Rawsec's CyberSecurity Inventory

An inventory of tools and resources about CyberSecurity.

Adversary SimulationBinary ExploitationBug BountyCloudCode AnalysisCollaboration and ReportConfiguration AuditCrackingCrisis ManagementCryptographyDefensiveDigital ForensicsHardwareHoneypot and DecoyIncident ResponseIntentionally Vulnerable ApplicationsNetworkingOSINT and ReconnaissanceOtherPluginsRed TeamingReverse EngineeringSteganographySystem ExploitationThreat IntelligenceVulnerability AssessmentWeb Application ExploitationWireless

Tools

Note: Paid softwares may exist in a free limited version or a demo version

Adversary Simulation

Name Website Source Description Programming language Price Online
Adversary Emulation Library [Source] A library of adversary emulation plans to allow organizations to evaluate their defensive capabilities against the real-world threats they face C Free False
Atomic Red Team [Source] A library of tests mapped to the MITRE ATT&CK® framework used to quickly, portably, and reproducibly test their environments Powershell Free False
Caldera [Source] Cyber security platform designed to easily automate adversary emulation, assist manual red-teams, and automate incident response Python Free False
Infection Monkey [Website] [Source] Adversary emulation platform; test a data center's resiliency to perimeter breaches and internal server infection Python Free False
Invoke-Apex [Source] PowerShell-based toolkit consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks PowerShell Free False
Manticore [Source] Adversary emulation command line tool is parsing complex scenarios from Manticore public-threats repository and run these scenarios Go Free False
MITRE ATT&CK Defender [Source] ATT&CK training and certification program produced by MITRE’s own ATT&CK subject matter experts Python Free False
Sliver [Source] Cross-platform adversary emulation/red team framework used by organizations of all sizes to perform security testing Go Free False
Stratus Red Team [Source] Stratus Red Team is 'Atomic Red Team' for the cloud, allowing to emulate offensive attack techniques in a granular and self-contained manner Go Free False

Binary Exploitation

Name Website Source Description Programming language Price Online
ASLRay [Source] Tool for ASLR bypass with stack-spraying Shell Free False
heaphopper [Website] [Source] Bounded model checking framework for Heap-implementations Python Free False
libformatstr [Source] Library to simplify format string exploitation Python Free False
pwntools [Source] Framework and exploit development library Python Free False
pwntools-ruby [Source] Framework and exploit development library, ported onto ruby Ruby Free False
ROPgadget [Website] [Source] Framework for ROP exploitation Python Free False

Bug Bounty

Name Website Source Description Programming language Price Online
bbr [Source] Generation of bug bounty reports based on user provided templates Go Free False
bbrecon [Website] [Source] Service enumerating all targets on Internet covered by a bug bounty program Python Free True
BBstats [Source] Aggregate reports/bounties from different platforms in order to create combined stats and graphs PHP Free False
Bounty Dashboard [Source] Aggregate reports/bounties from different platforms in order to create combined stats and graphs, report and template management system, invoice creation system PHP Free False
bounty-targets [Source] Crawls bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) hourly and dumps them into another git repo Ruby Free False
BountyDash [Source] Dashboard to combine rewards from all platforms, giving insights about progress and bug hunting patterns PHP Free False
bountyplz [Source] Automated bug bounty reporting/submission, supports HackerOne and Bugcrowd Shell Free False
BugBounty Web App [Source] App that helps bug bounty hunters to manage their bounties and target list Python Free False
Bugbountydash [Source] Terminal dashboard for bug bounty hunters that use HackerOne and Bugcrowd JavaScript Free False
Hackerone::Client [Source] A limited client library for interacting with HackerOne Ruby Free False
Needle [Source] Chrome extension for instant access to bug bounty submission dashboard of various platforms and publicly disclosed reports HTML Free False

Cloud

Name Website Source Description Programming language Price Online
AWS Extender CLI [Source] Test S3 buckets as well as Google Storage buckets and Azure Storage containers for common misconfiguration issues Python Free False
aws_pwn [Source] Collection of AWS penetration testing scripts Python Free False
AzSubEnum [Source] Azure service subdomain enumeration Python Free False
AzureADRecon [Source] Gathers information about the Azure Active Directory and generates a report which can provide a holistic picture of the current state of the target environment PowerShell Free False
AzureHound [Source] BloodHound data collector for Microsoft Azure Go Free False
CloudGPT [Source] Vulnerability scanner for AWS customer managed policies using ChatGPT Python Free False
CloudMapper [Source] Analyze AWS environments auditing for security issues Python Free False
CloudTracker [Source] Find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies Python Free False
gato [Source] Github Attack TOolkit; GitHub Actions pipeline enumeration and attacks Python Free False
gato-x [Source] Github Attack TOolkit - Extreme Edition; GitHub Actions pipeline enumeration and attacks Python Free False
gh-hijack-runner [Source] Create a fake GitHub runner and hijack pipeline jobs to leak CI/CD secrets Python Free False
IMDSpoof [Source] Cyber deception; spoofs the AWS IMDS service to return HoneyTokens that can be alerted on Go Free False
octoscan [Source] Static vulnerability scanner for GitHub action workflow Go Free False
Pacu [Website] [Source] AWS exploitation framework Python Free False
PowerZure [Website] [Source] Framework to assess and exploit Azure security PowerShell Free False
Quiet Riot [Source] Unauthenticated enumeration of cloud principals Python Free False
ROADtools [Source] Rogue Office 365 and Azure active Directory tools; a collection of Azure AD/Entra tools for offensive and defensive security purposes Python Free False
Smogcloud [Source] Identify AWS cloud assets Go Free False

Code Analysis

Name Website Source Description Programming language Price Online
Adhrit [Website] [Source] Android APK reversing and analysis suite Python Free False
AndroBugs Framework [Source] Android APK vulnerability analyzer Python Free False
APKHunt [Source] Static code analysis for Android apps that is based on the OWASP MASVS framework Go Free False
APKLeaks [Source] Scanning APK file for URIs, endpoints and secrets Python Free False
Bearer [Website] [Source] Static application security testing tool that helps discover, filter, and prioritize security risks and vulnerabilities Go Free False
Brakeman [Website] [Source] Static analysis security vulnerability scanner for Ruby on Rails applications Ruby Free False
cIFrex [Website] [Source] Regexp static code analysis PHP Free False
CodeCat [Source] Automatic code static analysis tool to detect bugs and vulnerabilities Python Free False
CodeQL [Website] [Source] Semantic code analysis engine; discover vulnerabilities across a codebase, lets you query code as though it were data, write a query to find all variants of a vulnerability Free False
Dawnscanner [Source] Static analysis security scanner for ruby written web applications; supports Sinatra, Padrino and Ruby on Rails frameworks Ruby Free False
grepmarx [Source] Source code static analysis platform with WebUI based on semgrep Python Free False
Joern [Website] [Source] Code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs Scala Free False
Kube-hunter [Website] [Source] Scanner for security weaknesses in Kubernetes clusters Python Free False
LICMA [Website] [Source] Language Independent Crypto-Misuse Analysis; multi-language analysis tool to identify incorrect initialization of crypto functions Java Free False
MobSF [Website] [Source] Android APK vulnerability analyzer Python Free False
NodeJsScan [Source] Static security code scanner for Node.js applications Python Free False
QARK [Source] Android APK vulnerability analyzer Python Free False
Semgrep [Website] [Source] Static analysis engine for detecting vulnerabilities for many languages Ocaml Paid False
SonarQube [Website] [Source] Automatic code review tool to detect bugs, vulnerabilities; continuous code inspection automated with static code analysis rules Java Free False
StaCoAn [Source] Mobile applications static code analysis tool Python Free False
SUPER [Website] [Source] Android APK vulnerability analyzer Rust Free False
Tfsec [Website] [Source] Misconfiguration scanner for terraform code Go Free False
Trivy [Website] [Source] Vulnerability and misconfiguration scanner for containers (OS and language-specific packages) Go Free False
weggli [Source] Semantic search tool for C and C++ designed to help security researchers identify interesting functionality in large codebases Rust Free False
wpBullet [Source] Static code analysis for WordPress Plugins and Themes (and PHP) Python Free False

Collaboration and Report

Name Website Source Description Programming language Price Online
APTRS [Source] Collaborative penetration test, vulnerability database and reporting platform Python Free False
Archery [Website] [Source] Vulnerability Assessment and Management tool, run scan and manage vulnerabilities Python Free False
AttackForge.com [Website] Penetration test collaboration platform: vulnerability database and reporting Paid True
Bulwark [Source] Collaborative penetration test, vulnerability database and reporting platform JavaScript Free False
Canopy [Website] Penetration test platform: vulnerability database and reporting Paid False
Cervantes [Website] [Source] Collaborative penetration test, vulnerability database and reporting platform CSharp Free False
CTFNote [Source] Collaborative platform for CTF teams, event planning, credentials sharing, tasks management, notes taking JavaScript Free False
DART [Source] Documentation And Reporting Tool; Collaborative penetration test and vulnerability database platform Python Free False
DefectDojo [Website] [Source] Vulnerability management application built for DevOps and continuous security integration Python Free False
Dradis CE [Website] [Source] Collaborative penetration test, vulnerability database and reporting platform; Community edition Ruby Free False
Dradis Pro [Website] Collaborative penetration test, vulnerability database and reporting platform; Pro edition Ruby Paid False
Echidna [Source] Collaborative penetration test platform; terminal sharing, target information extraction, command suggestion, exploit searching, chatting, graph visualization JavaScript Free False
envizon [Website] [Source] Vulnerability management and reporting platform Ruby Free False
Faraday [Website] [Source] Collaborative penetration test and reporting platform Python Paid False
Ghostwriter [Website] [Source] Project management and reporting engine Python Free False
hackOx [Source] Modular web based pentesting interface designed to run on Raspberry Pi PHP Free False
Hackuity [Website] Risk Based Vulnerablity Management platform Paid False
Hive [Website] Collaborative penetration test and reporting platform Paid False
Kvasir [Source] Pentest data management tool Python Free False
Lair [Website] [Source] Collaborative penetration test and vulnerability management framework JavaScript Free False
MISP [Website] [Source] Malware Information Sharing Platform, an Open Source threat intelligence platform and open standards for threat information sharing PHP Free False
NightWriter [Source] Modern real-time collaborative editing tool secured by end-to-end encryption Go Free False
OSCP Exam Report Template in Markdown [Website] [Source] Markdown templates for OSCP exam report Markdown Free False
OWASP PenText [Website] [Source] Collection of XML templates, XML schemas and XSLT code, to generate IT security documents including test reports, offers and invoices Free False
PatrOwl [Website] [Source] Security operations orchestration and continuous threat management platform Python Free False
PeTeReport [Source] Collaborative penetration test, vulnerability database and reporting platform Python Free False
Pentest Collaboration Framework [Source] Collaborative penetration test, vulnerability database and reporting platform Python Free False
PentestPad [Website] Collaborative penetration test between team members and end-clients, vulnerability database and reporting platform Paid True
PenTest.WS [Website] Collaborative penetration test, vulnerability database and reporting platform Paid False
PlexTrac [Website] Collaborative penetration test reporting and vulnerability database platform Paid False
Pollenisator [Source] Collaborative penetration test and reporting platform (DB + clients, no WebUI) Python Free False
Prithvi [Website] [Source] Report generation tool for pentester with provided OWASP data JavaScript Free False
PTART [Source] PenTests, Audits, and Reporting Tool; Collaborative penetration test, vulnerability database and reporting platform; fork of Sh00t Python Free False
PurpleOps [Website] [Source] Self-hosted purple team management web application Python Free False
PwnDoc [Website] [Source] Collaborative penetration test reporting platform JavaScript Free False
PwnDoc-ng [Website] [Source] Collaborative penetration test reporting platform; fork and improvement of PwnDoc JavaScript Free False
Reconmap [Website] Penetration test planning, automation and reporting PHP Paid False
Reporter [Website] Collaborative penetration test reporting platform Paid True
Serpico [Source] SimplE RePort wrIting and CollaboratiOn tool, penetration testing report generation and collaboration tool Ruby Free False
Serpico-NG [Source] SimplE RePort wrIting and CollaboratiOn tool NEXT-GENERATION, penetration testing report generation and collaboration tool, fork of Serpico Ruby Free False
Sh00t [Source] Pentesting platform with dynamic task manager, checklists, bug template & bug report Python Free False
Smersh [Website] [Source] Pentest oriented collaborative tool used to track the progress of your company's engagements and generate reports PHP Free False
SwiftnessX [Source] Cross-platform note-taking and target-tracking app for penetration testers JavaScript Free False
SysReptor [Website] [Source] Collaborative penetration test, vulnerability database and reporting platform; supports findings in markdown, customized reports in HTML and VueJS, rendering to PDF, MFA, note-taking, data encryption, SSO Python Free False
vcr [Source] Vulnerability Compliance Report; parse Nessus CIS benchmark scan files and generate HTML reports PowerShell Free False
vuldash [Website] [Source] Vulnerability Dashboard; vulnerability database, project management and report generation PHP Free False
VULNREPO [Website] [Source] Vulnerability report generator JavaScript Free False
Vulnreport [Website] [Source] Pentesting management and automation platform Ruby Free False
WriteHat [Website] [Source] Collaborative penetration test reporting platform Python Free False
ZinnoX Reporting Tool [Website] ZRT; project management, vulnerability management and pentest report creation application Paid False

Configuration Audit

Name Website Source Description Programming language Price Online
CIS CAT Lite [Website] Asses systems against CIS Benchmarks Free False
CIS CAT Pro [Website] Asses systems against CIS Benchmarks Paid False
Iniscan [Source] php.ini scanner for security best practices PHP Free False
Local PHP Security Checker [Source] CLI tool that checks if your PHP application depends on PHP packages with known security vulnerabilities PHP Free False
Lynis [Website] [Source] Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional. Shell Free False
Master librarian [Source] Audit Unix/*BSD/Linux system libraries to find public security vulnerabilities Python Free False
Nipper Studio [Website] Tool that parse router, switch, firewall configuration to discover vulnerabilities Paid False
Nipper-ng [Source] Tool that parse router, switch, firewall configuration to discover vulnerabilities CPlusPlus Free False
pcc [Source] PHP Secure Configuration Checker; parse php.ini to find security misconfiguration PHP Free False
PingCastle [Website] [Source] Assess the Active Directory security level with a methodology based on risk assessment CSharp Paid False
YASAT [Source] TYet Another Stupid Audit Tool; check general Linux system and common softwares configuration Shell Free False

