Android Open Pwn Project (AOPP) – Variant of the Android Open Source Project (AOSP), called Pwnix, is built from the ground up for network hacking and pentesting.
cSploit – Advanced IT security professional toolkit on Android featuring an integrated Metasploit daemon and MITM capabilities.
Fing – Network scanning and host enumeration app that performs NetBIOS, UPnP, Bonjour, SNMP, and various other advanced device fingerprinting techniques.
Nipe – Script to redirect all traffic from the machine to the Tor network.
OnionScan – Tool for investigating the Dark Web by finding operational security issues introduced by Tor hidden service operators.
Tails – Live operating system aiming to preserve your privacy and anonymity.
Tor – Free software and onion routed overlay network that helps you defend against traffic analysis.
dos-over-tor – Proof of concept denial of service over Tor stress test tool.
kalitorify – Transparent proxy through Tor for Kali Linux OS.
Anti-virus Evasion Tools
AntiVirus Evasion Tool (AVET) – Post-process exploits containing executable files targeted for Windows machines to avoid being recognized by antivirus software.
CarbonCopy – Tool that creates a spoofed certificate of any online website and signs an Executable for AV evasion.
Hyperion – Runtime encryptor for 32-bit portable executables (“PE .exes”).
Shellter – Dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.
UniByAv – Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key.
Veil – Generate metasploit payloads that bypass common anti-virus solutions.
peCloak.py – Automates the process of hiding a malicious Windows executable from antivirus (AV) detection.
peCloakCapstone – Multi-platform fork of the peCloak.py automated malware antivirus evasion tool.
Ekoparty – Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina.
Zealandia
CHCon – Christchurch Hacker Con, Only South Island of New Zealand hacker con.
Exfiltration Tools
DET – Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.
Iodine – Tunnel IPv4 data through a DNS server; useful for exfiltration from networks where Internet access is firewalled, but DNS queries are allowed.
TrevorC2 – Client/server tool for masking command and control and data exfiltration through a normally browsable website, not typical HTTP POST requests.
dnscat2 – Tool designed to create an encrypted command and control channel over the DNS protocol, which is an effective tunnel out of almost every network.
Magic Unicorn – Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or certutil (using fake certificates).
Pwntools – Rapid exploit development framework built for use in CTFs.
peda – Python Exploit Development Assistance for GDB.
WordPress Exploit Framework – Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
File Format Analysis Tools
ExifTool – Platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files.
Hachoir – Python library to view and edit a binary stream as tree of fields and tools for metadata extraction.
Kaitai Struct – File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
peepdf – Python tool to explore PDF files in order to find out if the file can be harmful or not.
Veles – Binary data visualization and analysis tool.
GNU/Linux Utilities
Hwacha – Post-exploitation tool to quickly execute payloads via SSH on one or more Linux systems simultaneously.
Linux Exploit Suggester – Heuristic reporting on potentially viable exploits for a given GNU/Linux system.
Industrial Exploitation Framework (ISF) – Metasploit-like exploit framework based on routersploit designed to target Industrial Control Systems (ICS), SCADA devices, PLC firmware, and more.
s7scan – Scanner for enumerating Siemens S7 PLCs on a TCP/IP or LLC network.
Bella – Pure Python post-exploitation data mining and remote administration tool for macOS.
EvilOSX – Modular RAT that uses numerous evasion and exfiltration techniques out-of-the-box.
Multi-paradigm Frameworks
Armitage – Java-based GUI front-end for the Metasploit Framework.
AutoSploit – Automated mass exploiter, which collects target by employing the Shodan.io API and programmatically chooses Metasploit exploit modules based on the Shodan query.
Decker – Penetration testing orchestration and automation framework, which allows writing declarative, reusable configurations capable of ingesting variables and using outputs of tools it has run as inputs to others.
Faraday – Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.
Metasploit – Software for offensive security teams to help verify vulnerabilities and manage security assessments.
Legion – Graphical semi-automated discovery and reconnaissance framework based on Python 3 and forked from SPARTA.
Network-Tools.com – Website offering an interface to numerous basic network utilities like ping, traceroute, whois, and more.
Ncrack – High-speed network authentication cracking tool built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords.
Praeda – Automated multi-function printer data harvester for gathering usable data during security assessments.
Printer Exploitation Toolkit (PRET) – Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
SPARTA – Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.
THC Hydra – Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more.
