Rawsec's CyberSecurity Inventory

An inventory of tools and resources about CyberSecurity.

Binary ExploitationBug BountyCloudCode AnalysisCollaboration and ReportConfiguration auditCrackingCryptographyDigital ForensicsHoneypot and DecoyIncident ResponseIntentionally Vulnerable ApplicationsNetworkingOSINT and ReconnaissanceOtherPluginsRed TeamingReverse EngineeringSteganographySystem ExploitationThreat IntelligenceVulnerability AssessmentWeb Application ExploitationWireless

Tools

Note: Paid softwares may exist in a free limited version or a demo version

Binary Exploitation

Name Website Source Description Programming language Price Online
ASLRay [Source] Tool for ASLR bypass with stack-spraying Shell Free False
heaphopper [Website] [Source] Bounded model checking framework for Heap-implementations Python Free False
libformatstr [Source] Library to simplify format string exploitation Python Free False
pwntools [Source] Framework and exploit development library Python Free False
pwntools-ruby [Source] Framework and exploit development library, ported onto ruby Ruby Free False
ROPgadget [Website] [Source] Framework for ROP exploitation Python Free False

Bug Bounty

Name Website Source Description Programming language Price Online
bbr [Source] Generation of bug bounty reports based on user provided templates Go Free False
bbrecon [Website] [Source] Service enumerating all targets on Internet covered by a bug bounty program Python Free True
BBstats [Source] Aggregate reports/bounties from different platforms in order to create combined stats and graphs PHP Free False
Bounty Dashboard [Source] Aggregate reports/bounties from different platforms in order to create combined stats and graphs, report and template management system, invoice creation system PHP Free False
bounty-targets [Source] Crawls bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) hourly and dumps them into another git repo Ruby Free False
BountyDash [Source] Dashboard to combine rewards from all platforms, giving insights about progress and bug hunting patterns PHP Free False
bountyplz [Source] Automated bug bounty reporting/submission, supports HackerOne and Bugcrowd Shell Free False
BugBounty Web App [Source] App that helps bug bounty hunters to manage their bounties and target list Python Free False
Bugbountydash [Source] Terminal dashboard for bug bounty hunters that use HackerOne and Bugcrowd JavaScript Free False
Hackerone::Client [Source] A limited client library for interacting with HackerOne Ruby Free False
Needle [Source] Chrome extension for instant access to bug bounty submission dashboard of various platforms and publicly disclosed reports HTML Free False

Cloud

Name Website Source Description Programming language Price Online
AWS Extender CLI [Source] Test S3 buckets as well as Google Storage buckets and Azure Storage containers for common misconfiguration issues Python Free False
Pacu [Website] [Source] AWS exploitation framework Python Free False
Smogcloud [Source] Identify AWS cloud assets Go Free False

Code Analysis

Name Website Source Description Programming language Price Online
Adhrit [Website] [Source] Android APK reversing and analysis suite Python Free False
AndroBugs Framework [Source] Android APK vulnerability analyzer Python Free False
APKLeaks [Source] Scanning APK file for URIs, endpoints and secrets Python Free False
MobSF [Source] Android APK vulnerability analyzer Python Free False
NodeJsScan [Source] Static security code scanner for Node.js applications Python Free False
QARK [Source] Android APK vulnerability analyzer Python Free False
SonarQube [Website] [Source] Automatic code review tool to detect bugs, vulnerabilities; continuous code inspection automated with static code analysis rules Java Free False
StaCoAn [Source] Mobile applications static code analysis tool Python Free False
SUPER [Website] [Source] Android APK vulnerability analyzer Rust Free False
wpBullet [Source] Static code analysis for WordPress Plugins and Themes (and PHP) Python Free False

Collaboration and Report

Name Website Source Description Programming language Price Online
Archery [Website] [Source] Vulnerability Assessment and Management tool, run scan and manage vulnerabilities Python Free False
AttackForge.com [Website] Penetration test collaboration platform: vulnerability management and reporting Free True
Bulwark [Source] Collaborative penetration test, vulnerability management and reporting platform JavaScript Free False
Canopy [Website] Penetration test platform: vulnerability management and reporting Paid False
CTFNote [Source] Collaborative platform for CTF teams, event planning, credentials sharing, tasks management, notes taking JavaScript Free False
DART [Source] Documentation And Reporting Tool; Collaborative penetration test and vulnerability management platform Python Free False
DefectDojo [Website] [Source] Vulnerability management application built for DevOps and continuous security integration Python Free False
Dradis [Website] [Source] Collaborative penetration test, vulnerability management and reporting platform Ruby Paid False
envizon [Website] [Source] Vulnerability management and reporting platform Ruby Free False
Faraday [Website] [Source] Collaborative penetration test and reporting platform Python Paid False
Ghostwriter [Website] [Source] Project management and reporting engine Python Free False
hackOx [Website] [Source] Modular web based pentesting interface designed to run on Raspberry Pi PHP Free False
Hive [Website] Collaborative penetration test and reporting platform Paid False
Kvasir [Source] Pentest data management tool Python Free False
Lair [Website] [Source] Collaborative penetration test and vulnerability management framework JavaScript Free False
MISP [Website] [Source] Malware Information Sharing Platform, an Open Source threat intelligence plateform and open standards for threat information sharing PHP Free False
NightWriter [Website] Modern real-time collaborative editing tool secured by end-to-end encryption Go Free False
oneVault [Website] Collaborative penetration test, vulnerability management and reporting platform Paid False
OSCP Exam Report Template in Markdown [Website] [Source] Markdown templates for OSCP exam report Markdown Free False
OWASP PenText [Website] [Source] Collection of XML templates, XML schemas and XSLT code, to generate IT security documents including test reports, offers and invoices Free False
PatrOwl [Website] [Source] Security operations orchestration and continuous threat management platform Python Free False
Pentest Collaboration Framework [Source] Collaborative penetration test, vulnerability management and reporting platform Python Free False
PenTest.WS [Website] Collaborative penetration test, vulnerability management and reporting platform Paid False
PlexTrac [Website] Collaborative penetration test reporting and vulnerability management platform Paid False
Pollenisator [Source] Collaborative penetration test and reporting platform (DB + clients, no WebUI) Python Free False
Prithvi [Website] [Source] Report generation tool for pentester with provided OWASP data JavaScript Free False
PwnDoc [Source] Collaborative penetration test reporting platform JavaScript Free False
Reconmap [Website] [Source] Penetration test planning, automation and reporting PHP Free False
Reporter [Website] Collaborative penetration test reporting platform Paid True
Serpico [Source] SimplE RePort wrIting and CollaboratiOn tool, penetration testing report generation and collaboration tool Ruby Free False
Serpico-NG [Source] SimplE RePort wrIting and CollaboratiOn tool NEXT-GENERATION, penetration testing report generation and collaboration tool, fork of Serpico Ruby Free False
Sh00t [Source] Pentesting platform with dynamic task manager, checklists, bug template & bug report Python Free False
Smersh [Source] Pentest oriented collaborative tool used to track the progress of your company's engagements and generate reports PHP Free False
SwiftnessX [Source] Cross-platform note-taking and target-tracking app for penetration testers JavaScript Free False
vcr [Source] Vulnerability Compliance Report; parse Nessus CIS benchmark scan files and generate HTML reports PowerShell Free False
vuldash [Website] [Source] Vulnerability Dashboard; vulnerability management, project management and report generation PHP Free False
VULNREPO [Website] [Source] Vulnerability report generator JavaScript Free False
Vulnreport [Website] [Source] Pentesting management and automation platform Ruby Free False
WriteHat [Website] [Source] Collaborative penetration test reporting platform Python Free False

Configuration audit

Name Website Source Description Programming language Price Online
Nipper Studio [Website] Tool that parse router, switch, firewall configuration to discover vulnerabilities Paid False
Nipper-ng [Source] Tool that parse router, switch, firewall configuration to discover vulnerabilities Cplusplus Free False

Cracking (Hash)