Cracking

Name Website Source Description Programming language Price Online
bkcrack [Source] Crack legacy zip encryption with Biham and Kocher's known plaintext attack CPlusPlus Free False
BEWGor [Source] Bull's Eye Wordlist Generator, password wordlist generator based on target information Python Free False
Bopscrk [Source] Before Outset PaSsword CRacKing, password wordlist generator with exclusive features like lyrics based mode Python Free False
CeWL [Source] Custom wordlist generator based on website crawling Ruby Free False
ComPP [Source] Company Passwords Profiler helps making a bruteforce wordlist for a targeted company Python Free False
cook [Source] Wordlist generator: create permutations and combinations of words with predefined sets of extensions, words and patterns/function to create complex endpoints, wordlists and passwords Go Free False
Cracken [Source] Password wordlist generator, Smartlist creation and password hybrid-mask Rust Free False
CrackerJack [Website] [Source] Hashcat WebUI; session management, mask generation, API, notifications, local and LDAP authentication Python Free False
Cracklord [Website] [Source] Scalable, pluggable, and distributed system for hash cracking, supports Hashcat Go Free False
CrackQ [Source] Hashcat cracking queue system, API and WebUI Python Free False
crackpkcs12 [Source] Multithreaded program to crack PKCS#12 files (p12 and pfx extensions) C Free False
CrackStation [Website] [Source] Pre-computed lookup tables to crack password hashes PHP Free True
crunch [Source] Wordlist generator C Free False
CUPP [Source] Common User Passwords Profiler, wordlist generator based on user profiling Python Free False
Duplicut [Source] Remove duplicates from massive wordlist, without sorting it (for dictionary-based password cracking) C Free False
elpscrk [Source] Wordlist generator based on user profiling Python Free False
Fitcrack [Website] [Source] Hashcat-based distributed password cracking system with WebUI C Free False
GAU [Source] Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, Common Crawl, and URLScan for any given domain Go Free False
GeoWordlists [Source] Generate wordlists of passwords containing cities at a defined distance around the client city Python Free False
GoCrack [Source] Management frontend for hash cracking tools, supporting hashcat Go Free False
graphcat [Source] Generate graphs and charts based on password cracking results; supports hashcat and john the ripper potfile as well as ntds file Python Free False
Hashcat [Website] [Source] Hash cracking tool C Free False
hashcobra [Source] Hash cracking tool using rainbow tables CPlusPlus Free False
HashKitty [Source] Web interface for Hashcat TypeScript Free False
Hashpass [Source] Hashcat WebUI; queuing, local authentication, SMS and email notifications, map integration Ruby Free False
Hashtopolis [Source] Hashcat wrapper for distributed hashcracking PHP Free False
Hashview [Website] [Source] Web-UI for managing, organizing, automating Hashcat commands/tasks Python Free False
John The Ripper [Website] Hash cracking tool C Free False
John the Ripper, Jumbo version [Website] [Source] Hash cracking tool, community-enhanced version of John The Ripper C Free False
johnny [Website] [Source] GUI frontend to John the Ripper CPlusPlus Free False
kh2hc [Website] [Source] Convert OpenSSH known_hosts file hashed with HashKnownHosts to hashes crackable by Hashcat Ruby Free False
Kraken [Source] Hashcat-based distributed password cracking system with WebUI; has a desktop client in addition Java Free False
Kraker [Source] Distributed password brute-force system, supports Hashcat PHP Free False
longtongue [Source] Password wordlist generator based on target information Python Free False
lyricpass [Source] Tool to generate wordlists based on lyrics Python Free False
Mentalist [Source] Graphical tool for custom wordlist generation, can output rules compatible with Hashcat and John the Ripper Python Free False
Narthex [Website] [Source] Modular personalized dictionary generator C Free False
npk [Source] Distributed hash cracking platform meant to be deployed on AWS (Cognito, DynamoDB, S3) so you pay only when you have a task running JavaScript Free False
NTLM to password [Website] NTLM hash lookup table, billions of passwords indexed Free True
Ophcrack [Website] [Source] Windows hash cracker based on rainbow tables Free False
PACK [Source] A collection of utilities developed to aid in analysis of password lists in order to enhance password cracking through pattern detection of masks, rules, character-sets and other password characteristics Python Free False
pnwgen [Source] Phone number wordlist generator Python Free False
PowerSniper [Source] Password spraying script and helper for creating password lists PowerShell Free False
pydictor [Source] Multi-method password wordlist generator Python Free False
RubyHashcat [Website] [Source] Command line wrapper, library, and REST API for oclHashcat Ruby Free False
rulesfinder [Source] Machine-learn password mangling rules; finds efficient password mangling rules (for John the Ripper or Hashcat) for a given dictionary and a list of passwords Rust Free False
Spraygen [Source] Permutation-based password list generator Python Free False
TTPassGen [Source] Flexible and scriptable password dictionary/wordlist generator Python Free False
Wavecrack [Source] Hashcat WebUI; asynchronous task, chain tasks, statistics, export, segregation, local and LDAP authentication Python Free False
WebHashcat [Source] Hashcat WebUI with distributed cracking sessions and analytics Python Free False
WOG [Website] [Source] Weakpass rule-based online generator; generates a wordlist based on a set of words entered by the user JavaScript Free True
wordlist.rb [Source] Library for reading, combining, manipulating, and building wordlists, efficiently Ruby Free False
wordlistctl [Source] Fetch, install and search wordlist archives from websites and torrent peers Python Free False
wordlistgen [Source] Generate context-specific wordlists for content discovery from lists of URLs or paths Go Free False

Crisis Management

Name Website Source Description Programming language Price Online
Codechella Crisis Response [Source] An application curated to crisis zones to facilitate the dissemination of accurate mission-critical information from sources on the ground to key partners with minimal lag time Python Free False
Enki [Source] Crisis management platform Python Free False
NTU Crysis [Source] Crisis management web application / project for software systems analysis and design JavaScript Free False
OpenEx [Source] Platform allowing organizations to plan, schedule and conduct crisis exercises JavaScript Free False
OASIS EMF [Website] [Source] A reference implementation and toolkit for enabling standardized emergency information exchange using the OASIS Emergency Data Exchange Language (EDXL) Free False

Cryptography

Name Website Source Description Programming language Price Online
c7decrypt [Source] Cisco password type-7 encryptor and decryptor Ruby Free False
Cipher Suite Info [Website] [Source] A searchable directory of TLS ciphersuites and related security details Python Free True
crypto-condor [Website] [Source] Compliance testing of implementations of cryptographic primitives Python Free False
CryptoGuard [Source] Program analysis tool to find cryptographic misuse in Java and Android Java Free False
crypto-identifier [Source] Tool that try to identify what cipher is used and uncipher the data Python Free False
Crypton [Source] Library consisting of explanation and implementation of all the existing attacks on various Encryption Systems, Digital Signatures, Hashing Algorithms along with example challenges from CTFs Python Free False
CRYPTOREX [Source] Large-scale firmware analysis of cryptographic misuse in IoT devices; supports ARM, MIPS, MIPSel architetures Python Free False
Cryscanner [Source] Identify misuse of cryptographic libraries by collecting and analysing logs Python Free False
Dcode [Website] Code and decode all kind of checksums, algorithms, codes or ciphers Free True
FeatherDuster [Source] Cryptanalysis tool and library Python Free False
Haiti [Website] [Source] Hash type identifier (CLI & lib) Ruby Free False
hashID [Source] Identify the different types of hashes Python Free False
houndsniff [Website] [Source] Identify the different types of hashes C Free False
JWT-Key-Recovery [Source] Recover the public key used to sign JWT tokens Python Free False
PkCrack [Website] Tool for breaking PkZip encryption Free False
RsaCtfTool [Source] Tool to conduct manual or automated attack on RSA Python Free False
RSATool [Source] Tool to calculate RSA parameters Python Free False
RSHack [Source] RSA attack and key manipulation tool Free False
XORTool [Source] Tool to analyze multi-byte xor cipher Python Free False

Defensive

Name Website Source Description Programming language Price Online
AnoMark [Source] Statistical learning algorithm to create a model on the command lines of the Process Creation events on Windows, in order to detect anomalies in future events Python Free False
BlueHound [Source] Helps blue teams pinpoint the security issues that actually matter by combining information about user permissions, network access and unpatched vulnerabilities, to reveal the paths attackers would take if they were inside the network TypeScript Free False
DARKSURGEON [Source] Windows project to empower incident response, digital forensics, malware analysis, and network defense with HashiCorp Packer and Vagrant PowerShell Free False
Deming [Source] Management tool for the information security management system (ISMS); manage, plan, track and report the effectiveness of security controls PHP Free False
DenyLocker [Source] Make the creation and maintenance of Applocker rules in blacklist mode easy and practical PowerShell Free False
driftctl [Source] Measures infrastructure as code coverage, and tracks infrastructure drift Go Free False
FalconHound [Source] Plug BloodHound with a SIEM or other log aggregation Go Free False
GraphQL Armor [Source] GraphQL security layer for Apollo and Yoga / Envelop servers TypeScript Free False
Have I Been Squatted? - Twistr [Website] [Source] Generate all permutations of a domain which are enriched for typosquatting detection Rust Free True
Imagemagick Security Policy Evaluator [Website] [Source] Allows developers and security experts to check if an Imagemagick XML Security Policy is hardened against a wide set of malicious attacks JavaScript Free True
libiris [Source] Cross-platform sandboxing library Rust Free False
Mercator [Source] Web application to manage the mapping of an information system as described in the Mapping The Information System Guide of the ANSSI PHP Free False
Pandora [Website] [Source] Analysis framework that discovers if a file is suspicious and conveniently show the results Python Free True
Pandora-box [Source] Detect and remove malware from USB disks (based on Pandora) Shell Free False
Santa [Source] Binary authorization system for macOS ObjC Free False
usbsas [Source] Tool and framework for securely reading untrusted USB mass storage devices Rust Free False
Wazuh [Website] [Source] Security monitoring solution for threat detection, integrity monitoring, incident response and compliance; unified XDR and SIEM protection for endpoints and cloud workloads C Free False
WHIDS [Source] EDR for Windows Go Free False

Digital Forensics

Name Website Source Description Programming language Price Online
Andriller [Source] Software utility with a collection of forensic tools for smartphones; performs read-only, non-destructive acquisition Python Free False
Cerbero Profiler [Website] File analyzer and inspector Paid False
ds_store_exp [Source] Extract files from .DS_Store recursively Python Free False
EML analyzer [Website] [Source] Analyze EML files: headers, bodies, attachments; extract IOCs; identify suspicious attachments Python Free False
ExifTool [Website] [Source] Library and CLI tool for reading, writing and editing metadata for a lot of file types Perl Free False
extundelete [Website] [Source] Tool to recover deleted files from an ext3 or ext4 partition Free False
Fibratus [Source] Tool for exploration and tracing of the Windows kernel Python Free False
Foremost [Website] [Source] CLI tool to recover files based on their headers, footers, and internal data structures Free False
ForensicMiner [Source] DFIR automation for collecting and analyzing evidence PowerShell Free False
FTK Imager [Website] Investigate electronic devices; full disk imaging capabilities: preview and image hard drives from Windows and Linux computers, CDs, DVDs, thumb drives, and other USB; forensic image mounting: mount an image for a read-only view that leverages file explorer; preview data; RAM capture Paid False
Live Forensicator [Source] Assist forensic investigators and incidence responders in carrying out a quick live forensic investigation PowerShell Free False
MVT [Website] [Source] Mobile Verification Toolkit; collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices Python Free False
rekall [Website] [Source] Volatile memory extraction utility Python Free False
rekall (Fireeye fork) [Source] Fork of rekall with support for Windows 10 memory compression Python Free False
ResourcesExtract [Website] Scans dll/ocx/exe files and extract all resources found, Windows only Free False
shellbags [Source] Shellbag parser (Windows Registry Keys) Python Free False
Tracee [Website] [Source] Linux runtime observability and forensics using eBPF to tap into the system and expose information as events that can be consumed Go Free False
Velociraptor [Website] [Source] Endpoint visibility and collection tool Go Free False
volatility [Website] [Source] Volatile memory extraction utility Python Free False
volatility (Fireeye fork) [Source] Fork of volatility with support for Windows 10 memory compression Python Free False

Hardware

Name Website Source Description Programming language Price Online
ChipWhisperer [Website] [Source] Toolchain for side-channel power analysis and glitching attacks C Free False
SmmBackdoorNg [Source] System Management Mode (SMM) backdoor for UEFI based platforms Python Free False

Honeypot and Decoy

Name Website Source Description Programming language Price Online
broneypote [Source] Honeypot Python Free False
Canarytokens [Website] [Source] Quickly deployable honeypot with docker image, the online service allows to get alerted by email for URL token, DNS token, unique email address, custom image, MS word doc., Acrobat Reader PDF doc., and more Python Free True
DejaVU [Source] Deception framework which can be used to deploy decoys across the infrastructure PHP Free False
Galah [Source] LLM-powered web honeypot using the OpenAI API Go Free False
Honeyscanner [Source] Vulnerability analyzer for honeypots Python Free False
pypotomux [Source] Protocol demuxed honeypot and wordlists collected from it Python Free False

Incident Response

Name Website Source Description Programming language Price Online
DFIR ORC [Website] [Source] Forensics artefact collection tool for systems running Microsoft Windows CPlusPlus Free False
DFIRTrack [Source] Incident response tracking web application, focused on handling one major incident with a lot of affected systems Python Free False
Fenrir [Source] IOC scanner Shell Free False
IntelMQ [Source] Solution for collecting and processing security feeds using a message queuing protocol Python Free False
IRIS [Website] [Source] Collaborative platform aiming to help incident responders sharing technical details during investigations Python Free False
Loki [Source] IOC scanner Python Free False
Munin [Source] Online hash checker for Virustotal and other services Python Free False
Osquery [Website] [Source] Uses SQL queries to monitor and analyze operating systems, providing endpoint visibility for security CPlusPlus Free False
SCOT [Website] [Source] Sandia Cyber Omni Tracker; cyber security incident response management system and knowledge base Perl Free False
Sigma [Source] Generic signature format for SIEM systems Python Free False
ThreatHound [Source] Windows event log file viewer and analyser Python Free False
uncoder.io [Source] Translate sigma rules into various SIEM, EDR, and XDR formats Free True
YARA [Website] [Source] Pattern matching helping malware researchers to identify and classify malware samples C Free False
yarAnalyzer [Source] Creates statistics on a yara rule set and files in a sample directory Python Free False
Yara Toolkit [Website] Yara rules editor, generator, scanner Python Free True
yarGen [Source] YARA rules generator Python Free False
YAYA [Source] Yet Another Yara Automaton; automatically curate open source yara rules and run scans Go Free False

Intentionally Vulnerable Applications

Name Website Source Description Programming language Price Online
Bodhi [Source] Client-side vulnerability playground, CTF style application, a bot program which simulates the real-world victim Python Free False
Bust-A-Kube [Website] Intentionally-vulnerable Kubernetes cluster, intended to help people self-train on attacking and defending Kubernetes clusters PHP Free False
bWAPP [Website] [Source] Buggy Web Application, insecure webapp for security trainings PHP Free False
DVIA [Website] [Source] Damn Vulnerable iOS App, insecure webapp for mobile security trainings Swift Free False
DVGA [Source] Damn Vulnerable GraphQL Application, insecure webapp for GraphQL security trainings Python Free False
DVWA [Website] [Source] Damn Vulnerable Web Application, insecure webapp for security trainings PHP Free False
Google Gruyere [Website] [Source] Codelab for white-box and black-box hacking Python Free True
Hackazon [Source] Intentionally vulnerable web shopping application using modern technologies and containing configurable areas PHP Free False
Metasploitable [Source] VM that is built from the ground up with a large amount of security vulnerabilities Free False
OWASP Juice Shop [Website] [Source] Insecure web application with >85 challenges; supports CTFs, custom themes, tutorial mode etc. JavaScript Free False
OWASP Mutillidae II [Website] [Source] Intentionally vulnerable web-application containing some OWASP Top Ten vulnerabilities, with hints and switch for secure version of the code PHP Free False
OWASP WebGoat [Website] [Source] Deliberately insecure web application to teach web application security lessons Java Free False
simulator [Source] Distributed systems and infrastructure simulator for attacking and debugging Kubernetes, creates a Kubernetes cluster in AWS and runs scenarios which misconfigure it or leave it vulnerable to compromise to train in mitigating against these vulnerabilities Python Free False
VAmPI [Source] Vulnerable REST API with OWASP top 10 vulnerabilities for security testing Python Free False
XVNA [Source] Extreme Vulnerable Node Application, insecure webapp for security trainings JavaScript Free False