Tsunami – General purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
Zarp – Network attack tool centered around the exploitation of local networks.
dnstwist – Domain name permutation engine for detecting typo squatting, phishing and corporate espionage.
dsniff – Collection of tools for network auditing and pentesting.
impacket – Collection of Python classes for working with network protocols.
pivotsuite – Portable, platform independent and powerful network pivoting toolkit.
routersploit – Open source exploitation framework similar to Metasploit but dedicated to embedded devices.
rshijack – TCP connection hijacker, Rust rewrite of shijack.
DDoS Tools
Anevicon – Powerful UDP-based load generator, written in Rust.
HOIC – Updated version of Low Orbit Ion Cannon, has ‘boosters’ to get around common counter measures.
UFONet – Abuses OSI layer 7 HTTP to create/manage ‘zombies’ and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
Network Reconnaissance Tools
ACLight – Script for advanced discovery of sensitive Privileged Accounts – includes Shadow Admins.
AQUATONE – Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.
CloudFail – Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
DNSDumpster – Online DNS recon and search service.
Mass Scan – TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
OWASP Amass – Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc.
ScanCannon – Python script to quickly enumerate large networks by calling masscan to quickly identify open ports and then nmap to gain details on the systems/services on those ports.
XRay – Network (sub)domain discovery and reconnaissance automation tool.
dnsenum – Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
mitmproxy – Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
oregano – Python module that runs as a machine-in-the-middle (MITM) accepting Tor client requests.
sylkie – Command line tool and library for testing networks for common address spoofing security vulnerabilities in IPv6 networks using the Neighbor Discovery Protocol.
Transport Layer Security Tools
SSLyze – Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.
crackpkcs12 – Multithreaded program to crack PKCS#12 files (.p12 and .pfx extensions), such as TLS/SSL certificates.
testssl.sh – Command line tool which checks a server’s service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.
tls_prober – Fingerprint a server’s SSL/TLS implementation.
Wireless Network Tools
Aircrack-ng – Set of tools for auditing wireless networks.
Airgeddon – Multi-use bash script for Linux systems to audit wireless networks.
BoopSuite – Suite of tools written in Python for wireless auditing.
Bully – Implementation of the WPS brute force attack, written in C.
Cowpatty – Brute-force dictionary attack against WPA-PSK.
Fluxion – Suite of automated social engineering based WPA attacks.
KRACK Detector – Detect and prevent KRACK attacks in your network.
Kismet – Wireless network detector, sniffer, and IDS.
PSKracker – Collection of WPA/WPA2/WPS default algorithms, password generators, and PIN generators written in C.
Reaver – Brute force attack against WiFi Protected Setup.
WiFi Pineapple – Wireless auditing and penetration testing platform.
WiFi-Pumpkin – Framework for rogue Wi-Fi access point attack.
pwnagotchi – Deep reinforcement learning based AI that learns from the Wi-Fi environment and instruments BetterCAP in order to maximize the WPA key material captured.
Open Web Application Security Project (OWASP) – Worldwide not-for-profit charitable organization focused on improving the security of especially Web-based and Application-layer software.
PENTEST-WIKI – Free online security knowledge library for pentesters and researchers.
Penetration Testing Framework (PTF) – Outline for performing penetration tests compiled as a general framework usable by vulnerability analysts and penetration testers alike.
XSS-Payloads – Resource dedicated to all things XSS (cross-site), including payloads, tools, games, and documentation.
Other Lists Online
.NET Programming – Software framework for Microsoft Windows platform development.
DataSploit – OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes.
GyoiThon – GyoiThon is an Intelligence Gathering tool using Machine Learning.
Intrigue – Automated OSINT & Attack Surface discovery framework with powerful API, UI and CLI.
Maltego – Proprietary software for open sources intelligence and forensics.
PacketTotal – Simple, free, high-quality packet capture file analysis facilitating the quick detection of network-borne malware (using Zeek and Suricata IDS signatures under the hood).
Skiptracer – OSINT scraping framework that utilizes basic Python webscraping (BeautifulSoup) of PII paywall sites to compile passive information on a target on a ramen noodle budget.
Virus Total – Free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
surfraw – Fast UNIX command line interface to a variety of popular WWW search engines.
Dorking tools
BinGoo – GNU/Linux bash based Bing and Google Dorking Tool.
dorkbot – Command-line tool to scan Google (or other) search results for vulnerabilities.
github-dorks – CLI tool to scan GitHub repos/organizations for potential sensitive information leaks.