Name Website Source Description Programming language Price Online
BEWGor [Source] Bull's Eye Wordlist Generator, password wordlist generator based on target information Python Free False
Bopscrk [Source] Before Outset PaSsword CRacKing, password wordlist generator with exclusive features like lyrics based mode Python Free False
CeWL [Source] Custom wordlist generator based on website crawling Ruby Free False
ComPP [Source] Company Passwords Profiler helps making a bruteforce wordlist for a targeted company Python Free False
cook [Source] Wordlist generator: create permutations and combinations of words with predefined sets of extensions, words and patterns/function to create complex endpoints, wordlists and passwords Go Free False
CrackerJack [Website] [Source] Basic Web Interface for Hashcat Python Free False
Cracklord [Website] [Source] Scalable, pluggable, and distributed system for hash cracking, supports Hashcat Go Free False
CrackQ [Source] Hashcat cracking queue system, API and WebUI Python Free False
CrackStation [Website] [Source] Pre-computed lookup tables to crack password hashes PHP Free True
crunch [Source] Wordlist generator C Free False
CUPP [Source] Common User Passwords Profiler, wordlist generator based on user profiling Python Free False
Duplicut [Source] Remove duplicates from massive wordlist, without sorting it (for dictionary-based password cracking) C Free False
elpscrk [Source] Wordlist generator based on user profiling Python Free False
GoCrack [Source] Management frontend for hash cracking tools, supporting hashcat Go Free False
Hashcat [Website] [Source] Hash cracking tool C Free False
hashcobra [Source] Hash cracking tool using rainbow tables CPlusPlus Free False
Hashtopolis [Source] Hashcat wrapper for distributed hashcracking PHP Free False
Hashview [Website] [Source] Web-UI for managing, organizing, automating Hashcat commands/tasks Ruby Free False
John The Ripper [Website] Hash cracking tool C Free False
John the Ripper, Jumbo version [Website] [Source] Hash cracking tool, community-enhanced version of John The Ripper C Free False
Kraker [Source] Distributed password brute-force system, supports Hashcat PHP Free False
longtongue [Source] Password wordlist generator based on target information Python Free False
lyricpass [Source] Tool to generate wordlists based on lyrics Python Free False
Mentalist [Source] Graphical tool for custom wordlist generation, can output rules compatible with Hashcat and John the Ripper Python Free False
Ophcrack [Website] [Source] Windows hash cracker based on rainbow tables Free False
pnwgen [Source] Phone number wordlist generator Python Free False
PowerSniper [Source] Password spraying script and helper for creating password lists PowerShell Free False
pydictor [Source] Multi-method password wordlist generator Python Free False
rulesfinder [Source] Machine-learn password mangling rules; finds efficient password mangling rules (for John the Ripper or Hashcat) for a given dictionary and a list of passwords Rust Free False
Spraygen [Source] Permutation-based password list generator Python Free False
TTPassGen [Source] Flexible and scriptable password dictionary/wordlist generator Python Free False
WebHashcat [Source] Hashcat WebUI with distributed cracking sessions and analytics Python Free False
WOG [Website] [Source] Weakpass rule-based online generator; generates a wordlist based on a set of words entered by the user Javascript Free True
wordlistctl [Source] Fetch, install and search wordlist archives from websites and torrent peers Python Free False

Cryptography

Name Website Source Description Programming language Price Online
Cipher Suite Info [Website] [Source] A searchable directory of TLS ciphersuites and related security details Python Free True
crypto-identifier [Source] Tool that try to identify what cipher is used and uncipher the data Python Free False
Crypton [Source] Library consisting of explanation and implementation of all the existing attacks on various Encryption Systems, Digital Signatures, Hashing Algorithms along with example challenges from CTFs Python Free False
Dcode [Website] Code and decode all kind of checksums, algorithms, codes or ciphers Free True
FeatherDuster [Source] Cryptanalysis tool and library Python Free False
Haiti [Website] [Source] A CLI tool to identify the hash type of a given hash Ruby Free False
hashID [Source] Identify the different types of hashes Python Free False
JWT-Key-Recovery [Source] Recover the public key used to sign JWT tokens Python Free False
PkCrack [Website] Tool for breaking PkZip encryption Free False
RsaCtfTool [Source] Tool to conduct manual or automated attack on RSA Python Free False
RSATool [Source] Tool to calculate RSA parameters Python Free False
RSHack [Source] RSA attack and key manipulation tool Free False
XORTool [Source] Tool to analyze multi-byte xor cipher Python Free False

Digital Forensics

Name Website Source Description Programming language Price Online
Cerbero Profiler [Website] File analyzer and inspector Paid False
dnscat2 [Source] Encrypted command-and-control (C&C) channel over the DNS protocol, data exfiltration Cplusplus Free False
ExifTool [Website] [Source] Library and CLI tool for reading, writing and editing metadata for a lot of file types Perl Free False
extundelete [Website] [Source] Tool to recover deleted files from an ext3 or ext4 partition Free False
Fibratus [Source] Tool for exploration and tracing of the Windows kernel Python Free False
Foremost [Website] [Source] CLI tool to recover files based on their headers, footers, and internal data structures Free False
rekall [Website] [Source] Volatile memory extraction utility Python Free False
rekall (Fireeye fork) [Source] Fork of rekall with support for Windows 10 memory compression Python Free False
ResourcesExtract [Website] Scans dll/ocx/exe files and extract all resources found, Windows only Free False
shellbags [Source] Shellbag parser (Windows Registry Keys) Python Free False
volatility [Website] [Source] Volatile memory extraction utility Python Free False
volatility (Fireeye fork) [Source] Fork of volatility with support for Windows 10 memory compression Python Free False

Honeypot and Decoy

Name Website Source Description Programming language Price Online
Canarytokens [Website] [Source] quickly deployable honeypot with docker image, the online service allows to get alerted by email for URL token, DNS token, unique email address, custom image, MS word doc., Acrobat Reader PDF doc., and more Free True
DejaVU [Source] Deception framework which can be used to deploy decoys across the infrastructure Free False

Incident Response

Name Website Source Description Programming language Price Online
DFIRTrack [Source] Incident response tracking web application, focused on handling one major incident with a lot of affected systems Python Free False
IntelMQ [Source] Solution for collecting and processing security feeds using a message queuing protocol Python Free False
SCOT [Website] [Source] Sandia Cyber Omni Tracker; cyber security incident response management system and knowledge base Perl Free False

Intentionally Vulnerable Applications

Name Website Source Description Programming language Price Online
bWAPP [Website] [Source] Buggy Web Application, insecure webapp for security trainings PHP Free False
DVIA [Website] [Source] Damn Vulnerable iOS App, insecure webapp for mobile security trainings Swift Free False
DVWA [Website] [Source] Damn Vulnerable Web Application, insecure webapp for security trainings PHP Free False
Google Gruyere [Website] [Source] Codelab for white-box and black-box hacking Python Free True
Hackazon [Source] Intentionally vulnerable web shopping application using modern technologies and containing configurable areas PHP Free False
OWASP Juice Shop [Website] [Source] Insecure web application with >85 challenges; supports CTFs, custom themes, tutorial mode etc. JavaScript Free False
OWASP Mutillidae II [Website] [Source] Intentionally vulnerable web-application containing some OWASP Top Ten vulnerabilities, with hints and switch for secure version of the code PHP Free False
OWASP WebGoat [Website] [Source] Deliberately insecure web application to teach web application security lessons Java Free False
XVNA [Source] Extreme Vulnerable Node Application, insecure webapp for security trainings JavaScript Free False