Networking

Name Website Source Description Programming language Price Online
ActiveDirectoryEnumeration [Source] Enumerate AD through LDAP with a collection of helpfull scripts being bundled: ASREPRoasting, Kerberoasting, dump AD as BloodHound JSON files, searching GPOs in SYSVOL for cpassword and decrypting, run without creds Python Free False
Adalanche [Source] Active Directory ACL visualizer and explorer; similar to BloodHound Go Free False
ad-ldap-enum [Source] LDAP based Active Directory user and group enumeration tool Python Free False
ADCSKiller [Source] ADCS exploitation automation by weaponizing Certipy and Coercer Python Free False
ADenum [Source] Find misconfiguration through the LDAP protocol and exploit some weaknesses with kerberos Python Free False
adfsbrute [Source] Test credentials against Active Directory Federation Services (ADFS), allowing password spraying or bruteforce attacks Python Free False
adidnsdump [Source] Enumeration and exporting of all DNS records in ADIDNS domain or forest DNS zones Python Free False
ADMiner [Source] Active Directory audit tool that extract data from Bloodhound to uncover security weaknesses and generate an HTML report Python Free False
ADRecon [Source] Gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment PowerShell Free False
archtorify [Source] Script for Arch Linux which use iptables settings to create a transparent proxy through Tor Network Shell Free False
Arecibo [Source] Endpoint for Out-of-Band Exfiltration (DNS & HTTP) Python Free False
arp-scan [Source] Discover hosts on your network using ARP requests C Free False
ASNmap [Source] CLI and Library for quickly mapping organization network ranges using ASN information Go Free False
beanshooter [Source] JMX enumeration and attacking; helps to identify common vulnerabilities on JMX endpoints Java Free False
bettercap [Website] [Source] MITM framework Ruby Free False
bettercap web UI [Website] [Source] Web UI for bettercap TypeScript Free False
BloodHound CLI [Source] Manage BloodHound through the command-line Go Free False
BloodHound CE [Source] BloodHound v5; uses graph theory to reveal the hidden relationships within an Active Directory or Azure environment, quickly identify highly complex attack paths JavaScript Free False
BloodHound Legacy [Source] BloodHound v4; uses graph theory to reveal the hidden relationships within an Active Directory or Azure environment, quickly identify highly complex attack paths JavaScript Free False
BloodHound.py [Source] Data collector for BloodHound Legacy (v4), based on Impacket Python Free False
BloodHound.py CE [Source] Data collector for BloodHound CE (v5), based on Impacket Python Free False
bloodyAD [Source] Active Directory privilege escalation framework Python Free False
boofuzz [Source] Network protocol fuzzing framework Python Free False
Boomerang [Source] Client/Server HTTP pivoting tool Go Free False
bore [Source] Creates a TCP tunnel; exposing local ports to a remote server, bypassing standard NAT connection firewalls Rust Free False
BruteSpray [Source] Takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa Python Free False
BruteX [Source] Tool using nmap and hydra to automatically bruteforce network service accounts Shell Free False
Carnivore [Website] [Source] Assessment of on-premises Microsoft servers such as ADFS, Skype, Exchange, and RDWeb CSharp Free False
CapAnalysis [Website] [Source] PCAP analyzer C Free True
Cerbrutus [Source] Network services credentials brute-forcer: SSH, FTP Python Free False
Certipy [Source] Active Directory Certificate Services enumeration and exploitation Python Free False
certsync [Source] Dump NTDS with golden certificates and UnPAC the hash Python Free False
chisel [Source] Fast TCP tunneling over HTTP secured by SSH Go Free False
CloudShark [Website] PCAP analyzer Paid True
Coercer [Source] Coerce a Windows server to authenticate on an arbitrary machine through 12 methods Python Free False
ConPass [Source] Password spraying in Active Directory checking the default domain password policy as well as PSO and the badpwdcount LDAP attribute to avoid account locking Python Free False
CrackMapExec [Source] Post-exploitation tool to assess Active Directory networks Python Free False
DC Detector [Source] Spot all domain controllers in a Microsoft Active Directory environment, find computer name, FQDN, and IP address(es) of all DCs Ruby Free False
DnsFookup [Source] Create DNS request collector and inspector Python Free False
DNS Rebinding Tool [Website] [Source] Toolkit to test further DNS rebinding attacks JavaScript Free True
Evil-WinRM [Source] Enhanced WinRM shell Ruby Free False
evilginx2 [Source] Man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication Go Free False
Garfield [Source] Attack framework for distributed systems Python Free False
Girsh [Source] Detect the OS and execute the correct commands to upgrade it to a full interactive reverse shell Go Free False
Go-RouterSocks [Source] Socks proxy router to handle multi-clients on the same port Go Free False
go-secdump [Source] Remotely dump secrets from the Windows registry (SAM hive, LSA secrets, SECURITY hive) Go Free False
GoldenCopy [Source] Copy the properties and groups of a user from neo4j (bloodhound) to create an identical golden ticket Python Free False
GoMapEnum [Source] User enumeration and password bruteforce on Azure, ADFS, OWA, O365 and gather emails on Linkedin Go Free False
goddi [Source] Active Directory domain information dumper Go Free False
Group3r [Source] Enumerate relevant settings in AD Group Policy, identify exploitable misconfigurations CSharp Free False
HASSH [Source] Network fingerprinting standard which can be used to identify specific client and server SSH implementations Python Free False
HEKATOMB [Source] Retrieve all computers and users informations from AD LDAP; download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them Python Free False
HellRaiser [Source] Scan with nmap to correlate CPE's found with cve-search to enumerate vulnerabilities Ruby Free False
HivExcavator [Source] Extracting the contents of Microsoft Windows Registry (hive) and display it as a colorful tree but mainly focused on parsing BCD files to extract WIM files path for PXE attacks Ruby Free False
hoaxshell [Source] Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell Python Free False
HTTPRebind [Source] Automatic DNS rebinding-based SSRF attacks Python Free False
Hydra [Website] [Source] Network login cracker C Free False
Ica2Tcp [Source] SOCKS proxy for Citrix C Free False
ImproHound [Source] Identify the attack paths in BloodHound breaking AD tiering CSharp Free False
Jaqen [Source] Abstracts away the complex steps required to perform a DNS rebind and exposes a HTML5 Fetch interface which transparently triggers a DNS rebind Go Free False
kalitorify [Source] Script for Kali Linux which use iptables settings to create a transparent proxy through Tor Network Shell Free False
Kerbrute [Source] Bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication Go Free False
KRBJack [Source] DNS dynamic update abuse in ADIDNS via DSPROPERTY_ZONE_ALLOW_UPDATE set to ZONE_UPDATE_UNSECURE combined with MitM attack using Kerberos AP-REQ hijacking Python Free False
Krbrelayx [Website] [Source] Toolkit for abusing unconstrained delegation Python Free False
KubeHound [Source] Kubernetes attack graph tool allowing automated calculation of attack paths between assets in a cluster Go Free False
LDAPDomainDump [Source] Active Directory information dumper via LDAP Python Free False
LDAPmonitor [Source] Monitor creation, deletion and changes to LDAP objects live during pentest or system administration Python Free False
ldeep [Source] Active Directory LDAP enumeration utility Python Free False
Legba [Source] Multiprotocol credentials bruteforcer, password sprayer and enumerator Rust Free False
Ligolo [Source] Pivot / reverse tunneling tool with SOCKS5 and TCP tunnel support Go Free False
Ligolo-ng [Source] Pivoting via TCP/TLS reverse tunneling with TUN interface Go Free False
linWinPwn [Source] Script that automates a number of Active Directory enumeration and vulnerability checks Python Free False
Locksmith [Source] Find and fix common misconfigurations in AD CS PowerShell Free False
lsassy [Source] CLI tool and library to extract credentials from lsass remotely Python Free False
Mail.Rip V2 [Source] SMTP credentials bruteforcer / checker Python Free False
Malifar [Source] GPU-accelerated NSEC3 zone dumper Python Free False
MAN-SPIDER [Source] Crawl SMB shares for juicy information; supports file content searching and regex Python Free False
Masscan [Source] Port scanner for massive networks C Free False
Medusa [Website] [Source] Network login cracker C Free False
Medusa-gui [Source] GUI for Medusa Java Free False
mitm6 [Source] DNS poisoning via DHCPv6 MitM Python Free False
modifyCertTemplate [Website] [Source] Aid operators in modifying ADCS certificate templates so that a created vulnerable state can be leveraged for privilege escalation Python Free False
MSSQLRelay [Website] [Source] MSSQL relay audit and abuse Python Free False
naabu [Website] [Source] Port scanner with a focus on reliability and simplicity Go Free False
ncat [Website] [Source] Improved reimplementation of Netcat by nmap team; Supports TCP and UDP, IPv4 and IPv6, SSL, proxy (HTTP and SOCKS4) C Free False
Ncrack [Website] [Source] Reliable and adaptative network login cracker supporting a large number of protocols CPlusPlus Free False
nemesis [Website] [Source] Packet manipulation CLI tool; craft and inject packets of several protocols Python Free False
NetExec [Website] [Source] Windows / Active Directory environments pentest; fork of CrackMapExec Python Free False
Netfort Free Cloud Based PCAP Analysis [Website] PCAP analyzer; needs registration Free True
NetworkMiner [Website] Network sniffer/packet capturing tool Free False
NetworkTotal [Website] PCAP analyzer; using Suricata Free True
ngocok [Source] ngrok collaborator link Go Free False
Nipe [Source] Script to make TOR as default gateway Perl Free False
Nmap [Website] [Source] Tool for network discovery and security auditing C Free False
nmap-parse-output [Source] Converts / manipulates / extracts data from a nmap scan output Shell Free False
NMapGUI [Source] Advanced GUI for Nmap Java Free False
Nozzlr [Source] Multithreaded and modular bruteforce framework with network templates Python Free False
nsec3map [Source] NSEC/NSEC3 zone dumper Python Free False
ntlm_theft [Source] Generate multiple types of NTLMv2 hash theft files Python Free False
onesixtyone [Source] SNMP scanner C Free False
OOB-Server [Source] Bind9 DNS server for pentesters to use for Out-of-Band vulnerabilities Shell Free False
owabrute [Source] Hydra wrapper for bruteforcing Microsoft Outlook Web Application Shell Free False
PacketFu [Source] Packet manipulation library; forge, send, decode, capture packets of a wide number of protocols Ruby Free False
PacketTotal [Website] PCAP analyzer; using Bro (Zeek), Suricata and Elasticsearch Free True
PacketWhisper [Source] Stealthy Data exfiltration via DNS, without the need for attacker-controlled Name Servers or domain Python Free False
Patator [Source] Multi-protocol bruteforce tool Python Free False
PKINIT tools [Source] Kerberos PKINIT and relaying to AD CS Python Free False
polarbearscan [Website] [Source] Port scanner and banner grabber C Free False
PolarDNS [Source] Specialized authoritative DNS server suitable for penetration testing and vulnerability research Python Free False
Polymorph [Source] Real-time network packet manipulation framework Python Free False
PowerHuntShares [Source] Audit script to inventory, analyze, and report excessive privileges assigned to SMB shares on Active Directory domain joined computers PowerShell Free False
PSPKIAudit [Source] AD CS auditing based on the PSPKI toolkit PowerShell Free False
pty4all [Source] Persistent multi reverse shell handler Shell Free False
pwncat [Website] [Source] Sophisticated bind and reverse shell handler with many features as well as a drop-in replacement or compatible complement to netcat, ncat or socat Python Free False
pwncat-caleb [Website] [Source] Fancy reverse and bind shell handler, can perform automated actions on the remote host including enumeration, implant installation and privilege escalation; attempt to spawn a pseudoterminal (pty) for a full interactive session Python Free False
pyGPOAbuse [Source] Partial python implementation of SharpGPOAbuse; modify an existing GPO by creating an immediate scheduled task as SYSTEM on the remote computer for computer GPO or logged in user for user GPO Python Free False
pywerview [Source] A partial Python rewriting of PowerSploit's PowerView Python Free False
PyWhisker [Source] Persistent and stealthy backdooring of user and computer Active Directory objects Python Free False
PyWSUS [Website] [Source] WSUS server designed to send malicious responses to clients Python Free False
rbndr [Source] Server for testing software against DNS rebinding vulnerabilities C Free False
rdp-sec-check [Source] Script to enumerate security settings of an RDP Service Perl Free False
rdp2tcp [Source] TCP tunneling through remote desktop connection (RDP) C Free False
reGeorg [Source] SOCKS proxies through the DMZ for pivoting Python Free False
Responder [Source] LLMNR, NBT-NS and MDNS poisoner to intercept authentication requests/answers Python Free False
Rebind [Source] Implements multiple A record DNS rebinding attack Free False
RMIScout [Website] [Source] Enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities through wordlist and bruteforce strategies Java Free False
RouterSploit [Source] Exploitation framework for embedded devices: exploits, default credentials, scanners, payloads Python Free False
Rubeus [Source] Kerberos interaction and abuses CSharp Free False
ruby-nmap [Source] Library for nmap, allows automating nmap and parsing nmap XML files Ruby Free False
Rustcat [Website] [Source] Port and reverse shell listener; less features than ncat, pwncat, pwncat-caleb but has command history Rust Free False
RustHound [Website] [Source] Active Directory data collector for BloodHound Rust Free False
sandmap [Website] [Source] Metasploit-like CLI interface for Nmap Script Engine (NSE) Shell Free False
Scapy [Website] [Source] Packet manipulation library; forge, send, decode, capture packets of a wide number of protocols Python Free False
SCCMHunter [Source] Streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain Python Free False
SELKS [Website] [Source] IDS / IPS / NSM Debian distribution based on Suricata Free False
Seth [Source] RDP MitM tool Python Free False
SharpHound [Website] [Source] Data collector for BloodHound v5 CSharp Free False
Shovel [Source] Traffic analyser; web interface to explore Suricata EVE outputs Python Free False
SilentHound [Source] Quietly enumerates an Active Directory Domain via LDAP parsing users, admins, groups Python Free False
SiLK [Website] System for Internet-Level Knowledge; collection of traffic analysis tools developed to facilitate security analysis of large networks Free False
Singularity [Website] [Source] DNS rebinding attack framework Go Free False
sJET [Source] JMX Exploitation Toolkit Python Free False
smbclient-ng [Source] SMB shares interaction Python Free False
Snaffler [Source] Find credentials and valuable information from windows active directory environments (shares, files) CSharp Free False
SNMP Brute [Source] SNMP brute force, enumeration, CISCO config downloader and password cracking script Python Free False
snmpbw.pl [Source] Multithreaded script for bulk walking targeted host systems for SNMP data Perl Free False
Snort [Website] [Source] Intrusion detection system that monitors network traffic for suspicious activities and threats C Free False
SprayHound [Source] Password spraying in Active Directory checking the default domain password policy and the badpwdcount LDAP attribute to avoid account locking, set pwned users as owned in Bloodhound and detect path to Domain Admins Python Free False
ssh-audit [Website] [Source] SSH scanner that detects protocol, version, grab banner, recognize software and operating system, output algorithm information and recommendations Python Free False
sshame [Source] Brute force SSH public-key authentication interactively Python Free False
Sshimpanzee [Website] [Source] Builds a static reverse SSH server for pivoting; supports HTTP and SOCKS5 proxies, DNS and ICMP tunnelling, HTTP encapsulation Python Free False
Suricata [Website] [Source] Intrusion detection system and intrusion prevention system for network analysis and threat detection C Free False
Suricata Language Server [Website] [Source] Implementation of the Language Server Protocol for Suricata signatures; real-time rule syntax checking and auto-completion Python Free False
Tsunami [Source] Network security scanner with an extensible plugin system Java Free False
Turner [Source] Tunnels HTTP over a permissive/open TURN server; supports HTTP and SOCKS5 proxy Go Free False
WebMap v1 [Source] A web dashboard for nmap XML report Python Free False
WebMap v2 [Source] A web dashboard for nmap XML report Python Free False
Whonow [Source] DNS Server for executing DNS Rebinding attacks JavaScript Free False
windapsearch [Source] Script to enumerate users, groups and computers from a Windows domain through LDAP queries Python Free False
Wireshark [Website] [Source] Network protocol analyzer CPlusPlus Free False
Wirego [Source] Wireshark plugin framework based on ZMQ C Free False
WireSocks [Source] WireGuard socks proxy for pentest pivoting Shell Free False
Whisker [Source] Take over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding Shadow Credentials to the target account CSharp Free False
wmiexec-Pro [Source] Perform different ways of command execution via WMI protocol (port 135) for AV evasion Python Free False
XFLTReaT [Source] Tunnelling framework; supports TCP, UDP, ICMP, SOCKS, HTTP, SCTP, WebSocket, RDP Python Free False
Xprobe2 [Source] Remote active operating system fingerprinting CPlusPlus Free False
yersinia [Source] Framework for layer 2 attacks C Free False
Zeek [Website] [Source] Intrusion detection system for network traffic analysis and security monitoring; formerly Bro CPlusPlus Free False
Zenmap [Website] [Source] GUI for Nmap Python Free False
Zmap [Website] [Source] Collection of tools to scan and study massive networks C Free False
zone-walker [Source] NSEC zone dumper JavaScript Free False

