcrawl - Simple, but smart, multi-threaded web crawler for randomly gathering huge lists of unique domain names.
- V3n0m Scanner - Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns.
- golismero - The Web Knife.
- sqliv - Massive SQL injection vulnerability scanner.
- gitminer - Tool for advanced mining for content on Github.
- Cr3d0v3r - Know the dangers of credential reuse attacks.
- Striker - Striker is an offensive information and vulnerability scanner.
- emailHarvester - Email addresses harvester.
- BruteX - Automatically brute force all services running on a target.
- BlackWidow - A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
- Shiva - Improved DOS exploit for wordpress websites (CVE-2018-6389).
- ctfr - Domain enumeration, it just abuses of Certificate Transparency logs.
- twa - A tiny web auditor with strong opinions.
- Photon - Incredibly fast crawler designed for OSINT.
- CMSeek - CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and 130 other CMSs.
- HashBuster - Crack hashes in seconds.
- Invoke-Apex - PowerShell-based toolkit consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.
- RapidScan - The Multi-Tool Web Vulnerability Scanner.
- Freedom Fighting Mode (FFM) - FFM is a hacking harness that you can use during the post-exploitation phase of a red-teaming engagement.
- vault - Swiss army knife for hackers.
- badkarma - badKarma is an open source GUI based network reconnaissance toolkit which aims to assist penetration testers during network infrastructure assessments..
- EaST - «Exploits And Security Tools» penetration testing framework.
- Vanquish - Vanquish is a Kali Linux based Enumeration Orchestrator built in Python. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases.
- Reconnoitre - A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
- nudge4j - Java tool to let the browser talk to the JVM.
- dex2jar - Tools to work with Android .dex and Java .class files.
- JD-GUI - A standalone graphical utility that displays Java source codes of “.class” files.
- procyon - A modern open-source Java decompiler.
- androguard - Reverse engineering, malware and goodware analysis of Android applications.
- JAD - JAD Java Decompiler (closed-source, unmaintained).
- dotPeek - a free-of-charge .NET decompiler from JetBrains.
- ILSpy - an open-source .NET assembly browser and decompiler.
- de4dot - .NET deobfuscator and unpacker.
- antinet - .NET anti-managed debugger and anti-profiler code.
- UPX - the Ultimate Packer for eXecutables.
- radare2 - A portable reversing framework.
- Hopper - A OS X and Linux Disassembler/Decompiler for 32/64-bit Windows/Mac/Linux/iOS executables.
- ScratchABit - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API.