Networking

Name Website Source Description Programming language Price Online
ActiveDirectoryEnumeration [Source] Enumerate AD through LDAP with a collection of helpfull scripts being bundled: ASREPRoasting, Kerberoasting, dump AD as BloodHound JSON files, searching GPOs in SYSVOL for cpassword and decrypting, run without creds Python Free False
ad-ldap-enum [Source] LDAP based Active Directory user and group enumeration tool Python Free False
adfsbrute [Source] Test credentials against Active Directory Federation Services (ADFS), allowing password spraying or bruteforce attacks Python Free False
archtorify [Source] Script for Arch Linux which use iptables settings to create a transparent proxy through Tor Network Shell Free False
Arecibo [Source] Endpoint for Out-of-Band Exfiltration (DNS & HTTP) Python Free False
bettercap [Website] [Source] MITM framework Ruby Free False
bettercap web UI [Website] [Source] Web UI for bettercap TypeScript Free False
boofuzz [Source] Network protocol fuzzing framework Python Free False
Boomerang [Source] Client/Server HTTP pivoting tool Go Free False
BruteSpray [Source] Takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa Python Free False
BruteX [Source] Tool using nmap and hydra to automatically bruteforce network service accounts Shell Free False
Carnivore [Website] [Source] Assessment of on-premises Microsoft servers such as ADFS, Skype, Exchange, and RDWeb CSharp Free False
CapAnalysis [Website] [Source] PCAP analyzer C Free True
Cerbrutus [Source] Network services credentials brute-forcer: SSH, FTP Python Free False
chisel [Source] Fast TCP tunneling over HTTP secured by SSH Go Free False
CloudShark [Website] PCAP analyzer Paid True
Evil-WinRM [Source] Enhanced WinRM shell Ruby Free False
Garfield [Source] Attack framework for distributed systems Python Free False
Girsh [Source] Detect the OS and execute the correct commands to upgrade it to a full interactive reverse shell Go Free False
Go-RouterSocks [Source] Socks proxy router to handle multi-clients on the same port Go Free False
goddi [Source] Active Directory domain information dumper Go Free False
HASSH [Source] Network fingerprinting standard which can be used to identify specific client and server SSH implementations Python Free False
HellRaiser [Source] Scan with nmap to correlate CPE's found with cve-search to enumerate vulnerabilities Ruby Free False
Hydra [Website] [Source] Network login cracker C Free False
kalitorify [Source] Script for Kali Linux which use iptables settings to create a transparent proxy through Tor Network Shell Free False
Ligolo [Source] Pivot / reverse tunneling tool with SOCKS5 et TCP tunnel support Go Free False
lsassy [Source] CLI tool and library to extract credentials from lsass remotely Python Free False
Mail.Rip V2 [Source] SMTP credentials bruteforcer / checker Python Free False
Masscan [Source] Port scanner for massive networks C Free False
Medusa [Website] Network login cracker Free False
Medusa-gui [Source] GUI for Medusa Java Free False
ncat [Website] [Source] Improved reimplementation of Netcat by nmap team; Supports TCP and UDP, IPv4 and IPv6, SSL, proxy (HTTP and SOCKS4) C Free False
Ncrack [Website] [Source] Reliable and adaptative network login cracker supporting a large number of protocols Cplusplus Free False
nemesis [Website] [Source] Packet manipulation CLI tool; craft and inject packets of several protocols Python Free False
Netfort Free Cloud Based PCAP Analysis [Website] PCAP analyzer; needs registration Free True
NetworkMiner [Website] Network sniffer/packet capturing tool Free False
NetworkTotal [Website] PCAP analyzer; using Suricata Free True
Nipe [Source] Script to make TOR as default gateway Perl Free False
Nmap [Website] [Source] Tool for network discovery and security auditing C Free False
nmap-parse-output [Source] Converts / manipulates / extracts data from a nmap scan output Shell Free False
NMapGUI [Source] Advanced GUI for Nmap Java Free False
Nozzlr [Source] Multithreaded and modular bruteforce framework with network templates Python Free False
onesixtyone [Source] SNMP scanner C Free False
OOB-Server [Source] Bind9 DNS server for pentesters to use for Out-of-Band vulnerabilities Shell Free False
PacketFu [Source] Packet manipulation library; forge, send, decode, capture packets of a wide number of protocols Ruby Free False
PacketTotal [Website] PCAP analyzer; using Bro, Suricata and Elasticsearch Free True
PacketWhisper [Source] Stealthy Data exfiltration via DNS, without the need for attacker-controlled Name Servers or domain Python Free False
Patator [Source] Multi-protocol bruteforce tool Python Free False
PKINIT tools [Source] Kerberos PKINIT and relaying to AD CS Python Free False
polarbearscan [Website] [Source] Port scanner and banner grabber C Free False
Polymorph [Source] Real-time network packet manipulation framework Python Free False
pwncat [Website] [Source] Sophisticated bind and reverse shell handler with many features as well as a drop-in replacement or compatible complement to netcat, ncat or socat Python Free False
pwncat-caleb [Website] [Source] Fancy reverse and bind shell handler, can perform automated actions on the remote host including enumeration, implant installation and privilege escalation; attempt to spawn a pseudoterminal (pty) for a full interactive session Python Free False
PyWhisker [Source] Persistent and stealthy backdooring of user and computer Active Directory objects Python Free False
rdp-sec-check [Source] Script to enumerate security settings of an RDP Service Perl Free False
Responder [Source] LLMNR, NBT-NS and MDNS poisoner to intercept authentication requests/answers Python Free False
RMIScout [Website] [Source] Enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities through wordlist and bruteforce strategies Java Free False
ruby-nmap [Source] Library for nmap, allows automating nmap and parsing nmap XML files Ruby Free False
Rustcat [Website] [Source] Port and reverse shell listener; less features than ncat, pwncat, pwncat-caleb but has command history Rust Free False
sandmap [Source] Metasploit-like CLI interface for Nmap Script Engine (NSE) Shell Free False
Scapy [Website] [Source] Packet manipulation library; forge, send, decode, capture packets of a wide number of protocols Python Free False
Seth [Source] RDP MitM tool Python Free False
Singularity [Website] [Source] DNS rebinding attack framework Go Free False
Snaffler [Source] Find credentials and valuable information from windows active directory environments (shares, files) CSharp Free False
SNMP Brute [Source] SNMP brute force, enumeration, CISCO config downloader and password cracking script Python Free False
snmpbw.pl [Source] Multithreaded script for bulk walking targeted host systems for SNMP data Perl Free False
ssh-audit [Website] [Source] SSH scanner that detects protocol, version, grab banner, recognize software and operating system, output algorithm information and recommendations Python Free False
Tsunami [Source] Network security scanner with an extensible plugin system Java Free False
WebMap v1 [Source] A web dashboard for nmap XML report Python Free False
WebMap v2 [Source] A web dashboard for nmap XML report https://github.com/Nazicc/WebMap Free False
Whonow [Source] DNS Server for executing DNS Rebinding attacks JavaScript Free False
windapsearch [Source] Script to enumerate users, groups and computers from a Windows domain through LDAP queries Python Free False
Wireshark [Website] [Source] Network protocol analyzer Cplusplus Free False
yersinia [Source] Framework for layer 2 attacks C Free False
Zenmap [Website] [Source] GUI for Nmap Python Free False
Zmap [Website] [Source] Collection of tools to scan and study massive networks C Free False