OSINT and Reconnaissance

Name Website Source Description Programming language Price Online
alterx [Source] Customizable subdomain wordlist generator using DSL Go Free False
Amass [Website] [Source] DNS enumeration and network mapping tool suite: scraping, recursive brute forcing, crawling web archives, reverse DNS sweeping Go Free False
Argus [Source] All-in-one toolkit for information gathering and reconnaissance Python Free False
Ars0n Framework [Source] Bug bounty hunting framework to automate the reconnaissance in a WebUI JavaScript Free False
Ars0n Framework v2 [Source] Bug bounty hunting framework to automate the reconnaissance in a WebUI JavaScript Free False
Asnlookup [Source] Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it Python Free False
AttackSurfaceMapper [Source] Subdomain enumerator Python Free False
AutoRecon [Source] Multi-threaded network reconnaissance tool which performs automated enumeration of services Python Free False
badKarma [Source] Advanced network reconnaissance tool Python Free False
BBOT [Source] OSINT framework; subdomain enumeration, port scanning, web screenshots, vulnerability scanning Python Free False
Belati [Source] OSINT tool, collect data and document actively or passively Python Free False
Bitcrook [Source] Reconnaissance Apparatus; Information gathering, conglomerate of tools including custom algorithms, API wrappers Go Free False
cariddi [Source] Takes a list of domains, crawls urls and scans for endpoints, secrets, api keys, file extensions, tokens Go Free False
Censys [Website] Search devices connected to the internet; helps find information about desktops, servers, IoT devices; including metadata such as the software running Paid True
Certstream [Website] [Source] Intelligence feed that gives real-time updates from the Certificate Transparency Log network Elixir Free False
Darkshot [Source] Lightshot scraper with multi-threaded OCR and auto categorizing screenshots Python Free False
dataleaks [Source] Self-hosted data breach search engine PHP Free False
datasploit [Website] [Source] OSINT framework, find, aggregate and export data Python Free False
DeadTrap [Website] [Source] Track down footprints of a phone number Python Free False
DNSDumpster [Website] Domain research tool that can discover hosts related to a domain Free True
dnsenum [Source] DNS reconnaissance tool: AXFR, DNS records enumeration, subdomain bruteforce, range reverse lookup Perl Free False
dnsenum2 [Source] Continuation of dnsenum project Perl Free False
DNSRecon [Source] DNS reconnaissance tool: AXFR, DNS records enumeration, TLD expansion, wildcard resolution, subdomain bruteforce, PTR record lookup, check for cached records Python Free False
dnsx [Source] Multi-purpose DNS toolkit allow to run multiple DNS queries Go Free False
domainfinder [Source] Find a domain from an IP address Python Free False
Domainim [Source] Domain reconnaissance for organizational network scanning Nim Free False
EagleEye [Source] Image recognition on instagram, facebook and twitter Python Free False
Espionage [Source] Domain information gathering: whois, history, dns records, web technologies, records Python Free False
eTools.ch [Website] Metasearch engine, query 16 search engines in parallel Free True
Facebook_OSINT_Dump [Source] OSINT tool, facebook profile dumper, windows and chrome only Shell Free False
FinalRecon [Source] Web reconnaissance script Python Free False
Findomain [Source] Fast subdomain enumerator Rust Free False
FOCA [Website] [Source] OSINT framework and metadata analyser Csharp Free False
FULLHUNT [Website] Search devices connected to the internet; helps find information about desktops, servers, IoT devices; including metadata such as the software running Paid True
Geolocation Estimation [Website] Automatic GEOINT using deep learning Free True
ggshield [Source] GitGuardian Shield; CLI application that detects 400+ types of secrets in git repositories Python Free False
GHunt [Source] Investigate Google accounts with emails and find name, usernames, Youtube Channel, probable location, Maps reviews, etc. Python Free False
GitFive [Source] Investigate GitHub profiles; features: username history, email address to GitHub account, finds potential secondary GitHub accounts, dumps SSH public keys, etc. Python Free False
gitGraber [Source] Monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe, etc. Python Free False
GitHound [Source] Find sensitive information in git repositories Go Free False
Gitleaks [Source] Detecting secrets like passwords, API keys, and tokens in git repositories, files or STDIN Go Free False
gittyleaks [Source] Find sensitive information (username, password, email) in git repositories Python Free False
GooFuzz [Source] Passive reconaissance enumerating directories, files, subdomains or parameters using google dorks Shell Free False
Gorecon [Source] Reconnaissance toolkit Go Free False
GoSeek [Source] Username lookup comparable to Maigret/Sherlock, IP Lookup, License Plate & VIN Lookup, Info Cull, and Fake Identity Generator Go Free False
gOSINT [Source] OSINT framework; find mails, dumps, retrieve Telegram history and info about hosts Go Free False
h8mail [Source] Email OSINT & Password breach hunting tool; supports chasing down related email Python Free False
Harpoon [Source] CLI tool; collect data and document actively or passively Python Free False
holehe [Source] Check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function Python Free False
Hunt3r [Website] [Source] Automatic domain recognition (via amass) and vulnerability scan (via nuclei) platform with a WebUI Ruby Free False
Ignorant [Source] Check if a phone number is used on different sites like snapchat, instagram Python Free False
IVRE [Website] [Source] IVRE (Instrument de veille sur les réseaux extérieurs) or DRUNK (Dynamic Recon of UNKnown networks); network recon framework including tools ofr passive and active recon Python Free False
kitphishr [Source] Hunts for phishing kit source code by traversing URL folders and searching in open directories for zip files; supports list of URLs or PhishTank Go Free False
Kostebek [Source] Tool to find firms domains by searching their trademark information Python Free False
LeakDB [Source] Normalize, deduplicate, index, sort, and search leaked data sets on the multi-terabyte-scale Go Free False
LeakIX [Website] Search engine for devices and services exposed on the Internet Free True
LeakLooker [Source] Discover, browse and monitor database/source code leaks Python Free False
leakScraper [Source] Set of tools to process and visualize huge text files containing credentials Python Free False
LinEnum [Source] System script for local Linux enumeration and privilege escalation checks Shell Free False
LinkedInDumper [Source] Dump company employees from LinkedIn API Python Free False
LittleBrother [Source] Information gathering (OSINT) on a person (EU), checks social networks and Pages Jaunes Python Free False
Maigret [Source] Collect a dossier on a person by username from a huge number of sites, and extract details from them Python Free False
Malfrat's OSINT Map [Source] A web-based collection of tools and resources for OSINT; successor of OSINT Framework JavaScript Free True
mantis [Website] [Source] Command-line framework designed to automate the workflow of asset discovery, reconnaissance, and scanning Python Free False
MassDNS [Source] High-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration) C Free False
Metabigor [Source] Searching information about IP address, ASN and organization; doesn't require any API key Go Free False
mihari [Source] Aggregates results from Shodan, Censys, VirusTotal, SecurityTrail, etc. and extracts artifacts (IP addresses, domains, URLs or hashes) Ruby Free False
Netflip [Source] Scrape sensitive information from paste sites CSharp Free False
NExfil [Source] Finding profiles by username over 350 websites Python Free False
Nmmapper [Website] Cybersecurity tools offered as SaaS: nmap, subdomain finder (Sublist3r, DNScan, Anubis, Amass, Lepus, Findomain, Censys), theHarvester, etc. Paid True
Nosey Parker [Source] Finds secrets and sensitive information in textual data and git repositories Rust Free False
nqntnqnqmb [Source] Retrieve information on linkedin profiles, companies on linkedin and search on linkedin companies/persons Python Free False
Oblivion [Source] Data leak checker and monitoring Python Free False
ODIN [Source] Observe, Detect, and Investigate Networks, Automated reconnaissance tool Python Free False
Omnibus [Source] OSINT framework; collection of tools Python Free False
OneForAll [Source] Subdomain enumeration tool Python Free False
OnionSearch [Source] Script that scrapes urls on different .onion search engines Python Free False
OSINT Framework [Website] [Source] A web-based collection of tools and resources for OSINT JavaScript Free True
Osintgram [Source] Interactive shell to perform analysis on Instagram account of any users by their nickname Python Free False
Osmedeus [Website] [Source] Automated framework for reconnaissance and vulnerability scanning Python Free False
Photon [Source] Fast crawler designed for OSINT Python Free False
PITT [Source] Web browser loaded with links and extensions for doing OSINT Free False
ProjectDiscovery [Website] [Source] Monitor, collect and continuously query the assets data via a simple webUI Go Free True
puncia [Website] [Source] CLI utility for Osprey Vision, Subdomain Center & Exploit Observer Python Paid False
ReconDog [Source] Multi-purpose reconnaissance tool, CMS detection, reverse IP lookup, port scan, etc. Python Free False
reconFTW [Source] Perform automated recon on a target domain by running set of tools to perform scanning and finding out vulnerabilities Shell Free False
Recon-ng [Source] Web-based reconnaissance tool Python Free False
Reconnoitre [Source] Tool made to automate information gathering and service enumeration while storing results Python Free False
ReconScan [Source] Network reconnaissance and vulnerability assessment tools Python Free False
Recsech [Source] Web reconnaissance and vulnerability scanner tool PHP Free False
Redscan [Source] Mix of a security operations orchestration, vulnerability management and reconnaissance platform Python Free False
Red Team Arsenal [Source] Automated reconnaissance scanner and security checks Python Free False
reNgine [Website] [Source] Automated recon framework for web applications; customizable scan engines & pipeline of reconnaissance Python Free False
reNgine-ng [Website] [Source] Automated recon framework for web applications; customizable scan engines & pipeline of reconnaissance (reNgine Fork) Python Free False
SearchDNS [Website] Netcraft tool; Search and find information for domains and subdomains Free True
Sherlock [Website] [Source] Hunt down social media accounts by username across social networks Python Free False
Shodan [Website] Search devices connected to the internet; helps find information about desktops, servers, IoT devices; including metadata such as the software running Paid True
shosubgo [Source] Grab subdomains using Shodan api Go Free False
shuffledns [Source] Wrapper around massdns that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support Go Free False
SiteBroker [Source] Tool for information gathering and penetration test automation Python Free False
Sn1per [Source] Automated reconnaissance scanner Shell Paid False
spiderfoot [Website] [Source] OSINT framework, collect and manage data, scan target Python Free False
Stalker [Source] Automated scanning of social networks and other websites, using a single nickname Python Free False
SubDomainizer [Source] Find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github Python Free False
subfinder [Website] [Source] Discovers valid subdomains for websites, designed as a passive framework to be useful for bug bounties and safe for penetration testing Go Free False
Sublist3r [Source] Subdomains enumeration tool Python Free False
subzuf [Source] DNS response-guided subdomain fuzzer Python Free False
Sudomy [Source] Subdomain enumeration tool Python Free False
Tempest [Source] Leverage paste sites as a medium for discovery of objectionable/infringing materials Go Free False
Th3inspector [Source] Multi-purpose information gathering tool Perl Free False
theHarvester [Source] Multi-purpose information gathering tool: emails, names, subdomains, IPs, URLs Python Free False
tinfoleak [Source] Twitter intelligence analysis tool Python Free False
Totem [Source] Retrieve information about ads of a facebook page, retrieve the number of people targeted, how much the ad cost and a lot of other information Python Free False
trape [Source] Analysis and research tool, which allows people to track and execute intelligent social engineering attacks in real time Python Free False
TruffleHog [Source] Find secret information in git repositories Go Free False
TWINT [Source] Twitter Intelligence Tool; Twitter scraping & OSINT tool that doesn't use Twitter's API, allowing one to scrape a user's followers, following, Tweets and more while evading most API limitations Python Free False
uncover [Source] Discover exposed hosts on the internet using multiple search engines Go Free False
waymore [Source] Find links from Wayback Machine, Common Crawl, Alien Vault OTX and URLScan; download the archived responses for URLs on Wayback Machine Python Free False
Web Check [Website] [Source] All-in-one OSINT WebUI for analysing any website JavaScript Free True
yar [Source] Find secret information (secrets, tokens, passwords) in git repositories Go Free False