WhatBreach – Search email addresses and discover all known breaches that this email has been seen in, and download the breached database if it is publicly available.
theHarvester – E-mail, subdomain and people names harvester.
Network device discovery tools
Censys – Collects data on hosts and websites through daily ZMap and ZGrab scans.
Shodan – World’s first search engine for Internet-connected devices.
ZoomEye – Search engine for cyberspace that lets the user find specific network components.
OSINT Online Resources
CertGraph – Crawls a domain’s SSL/TLS certificates for its certificate alternative names.
GhostProject – Searchable database of billions of cleartext passwords, partially visible for free.
NetBootcamp OSINT Tools – Collection of OSINT links and custom Web interfaces to other services.
OSINT Framework – Collection of various OSINT tools broken out by category.
WiGLE.net – Information about wireless networks world-wide, with user-friendly desktop and web applications.
Source code repository searching tools
vcsmap – Plugin-based tool to scan public version control systems for sensitive information.
Yar – Clone git repositories to search through the whole commit history in order of commit time for secrets, tokens, or passwords.
Operating System Distributions
Android Tamer – Distribution built for Android security professionals that includes tools required for Android security testing.
ArchStrike – Arch GNU/Linux repository for security professionals and enthusiasts.
AttifyOS – GNU/Linux distribution focused on tools useful during Internet of Things (IoT) security assessments.
BlackArch – Arch GNU/Linux-based distribution for penetration testers and security researchers.
Buscador – GNU/Linux virtual machine that is pre-configured for online investigators.
Kali – Rolling Debian-based GNU/Linux distribution designed for penetration testing and digital forensics.
Network Security Toolkit (NST) – Fedora-based GNU/Linux bootable live Operating System designed to provide easy access to best-of-breed open source network security applications.
Parrot – Distribution similar to Kali, with support for multiple hardware architectures.
PentestBox – Open source pre-configured portable penetration testing environment for the Windows Operating System.
The Pentesters Framework – Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that omits less frequently used utilities.
AT Commands – Use AT commands over an Android device’s USB port to rewrite device firmware, bypass security mechanisms, exfiltrate sensitive information, perform screen unlocks, and inject touch events.
Bash Bunny – Local exploit delivery tool in the form of a USB thumbdrive in which you write payloads in a DSL called BunnyScript.
LAN Turtle – Covert “USB Ethernet Adapter” that provides remote access, network intelligence gathering, and MITM capabilities when installed in a local network.
PCILeech – Uses PCIe hardware devices to read and write from the target system memory via Direct Memory Access (DMA) over PCIe.
Packet Squirrel – Ethernet multi-tool designed to enable covert remote access, painless packet captures, and secure VPN connections with the flip of a switch.
Poisontap – Siphons cookies, exposes internal (LAN-side) router and installs web backdoor on locked computers.
Proxmark3 – RFID/NFC cloning, replay, and spoofing toolkit often used for analyzing and attacking proximity cards/readers, wireless keys/keyfobs, and more.
Thunderclap – Open source I/O security research platform for auditing physical DMA-enabled hardware peripheral ports.
USB Rubber Ducky – Customizable keystroke injection attack platform masquerading as a USB thumbdrive.
Privilege Escalation Tools
Active Directory and Privilege Escalation (ADAPE) – Umbrella script that automates numerous useful PowerShell modules to discover security misconfigurations and attempt privilege escalation against Active Directory.
LinEnum – Scripted local Linux enumeration and privilege escalation checker useful for auditing a host and during CTF gaming.
Postenum – Shell script used for enumerating possible privilege escalation opportunities on a local GNU/Linux system.
unix-privesc-check – Shell script to check for simple privilege escalation vectors on UNIX systems.
Frida – Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
Fridax – Read variables and intercept/hook functions in Xamarin/Mono JIT and AOT compiled iOS/Android applications.
Ghidra – Suite of free software reverse engineering tools developed by NSA’s Research Directorate originally exposed in WikiLeaks’s “Vault 7” publication and now maintained as open source software.
Immunity Debugger – Powerful way to write exploits and analyze malware.
plasma – Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
pwndbg – GDB plug-in that eases debugging with GDB, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers, and exploit developers.
rVMI – Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool.
x64dbg – Open source x64/x32 debugger for windows.
Security Education Courses
ARIZONA CYBER WARFARE RANGE – 24×7 live fire exercises for beginners through real world operations; capability for upward progression into the real world of cyber warfare.