OSINT and Reconnaissance

Name Website Source Description Programming language Price Online
Amass [Website] [Source] DNS enumeration and network mapping tool suite: scraping, recursive brute forcing, crawling web archives, reverse DNS sweeping Go Free False
Asnlookup [Source] Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it Python Free False
AttackSurfaceMapper [Source] Subdomain enumerator Python Free False
AutoRecon [Source] Multi-threaded network reconnaissance tool which performs automated enumeration of services Python Free False
badKarma [Source] Advanced network reconnaissance tool Python Free False
Belati [Source] OSINT tool, collect data and document actively or passively Python Free False
Certstream [Website] [Source] Intelligence feed that gives real-time updates from the Certificate Transparency Log network Elixir Free False
Darkshot [Source] Lightshot scraper with multi-threaded OCR and auto categorizing screenshots Python Free False
datasploit [Website] [Source] OSINT framework, find, aggregate and export data Python Free False
DeadTrap [Website] [Source] Track down footprints of a phone number Python Free False
dnsenum [Source] DNS reconnaissance tool: AXFR, DNS records enumeration, subdomain bruteforce, range reverse lookup Perl Free False
dnsenum2 [Source] Continuation of dnsenum project Perl Free False
DNSRecon [Source] DNS reconnaissance tool: AXFR, DNS records enumeration, TLD expansion, wildcard resolution, subdomain bruteforce, PTR record lookup, check for cached records Python Free False
EagleEye [Source] OSINT tool, image recognition on instagram, facebook and twitter Python Free False
eTools.ch [Website] Metasearch engine, query 16 search engines in parallel Free True
Facebook_OSINT_Dump [Source] OSINT tool, facebook profile dumper, windows and chrome only Shell Free False
FinalRecon [Source] Web reconnaissance script Python Free False
Findomain [Source] Fast subdomain enumerator Rust Free False
FOCA [Website] [Source] OSINT framework and metadata analyser Csharp Free False
GHunt [Source] Investigate Google accounts with emails and find name, usernames, Youtube Channel, probable location, Maps reviews, etc. Python Free False
gitGraber [Source] Monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe, etc. Python Free False
Gorecon [Source] Reconnaissance toolkit Go Free False
GoSeek [Source] Username lookup comparable to Maigret/Sherlock, IP Lookup, License Plate & VIN Lookup, Info Cull, and Fake Identity Generator Free False
gOSINT [Source] OSINT framework; find mails, dumps, retrieve Telegram history and info about hosts Go Free False
h8mail [Source] Email OSINT & Password breach hunting tool; supports chasing down related email Python Free False
Harpoon [Source] CLI tool; collect data and document actively or passively Python Free False
holehe [Source] Check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function Python Free False
IVRE [Website] [Source] IVRE (Instrument de veille sur les réseaux extérieurs) or DRUNK (Dynamic Recon of UNKnown networks); network recon framework including tools ofr passive and active recon Python Free False
kitphishr [Source] Hunts for phishing kit source code by traversing URL folders and searching in open directories for zip files; supports list of URLs or PhishTank Go Free False
Kostebek [Source] Tool to find firms domains by searching their trademark information Python Free False
LeakLooker [Source] Discover, browse and monitor database/source code leaks Python Free False
leakScraper [Source] Set of tools to process and visualize huge text files containing credentials Python Free False
LinEnum [Source] System script for local Linux enumeration and privilege escalation checks Shell Free False
LittleBrother [Source] Information gathering (OSINT) on a person (EU), checks social networks and Pages Jaunes Python Free False
Maigret [Source] Collect a dossier on a person by username from a huge number of sites, and extract details from them Python Free False
MassDNS [Source] High-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration) C Free False
Metabigor [Source] OSINT tool that doesn't require any API key Go Free False
NExfil [Source] Finding profiles by username over 350 websites Python Free False
Nmmapper [Website] Cybersecurity tools offered as SaaS: nmap, subdomain finder (Sublist3r, DNScan, Anubis, Amass, Lepus, Findomain, Censys), theHarvester, etc. Paid True
nqntnqnqmb [Source] Retrieve information on linkedin profiles, companies on linkedin and search on linkedin companies/persons Python Free False
Oblivion [Source] Data leak checker and monitoring Python Free False
ODIN [Source] Observe, Detect, and Investigate Networks, Automated reconnaissance tool Python Free False
Omnibus [Source] OSINT framework; collection of tools Python Free False
OneForAll [Source] Subdomain enumeration tool Python Free False
OnionSearch [Source] Script that scrapes urls on different .onion search engines Python Free False
OSINT Framework [Website] [Source] A web-based collection of tools and resources for OSINT Javascript Free True
Osmedeus [Website] [Source] Automated framework for reconnaissance and vulnerability scanning Python Free False
Photon [Source] Fast crawler designed for OSINT Python Free False
PITT [Source] Web browser loaded with links and extensions for doing OSINT Free False
ProjectDiscovery [Website] [Source] Monitor, collect and continuously query the assets data via a simple webUI Go Free True
Qualear [Source] Reconnaissance Apparatus; Information gathering, conglomerate of tools including custom algorithms, API wrappers Go Free False
ReconDog [Source] Multi-purpose reconnaissance tool, CMS detection, reverse IP lookup, port scan, etc. Python Free False
Recon-ng [Source] Web-based reconnaissance tool Python Free False
Reconnoitre [Source] Tool made to automate information gathering and service enumeration while storing results Python Free False
ReconScan [Source] Network reconnaissance and vulnerability assessment tools Python Free False
Recsech [Source] Web reconnaissance and vulnerability scanner tool PHP Free False
Red Team Arsenal [Source] Automated reconnaissance scanner and security checks Python Free False
reNgine [Website] [Source] Automated recon framework for web applications; customizable scan engines & pipeline of reconnaissance Python Free False
Sandmap [Website] [Source] Network and system reconnaissance scanner using Nmap Shell Free False
SearchDNS [Website] Netcraft tool; Search and find information for domains and subdomains Free True
Sherlock [Website] [Source] Hunt down social media accounts by username across social networks Python Free False
shosubgo [Source] Grab subdomains using Shodan api Go Free False
shuffledns [Source] Wrapper around massdns that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support Go Free False
SiteBroker [Source] Tool for information gathering and penetration test automation Python Free False
Sn1per [Source] Automated reconnaissance scanner Shell Free False
spiderfoot [Website] [Source] OSINT framework, collect and manage data, scan target Python Free False
Stalker [Source] Automated scanning of social networks and other websites, using a single nickname Python Free False
SubDomainizer [Source] Find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github Python Free False
subfinder [Website] [Source] Discovers valid subdomains for websites, designed as a passive framework to be useful for bug bounties and safe for penetration testing Go Free False
Sublist3r [Source] Subdomains enumeration tool Python Free False
Sudomy [Source] Subdomain enumeration tool Python Free False
Th3inspector [Source] Multi-purpose information gathering tool Perl Free False
theHarvester [Source] Multi-purpose information gathering tool: emails, names, subdomains, IPs, URLs Python Free False
tinfoleak [Source] Twitter intelligence analysis tool Python Free False
Totem [Source] Retrieve information about ads of a facebook page, retrieve the number of people targeted, how much the ad cost and a lot of other information Python Free False
trape [Source] Analysis and research tool, which allows people to track and execute intelligent social engineering attacks in real time Python Free False
TWINT [Source] Twitter Intelligence Tool; Twitter scraping & OSINT tool that doesn't use Twitter's API, allowing one to scrape a user's followers, following, Tweets and more while evading most API limitations Python Free False

Other

Name Website Source Description Programming language Price Online
ADB-Toolkit [Source] Wrapper around adb to ease certain tasks Shell Free False
Atheris [Source] Coverage-guided Python fuzzing engine Shell Free False
Avast Hack Check [Website] Service to check if an account has been compromised in a data breach, send an email with the breaches not the password Free True
BreachAlarm [Website] Service to check if an account has been compromised in a data breach, only tells if the account is compromised Free True
BreachDirectory [Website] Service to check if an account has been compromised in a data breach, display the breaches, partial password and hash Free True
ctf-party [Website] [Source] Library to enhance and speed up script/exploit writing for CTF players Ruby Free False
CyberChef [Website] [Source] Data manipulation toolkit in web browser JavaScript Free False
cybernews personal data leak check [Website] Service to check if an account has been compromised in a data breach, only tells if the account is compromised Free True
DeHashed [Website] Service to check if an account has been compromised in a data breach Paid True
discover [Source] Scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit Shell Free False
Firefox Monitor [Website] Service to check if an account has been compromised in a data breach, display the breaches not the password Free True
F-Secure Identity Theft Checker [Website] Service to check if an account has been compromised in a data breach, send an email with the breaches not the password Free True
Godehashed [Source] Uses the dehashed.com API to search for compromised assets Go Free False
gtfo [Source] CLI for searching gtfobins and lolbas from the terminal Python Free False
GTFOBLookup [Source] CLI for earching gtfobins and lolbas from the terminal; allows more advanced search than gtfo Python Free False
HackTools [Source] Web browser extension (Chromium, Firefox, Safari) including common functions for web pentest JavaScript Free False
Have I been pwned? [Website] Service to check if an account has been compromised in a data breach, display the breaches not the password Free True
hideNsneak [Source] CLI tool for ephemeral penetration testing, rapidly deploy and manage various cloud services Go Free False
inlite [Website] Scan QR-code, 1D, DataMatrix, Postal, PDF417, and more Free True
Interlace [Source] Turn single threaded command line applications into a multi-threaded application with CIDR and glob support Python Free False
itdis [Website] [Source] Is This Domain In Scope; a small tool that allows you to check if a list of domains you have been provided is in the scope of your pentest or not Ruby Free False
Leak Lookup [Website] Service to check if an account has been compromised in a data breach, requires an account Free True
Metasploit [Website] [Source] Tool and framework for pentesting system, web and many more, contains a lot a ready to use exploit, 4 versions: Pro (paid), Express (paid), Community (free with GUI but on request), Framework (free, open source, CLI) Ruby Paid False
NameScan Email Compromised Check [Website] Service to check if an account has been compromised in a data breach, display the breaches not the password Free True
objection [Source] Runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak Python Free False
OpenVAS [Website] [Source] Open Vulnerability Assessment Scanner C Free False
Pass Station [Website] [Source] CLI & library to search for default credentials among thousands of Products / Vendors Ruby Free False
PentestBox [Website] [Source] Pre-configured portable penetration testing environment for Windows, all-in-one box Free False
pwndb [Website] Service to check if an account has been compromised in a data breach, display the full password Free True
PWDQUERY [Website] Service to check if an account has been compromised in a data breach, doesn't display breaches, partially display password Free True
rawsec_cli [Website] [Source] Rawsec Inventory search CLI to find security tools and resources Python Free False
Reverse Shell Generator [Website] [Source] Web-based reverse shell generator, includes features such as listener generation, raw mode, bind shell generation, msfvenom generation, payload encoding, many different languages, tools and shells supported JavaScript Free True
Ronin [Website] [Source] Platform for vulnerability research and exploit development, it allows for the rapid development and distribution of code, Exploits or Payloads, Scanners, etc, via Repositories Ruby Free False
Scrounger [Source] Mobile application testing toolkit, the mobile metasploit-like framework Python Free False
Seccubus [Website] [Source] Vulnerability scanning, reporting and analysis JavaScript Free False
SprayingToolkit [Source] Password spraying scripts for Lync/S4B and OWA Python Free False
Tool-X [Source] Kali linux hacking tool installer Python Free False
UK Data Breaches [Website] Service to check if an account has been compromised in a data breach, display the breaches not password Free True
v0lt [Source] CTF toolkit / framework Python Free False
VBSmin [Website] [Source] VBScript minifier Ruby Free False
webqr [Website] Scan & create QR-code Free True
ysoserial [Source] Tool for generating payloads that exploit unsafe Java object deserialization Java Free False