Other

Name Website Source Description Programming language Price Online
ADB-Toolkit [Source] Wrapper around adb to ease certain tasks Shell Free False
ADeleg [Source] Active Directory delegation management tool allowing to make a detailed inventory of delegations set up so far in a forest Rust Free False
apkpatcher [Website] [Source] Patch APK (inject Frida gadget) by modifying Smali code Python Free False
AppsecStudy [Website] [Source] eLearning management system for information security PHP Free True
Atheris [Source] Coverage-guided Python fuzzing engine Shell Free False
Avast Hack Check [Website] Service to check if an account has been compromised in a data breach, send an email with the breaches not the password Free True
Axiom [Source] Dynamic infrastructure framework to distribute the workload of many different scanning tools with ease Shell Free False
BHQW [Source] Extract information from BloodHound and Neo4J Python Free False
BQM [Website] Bloodhound Query Merger; deduplicate custom BloudHound queries from different datasets and merge them in one customqueries.json file Ruby Free False
BreachDirectory [Website] Service to check if an account has been compromised in a data breach, display the breaches, partial password and hash Free True
Cameradar [Website] RTSP stream access; detect open hosts, device model, automated dictionary attacks on stream route and credentials Ruby Free False
ccs [Source] Code Credential Scanner; scan a large, diverse codebase for hard-coded credentials, or credentials present in configuration files Python Free False
changedetection.io [Source] Self-hosted website change detection tracking, monitoring and notification service Python Free False
CISO Assistant [Source] All-in-one platform for Governance, Risk and Compliance (GRC) management in an operational way, with +70 standards included and multiple capabilities for cybersecurity program management Python Free False
ConvertHound [Source] Convert BloodHound output files into nmap XML that can be imported into reporting software like Dradis and Plextrac Python Free False
ctf-party [Website] [Source] Library to enhance and speed up script/exploit writing for CTF players Ruby Free False
CyberChef [Website] [Source] Data manipulation toolkit in web browser JavaScript Free False
cybernews personal data leak check [Website] Service to check if an account has been compromised in a data breach, only tells if the account is compromised Free True
DeHashed [Website] Service to check if an account has been compromised in a data breach Paid True
discover [Source] Scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit Shell Free False
DoubleTap [Source] Headless browser in order to load pages and execute JavaScript that often generates things like dynamic nonces that validate the page was actually rendered by a human for password spraying Ruby Free False
doxycannon [Source] Proxycannon and botnet, using docker, ovpn files, tor nodes, and dante socks5 proxies that may be used for password spraying Python Free False
Exegol [Website] [Source] Disposable hacking environments using docker Python Free False
Firefox Monitor [Website] Service to check if an account has been compromised in a data breach, display the breaches not the password Free True
F-Secure Identity Theft Checker [Website] Service to check if an account has been compromised in a data breach, send an email with the breaches not the password Free True
getsploit [Source] CLI utility for searching and downloading exploits from Exploit-DB, Metasploit, Packetstorm and others Python Free False
GOAD [Source] Game Of Active Directory is a test environment lab that includes all the common vulnerabilities of an active directory Powershell Free False
Godehashed [Source] Uses the dehashed.com API to search for compromised assets Go Free False
gtfo [Source] CLI for searching gtfobins and lolbas from the terminal Python Free False
GTFOBLookup [Source] CLI for earching gtfobins and lolbas from the terminal; allows more advanced search than gtfo Python Free False
HackTools [Source] Web browser extension (Chromium, Firefox, Safari) including common functions for web pentest JavaScript Free False
HaveIBeenBreached [Website] Service to check if an account has been compromised in a data breach, display the breaches not the password Free True
Have I been pwned? [Website] Service to check if an account has been compromised in a data breach, display the breaches not the password Free True
HiddenWall [Source] Linux kernel module generator for custom rules with netfilter C Free False
hideNsneak [Source] CLI tool for ephemeral penetration testing, rapidly deploy and manage various cloud services Go Free False
HoundSploit [Source] Graphical search engine for Exploit-DB Python Free False
Identity Leak Checker [Website] Service to check if an account has been compromised in a data breach, send the breaches by email Free True
inlite [Website] Scan QR-code, 1D, DataMatrix, Postal, PDF417, and more Free True
Interlace [Source] Turn single threaded command line applications into a multi-threaded application with CIDR and glob support Python Free False
itdis [Website] [Source] Is This Domain In Scope; a small tool that allows you to check if a list of domains you have been provided is in the scope of your pentest or not Ruby Free False
Leak Lookup [Website] Service to check if an account has been compromised in a data breach, requires an account Free True
LOAD [Source] Lord Of Active Directory is a test environment lab that includes all the common vulnerabilities of an active directory and deploys automatically on AWS; based on AWS-Redteam-Lab and GOAD PowerShell Free False
Lookyloo [Website] [Source] A web interface that allows you to capture a website page and display a tree of domains Python Free True
mec [Source] MassExploitConsole; mass reconnaissance and exploitation framework Python Free False
Metasploit [Website] [Source] Tool and framework for pentesting system, web and many more, contains a lot a ready to use exploit, 4 versions: Pro (paid), Express (paid), Community (free with GUI but on request), Framework (free, open source, CLI) Ruby Paid False
mofos [Source] Cross Linux distributions virtual machines manipulation framework inspired by Qubes OS based on Libvirt/QEMU/KVM Python Free False
NameScan Email Compromised Check [Website] Service to check if an account has been compromised in a data breach, display the breaches not the password Free True
Nord Stream [Website] Extract secrets stored inside CI/CD environments by deploying malicious pipelines Python Free False
objection [Source] Runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak Python Free False
OpenVAS [Website] [Source] Open Vulnerability Assessment Scanner C Free False
Pass Station [Website] [Source] CLI & library to search for default credentials among thousands of Products / Vendors Ruby Free False
PentestBox [Website] [Source] Pre-configured portable penetration testing environment for Windows, all-in-one box Free False
PhoneSploit Pro [Website] [Source] Remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session Python Free False
Pipal [Website] [Source] Analyze password dump and return statistics about passwords' strength Ruby Free False
PWDQUERY [Website] Service to check if an account has been compromised in a data breach, doesn't display breaches, partially display password Free True
rawsec_cli [Website] [Source] Rawsec Inventory search CLI to find security tools and resources Python Free False
Reverse Shell Generator [Website] [Source] Web-based reverse shell generator, includes features such as listener generation, raw mode, bind shell generation, msfvenom generation, payload encoding, many different languages, tools and shells supported JavaScript Free True
Ronin [Website] [Source] Toolkit for security research and development allowing for the rapid development and distribution of code, exploits, payloads, etc, via 3rd party git repositories Ruby Free False
ronin-exploits [Source] A micro-framework for writing and running exploits Ruby Free False
ronin-payloads [Source] A micro-framework for writing and running exploit payloads Ruby Free False
ScatteredSecrets [Website] Service to check if an account has been compromised in a data breach Paid True
search.0t.rocks self-hosted [Source] Service to check if an account has been compromised in a data breach; including the data in clear TypeScript Free False
Scrounger [Source] Mobile application testing toolkit, the mobile metasploit-like framework Python Free False
SearchSploit [Website] [Source] CLI tool to search among Exploit-DB exploits Shell Free False
Seccubus [Website] [Source] Vulnerability scanning, reporting and analysis JavaScript Free False
SiCat [Source] CLI tool to search exploits among Exploit-DB, Packetstorm Security, NVD Database, Metasploit Modules Python Free False
sploitctl [Source] Fetch, install and search exploit archives from exploit sites like Packet Storm or Exploit-DB Python Free False
SprayingToolkit [Source] Password spraying scripts for Lync/S4B and OWA Python Free False
Tool-X [Source] Kali linux hacking tool installer Python Free False
unisec [Website] [Source] Toolkit for security research manipulating Unicode: confusables, homoglyphs, hexdump, code point, UTF-8, UTF-16, UTF-32, properties, regexp search, size, grapheme, surrogates, version, ICU, CLDR, UCD Ruby Free False
Unredacter [Website] Bruteforce to reverse the text of image redacted with pixelation blur TypeScript Free False
v0lt [Source] CTF toolkit / framework Python Free False
VBSmin [Website] [Source] VBScript minifier Ruby Free False
webqr [Website] Scan & create QR-code Free True
ysoserial [Source] Tool for generating payloads that exploit unsafe Java object deserialization Java Free False

Plugins

Name For Website Source Description Programming language Price Online
AWS Extender Burp Suite [Source] Identify and test S3 buckets, Google Storage buckets and Azure Storage containers for common misconfiguration Python Free False
BinExport IDA / Binary Ninja / Ghidra [Source] Binary exporter, generates an export from the disassembly of a program that can be used without the disassembler CPlusPlus Free False
BurpBounty Burp Suite [Source] Scan Check Builder in BApp Store, improve the active and passive scanner by means of personalized rules through a graphical interface Java Free False
CogniCrypt Eclipse [Source] Supports Java developers in using Java Cryptographic APIs Java Free False
Copy As FFUF Burp Suite [Source] Copies the selected request(s) as FFUF skeleton Java Free False
Copy As Go Request Burp Suite [Website] [Source] Copies the selected request(s) as Go Request invocations Java Free False
Copy as Node Request Burp Suite [Website] [Source] Copies the selected request(s) as Node.JS Request invocations Java Free False
Copy as PowerShell Requests Burp Suite [Website] [Source] Copies the selected request(s) as PowerShell invocation(s) Java Free False
Copy As Python-Requests Burp Suite [Website] [Source] Copies selected request(s) as Python-Requests invocations Java Free False
Copy As XMLHttpRequest Burp Suite [Source] Copies selected request(s) as JavaScript XMLHttpRequest invocations Java Free False
CSTC Burp Suite [Source] Cyber Security Transformation Chef; chaining simple operations and formatting on each incoming or outgoing HTTP message Java Free False
Exporter Burp Suite [Source] Copies selected request(s) as cURL, wget, Python Request, Perl LWP, PHP HTTP_Request2, Go, NodeJS Request, jQuery AJAX, PowerShell, HTML Forms, Ruby Net::HTTP, JavaScript XHR invocations Python Free False
HopLa Burp Suite [Source] Adds autocompletion support and useful payloads in Burp Suite Java Free False
hrtng IDA [Source] Collections of tools: decryption, deobfuscation, patching, librraries code recognition and various pseudocode transformations CPlusPlus Free False
http-screenshot-html Nmap [Source] Nmap NSE script that scans for http server, takes a screenshot of them, and organizes the results into an HTML report Lua Free False
Hyperpwn Hyper [Source] Improve the display when debugging with GDB, needs GEF, pwndbg or peda to be loaded in GDB as a backend JavaScript Free False
GEF GDB [Source] GDB Enhanced Features, multi-architecture Python Free False
IIS Tilde Enumeration Scanner Burp Suite [Source] Check for the IIS tilde enumeration / IIS 8.3 short filename disclosure vulnerability and to exploit it by enumerating all the short names in an IIS web server Java Free False
KeePwn CrackMapExec [Source] Automate KeePass discovery and secret extraction Python Free False
Matro7sh loaders Havoc [Source] Encode Havoc shellcode (.bin) in XOR, chacha20, AES; supports 2 loaders: Myph, 221b Python Free False
Mona Immunity Debugger [Source] Set of commands for Immunity Debugger Python Free False
PEDA GDB [Source] Python Exploit Development Assistance, (only python2.7) Python Free False
Pwndbg GDB [Website] [Source] Enhance GDB, for exploit development and reverse engineering Python Free False
PwnFox Burp Suite / Firefox [Source] Allow to have multiple identities in the same browser using firefox containers and hightlight the profile used with different colors JavaScript Free False
Quokka IDA [Source] Binary exporter, generates an export from the disassembly of a program that can be used without the disassembler Python Free False
Scavenger Burp Suite [Source] Create target specific and tailored wordlist from burp history Kotlin Free False
Sploitego Maltego [Source] Maltego penetration testing Transforms Python Free False
Stepper Burp Suite [Source] Evolution of Burp Suite's Repeater tool, providing the ability to create sequences of steps and define regular expressions to extract values from responses Java Free False
Tenet IDA [Website] [Source] Execution trace explorer Python Free False
ttddbg IDA [Source] Time Travel Debugging IDA plugin CPlusPlus Free False
volatility-gpg Volatility3 [Source] Volatility3 plugins that can retrieve partial and full gpg passphrases from gpg-agent's cache Python Free False
vulners Burp Suite [Website] [Source] Vulnerability scanner based on vulners.com search API Java Free False
XSSor Burp Suite [Source] semi-automatic reflected and persistent XSS scanner Python Free False
YesWeBurp Burp Suite [Source] Access to all bug bounty programs directly inside Burp Kotlin Free False

Red Teaming

Name Website Source Description Programming language Price Online
221b [Source] Bake a windows payload from the C2 of your choice to bypass AV Go Free False
AntiScan.Me [Website] Multi-AV checker that doesn't distribute the check results, based on Dyncheck.com Paid True
AVET [Source] AntiVirus Evasion Tool; targeting windows machines with executable files Free False
BadExclusions [Source] Identify folder custom or undocumented exclusions on AV/EDR CPlusPlus Free False
BadExclusionsNWBO [Source] Identify folder custom or undocumented exclusions on AV/EDR; evolution of BadExclusions but with better opsec CPlusPlus Free False
BOF.NET [Source] A .NET Runtime for Cobalt Strike's Beacon Object Files CSharp Free False
Brute Ratel [Website] Command & Control server; DNS over HTTPS, external channels, indirect syscalls Paid False
CarbonCopy [Source] Create a spoofed certificate of any online website and signs an executable for AV Evasion; works for Windows and Linux Python Free False
ConfuserEx [Source] Protector for .NET applications CSharp Free False
Cortex XDR Config Extractor [Source] Parse the Database Lock Files of the Cortex XDR Agent by Palo Alto Networks and extract Agent Settings, the Hash and Salt of the Uninstall Password, as well as possible Exclusions Python Free False
Covenant [Source] Command & Control framework with multi-user collaboration CSharp Free False
CredMaster [Source] Password spraying, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling Python Free False
CSSG [Source] Cobalt Strike Shellcode Generator; script used to more easily generate and format beacon shellcode in Cobalt Strike Python Free False
dnscat2 [Source] DNS tunnel meant for encrypted Command & Control channel, data exfiltration Ruby Free False
Donut [Source] Generates x86_32, x86_64, or AMD64 position-independent shellcode that loads .NET Assemblies, PE files (EXE), VBScript, JScript, and DLL files from memory and runs them with parameters C Free False
EDRSilencer [Source] Uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server C Free False
fireELF [Source] Fileless linux malware framework Python Free False
FireProx [Source] AWS API gateway management for creating on the fly HTTP pass-through proxies for unique IP rotation Python Free False
Git-Rotate [Source] Leveraging GitHub Actions to rotate IP addresses during password spraying attacks to bypass IP-Based blocking Python Free False
Freeze [Source] Payload creation tool used for circumventing EDR security controls to execute shellcode in a stealthy manner Go Free False
gmailc2 [Source] Undetectable C2 server that communicates via Google SMTP to evade antivirus protections and network traffic restrictions Python Free False
gocheck [Source] Analyse a binary to show what Windows Defender AV would flag Go Free False
Gophish [Website] [Source] Phishing toolkit providing the ability to setup and execute phishing engagements and security awareness training Go Free True
Go365 [Source] User enumeration and password guessing for Office 365 / Microsoft365 Go Free False
gscript [Source] Genesis Scripting Engine; framework to rapidly implement custom droppers for all three major operating systems Go Free False
Hades [Source] Shellcode loader that combines multiple evasion techniques with the aim of bypassing the defensive mechanisms commonly used by modern AV/EDRs Go Free False
Hades C2 [Source] Basic Command and Control server Python Free False
HardHat C2 [Source] Cross-platform, collaborative, Command & Control framework CSharp Free False
Havoc [Source] Malleable post-exploitation command and control framework Go Free False
IPSpinner [Source] Local proxy which can be used to redirect all incoming requests through several providers to rotate the source IP address of each request, running a bruteforce operation while avoiding blocked by IP address restrictions, supports AWS (API Gateway), Azure (Cloud Shell) and GitHub (GitHub Actions) Go Free False
JavaScript Obfuscator [Website] [Source] JavaScript obfuscator; features: variables renaming, strings extraction and encryption, dead code injection, control flow flattening, various code transformations, etc. TypeScript Free True
Kage [Source] Graphical user interface for Metasploit Meterpreter and session handler JavaScript Free False
King Phisher [Source] A tool for testing and promoting user awareness by simulating real world phishing attacks Python Free False
Kubesploit [Source] Post-exploitation HTTP/2 Command & Control server and agent focused on containerized environments Go Free False
lateralus [Source] Terminal based phishing campaign tool Go Free False
LightsOut [Source] Generate an obfuscated DLL that will disable AMSI & ETW Python Free False
LP-DB [Website] [Source] Login Pages Database forms a knowledge base on login pages related to malicious activities (C2 panels, phishing kits...) JavaScript Free False
macro_pack [Source] Obfuscation and generation of retro formats such as MS Office documents or VBS like format Python Free False
Mangle [Source] Manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs Go Free False
Merlin [Source] Post-exploitation HTTP/2 Command & Control server and agent Go Free False
MFASweep [Source] Check if MFA is enabled on multiple Microsoft services PowerShell Free False
Mística [Source] Allows to embed data into application layer protocol fields, with the goal of establishing a bi-directional channel for arbitrary communications; supports encapsulation into HTTP, HTTPS, DNS and ICMP protocols Python Free False
Modlishka [Source] HTTP reverse proxy designed for phishing Go Free False
monomorph [Source] MD5-monomorphic shellcode packer, all payloads have the same MD5 hash C Free False
Mythic [Source] Collaborative red teaming framework Python Free False
Nighthawk [Website] Command & Control framework; multi-operator, API driven, malleable native implant CSharp Paid False
Nimbo-C2 [Source] Simple and lightweight Command & Control framework Nim Free False
NimPlant [Source] Light-weight first-stage Command & Control implant Nim Free False
Octopus [Source] Pre-operation C2 server Python Free False
Overlord [Website] [Source] CLI used to build Red Teaming infrastructure in an automated way, supports AWS and Digital Ocean Python Free False
pe_to_shellcode [Source] Converts PE into a shellcode CPlusPlus Free False
PEzor [Website] [Source] Shellcode & PE Packer CPlusPlus Free False
phpsploit [Source] Command & Controll framework which silently persists on webserver via polymorphic PHP oneliner Python Free False
PipeViewer [Source] Shows detailed information about named pipes in Windows and searching for insecure permissions CSharp Free False
PoshC2 [Source] Proxy aware Command & Control framework Python Free False
PowerShdll [Source] Run PowerShell with dlls only to bypass software restrictions; it can be run with rundll32.exe, installutil.exe, regsvcs.exe, regasm.exe, regsvr32.exe or as a standalone executable CSharp Free False
ProtectMyTooling [Website] [Source] Multi-Packer wrapper allowing daisy-chaining various packers and obfuscators; featured with artifacts watermarking, IOCs collection & PE backdooring Python Free False
Pupy [Source] Cross-platform, multi function Command & Control and post-exploitation framework; fileless/all-in-memory execution, low footprint, multi-transport Python Free False
Quasar [Source] Remote Administration Tool (RAT) for Windows CSharp Free False
Redcloud [Source] Automated Red Team Infrastructure deployment using Docker Python Free False
RedELK [Source] Red Team's SIEM; used by Red Teams for tracking and alarming about Blue Team activities as well as better usability in long term operations Free False
RedEye [Source] Red team C2 log visualization TypeScript Free False
ReelPhish [Source] Real time phishing tool Python Free False
Ruler [Source] Interact with Exchange servers remotely, through either the MAPI/HTTP or RPC/HTTP to abuse the client-side Outlook features and gain a shell Go Free False
ScareCrow [Source] Payload creation framework designed around EDR bypass Go Free False
SCCMHunter [Source] Post-exploitation way to streamline identifying, profiling, and attacking Microsoft Configuration Manager related assets in an Active Directory domain Python Free False
SHAD0W [Website] [Source] Modular C2 framework designed to successfully operate covertly on heavily monitored environments Python Free False
SharpC2 [Website] [Source] Command & Control framework CSharp Free False
SharpEDRChecker [Source] Detect and identify the presence of known defensive products such as AV's, EDR's and logging tools CSharp Free False
SharpSCCM [Source] Post-exploitation way of leveraging Microsoft Configuration Manager for lateral movement and credential gathering without requiring access to the SCCM administration console GUI CSharp Free False
Shellcrypt [Source] Obfuscate shellcode using encoding, encryption, compression Python Free False
Shelltropy [Source] A technique to hide malicious shellcode based on low-entropy via Shannon encoding CPlusPlus Free False
SILENTTRINITY [Source] Asynchronous, multiplayer and multiserver Command & Control framework Python Free False
Sliver [Source] Cross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS; remote access tool (RAT) Go Free False
SocialFish [Source] Phishing targeting social media logins; supports Ngrok tunneling and a mobile controller Python Free False
Starkiller [Source] WebUI for Empire JavaScript Free False
Synergy Httpx [Source] HTTP(S) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically Python Free False
SysWhisper3 [Source] SysWhispers on Steroid, AV/EDR evasion via direct system calls Assembly Free False
TeamsBreaker [Source] Automating the sending of phishing messages to MS Teams users; based on TeamsPhisher and TeamsEnum Python Free False
TeamsEnum [Source] User enumeration of MS Teams users Python Free False
TeamFiltration [Source] Framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts CSharp Free False
TeamsImplant [Source] MS Teams implant persistent backdoor C Free False
TeamsPhisher [Source] Facilitates the delivery of phishing messages and attachments to MS Teams users whose organizations allow external communications Python Free False
TrevorC2 [Source] Command and control framework masking the activity by emulating legitimate website Python Free False
UBoat [Source] HTTP botnet PoC CPlusPlus Free False
Villain [Source] Distributed command and control framework Python Free False
Warhorse [Website] [Source] Ansible playbook to deploy infrastructure in the cloud for conducting Red Team assessments Free False
Zphisher [Source] Automated phishing tool with multiple tunneling options; fork of Shellphish Shell Free False