Cybrary – Free courses in ethical hacking and advanced penetration testing. Advanced penetration testing courses are based on the book ‘Penetration Testing for Highly Secured Environments’.
ChipWhisperer – Complete open-source toolchain for side-channel power analysis and glitching attacks.
SGX-Step – Open-source framework to facilitate side-channel attack research on Intel x86 processors in general and Intel SGX (Software Guard Extensions) platforms in particular.
TRRespass – Many-sided rowhammer tool suite able to reverse engineer the contents of DDR3 and DDR4 memory chips protected by Target Row Refresh mitigations.
Catphish – Tool for phishing and corporate espionage written in Ruby.
Evilginx2 – Standalone Machine-in-the-Middle (MitM) reverse proxy attack framework for setting up phishing pages capable of defeating most forms of 2FA security schemes.
FiercePhish – Full-fledged phishing framework to manage all phishing engagements.
Social Engineer Toolkit (SET) – Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly.
SocialFish – Social media phishing framework that can run on an Android phone or in a Docker container.
wifiphisher – Automated phishing attacks against WiFi networks.
Static Analyzers
Brakeman – Static analysis security vulnerability scanner for Ruby on Rails applications.
FindBugs – Free software static analyzer to look for bugs in Java code.
Progpilot – Static security analysis tool for PHP code.
RegEx-DoS – Analyzes source code for Regular Expressions susceptible to Denial of Service attacks.
bandit – Security oriented static analyser for Python code.
cppcheck – Extensible C/C++ static analyzer focused on finding bugs.
sobelow – Security-focused static analysis for the Phoenix Framework.
cwe_checker – Suite of tools built atop the Binary Analysis Platform (BAP) to heuristically detect CWEs in compiled binaries and firmware.
Steganography Tools
Cloakify – Textual steganography toolkit that converts any filetype into lists of everyday strings.
StegCracker – Steganography brute-force utility to uncover hidden data inside files.
Vulnerability Databases
Bugtraq (BID) – Software security bug identification database compiled from submissions to the SecurityFocus mailing list and other sources, operated by Symantec, Inc.
CXSecurity – Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a Google dork database for discovering the listed vulnerability.
Exploit-DB – Non-profit project hosting exploits for software vulnerabilities, provided as a public service by Offensive Security.
Full-Disclosure – Public, vendor-neutral forum for detailed discussion of vulnerabilities, often publishes details before many other sources.
GitHub Advisories – Public vulnerability advisories published by or affecting codebases hosted by GitHub, including open source projects.
HPI-VDB – Aggregator of cross-referenced software vulnerabilities offering free-of-charge API access, provided by the Hasso-Plattner Institute, Potsdam.
Inj3ct0r – Exploit marketplace and vulnerability information aggregator. (Onion service.)
Microsoft Security Advisories and Bulletins – Archive and announcements of security advisories impacting Microsoft software, published by the Microsoft Security Response Center (MSRC).
National Vulnerability Database (NVD) – United States government’s National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine.
Packet Storm – Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
SecuriTeam – Independent source of software vulnerability information.
Snyk Vulnerability DB – Detailed information and remediation guidance for vulnerabilities known by Snyk.
US-CERT Vulnerability Notes Database – Summaries, technical details, remediation information, and lists of vendors affected by software vulnerabilities, aggregated by the United States Computer Emergency Response Team (US-CERT).
Vulnerability Lab – Open forum for security advisories organized by category of exploit target.
Vulners – Security database of software vulnerabilities.
Vulmon – Vulnerability search engine with vulnerability intelligence features that conducts full text searches in its database.
Zero Day Initiative – Bug bounty program with publicly accessible archive of published security advisories, operated by TippingPoint.
Raccoon – High performance offensive security tool for reconnaissance and vulnerability scanning.
SQLmap – Automatic SQL injection and database takeover tool.
VHostScan – Virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
WPSploit – Exploit WordPress-powered websites with Metasploit.
Wappalyzer – Wappalyzer uncovers the technologies used on websites.
WhatWaf – Detect and bypass web application firewalls and protection systems.
autochrome – Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup.
MailSniper – Modular tool for searching through email in a Microsoft Exchange environment, gathering the Global Address List from Outlook Web Access (OWA) and Exchange Web Services (EWS), and more.
mimikatz – Credentials extraction tool for Windows operating system.
redsnarf – Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers.
wePWNise – Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software.
WinPwn – Internal penetration test script to perform local and domain reconnaissance, privilege escalation and exploitation.