Plugins

Name For Website Source Description Programming language Price Online
AWS Extender Burp Suite [Source] Identify and test S3 buckets, Google Storage buckets and Azure Storage containers for common misconfiguration Python Free False
BurpBounty Burp Suite [Source] Scan Check Builder in BApp Store, improve the active and passive scanner by means of personalized rules through a graphical interface Java Free False
HopLa Burp Suite [Source] Adds autocompletion support and useful payloads in Burp Suite Java Free False
http-screenshot-html Nmap [Source] Nmap NSE script that scans for http server, takes a screenshot of them, and organizes the results into an HTML report Lua Free False
Hyperpwn Hyper [Source] Improve the display when debugging with GDB, needs GEF, pwndbg or peda to be loaded in GDB as a backend JavaScript Free False
GEF GDB [Source] GDB Enhanced Features, multi-architecture Python Free False
Mona Immunity Debugger [Source] Set of commands for Immunity Debugger Python Free False
PEDA GDB [Source] Python Exploit Development Assistance, (only python2.7) Python Free False
Pwndbg GDB [Source] Enhance GDB, for exploit development and reverse engineering Python Free False
Sploitego Maltego [Source] Maltego penetration testing Transforms Python Free False
Stepper Burp Suite [Source] Evolution of Burp Suite's Repeater tool, providing the ability to create sequences of steps and define regular expressions to extract values from responses Java Free False
XSSor Burp Suite [Source] semi-automatic reflected and persistent XSS scanner Python Free False

Red Teaming

Name Website Source Description Programming language Price Online
AntiScan.Me [Website] Multi-AV checker that doesn't distribute the check results, based on Dyncheck.com Paid True
fireELF [Source] Fileless linux malware framework Python Free False
Gophish [Website] [Source] Phishing toolkit providing the ability to setup and execute phishing engagements and security awareness training Go Free True
Kage [Source] Graphical user interface for Metasploit Meterpreter and session handler JavaScript Free False
King Phisher [Source] A tool for testing and promoting user awareness by simulating real world phishing attacks Python Free False
Kubesploit [Source] Post-exploitation HTTP/2 Command & Control server and agent focused on containerized environments Go Free False
lateralus [Source] Terminal based phishing campaign tool Go Free False
macro_pack [Source] Obfuscation and generation of retro formats such as MS Office documents or VBS like format Python Free False
Merlin [Source] Post-exploitation HTTP/2 Command & Control server and agent Go Free False
Mística [Source] Allows to embed data into application layer protocol fields, with the goal of establishing a bi-directional channel for arbitrary communications; supports encapsulation into HTTP, HTTPS, DNS and ICMP protocols Python Free False
Mythic [Source] Collaborative red teaming framework Python Free False
Octopus [Source] Pre-operation C2 server Python Free False
Overlord [Website] [Source] CLI used to build Red Teaming infrastructure in an automated way, supports AWS and Digital Ocean Python Free False
PEzor [Website] [Source] Shellcode & PE Packer CPlusPlus Free False
Pupy [Source] Cross-platform, multi function remote access tool (RAT) and post-exploitation tool; fileless/all-in-memory execution, low footprint, multi-transport Python Free False
Quasar [Source] Remote Administration Tool (RAT) for Windows CSharp Free False
Redcloud [Source] Automated Red Team Infrastructure deployment using Docker Python Free False
Ruler [Source] Interact with Exchange servers remotely, through either the MAPI/HTTP or RPC/HTTP to abuse the client-side Outlook features and gain a shell Go Free False
ScareCrow [Source] Payload creation framework designed around EDR bypass Go Free False
SHAD0W [Website] [Source] Modular C2 framework designed to successfully operate covertly on heavily monitored environments Python Free False
Sliver [Source] Cross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS; remote access tool (RAT) Go Free False
SocialFish [Source] Phishing targeting social media logins; supports Ngrok tunneling and a mobile controller Python Free False
UBoat [Source] HTTP botnet PoC CPlusPlus Free False
Zphisher [Source] Automated phishing tool with multiple tunneling options; fork of Shellphish Shell Free False

Reverse Engineering

Name Website Source Description Programming language Price Online
androguard [Source] Tool for reverse engineering and malware analysis of Android applications Python Free False
angr [Source] Platform-agnostic binary analysis framework Python Free False
ANY RUN [Website] Online virtual machine for malware hunting, sandbox with interactive access, real-time data-flow Free True
Apk2Gold [Source] Android decompiler (wrapper for apktool, dex2jar, and jd-gui) Shell Free False
Apktool [Website] [Source] Android disassembler and rebuilder Java Free False
arm_now [Source] Tool that allows instant setup of virtual machines on various architectures for reverse, exploit, fuzzing and programming purpose Python Free False
Barf [Source] Binary Analysis and Reverse engineering Framework Python Free False
bearparser [Website] [Source] PE parsing library (from PE-bear) CPlusPlus Free False
Binary Ninja [Website] Crossplatform binary analysis framework Python Paid False
binutils [Website] [Source] GNU collection of binary tools C Free False
binwalk [Source] Analyze, reverse engineer and extract firmware images (and other files, also usefull for Digital Forensics) Python Free False
boomerang [Source] x86 binaries to C decompiler Cplusplus Free False
ctf_import [Website] [Source] Library to run basic functions from stripped binaries C Free False
CFF Explorer [Website] PE Editor Free False
Cutter [Source] Qt and C++ GUI for radare2 CPlusPlus Free False
Decompiler.com [Website] C#, Python, Android and Java online decompiler Free True
Defuse online disassembler [Website] Online x86 (32/64 bits) assembler and disassembler Free True
de4dot [Source] .NET deobfuscator and unpacker CSharp Free False
dnSpy [Source] .NET assembly debugger, decompiler and editor CSharp Free False
Droidefense [Website] [Source] Android apps/malware analysis/reversing tool Java Free False
edb [Source] Cross platform AArch32/x86/x86-64 debugger CPlusPlus Free False
Flare [Website] Processes SWF and extract scripts from it Free False
Flasm [Website] [Source] Disassembler tool for SWF bytecode Free False
Frida [Website] [Source] Dynamic code instrumentation toolkit C Free False
GDB [Website] [Source] GNU debugger Cplusplus Free False
Ghidra [Website] [Source] Software reverse engineering (SRE) suite of tools: disassembly, assembly, decompilation, graphing, scripting, etc. Java Free False
Hiew [Website] x86_64 disassembler for multiple formats Paid False
Hopper [Website] Disassembler, decompiler and debugger Paid False
IDA Pro [Website] Disassembler and debugger Paid False
ILSpy [Source] .NET assembly browser and decompiler to C# CSharp Free False
ImmunityDbg [Website] Windows debugger with Python scripting support Free False
jadx [Source] DEX to Java decompiler Java Free False
Java Decompilers [Website] .JAR and .Class to Java decompiler Free True
JD-GUI [Website] GUI tool decompiling JAVA Java Free False
JEB [Website] Disassembler, decompiler and debugger Paid False
JPEXS Free Flash Decompiler [Source] A.k.a ffdec, flash SWF decompiler Java Free False
JSDetox [Website] [Source] Javascript deobfustcator Ruby Free False
Kemon [Source] macOS kernel pre and post callback-based framework C Free False
Krakatau [Source] Java decompiler, assembler, and disassembler Java Free False
ldd [Website] Tool that print shared library dependencies Free False
Metasm [Website] [Source] Assembler, disassembler, compiler and debugger Ruby Free False
Medusa [Source] Interactive multi-architecture and multi-formats disassembler running on Windows and Linux Cplusplus Free False
ODA [Website] Advanced multi-architecture online disassembler supporting a lot of architectures and object file formats Free True
OllyDbg [Website] Windows debugger Free False
Pe-bear [Website] PE reverse tool: recognizes packers, fast disassembler, visualization of sections layout, selective comparing of two chosen PE files Free False
PE Explorer Disassembler [Website] Windows disassembler Paid False
PE Insider [Website] PE viewer, closed source and windows only Free False
Plasma [Source] x86/ARM/MIPS interactive disassembler Python Free False
Qira [Website] [Source] Timeless debugger (QIRA = QEMU Interactive Runtime Analyser) C Free False
RABCDAsm [Website] [Source] ActionScript disassembler D Free False
radare2 [Website] [Source] Crossplatform binary analysis framework, disassembler, decompiler and debugger, support collaborative analysis C Free False
rbkb [Source] Ruby BlackBag; a miscellaneous collection of command-line tools and ruby library helpers related to pen-testing and reversing Ruby Free False
Relyze [Website] x86 and ARM graphical interactive disassembler with Ruby plugin framework Paid False
RetDec [Website] [Source] Multi file formats and architectures machine-code decompiler Cplusplus Free False
sandsifter [Source] x86 processor fuzzer Python Free False
Snowman [Website] [Source] Native code to C/C++ decompiler, supporting x86, AMD64, and ARM architectures, exists as standalone app or as a plug-in Cplusplus Free False
strace [Source] Debugger for Linux Free False
Swftools [Website] [Source] Collection of utilities to work with SWF files C Free False
Triton [Website] [Source] Dynamic binary analysis framework, automate reverse engineering Cplusplus Free False
UglifyJS2 [Website] [Source] JavaScript obfuscator or beautifier toolkit JavaScript Free False
uncompyle [Source] Python 2.7 binaries (.pyc) decompiler Python Free False
uncompyle6 [Source] Python 1.5, 2.1 to 2.7, 3.1 to 3.6 binaries (.pyc) decompiler Python Free False
Vais [Source] SWF vulnerability and information scanner Ruby Free False
WinDbg [Website] Windows debugger Free False
x64dbg [Website] [Source] Windows debugger Cplusplus Free False
XenoScan [Source] Processes memory scanner Cplusplus Free False
Xori [Website] [Source] Disassembly and static analysis library that provides triage analysis data Rust Free False
xxxswf [Source] Small script for carving, scanning, compressing, decompressing and analyzing SWF files Python Free False