Reverse Engineering

Name Website Source Description Programming language Price Online
androguard [Source] Tool for reverse engineering and malware analysis of Android applications Python Free False
angr [Source] Platform-agnostic binary analysis framework Python Free False
ANY RUN [Website] Online virtual machine for malware hunting, sandbox with interactive access, real-time data-flow Free True
Apk2Gold [Source] Android decompiler (wrapper for apktool, dex2jar, and jd-gui) Shell Free False
Apktool [Website] [Source] Android disassembler and rebuilder Java Free False
arm_now [Source] Tool that allows instant setup of virtual machines on various architectures for reverse, exploit, fuzzing and programming purpose Python Free False
Barf [Source] Binary Analysis and Reverse engineering Framework Python Free False
BinDiff [Source] Binary diffing for many architectures compatible with IDA Pro, Binary Ninja and Ghidra CPlusPlus Free False
BOF launcher [Source] Beacon Object File (BOF) launcher; library for executing BOF files in C/C++/Zig applications Zig Free False
bearparser [Website] [Source] PE parsing library (from PE-bear) CPlusPlus Free False
Binary Ninja [Website] Crossplatform binary analysis framework Python Paid False
binbloom [Source] Raw binary firmware analysis software; tries to determine the firmware loading address C Free False
BinCAT [Source] Binary code static analyser, with IDA integration; performs value and taint analysis, type reconstruction, use-after-free and double-free detection OCaml Free False
binutils [Website] [Source] GNU collection of binary tools C Free False
binwalk [Source] Analyze, reverse engineer and extract firmware images (and other files, also usefull for Digital Forensics) Python Free False
Dexcalibur [Website] [Source] Android reverse engineering platform focus on instrumentation automation (decompile/disass intercepted bytecode at runtime, write hook code, search interesting pattern JavaScript Paid False
boomerang [Source] x86 binaries to C decompiler CPlusPlus Free False
CAPEv2 [Website] [Source] Malware sandbox derived from Cuckoo with the goal of adding automated malware unpacking, config and payload extraction Python Free True
Cerberus [Source] Unstrip Rust and Go binaries (ELF and PE) for static analysis; based on hashing and scoring systems, it can retrieve lots of symbol names CPlusPlus Free False
ctf_import [Website] [Source] Library to run basic functions from stripped binaries C Free False
CFF Explorer [Website] PE Editor Free False
Cuckoo 3 [Source] Python 3 port of Cuckoo, automated malware analysis system Python Free False
Cutter [Website] [Source] Qt and C++ GUI for rizin CPlusPlus Free False
DbgShell [Source] Front-end for the Windows debugger engine PowerShell Free False
Decompiler.com [Website] C#, Python, Android and Java online decompiler Free True
Decompiler Explorer [Website] [Source] Multi-decompiler engine; supports angr, BinaryNinja, Boomerang, dewolf, Ghidra, Hex-Rays, RecStudio, Reko, Relyze, RetDec, Snowman Python Free True
Defuse online disassembler [Website] Online x86 (32/64 bits) assembler and disassembler Free True
de4dot [Source] .NET deobfuscator and unpacker CSharp Free False
dnSpy [Source] .NET assembly debugger, decompiler and editor CSharp Free False
dnSpyEx [Source] .NET assembly debugger, decompiler and editor; fork of dnSpy CSharp Free False
dotPeek [Website] .NET decompiler and assembly browser CSharp Free False
DRAKVUF Sandbox [Source] Automated black-box hypervisor-level malware analysis system Python Free False
Droidefense [Website] [Source] Android apps/malware analysis/reversing tool Java Free False
DroidGuard VM Samples [Website] [Source] Different versions of the DroidGuard VM as well as different version of the bytecode running through this VM Free False
edb [Source] Cross platform AArch32/x86/x86-64 debugger CPlusPlus Free False
EMBA [Website] [Source] Security analyzer for firmware of embedded devices Shell Free False
Flare [Website] Processes SWF and extract scripts from it Free False
Flasm [Website] [Source] Disassembler tool for SWF bytecode Free False
Flutter Spy [Source] Explore, analyze, and gain valuable data & insights from reverse engineered Flutter apps Shell Free False
Frida [Website] [Source] Dynamic code instrumentation toolkit C Free False
Frinet [Website] [Source] Multi-platform Frida trace generatior C Free False
GDB [Website] [Source] GNU debugger CPlusPlus Free False
gftrace [Source] Windows API tracing for Go binaries C Free False
Ghidra [Website] [Source] Software reverse engineering (SRE) suite of tools: disassembly, assembly, decompilation, graphing, scripting, etc. Java Free False
Hiew [Website] x86_64 disassembler for multiple formats Paid False
Honggfuzz [Website] [Source] Security oriented software fuzzer; supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based) C Free False
Hopper [Website] Disassembler, decompiler and debugger Paid False
iaito [Website] [Source] Qt and C++ GUI for radare2 CPlusPlus Free False
IDA Pro [Website] Disassembler and debugger Paid False
ILSpy [Source] .NET assembly browser and decompiler to C# CSharp Free False
ImHex [Website] [Source] Hexadecimal editor tailored for reverse engineers; byte patching, data import / export, data inspector, huge file support, file hashing, disassembler for many architectures, data analyzer CPlusPlus Free False
ImmunityDbg [Website] Windows debugger with Python scripting support Free False
jadx [Source] DEX to Java decompiler Java Free False
Java Decompilers [Website] .JAR and .Class to Java decompiler Free True
JD-GUI [Website] [Source] GUI tool decompiling JAVA Java Free False
JEB [Website] Disassembler, decompiler and debugger Paid False
JPEXS Free Flash Decompiler [Source] A.k.a ffdec, flash SWF decompiler Java Free False
JSDetox [Website] [Source] Javascript deobfustcator Ruby Free False
Kemon [Source] macOS kernel pre and post callback-based framework C Free False
Krakatau [Source] Java decompiler, assembler, and disassembler Java Free False
Kaitai Struct [Website] [Source] Declarative language to generate binary data parsers in various languages Free False
ldd [Website] Tool that print shared library dependencies Free False
Metasm [Website] [Source] Assembler, disassembler, compiler and debugger Ruby Free False
Medusa [Source] Interactive multi-architecture and multi-formats disassembler running on Windows and Linux CPlusPlus Free False
netzob [Source] Protocol reverse engineering, modeling and fuzzing Python Free False
ODA [Website] Advanced multi-architecture online disassembler supporting a lot of architectures and object file formats Free True
OllyDbg [Website] Windows debugger Free False
PANDA [Website] [Source] Platform for architecture-neutral dynamic analysis C Free False
PASTIS [Website] [Source] Fuzzing framework aiming at combining various software testing techniques within the same workflow to perform collaborative fuzzing also called ensemble fuzzing; supported engines are Honggfuzz, AFL++, TritonDSE Python Free False
Pe-bear [Website] PE reverse tool: recognizes packers, fast disassembler, visualization of sections layout, selective comparing of two chosen PE files Free False
PE Explorer Disassembler [Website] Windows disassembler Paid False
PE Insider [Website] PE viewer, closed source and windows only Free False
Plasma [Source] x86/ARM/MIPS interactive disassembler Python Free False
QBinDiff [Source] Binary diffing; addressing the diffing as a Network Alignement Quadratic Problem Python Free False
Qira [Website] [Source] Timeless debugger (QIRA = QEMU Interactive Runtime Analyser) C Free False
RABCDAsm [Website] [Source] ActionScript disassembler D Free False
radare2 [Website] [Source] Crossplatform binary analysis framework, disassembler, decompiler and debugger, support collaborative analysis C Free False
rbkb [Source] Ruby BlackBag; a miscellaneous collection of command-line tools and ruby library helpers related to pen-testing and reversing Ruby Free False
Recaf [Website] [Source] Edit Java bytecode, insert single line Java statements into the bytecode, recompile decompiled code Java Free False
ReFlutter [Website] [Source] Flutter reverse engineering framework: allow traffic monitoring and interception, print classes and functions, display absolute code offset for functions, etc. Python Free False
Relyze [Website] x86 and ARM graphical interactive disassembler with Ruby plugin framework Paid False
RetDec [Website] [Source] Multi file formats and architectures machine-code decompiler CPlusPlus Free False
Rizin [Website] [Source] Crossplatform binary analysis framework, disassembler, decompiler and debugger, support collaborative analysis; originally forked from radare2 C Free False
sandsifter [Source] x86 processor fuzzer Python Free False
Snowman [Website] [Source] Native code to C/C++ decompiler, supporting x86, AMD64, and ARM architectures, exists as standalone app or as a plug-in CPlusPlus Free False
strace [Source] Debugger for Linux Free False
Swftools [Website] [Source] Collection of utilities to work with SWF files C Free False
theZoo [Website] [Source] Repository of live malwares for malware analysis Python Free False
Triton [Website] [Source] Dynamic binary analysis framework, automate reverse engineering CPlusPlus Free False
TritonDSE [Website] [Source] Triton-based DSE library with loading and exploration capabilities Python Free False
TTD-Bindings [Source] Bindings for Microsoft WinDBG Time Travel Debugging (TTD) CPlusPlus Free False
Tweezer [Source] Identifying function names in stripped binaries and un-named functions Python Free False
UglifyJS2 [Website] [Source] JavaScript obfuscator or beautifier toolkit JavaScript Free False
uncompyle [Source] Python 2.7 binaries (.pyc) decompiler Python Free False
uncompyle6 [Source] Python 1.5, 2.1 to 2.7, 3.1 to 3.6 binaries (.pyc) decompiler Python Free False
Vais [Source] SWF vulnerability and information scanner Ruby Free False
WinDbg [Website] Windows debugger Free False
x64dbg [Website] [Source] Windows debugger CPlusPlus Free False
XenoScan [Source] Processes memory scanner CPlusPlus Free False
Xori [Website] [Source] Disassembly and static analysis library that provides triage analysis data Rust Free False
xxxswf [Source] Small script for carving, scanning, compressing, decompressing and analyzing SWF files Python Free False

Steganography

Name Website Source Description Programming language Price Online
Aperi'Solve [Website] [Source] Steganalysis web platform with layer, zsteg, steghide and exiftool analysis Python Free False
Audacity [Website] [Source] Tool to edit and analyze audio tracks Free False
Depix [Source] Recover plaintext from pixelized screenshots Python Free False
exif [Source] Shows EXIF information for JPEG files only C Free False
ExifTool [Website] [Source] Library and CLI tool to read and write meta information (EXIF, GPS, IPTC, XMP, JFIF, …) in files (JPEG, PNG, SVG, MPEG, …) Perl Free False
Exiv2 [Website] [Source] Library and CLI tool to read and write meta information (Exif, IPTC & XMP metadata and ICC Profile) in images (JPEG, TIFF, PNG, …) CPlusPlus Free False
ImageMagick [Website] [Source] Software suite and library to create, edit, compose, or convert images C Free False
Outguess Tool to hide messages in files (website down since 2004) Free False
PNGtools [Website] [Source] Suite of tools to work with PNG images C Free False
SHIT [Source] Stego Helper Identification Tool, multi-purpose image steganography tool Python Free False
SmartDeblur [Source] To to restore defocused and blurred images (update binary only for Windows, Mac OS binary out of date) CPlusPlus Free False
Sonic Visualiser [Website] [Source] Tool to edit and analyze audio tracks Free False
Steganabara [Source] Steganography analysis tool Java Free False
Steghide [Website] [Source] Tool to hide messages in images Free False
StegOnline [Website] [Source] Stego image toolsuite in the browser JavaScript Free True
StegoVeritas [Source] Automatic tool to bruteforce LSB, transform image, extract metadata or trailing data Python Free False
StegSolve GUI tool to analyse images Java Free False
zsteg [Source] Tool to detect hidden data in PNG and BMP Ruby Free False