Steganography

Name Website Source Description Programming language Price Online
Aperi'Solve [Website] [Source] Steganalysis web platform with layer, zsteg, steghide and exiftool analysis Python Free False
Audacity [Website] [Source] Tool to edit and analyze audio tracks Free False
exif [Source] Shows EXIF information for JPEG files only C Free False
ExifTool [Website] [Source] Library and CLI tool to read and write meta information (EXIF, GPS, IPTC, XMP, JFIF, …) in files (JPEG, PNG, SVG, MPEG, …) Perl Free False
Exiv2 [Website] [Source] Library and CLI tool to read and write meta information (Exif, IPTC & XMP metadata and ICC Profile) in images (JPEG, TIFF, PNG, …) Cplusplus Free False
ImageMagick [Website] [Source] Software suite and library to create, edit, compose, or convert images C Free False
Outguess Tool to hide messages in files (website down since 2004) Free False
PNGtools [Website] [Source] Suite of tools to work with PNG images C Free False
SHIT [Source] Stego Helper Identification Tool, multi-purpose image steganography tool Python Free False
SmartDeblur [Source] To to restore defocused and blurred images (update binary only for Windows, Mac OS binary out of date) Cplusplus Free False
Sonic Visualiser [Website] [Source] Tool to edit and analyze audio tracks Free False
Steganabara [Source] Steganography analysis tool Java Free False
Steghide [Website] [Source] Tool to hide messages in images Free False
StegOnline [Website] [Source] Stego image toolsuite in the browser JavaScript Free True
StegoVeritas [Source] Automatic tool to bruteforce LSB, transform image, extract metadata or trailing data Python Free False
StegSolve GUI tool to analyse images Java Free False
zsteg [Source] Tool to detect hidden data in PNG and BMP Ruby Free False

System Exploitation

Name Website Source Description Programming language Price Online
Android_Emuroot [Source] Grants root privileges on the fly to shells running on Android virtual machines that use google-provided emulator images called Google API Playstore Python Free False
bkhive [Source] Dump the syskey bootkey from a Windows NT/2K/XP system hive, often used with samdump2, part of the ophcrack project Free False
BloodHound [Website] [Source] Tool to reveal the hidden and unintended relationships within an Active Directory environment PowerShell Free False
CookieCrimesJS [Source] Read local Chrome cookies without root or decrypting and display then in JSON; Javascript implementation of cookie_crimes JavaScript Free False
CrackMapExec [Source] Post-exploitation tool to asses Active Directory networks Python Free False
creddump [Source] Dump windows credentials Python Free False
DCOMrade [Source] Script that is able to enumerate the possible vulnerable DCOM applications that might allow for lateral movement, code execution, data exfiltration, etc. PowerShell Free False
DLLInjector [Source] Dll injection tool Cplusplus Free False
DLLPasswordFilterImplant [Source] Password filter DLL, triggered on password change to exfiltrate credentials C Free False
Empire [Website] [Source] PowerShell and Python post-exploitation agent Shell Free False
Empire GUI [Website] [Source] GUI for Empire framework JavaScript Free False
enum4linux [Source] Windows Samba enumeration tool Perl Free False
enum4linux-ng [Source] Windows Samba enumeration tool, next generation version of enum4linux Python Free False
FFM [Source] Freedom Fighting Mode (FFM), hacking harness, post-exploitation tool Python Free False
GH DLL Injector [Website] [Source] DLL injection library supporting x86, WOW64 and x64 injections; 5 injection methods, 4 shellcode execution methods and various additional options; session separation can be bypassed with all methods CPlusPlus Free False
goddi [Source] Active Directory domain information dumper Go Free False
LaZagne [Source] Password retriever Python Free False
LinEnum [Source] Linux enumeration and privilege escalation script Shell Free False
Linux Exploit Suggester 2 [Source] Linux kernel exploit suggester Perl Free False
linux-exploit-suggester.sh [Source] Linux kernel exploit suggester Shell Free False
linuxprivchecker.py [Source] Linux privilege escalation check script Python Free False
lynis [Website] [Source] Security auditing and hardening tool, for UNIX-based systems Shell Free False
Nishang [Source] Framework, collection of scripts and payloads in PowerShell for offensive security, penetration testing and red teaming PowerShell Free False
p0wnedShell [Source] PowerShell runspace post exploitation toolkit CSharp Free False
PEASS [Source] Privilege Escalation Awesome Scripts SUITE; winPEAS and linPEAS are local privilege escalation scripts for Windows and Linux Shell Free False
Powerless [Source] A Windows privilege escalation enumeration BAT script designed for legacy Windows machines without Powershell Shell Free False
PowerSploit [Source] Powershell exploitation framework Powershell Free False
pspy [Source] CLI tool designed to snoop on processes without need for root permissions; it allows to see commands run by other users, cron jobs, etc. as they execute Go Free False
RedSnarf [Source] Retrieves hashes and credentials from Windows workstations, servers and domain controllers using OpSec Safe Techniques Python Free False
samdump2 [Source] Retrieves syskey and extract hashes from Windows 2k/NT/XP/Vista SAM, often used with bkhive, part of the ophcrack project Free False
scavenger [Source] multi-threaded post-exploitation scanning tool for scavenging systems, finding most frequently used files and folders as well as interesting files containing sensitive information Python Free False
SharpShooter [Source] Payload Generation Framework for C# source code VB Free False
ShellPop [Source] Tool to craft bind and reverse shells in several languages Python Free False
unicorn [Source] Tool for using a PowerShell downgrade attack and inject shellcode into memory Python Free False
WES-NG [Source] Windows Exploit Suggester - Next Generation; analyses Windows targets patch levels to find exploits and Metasploit modules; works well with newer system (eg Windows 10) thanks to MSRC support Python Free False
Windows-Exploit-Suggester [Source] Analyses Windows targets patch levels to find exploits and Metasploit modules, works only for older systems (eg Windows XP, Vista, etc.) because it relies on MS Security KBs Python Free False

Threat Intelligence

Name Website Source Description Programming language Price Online
Maltego [Website] Interactive data mining tool that renders directed graphs for link analysis. The tool is used in online investigations for finding relationships between pieces of information from various sources located on the Internet (exists in Community Edition) Paid False
MISP [Website] [Source] Threat intelligence platform & open standards for threat information sharing (formerly known as Malware Information Sharing Platform) PHP Free False
PatrowlHears [Website] [Source] Provides a unified source of vulnerability, exploit and threat Intelligence feeds; comprehensive and continuously updated vulnerability database scored and enriched with exploit and threat news information Python Paid
threatfeeds.io [Website] Open-source threat intelligence feeds; sharing malware URLs, IP reputation, bad IPs, etc. Free True

Vulnerability Assessment

Name Website Source Description Programming language Price Online
cvss-suite [Source] CVSS calculator library Ruby Free False
GVM [Website] [Source] The Greenbone Vulnerability Management (GVM) is a framework of several services: gvmd is the central service that consolidates plain vulnerability scanning into a full vulnerability management solution. The Greenbone Security Assistant (GSA) is the web interface of GVM. The main scanner (OpenVAS) is a full-featured scan engine that executes a continuously updated and extended feed of Network Vulnerability Tests (NVTs). Complementary to the web interface, GVM-Tools allows batch processing / scripting via the Greenbone Management Protocol (GMP). Additional scanners can be integrated via the Open Scanner Protocol (OSP) C Paid False
nvd_feed_api [Website] [Source] A ruby API for NVD CVE feeds management, the library will help you to download and manage NVD Data Feeds, search for CVEs, build your vulerability assesment platform or vulnerability database Ruby Free False
SECMON [Website] [Source] Web-based platform for the automation of infosec watching and vulnerability management Python Free False
ThreatMapper [Website] [Source] Identify vulnerabilities in running containers, images, hosts and repositories Go Free False
VRT Ruby Wrapper [Website] [Source] Wrapper for the Vulnerability Rating Taxonomy Ruby Free False
Vulnogram [Website] [Source] Create and edit CVE information in CVE JSON format JavaScript Free True
Vuls [Website] [Source] Agentless system vulnerability scanner for Linux/FreeBSD with a dashboard (VulsRepo) for analyzing the scan results Go Free False

Web Application Exploitation

Name Website Source Description Programming language Price Online
1u.ms [Website] zero-configuration DNS utilities for assisting in detection and exploitation of SSRF-related vulnerabilities Free True
230-OOB [Website] [Source] FTP server for OOB XXE attacks Python Free False
Acunetix [Website] Web application security scanner Paid True
API-fuzzer [Source] Library to fuzz request attributes using common pentesting techniques and lists vulnerabilities Ruby Free False
Aquatone [Website] [Source] Domain flyover tool; visual inspection of websites across a large amount of hosts and is convenient for quickly gaining an overview of HTTP-based attack surface Go Free False
Arachni [Website] [Source] Web application security scanner framework Ruby Free False
Arjun [Source] HTTP Parameter Discovery Suite Python Free False
AssassinGo [Website] [Source] Web pentest framework for information gathering and vulnerability scanning Go Free False
Astra [Website] [Source] REST API penetration testing tool Python Free False
Atlas [Source] Tool that suggests sqlmap tampers to bypass WAF/IDS/IPS based on status codes Python Free False
BaRMIe [Source] Java RMI enumeration and attack tool Java Free False
Beeceptor [Website] HTTP request collector and inspector Paid True
Blazy [Source] Login page bruteforcer: CSRF, SQLi, Clickjacking, WAF detection Python Free False
Burp Suite [Website] Intercepting proxy to replay, inject, scan and fuzz HTTP requests (a limited free version exists) Java Paid False
Cansina [Source] Web directory and file scanner (wordlist bruteforce) Python Free False
Chankro [Source] Tool to bypass disable_functions and open_basedir in PHP by calling sendmail and setting LD_PRELOAD environment variable Python Free False
Charles [Website] Intercepting proxy to replay, inject, scan and fuzz HTTP requests Java Paid False
CloudFrunt [Source] Scanner to identify misconfigured CloudFront domains Python Free False
CMSeek [Source] CMS detection and exploitation suite; capable of detecting more than 130 CMS Python Free False
CMSmap [Source] WordPress, Joomla, Drupal, Moodle CMS security scanner Python Free False
CMSScan [Source] Wordpress, Drupal, Joomla, vBulletin CMS security scanner with dashboard Python Free False
commix [Website] [Source] Web-based command injection tester Python Free False
CSP Evaluator [Website] [Source] Check Content Security Policy (CSP) configuration and assists with the reviewing process JavaScript Free False
CSWSH [Website] Cross-Site WebSocket Hijacking Tester Free False
dirb [Website] [Source] Web directory and file scanner (wordlist bruteforce) Free False
dirsearch [Source] Web directory and file scanner (wordlist bruteforce) Python Free False
distributed-jwt-cracker [Website] [Source] HS256 JWT token distributed brute force cracker JavaScript Free False
docem [Source] Uility to embed XXE and XSS payloads in docx, odt, pptx, etc Python Free False
DotDotPwn [Website] [Source] Directory Traversal fuzzer Perl Free False
droopescan [Source] CMS scanner supporting SilverStripe and Wordpress, having partial support for Joomla, Moodle, Drupal Python Free False
drupwn [Source] Drupal CMS enumeration and exploitation tool Python Free False
dtd-finder [Source] Identify DTDs on filesystem snapshot and build XXE payloads using those local DTDs Kotlin Free False
DVCS-Pillage [Source] Dump web accessible (distributed) version control systems (DVCS/VCS): GIT, Mercurial/hg, Bazaar/bzr, … Shell Free False
dvcs-ripper [Source] Dump web accessible (distributed) version control systems (DVCS/VCS): SVN, GIT, Mercurial/hg, Bazaar/bzr, … Perl Free False
Enemies Of Symfony [Source] Loots information from a Symfony target using profiler Python Free False
EyeWitness [Source] Take screenshots of websites, provide some server header info, and identify default credentials if possible Python Free False
Fav-up [Source] Favicon fingerprinting using Shodan Python Free False
FavFreak [Source] Favicon fingerprinting Python Free False
Favinizer [Source] Favicon fingerprinting Python Free False
feroxbuster [Source] Web directory and file scanner (wordlist bruteforce) Rust Free False
ffuf [Source] Web directory and file scanner (wordlist bruteforce) Go Free False
Fingerprinter [Source] CMS version detection tool Ruby Free False
FockCache [Source] Test Cache Poisoning Go Free False
Fuxi [Source] Penetration testing platform, automate some scan & attack Python Free False
Fuzzapi [Source] Web-UI for API-fuzzer Ruby Free False
git-dump [Source] Dump the contents of a remote git repository without directory listing enabled JavaScript Free False
git-dumper [Source] Dump the contents of a remote git repository without directory listing enabled Python Free False
GitTools [Source] 3 tools: Finder (find websites with .git repository exposed), Dumper (dump exposed .git), Extractor (extract commits and their content from a broken repository) Shell Free False
Gobuster [Source] Web directory, file and DNS scanner (wordlist bruteforce) Go Free False
Gopherus [Source] Generates gopher link for exploiting SSRF and gaining RCE access from unprotected services Python Free False
gowitness [Source] Take screenshots of websites Go Free False
GraphQLmap [Source] Scripting engine to interact with a graphql endpoint for pentesting purposes Python Free False
Guppy Proxy [Source] GUI HTTP intercepting proxy based on Pappy Proxy Python Free False
Hetty [Source] HTTP toolkit for security research; alternative to BurpSuite Go Free False
Hookbin [Website] [Source] HTTP request collector and inspector Java Free True
httpscreenshot [Source] Take screenshots of websites Python Free False
HUNT [Source] HUNT Suite is a collection of Burp Suite Pro/Free and OWASP ZAP extensions Python Free True
InQL [Source] GraphQL security audit Python Free False
Interactsh [Website] [Source] HTTP request collector and inspector; OOB interaction gathering server and client library; DNS / HTTP / SMTP interaction support Go Free True
IronWASP [Website] [Source] Web security/vulnerability scanner (native for Windows only) C Free False
Jaeles [Website] [Source] Framework for building your own Web Application Scanner Go Free False
JAST [Source] Take screenshots of websites Python Free False
JWT cracker [Source] Multi-threaded JWT brute-force cracker C Free False
jwt-cracker [Website] [Source] HS256 JWT token brute force cracker JavaScript Free False
jwt_tool [Source] A toolkit for validating, forging and cracking JWT tokens Python Free False
jwtcat [Source] JWT brute-force cracker Python Free False
Liffy [Source] LFI exploitation tool Python Free False
LFI Freak [Source] LFI scan and exploit tool Python Free False
LFI Suite [Source] Automatic LFI scanner and exploiter Python Free False
LightBulb [Website] [Source] Framework for auditing web application firewalls and filters Python Free False
Kadimus [Source] LFI, RFI, RCE scanner C Free False
Malzilla [Website] [Source] Web oriented deobfuscating tool Free False
mitmproxy [Website] [Source] Interactive HTTPS proxy Python Free False
Mockbin [Website] [Source] HTTP request collector and inspector JavaScript Free True
monsoon [Website] [Source] Web directory and file scanner (wordlist bruteforce) Go Free False
MyJWT [Source] A toolkit for signing, forging and cracking JWT tokens Python Free False
Netsparker [Website] Web application security scanner Paid True
nikto [Website] [Source] Very light web security scanner Perl Free False
NoSQLMap [Source] Automated NoSQL database enumeration and web application exploitation tool Python Free False
Nosql-Exploitation-Framework [Source] NoSQL scanning and exploitation framework Python Free False
Nuclei [Website] [Source] Web application security scanner based on templates Go Free False
NtHiM [Source] Now, the Host is Mine!; sub-domain takeover detection Rust Free False
otori [Website] On The Outside, Reaching In, exploitation toolbox for XXE attacks Python Free False
OWASP JoomScan [Source] Joomla vulnerability scanner Perl Free False
OWASP ZAP [Website] [Source] OWASP Zed Attack Proxy, intercepting proxy to replay, inject, scan and fuzz HTTP requests Java Free False
oxml_xxe [Source] Tool for embedding XXE/XML exploits into different filetypes (docx/xlsx, odt/ods, svg, xml, etc.) Ruby Free False
Panoptic [Website] [Source] Automatic LFI and Path Traversal exploitation tool Python Free False
Pappy Proxy [Website] [Source] Proxy Attack Proxy ProxY, HTTP intercepting proxy Python Free False
ParamSpider [Source] Finds parameters from web archives of the entered domain Python Free False
Paros [Source] Intercepting proxy to replay, inject, scan and fuzz HTTP requests Java Free False
PeepingTom [Source] Take screenshots of websites Python Free False
PHPGGC [Source] PHP Generic Gadget Chains, library of unserialize() payloads along with a tool to generate them, supporting various PHP frameworks PHP Free False
Portswigger Labs Inspector [Website] Javascript expression evaluator and inspector JavaScript Free True
PowerUpSQL [Source] Toolkit for attacking MS SQL Server, discovery, configuration auditing, privilege escalation, post exploitation Powershell Free False
Rabid [Website] [Source] CLI tool and library allowing to simply decode all kind of BigIP cookies Ruby Free True
RequestBin [Website] [Source] HTTP request collector and inspector Python Free True
RequestCatcher [Website] [Source] HTTP request collector and inspector Go Free True
See-SURF [Source] SSRF scanner to find entry points Python Free False
Simple Local File Inclusion Exploiter [Website] [Source] LFI exploit tool Python Free False
Sitadel [Source] Web application security scanner, rewrite and newer version of WAScan Python Free False
SleuthQL [Source] Tool that parses Burp history to discover potential SQL injection points and prepare SQLmap request files Python Free False
Smuggler [Source] HTTP request smuggling, desync testing Python Free False
snallygaster [Source] Web scanner that looks for files accessible on web servers that shouldn't be public Python Free False
spidr [Source] Web spidering library that can spider a site, multiple domains, certain links or infinitely Ruby Free False
sqlmap [Website] [Source] Automatic SQL injection tool Python Free False
SQLiv [Source] SQL injection scanner, find vulnerable entry points Python Free False
ssllabs-scan [Website] [Source] CLI reference-implementation client for Qualys SSL Labs APIs, designed for automated and/or bulk testing Go Free False
sslscan2 [Source] Tests SSL/TLS enabled services to discover supported cipher suites C Free False
SSLyze [Source] SSL analysis library and a CLI tools Python Free False
SSRF Proxy [Source] Facilitates tunneling HTTP communications through servers vulnerable to SSRF Ruby Free False
SSRFmap [Source] Automatic SSRF fuzzer and exploitation tool Python Free False
testssl.sh [Website] [Source] TLS/SSL scanner to find weak ciphers, protocols or flaws Shell Free False
TIDoS Framework [Source] Comprehensive web-app audit framework Python Free False
TLS map [Website] [Source] CLI & library for mapping TLS cipher algorithm names: IANA, OpenSSL, GnUTLS, NSS Ruby Free False
Tracy [Source] Tool that help to manually find XSS Go Free False
tplmap [Source] SSTI and code injection detection and exploitation tool Python Free False
Uniscan [Source] RFI, LFi and RCE scanner Perl Free False
V3n0M [Source] Web dork and vulnerability scanner Python Free False
Vega [Website] [Source] Multi-platform web scanner and intercepting proxy Java Free False
VOOKI [Website] Windows only web application and REST API vulnerability scanner Free False
w3af [Website] [Source] Web application attack and audit framework, web-oriented security scanner Python Free False
WAFNinja [Source] WAF bypassing tool Python Free False
wapiti [Website] [Source] Web-oriented vulnerability scanner, can generates reports Free False
WAScan [Source] Web application security scanner Python Free False
Webhook Tester [Website] [Source] HTTP request collector and inspector PHP Free True
Weevely [Source] Web shell for post-exploitation working with a PHP agent Python Free False
Wfuzz [Website] [Source] Web application fuzzer framework Python Free False
What CMS [Website] Service able to detect more than 430 CMS, find version used for some CMS, has an API for batch detection Free True
WhatWeb [Website] [Source] Web scanner, recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices, also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more Ruby Free False
wikto [Source] Nikto for Windows; web security scanner CSharp Free False
WitnessMe [Source] Take screenshots of websites, provide some server header info, and identify default credentials if possible Python Free False
WPScan [Website] [Source] WordPress CMS vulnerability scanner Ruby Free True
WS-Attacker [Source] Modular framework for SOAP web services penetration testing Java Free False
WSFuzzer [Website] [Source] Fuzzing penetration testing tool for testing HTTP SOAP based web services Python Free False
WSSAT [Website] [Source] Web Service Security Assessment Tool; WS, REST API, SOAP API dynamic scanner CSharp Free False
XAttacker [Source] CMS detection and exploitation suite Perl Free False
XCat [Website] [Source] Automate XPath injection/XXE attacks to retrieve documents Python Free False
Xenotix [Website] [Source] XSS detection and exploit framework (Windows only) Python Free False
Xray [Website] [Source] Web security scanner (XSS, SQLi, SSRF, XXE, etc.) Go Free False
XSpear [Source] XSS Scanner Ruby Free False
XSRFProbe [Source] Advanced Cross Site Request Forgery (CSRF/XSRF) audit and exploitation toolkit Python Free False
XSS hunter [Website] XSS probes host for finding blind XSS Free True
XSS'OR [Website] [Source] Multi-purpose tool for XSS or JavaScript analysis JavaScript Free True
XSS'OR 2 [Website] [Source] Multi-purpose tool for XSS or JavaScript analysis JavaScript Free True
XSSCon [Source] XSS automatic scanner Python Free False
XSSer [Website] [Source] XSS automatic scanner and exploiter Python Free False
XSStrike [Source] XSS detection tool, parser, payload generator, fuzzing engine, crawler Python Free False
XXEinjector [Source] Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods Ruby Free False
xxeserv [Source] HTTP and FTP server for OOB XXE attacks Go Free False
XXExploiter [Website] [Source] Generates XML payloads, and automatically starts a server to serve the needed DTD's or to do data exfiltration for XXE attacks JavaScript Free False
xxxpwn [Source] XPath injection tool, designed for blind injection Python Free False
xxxpwn_smart [Source] XPath injection tool, fork of xxxpwn adding further optimizations and tweaks, uses predictive text based on a dictionary of words/phrases vs frequencies of occurrence Python Free False
YASUO [Source] Scans for vulnerable & exploitable 3rd-party web applications Ruby Free False