System Exploitation

Name Website Source Description Programming language Price Online
abuseACL [Source] Automatically list vulnerable Windows ACEs/ACLs using DC's LDAP to list users/groups/computers/OU/certificate templates and their nTSecurityDescriptor to check for vulnerable rights Python Free False
aclpwn [Source] Interacts with BloodHound to identify and exploit ACL based privilege escalation paths Python Free False
ADFSDump [Source] Read information from Active Directory and ADFS Configuration Database; fed information into ADFSpoof to generate security tokens CSharp Free False
ADFSpoof [Source] Using ADFSDump information, produce a usable key/cert pair for token signing, produce a signed security token that can be used to access a federated application Python Free False
Android_Emuroot [Source] Grants root privileges on the fly to shells running on Android virtual machines that use google-provided emulator images called Google API Playstore Python Free False
bkhive [Source] Dump the syskey bootkey from a Windows NT/2K/XP system hive, often used with samdump2, part of the ophcrack project Free False
BloodHound [Website] [Source] Tool to reveal the hidden and unintended relationships within an Active Directory environment PowerShell Free False
CoercedPotato [Source] Elevation of privileges automated exploitation using SeImpersonatePrivilege or SeImpersonatePrimaryToken C Free False
CookieCrimesJS [Source] Read local Chrome cookies without root or decrypting and display then in JSON; Javascript implementation of cookie_crimes JavaScript Free False
creddump [Source] Dump windows credentials Python Free False
DCOMrade [Source] Script that is able to enumerate the possible vulnerable DCOM applications that might allow for lateral movement, code execution, data exfiltration, etc. PowerShell Free False
DLLInjector [Source] Dll injection tool CPlusPlus Free False
DLLPasswordFilterImplant [Source] Password filter DLL, triggered on password change to exfiltrate credentials C Free False
DonPAPI [Source] Dumping DPAPI credentials remotely; dumps relevant information on compromised targets without AV detection Python Free False
Empire [Website] [Source] PowerShell and Python post-exploitation agent Shell Free False
Empire GUI [Website] [Source] GUI for Empire framework JavaScript Free False
enum4linux [Source] Windows Samba enumeration tool Perl Free False
enum4linux-ng [Source] Windows Samba enumeration tool, next generation version of enum4linux Python Free False
FFM [Source] Freedom Fighting Mode (FFM), hacking harness, post-exploitation tool Python Free False
GH DLL Injector [Website] [Source] DLL injection library supporting x86, WOW64 and x64 injections; 5 injection methods, 4 shellcode execution methods and various additional options; session separation can be bypassed with all methods CPlusPlus Free False
goddi [Source] Active Directory domain information dumper Go Free False
GoodHound [Source] Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation Python Free False
JAWS [Source] Just Another Windows (Enum) Script; quickly identify potential privilege escalation vectors on Windows systems PowerShell Free False
LaZagne [Source] Password retriever Python Free False
LinEnum [Source] Linux enumeration and privilege escalation script Shell Free False
Linux Exploit Suggester 2 [Source] Linux kernel exploit suggester Perl Free False
linux-exploit-suggester.sh [Source] Linux kernel exploit suggester Shell Free False
linuxprivchecker.py [Source] Linux privilege escalation check script Python Free False
Masky [Source] Library and CLI allowing to remotely dump domain user credentials via an ADCS without dumping the LSASS process memory Python Free False
mimikatz [Website] [Source] Extract plaintext passwords, hash, PIN code and kerberos tickets from memory; perform pass-the-hash, pass-the-ticket or build Golden tickets C Free False
minidump [Source] Library and CLI to parse and read Microsoft minidump file format Python Free False
NanoDump [Source] Minimal LSASS dumper C Free False
Nishang [Source] Framework, collection of scripts and payloads in PowerShell for offensive security, penetration testing and red teaming PowerShell Free False
p0wnedShell [Source] PowerShell runspace post exploitation toolkit CSharp Free False
PEASS [Source] Privilege Escalation Awesome Scripts SUITE; winPEAS and linPEAS are local privilege escalation scripts for Windows and Linux Shell Free False
PlumHound [Source] Creates reports for blue and purple teams by extracting data from BloodHound Python Free False
Powerless [Source] A Windows privilege escalation enumeration BAT script designed for legacy Windows machines without Powershell Shell Free False
PowerSploit [Source] Powershell exploitation framework Powershell Free False
pspy [Source] CLI tool designed to snoop on processes without need for root permissions; it allows to see commands run by other users, cron jobs, etc. as they execute Go Free False
pypykatz [Source] Platform idependent Mimikatz implementation Python Free False
RedSnarf [Source] Retrieves hashes and credentials from Windows workstations, servers and domain controllers using OpSec Safe Techniques Python Free False
samdump2 [Source] Retrieves syskey and extract hashes from Windows 2k/NT/XP/Vista SAM, often used with bkhive, part of the ophcrack project Free False
scavenger [Source] multi-threaded post-exploitation scanning tool for scavenging systems, finding most frequently used files and folders as well as interesting files containing sensitive information Python Free False
SCShell [Source] Fileless lateral movement that relies on ChangeServiceConfigA to run commands CSharp Free False
SharpShooter [Source] Payload Generation Framework for C# source code VB Free False
ShellPop [Source] Tool to craft bind and reverse shells in several languages Python Free False
TPMEE [Source] Help to exploit weak implementation of library or program that used TPM Python Free False
unicorn [Source] Tool for using a PowerShell downgrade attack and inject shellcode into memory Python Free False
WES-NG [Source] Windows Exploit Suggester - Next Generation; analyses Windows targets patch levels to find exploits and Metasploit modules; works well with newer system (eg Windows 10) thanks to MSRC support Python Free False
Windows-Exploit-Suggester [Source] Analyses Windows targets patch levels to find exploits and Metasploit modules, works only for older systems (eg Windows XP, Vista, etc.) because it relies on MS Security KBs Python Free False

Threat Intelligence

Name Website Source Description Programming language Price Online
Intelligence X [Website] Threat intelligence search engine: email addresses, domains, URLs, IPs, CIDRs, Bitcoin addresses, IPFS hashes, etc.; it searches among darknet, document sharing platforms, whois data, public data leaks, etc. Paid True
IsMalicious [Website] Malicious IP address and domain detection, classification and monitoring Paid True
Hudson Rock Cybercrime Intelligence Tools [Website] Cybercrime intelligence toolset to check if a specific digital asset was compromised in global infostealer malware attacks Free True
Maltego [Website] Interactive data mining tool that renders directed graphs for link analysis. The tool is used in online investigations for finding relationships between pieces of information from various sources located on the Internet (exists in Community Edition) Paid False
MISP [Website] [Source] Threat intelligence platform & open standards for threat information sharing (formerly known as Malware Information Sharing Platform) PHP Free False
Netglub [Website] [Source] Maltego alternative Free False
OpenCTI [Website] [Source] Platform designed for managing and analyzing cyber threat intelligence knowledge, centralizing data using the STIX2 standard and offering visualization and integration capabilities TypeScript Free False
PatrowlHears [Website] [Source] Provides a unified source of vulnerability, exploit and threat Intelligence feeds; comprehensive and continuously updated vulnerability database scored and enriched with exploit and threat news information Python Paid False
Pulsedive [Website] CTI platform to search, scan, and enrich IPs, URLs, domains and other IOCs from OSINT feeds or submit your own Free True
Redirect Tracker [Website] Track the HTTP redirect chains; 301 and 302, JavaScript and Meta fresh redirects Free True
threatfeeds.io [Website] Open-source threat intelligence feeds; sharing malware URLs, IP reputation, bad IPs, etc. Free True
ThreatIngestor [Website] [Source] Extract and aggregate threat intelligence (IOCs from threat feeds) Python Free False
ThreatKB [Source] Knowledge base workflow management for YARA rules and C2 artifacts Python Free False
Watcher [Website] [Source] Automated platform for discovering new potentially cybersecurity threats targeting your assets (detects typosquatting domain names, monitor malicious domain names, detects data leaks...) Python Free False
Yeti [Website] [Source] Organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository Python Free False

Vulnerability Assessment

Name Website Source Description Programming language Price Online
CVEMap [Source] CLI tool designed to provide a structured interface to various vulnerability databases Go Free False
cvss-suite [Source] CVSS calculator library Ruby Free False
go-cve-dictionary [Source] Self-hosted CVE feed server Go Free False
GVM [Website] [Source] The Greenbone Vulnerability Management (GVM) is a framework of several services: gvmd is the central service that consolidates plain vulnerability scanning into a full vulnerability management solution. The Greenbone Security Assistant (GSA) is the web interface of GVM. The main scanner (OpenVAS) is a full-featured scan engine that executes a continuously updated and extended feed of Network Vulnerability Tests (NVTs). Complementary to the web interface, GVM-Tools allows batch processing / scripting via the Greenbone Management Protocol (GMP). Additional scanners can be integrated via the Open Scanner Protocol (OSP) C Paid False
nvd_feed_api [Website] [Source] A ruby API for NVD CVE feeds management, the library will help you to download and manage NVD Data Feeds, search for CVEs, build your vulerability assesment platform or vulnerability database Ruby Free False
SECMON [Website] [Source] Web-based platform for the automation of infosec watching and vulnerability management Python Free False
ThreatMapper [Website] [Source] Identify vulnerabilities in running containers, images, hosts and repositories Go Free False
VRT Ruby Wrapper [Website] [Source] Wrapper for the Vulnerability Rating Taxonomy Ruby Free False
Vulnogram [Website] [Source] Create and edit CVE information in CVE JSON format JavaScript Free True
Vuls [Website] [Source] Agentless system vulnerability scanner for Linux/FreeBSD with a dashboard (VulsRepo) for analyzing the scan results Go Free False