Wireless

Name Website Source Description Programming language Price Online
Aircrack-Ng [Website] [Source] Suite of tools to assess WiFi network security (cracking WEP and WPA PSK) C Free False
airgeddon [Source] Wireless network audit script Shell Free False
BtleJack [Source] Bluetooth Low Energy Swiss-army knife Python Free False
Crunch-Cracker [Source] Wordlist generator and Wi-Fi cracker Shell Free False
Fluxion [Website] [Source] MITM WPA attack tool Shell Free False
FruityWiFi [Source] Wireless network auditing tool controlled by a web interface PHP Free False
Hijacker [Source] Android GUI for Aircrack, Airodump, Aireplay, MDK3 and Reaver Java Free False
Infernal-Wireless [Source] Automated wireless hacking tool Python Free False
MDK3-master [Source] PoC tool to exploit common IEEE 802.11 protocol weaknesses C Free False
MDK4 [Source] PoC tool to exploit common IEEE 802.11 protocol weaknesses C Free False
Modmobjam [Source] Cellular networks jamming PoC for mobile equipments Python Free False
Modmobmap [Source] Tool to retrieve information of cellular networks Python Free False
reaver-wps [Source] Bruteforce WPS tool C Free False
reaver-wps (t6x fork) [Source] Bruteforce WPS tool C Free False
trackerjacker [Source] Tool for mapping and tacking wifi networks and devices through raw 802.11 monitoring Python Free False
Wifi-Biter [Source] Dictionary generator used to generate dictionaries/wordlist for Wireless Router Passwords Python Free False
wifijammer [Source] Script to jam wifi clients and access points Python Free False
wifite2 [Source] Script for auditing wireless networks that runs existing wireless-auditing tools Python Free False