Web Application Exploitation

Name Website Source Description Programming language Price Online
0d1n [Source] Automate customized attacks against web applications C Free False
1u.ms [Website] [Source] zero-configuration DNS utilities for assisting in detection and exploitation of SSRF-related vulnerabilities Go Free True
230-OOB [Website] [Source] FTP server for OOB XXE attacks Python Free False
Acunetix [Website] Web application security scanner Paid True
afrog [Source] Web vulnerability scanner, based on templates Go Free False
Afuzz [Source] Web directory and file scanner (wordlist bruteforce) Python Free False
altair [Source] Modular web vulnerability scanner Python Free False
API-fuzzer [Source] Library to fuzz request attributes using common pentesting techniques and lists vulnerabilities Ruby Free False
Aquatone [Website] [Source] Domain flyover tool; visual inspection of websites across a large amount of hosts and is convenient for quickly gaining an overview of HTTP-based attack surface Go Free False
Arachni [Website] [Source] Web application security scanner framework Ruby Free False
Arjun [Source] HTTP parameter discovery suite Python Free False
AssassinGo [Website] [Source] Web pentest framework for information gathering and vulnerability scanning Go Free False
Astra [Website] [Source] REST API penetration testing tool Python Free False
Atlas [Source] Tool that suggests sqlmap tampers to bypass WAF/IDS/IPS based on status codes Python Free False
b374k [Source] Webshell with many features: file manager, search, command execution, DB connection, SQL explorer, process list PHP Free False
badsecrets [Source] A library for detecting known or weak cryptographic secrets across many web frameworks Python Free False
BaRMIe [Source] Java RMI enumeration and attack tool Java Free False
Beeceptor [Website] HTTP request collector and inspector Paid True
BeEF [Website] [Source] Browser exploitation framework; JS payload and supporting software to be used as XSS payload or post exploitation implant to monitor or exploit users as they use the targeted application Ruby Free False
BFAC [Source] Backup File Artifacts Checker; automated backup artifacts checker Python Free False
Blazy [Source] Login page bruteforcer: CSRF, SQLi, Clickjacking, WAF detection Python Free False
Burp Suite [Website] Intercepting proxy to replay, inject, scan and fuzz HTTP requests (a limited free version exists) Java Paid False
bXSS [Website] Identify blind cross-site scripting JavaScript Free False
Caido [Website] Intercepting proxy to replay, inject, scan and fuzz HTTP requests (a limited free version exists) Rust Paid False
Cansina [Source] Web directory and file scanner (wordlist bruteforce) Python Free False
Chankro [Source] Tool to bypass disable_functions and open_basedir in PHP by calling sendmail and setting LD_PRELOAD environment variable Python Free False
Charles [Website] Intercepting proxy to replay, inject, scan and fuzz HTTP requests Java Paid False
ChopChop [Source] Web application security scanner based on templates Go Free False
clairvoyance [Source] Obtain GraphQL API schema even if the introspection is disabled by abusing the "did you mean" feature Python Free False
CloakQuest3r [Source] Uncover the true IP address of websites safeguarded by Cloudflare and other CDNs Python Free False
CloudFlair [Website] [Source] Uncover the true IP address of websites safeguarded by Cloudflare and CloudFront Python Free False
CloudFrunt [Source] Scanner to identify misconfigured CloudFront domains Python Free False
CMSeek [Source] CMS detection and exploitation suite; capable of detecting more than 180 CMS Python Free False
CMSmap [Source] WordPress, Joomla, Drupal, Moodle CMS security scanner Python Free False
CMSScan [Source] Wordpress, Drupal, Joomla, vBulletin CMS security scanner with dashboard Python Free False
commix [Website] [Source] Web-based command injection tester Python Free False
CrackQL [Source] GraphQL password brute-force and fuzzing utility Python Free False
CSP Evaluator [Website] [Source] Check Content Security Policy (CSP) configuration and assists with the reviewing process JavaScript Free False
CSPass [Source] Test for CSP bypass payloads Python Free False
CSWSH [Website] Cross-Site WebSocket Hijacking Tester Free False
Dalfox [Website] [Source] XSS scanner and utility focused on automation Go Free False
dirb [Website] [Source] Web directory and file scanner (wordlist bruteforce) Free False
dirbuster [Website] [Source] Web directory and file scanner (wordlist bruteforce) Java Free False
dirsearch [Source] Web directory and file scanner (wordlist bruteforce) Python Free False
distributed-jwt-cracker [Website] [Source] HS256 JWT token distributed brute force cracker JavaScript Free False
docem [Source] Uility to embed XXE and XSS payloads in docx, odt, pptx, etc Python Free False
DotDotPwn [Website] [Source] Directory Traversal fuzzer Perl Free False
DotGit [Source] Web browser extension (Firefox and CHromium) checking if .git is exposed in visited websites JavaScript Free False
droopescan [Source] CMS scanner supporting SilverStripe and Wordpress, having partial support for Joomla, Moodle, Drupal Python Free False
drupwn [Source] Drupal CMS enumeration and exploitation tool Python Free False
dtd-finder [Source] Identify DTDs on filesystem snapshot and build XXE payloads using those local DTDs Kotlin Free False
DVCS-Pillage [Source] Dump web accessible (distributed) version control systems (DVCS/VCS): GIT, Mercurial/hg, Bazaar/bzr, … Shell Free False
dvcs-ripper [Source] Dump web accessible (distributed) version control systems (DVCS/VCS): SVN, GIT, Mercurial/hg, Bazaar/bzr, … Perl Free False
Enemies Of Symfony [Source] Loots information from a Symfony target using profiler Python Free False
Eyeballer [Source] Convolutional neural network for analyzing pentest screenshots and automatically label them Python Free False
EyeWitness [Source] Take screenshots of websites, provide some server header info, and identify default credentials if possible Python Free False
ezXSS [Source] Identify blind cross-site scripting PHP Free False
Fav-up [Source] Favicon fingerprinting using Shodan Python Free False
FavFreak [Source] Favicon fingerprinting Python Free False
Favinizer [Source] Favicon fingerprinting Python Free False
feroxbuster [Source] Web directory and file scanner (wordlist bruteforce) Rust Free False
ffuf [Source] Web directory and file scanner (wordlist bruteforce); but also a web fuzzer Go Free False
Fingerprinter [Source] CMS version detection tool Ruby Free False
Firefly [Source] Web directory and file scanner (wordlist bruteforce); but also a web fuzzer Go Free False
FockCache [Source] Test Cache Poisoning Go Free False
Fuxi [Source] Penetration testing platform, automate some scan & attack Python Free False
fuxploider [Source] Automates the process of detecting and exploiting file upload forms flaws Python Free False
Fuzzapi [Source] Web-UI for API-fuzzer Ruby Free False
Ghauri [Source] Automatic SQL injection and database takeover; inspired by SQLmap Python Free False
git-dump [Source] Dump the contents of a remote git repository without directory listing enabled JavaScript Free False
git-dumper [Source] Dump the contents of a remote git repository without directory listing enabled Python Free False
GitTools [Source] 3 tools: Finder (find websites with .git repository exposed), Dumper (dump exposed .git), Extractor (extract commits and their content from a broken repository) Shell Free False
Gobuster [Source] Web directory, file and DNS scanner (wordlist bruteforce) Go Free False
gofingerprint [Source] Indentify web servers by checking their HTTP responses against a user defined list of fingerprints Go Free False
goop [Source] Dump the contents of a remote git repository without directory listing enabled; focus on as-complete-as-possible dumps and handling as many edge-cases as possible Go Free False
Gopherus [Source] Generates gopher link for exploiting SSRF and gaining RCE access from unprotected services Python Free False
gowitness [Source] Take screenshots of websites Go Free False
GraphCrawler [Source] GraphQL automated security testing Python Free False
Graphicator [Source] GraphQL enumeration and extraction Python Free False
Graphinder [Source] GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce Python Free False
GraphQL Voyager [Website] [Source] Represent any GraphQL API as an interactive graph TypeScript Free False
GraphMan [Source] Scaffold a postman collection for a GraphQL API; compatible with Postman and Insomnia TypeScript Free False
GraphQL Cop [Source] Run common security tests against GraphQL Python Free False
graphql-path-enum [Source] Lists the different ways of reaching a given type in a GraphQL schema Rust Free False
graphql.security [Website] Runs a dozen of security checks against a given GraphQL endpoint Free True
GraphQLmap [Source] Scripting engine to interact with a graphql endpoint for pentesting purposes Python Free False
graphw00f [Source] GraphQL server engine fingerprinting Python Free False
Guppy Proxy [Source] GUI HTTP intercepting proxy based on Pappy Proxy Python Free False
headerpwn [Source] Fuzzer for analyzing how servers respond to different HTTP headers Go Free False
Hetty [Website] [Source] Intercepting proxy to replay, inject, scan and fuzz HTTP requests Go Free False
HExHTTP [Source] Perform tests on HTTP headers and analyze the results to identify vulnerabilities and interesting behaviors Python Free False
Hookbin [Website] [Source] HTTP request collector and inspector Java Free True
http-garden [Source] Differential testing and fuzzing of HTTP servers and proxies Python Free False
httpscreenshot [Source] Take screenshots of websites Python Free False
httpx [Source] Multi-purpose HTTP toolkit allows to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads Go Free False
HUNT [Source] HUNT Suite is a collection of Burp Suite Pro/Free and OWASP ZAP extensions Python Free True
InQL [Source] GraphQL security audit Python Free False
Intrigue Core [Website] [Source] Framework for discovering attack surface Ruby Free False
Interactsh [Website] [Source] HTTP request collector and inspector; OOB interaction gathering server and client library; DNS / HTTP / SMTP interaction support Go Free True
IronWASP [Website] [Source] Web security/vulnerability scanner (native for Windows only) C Free False
Jaeles [Website] [Source] Framework for building your own Web Application Scanner Go Free False
JAST [Source] Take screenshots of websites Python Free False
JS-Tap [Source] Browser exploitation framework; JS payload and supporting software to be used as XSS payload or post exploitation implant to monitor or exploit users as they use the targeted application Python Free False
JSONBee [Source] JSONP endpoints/payloads to help bypass content security policy of different websites PHP Free False
JWT cracker [Source] Multi-threaded JWT brute-force cracker C Free False
jwt-cracker [Website] [Source] HS256 JWT token brute force cracker JavaScript Free False
jwt-hack [Source] A toolkit for JWT tokens security testing Go Free False
jwt_tool [Source] A toolkit for validating, forging and cracking JWT tokens Python Free False
jwtcat [Source] JWT brute-force cracker Python Free False
Katana [Source] Crawling and spidering framework, supporting headless mode, JavaScript, customizable automatic form filling and scope control Go Free False
Kraken [Source] Modular multi-language webshell focused on web post-exploitation and defense evasion; supports PHP, JSP and ASPX Python Free False
Liffy [Source] LFI exploitation tool Python Free False
LFI Freak [Source] LFI scan and exploit tool Python Free False
LFI Suite [Source] Automatic LFI scanner and exploiter Python Free False
LightBulb [Website] [Source] Framework for auditing web application firewalls and filters Python Free False
LinkFinder [Website] [Source] Find URL endpoints and their parameters in JavaScript files Python Free False
Lulzbuster [Source] Web directory and file scanner (wordlist bruteforce) C Free False
Kadimus [Source] LFI, RFI, RCE scanner C Free False
Malzilla [Website] [Source] Web oriented deobfuscating tool Free False
mitmproxy [Website] [Source] Interactive HTTPS proxy Python Free False
Mockbin [Website] [Source] HTTP request collector and inspector JavaScript Free True
monsoon [Website] [Source] Web directory and file scanner (wordlist bruteforce) Go Free False
MyJWT [Source] A toolkit for signing, forging and cracking JWT tokens Python Free False
Netsparker [Website] Web application security scanner Paid True
nikto [Website] [Source] Very light web security scanner Perl Free False
noir [Website] [Source] Attack surface detector that identifies endpoints by static analysis and then conduct dynamic analysis on them Crystal Free False
NoSQLMap [Source] Automated NoSQL database enumeration and web application exploitation tool Python Free False
Nosql-Exploitation-Framework [Source] NoSQL scanning and exploitation framework Python Free False
Nuclei [Website] [Source] Web application security scanner based on templates Go Free False
NtHiM [Source] Now, the Host is Mine!; sub-domain takeover detection Rust Free False
otori [Website] On The Outside, Reaching In, exploitation toolbox for XXE attacks Python Free False
OWASP JoomScan [Source] Joomla vulnerability scanner Perl Free False
OWASP ZAP [Website] [Source] OWASP Zed Attack Proxy, intercepting proxy to replay, inject, scan and fuzz HTTP requests Java Free False
oxml_xxe [Source] Tool for embedding XXE/XML exploits into different filetypes (docx/xlsx, odt/ods, svg, xml, etc.) Ruby Free False
Panoptic [Website] [Source] Automatic LFI and Path Traversal exploitation tool Python Free False
Pappy Proxy [Website] [Source] Proxy Attack Proxy ProxY, HTTP intercepting proxy Python Free False
parameth [Source] HTTP parameter discovery suite Python Free False
ParamSpider [Source] Finds parameters from web archives of the entered domain Python Free False
Paros [Source] Intercepting proxy to replay, inject, scan and fuzz HTTP requests Java Free False
PeepingTom [Source] Take screenshots of websites Python Free False
PHPGGC [Source] PHP Generic Gadget Chains, library of unserialize() payloads along with a tool to generate them, supporting various PHP frameworks PHP Free False
Pinkerton [Source] Crawl JavaScript file to find secret Python Free False
Portswigger Labs Inspector [Website] Javascript expression evaluator and inspector JavaScript Free True
PowerUpSQL [Source] Toolkit for attacking MS SQL Server, discovery, configuration auditing, privilege escalation, post exploitation Powershell Free False
ppfuzz [Source] Scan for client-side prototype pollution Rust Free False
pphack [Source] Client-side prototype pollution scanner Go Free False
Rabid [Website] [Source] CLI tool and library allowing to simply decode all kind of BigIP cookies Ruby Free True
RequestBin [Website] [Source] HTTP request collector and inspector Python Free True
RequestCatcher [Website] [Source] HTTP request collector and inspector Go Free True
Request Inspector [Website] HTTP request collector and inspector Free True
Rogue JNDI [Source] A malicious LDAP server for JNDI injection attacks Java Free False
Retire.js [Website] [Source] Scanner detecting the use of JavaScript libraries with known vulnerabilities JavaScript Free False
ronin-vulns [Source] Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects Ruby Free False
rustbuster [Source] Web directory, file and DNS scanner (wordlist bruteforce); but also a web fuzzer Rust Free False
Scout [Source] Web directory and file scanner (wordlist bruteforce) Go Free False
secureCodeBox [Website] [Source] Continuous security scans based on kubernetes; orchestrate and automate a bunch of security-testing tools Go Free False
See-SURF [Source] SSRF scanner to find entry points Python Free False
Session Hijacking Visual Exploitation [Source] Hijack user sessions by injecting malicious JavaScript code JavaScript Free False
ShapeShifter [Source] GraphQL schema extraction to JSON file with introspection Python Free False
Simple Local File Inclusion Exploiter [Website] [Source] LFI exploit tool Python Free False
Sitadel [Source] Web application security scanner, rewrite and newer version of WAScan Python Free False
sj [Source] Swagger Jacker; audit API endpoints defined in exposed (Swagger/OpenAPI) definition files Go Free False
SleuthQL [Source] Tool that parses Burp history to discover potential SQL injection points and prepare SQLmap request files Python Free False
Smuggler [Source] HTTP request smuggling, desync testing Python Free False
snallygaster [Source] Web scanner that looks for files accessible on web servers that shouldn't be public Python Free False
spidr [Source] Web spidering library that can spider a site, multiple domains, certain links or infinitely Ruby Free False
SQLiv [Source] SQL injection scanner, find vulnerable entry points Python Free False
sqlmap [Website] [Source] Automatic SQL injection and database takeover Python Free False
SqliSniper [Source] Time-based blind SQL injection fuzzer for HTTP headers Python Free False
ssllabs-scan [Website] [Source] CLI reference-implementation client for Qualys SSL Labs APIs, designed for automated and/or bulk testing Go Free False
sslscan2 [Source] Tests SSL/TLS enabled services to discover supported cipher suites C Free False
SSLyze [Source] SSL analysis library and a CLI tools Python Free False
SSRF Proxy [Source] Facilitates tunneling HTTP communications through servers vulnerable to SSRF Ruby Free False
SSRFmap [Source] Automatic SSRF fuzzer and exploitation tool Python Free False
SSRF Sheriff [Source] Genereate custom endpoint to test SSRF; support any HTTP method, content-specific responses, configurable secret token Go Free False
STEWS [Source] Security Testing and Enumeration of WebSockets; tool suite for security testing WebSockets: discover endpoints, fingerprint server, detect vulnerabilities Python Free False
Surf [Source] Escalate SSRF vulnerabilities on modern cloud environments, enumerate reachable hosts Go Free False
testssl.sh [Website] [Source] TLS/SSL scanner to find weak ciphers, protocols or flaws Shell Free False
TIDoS Framework [Source] Comprehensive web-app audit framework Python Free False
TLS map [Website] [Source] CLI & library for mapping TLS cipher algorithm names: IANA, OpenSSL, GnUTLS, NSS Ruby Free False
toxssin [Source] XSS exploitation command-line interface and payload generator Python Free False
Tracy [Source] Tool that help to manually find XSS Go Free False
TrashCompactor [Source] Remove URLs with duplicate funcionality based on script resources included Go Free False
tplmap [Source] SSTI and code injection detection and exploitation tool Python Free False
Typo3Scan [Source] Enumerate Typo3 version and extensions Python Free False
Uniscan [Source] RFI, LFi and RCE scanner Perl Free False
V3n0M [Source] Web dork and vulnerability scanner Python Free False
vaf [Source] Web directory and file scanner (wordlist bruteforce); but also a web fuzzer Nim Free False
Vega [Website] [Source] Multi-platform web scanner and intercepting proxy Java Free False
VOOKI [Website] Windows only web application and REST API vulnerability scanner Free False
w3af [Website] [Source] Intercepting proxy to replay, inject, scan and fuzz HTTP requests Python Free False
WAFNinja [Source] WAF bypassing tool Python Free False
wapiti [Website] [Source] Web-oriented vulnerability scanner, can generates reports Free False
WappaGo [Source] Web technologies detection; assemble different features from HTTPX, Naabu, GoWitness and Wappalyzer Go Free False
WAScan [Source] Web application security scanner Python Free False
webanalyze [Source] Port of Wappalyzer (uncovers technologies used on websites) to automate mass scanning Go Free False
Webhook Tester [Website] [Source] HTTP request collector and inspector PHP Free True
Weevely [Source] Web shell for post-exploitation working with a PHP agent Python Free False
Wfuzz [Website] [Source] Web directory and file scanner (wordlist bruteforce); but also a web fuzzer Python Free False
What CMS [Website] Service able to detect more than 430 CMS, find version used for some CMS, has an API for batch detection Free True
WhatWeb [Website] [Source] Web scanner, recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices, also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more; more than 1800 plugins Ruby Free False
wikto [Source] Nikto for Windows; web security scanner CSharp Free False
WitnessMe [Source] Take screenshots of websites, provide some server header info, and identify default credentials if possible Python Free False
WPScan [Website] [Source] WordPress CMS vulnerability scanner Ruby Free True
wrapwrap [Website] [Source] Generates a php://filter chain that adds a prefix and a suffix to the contents of a file Python Free False
WS-Attacker [Source] Modular framework for SOAP web services penetration testing Java Free False
WSFuzzer [Website] [Source] Fuzzing penetration testing tool for testing HTTP SOAP based web services Python Free False
wsrepl [Website] [Source] Interactive websocket REPL designed specifically for penetration testing Python Free False
WSSAT [Website] [Source] Web Service Security Assessment Tool; WS, REST API, SOAP API dynamic scanner CSharp Free False
x8 [Source] HTTP parameter discovery suite Rust Free False
XCat [Website] [Source] Automate XPath injection/XXE attacks to retrieve documents Python Free False
Xenotix [Website] [Source] XSS detection and exploit framework (Windows only) Python Free False
xnLinkFinder [Source] Discover endpoints and potential parameters for a given target Python Free False
Xray [Website] [Source] Web security scanner (XSS, SQLi, SSRF, XXE, etc.) Go Free False
XSinator [Website] [Source] XS-Leak browser test suite JavaScript Free False
XSpear [Source] XSS Scanner Ruby Free False
XSRFProbe [Source] Advanced Cross Site Request Forgery (CSRF/XSRF) audit and exploitation toolkit Python Free False
XSS hunter [Website] XSS probes host for finding blind XSS Free True
XSS Hunter Express [Source] XSS probes host for finding blind XSS Free False
XSS'OR [Website] [Source] Multi-purpose tool for XSS or JavaScript analysis JavaScript Free True
XSS'OR 2 [Website] [Source] Multi-purpose tool for XSS or JavaScript analysis JavaScript Free True
XSSCon [Source] XSS automatic scanner Python Free False
XSSer [Website] [Source] XSS automatic scanner and exploiter Python Free False
XSStrike [Source] XSS detection tool, parser, payload generator, fuzzing engine, crawler Python Free False
XXEinjector [Source] Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods Ruby Free False
xxeserv [Source] HTTP and FTP server for OOB XXE attacks Go Free False
XXExploiter [Website] [Source] Generates XML payloads, and automatically starts a server to serve the needed DTD's or to do data exfiltration for XXE attacks JavaScript Free False
xxxpwn [Source] XPath injection tool, designed for blind injection Python Free False
xxxpwn_smart [Source] XPath injection tool, fork of xxxpwn adding further optimizations and tweaks, uses predictive text based on a dictionary of words/phrases vs frequencies of occurrence Python Free False
YASUO [Source] Scans for vulnerable & exploitable 3rd-party web applications Ruby Free False
Yoga [Website] [Source] Your OSINT Graphical Analyzer; project to help people understand different courses of action to take based upon the data JavaScript Free False

Wireless

Name Website Source Description Programming language Price Online
Aircrack-Ng [Website] [Source] Suite of tools to assess WiFi network security (cracking WEP and WPA PSK) C Free False
airgeddon [Source] Wireless network audit script Shell Free False
BtleJack [Source] Bluetooth Low Energy Swiss-army knife Python Free False
Crunch-Cracker [Source] Wordlist generator and Wi-Fi cracker Shell Free False
Fluxion [Website] [Source] MITM WPA attack tool Shell Free False
FruityWiFi [Source] Wireless network auditing tool controlled by a web interface PHP Free False
Hijacker [Source] Android GUI for Aircrack, Airodump, Aireplay, MDK3 and Reaver Java Free False
Infernal-Wireless [Source] Automated wireless hacking tool Python Free False
intel-wifi-research-tools [Source] Research tools developed for Intel Wi-Fi chips : decode firmware files, communicate with the chip through Linux's debug filesystem Python Free False
Kismet [Website] [Source] Sniffer, WIDS, and wardriving tool for Wi-Fi, Bluetooth, Zigbee, RF CPlusPlus Free False
MDK3-master [Source] PoC tool to exploit common IEEE 802.11 protocol weaknesses C Free False
MDK4 [Source] PoC tool to exploit common IEEE 802.11 protocol weaknesses C Free False
Modmobjam [Source] Cellular networks jamming PoC for mobile equipments Python Free False
Modmobmap [Source] Tool to retrieve information of cellular networks Python Free False
Oasis [Source] Framework allowing to write, build and patch instrumentation modules for Bluetooth Low Energy (BLE) controllers C Free False
QCSuper [Source] Communicate with Qualcomm-based phones and modems, allowing to capture raw 2G/3G/4G radio frames Python Free False
reaver-wps [Source] Bruteforce WPS tool C Free False
reaver-wps (t6x fork) [Source] Bruteforce WPS tool C Free False
RF Swift [Source] Toolbox for HAM radio enthusiasts and RF professionals Go Free False
trackerjacker [Source] Tool for mapping and tacking wifi networks and devices through raw 802.11 monitoring Python Free False
Wifi-Biter [Source] Dictionary generator used to generate dictionaries/wordlist for Wireless Router Passwords Python Free False
wifijammer [Source] Script to jam wifi clients and access points Python Free False
wifite2 [Source] Script for auditing wireless networks that runs existing wireless-auditing tools Python Free False