| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| ASLRay | [Source] | Tool for ASLR bypass with stack-spraying | Shell | Free | False | |
| heaphopper | [Website] | [Source] | Bounded model checking framework for Heap-implementations | Python | Free | False |
| libformatstr | [Source] | Library to simplify format string exploitation | Python | Free | False | |
| pwntools | [Source] | Framework and exploit development library | Python | Free | False | |
| pwntools-ruby | [Source] | Framework and exploit development library, ported onto ruby | Ruby | Free | False | |
| ROPgadget | [Website] | [Source] | Framework for ROP exploitation | Python | Free | False |
Tools
Note: Paid softwares may exist in a free limited version or a demo version
Binary Exploitation
Bug Bounty
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| bbr | [Source] | Generation of bug bounty reports based on user provided templates | Go | Free | False | |
| bbrecon | [Website] | [Source] | Service enumerating all targets on Internet covered by a bug bounty program | Python | Free | True |
| BBstats | [Source] | Aggregate reports/bounties from different platforms in order to create combined stats and graphs | PHP | Free | False | |
| bounty-targets | [Source] | Crawls bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) hourly and dumps them into another git repo | Ruby | Free | False | |
| BountyDash | [Source] | Dashboard to combine rewards from all platforms, giving insights about progress and bug hunting patterns | PHP | Free | False | |
| bountyplz | [Source] | Automated bug bounty reporting/submission, supports HackerOne and Bugcrowd | Shell | Free | False | |
| BugBounty Web App | [Source] | App that helps bug bounty hunters to manage their bounties and target list | Python | Free | False | |
| Bugbountydash | [Source] | Terminal dashboard for bug bounty hunters that use HackerOne and Bugcrowd | JavaScript | Free | False | |
| Hackerone::Client | [Source] | A limited client library for interacting with HackerOne | Ruby | Free | False | |
| Needle | [Source] | Chrome extension for instant access to bug bounty submission dashboard of various platforms and publicly disclosed reports | HTML | Free | False |
Code Analysis
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| Adhrit | [Website] | [Source] | Android APK reversing and analysis suite | Python | Free | False |
| AndroBugs Framework | [Source] | Android APK vulnerability analyzer | Python | Free | False | |
| MobSF | [Source] | Android APK vulnerability analyzer | Python | Free | False | |
| NodeJsScan | [Source] | Static security code scanner for Node.js applications | Python | Free | False | |
| QARK | [Source] | Android APK vulnerability analyzer | Python | Free | False | |
| SonarQube | [Website] | [Source] | Automatic code review tool to detect bugs, vulnerabilities; continuous code inspection automated with static code analysis rules | Java | Free | False |
| StaCoAn | [Source] | Mobile applications static code analysis tool | Python | Free | False | |
| SUPER | [Website] | [Source] | Android APK vulnerability analyzer | Rust | Free | False |
| wpBullet | [Source] | Static code analysis for WordPress Plugins and Themes (and PHP) | Python | Free | False |
Collaboration and Report
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| Archery | [Website] | [Source] | Vulnerability Assessment and Management tool, run scan and manage vulnerabilities | Python | Free | False |
| AttackForge.com | [Website] | Penetration test collaboration platform: vulnerability management and reporting | Free | True | ||
| Bulwark | [Source] | Collaborative penetration test, vulnerability management and reporting platform | JavaScript | Free | False | |
| Canopy | [Website] | Penetration test platform: vulnerability management and reporting | Paid | False | ||
| DART | [Source] | Documentation And Reporting Tool; Collaborative penetration test and vulnerability management platform | Python | Free | False | |
| DefectDojo | [Website] | [Source] | Vulnerability management application built for DevOps and continuous security integration | Python | Free | False |
| Dradis | [Website] | [Source] | Collaborative penetration test, vulnerability management and reporting platform | Ruby | Paid | False |
| envizon | [Website] | [Source] | Vulnerability management and reporting platform | Ruby | Free | False |
| Faraday | [Website] | [Source] | Collaborative penetration test and reporting platform | Python | Paid | False |
| Ghostwriter | [Website] | [Source] | Project management and reporting engine | Python | Free | False |
| hackOx | [Website] | [Source] | Modular web based pentesting interface designed to run on Raspberry Pi | PHP | Free | False |
| Kvasir | [Source] | Pentest data management tool | Python | Free | False | |
| Lair | [Website] | [Source] | Collaborative penetration test and vulnerability management framework | JavaScript | Free | False |
| MISP | [Website] | [Source] | Malware Information Sharing Platform, an Open Source threat intelligence plateform and open standards for threat information sharing | PHP | Free | False |
| oneVault | [Website] | Collaborative penetration test, vulnerability management and reporting platform | Paid | False | ||
| OSCP Exam Report Template in Markdown | [Website] | [Source] | Markdown templates for OSCP exam report | Markdown | Free | False |
| OWASP PenText | [Website] | [Source] | Collection of XML templates, XML schemas and XSLT code, to generate IT security documents including test reports, offers and invoices | Free | False | |
| PatrOwl | [Website] | [Source] | Security operations orchestration and continuous threat management platform | Python | Free | False |
| PlexTrac | [Website] | Collaborative penetration test reporting and vulnerability management platform | Paid | False | ||
| Pollenisator | [Source] | Collaborative penetration test and reporting platform (DB + clients, no WebUI) | Python | Free | False | |
| Prithvi | [Website] | [Source] | Report generation tool for pentester with provided OWASP data | JavaScript | Free | False |
| PwnDoc | [Source] | Collaborative penetration test reporting platform | JavaScript | Free | False | |
| Serpico | [Source] | SimplE RePort wrIting and CollaboratiOn tool, penetration testing report generation and collaboration tool | Ruby | Free | False | |
| Serpico-NG | [Source] | SimplE RePort wrIting and CollaboratiOn tool NEXT-GENERATION, penetration testing report generation and collaboration tool, fork of Serpico | Ruby | Free | False | |
| Sh00t | [Source] | Pentesting platform with dynamic task manager, checklists, bug template & bug report | Python | Free | False | |
| Smersh | [Source] | Pentest oriented collaborative tool used to track the progress of your company's engagements and generate reports | PHP | Free | False | |
| SwiftnessX | [Source] | Cross-platform note-taking and target-tracking app for penetration testers | JavaScript | Free | False | |
| vcr | [Source] | Vulnerability Compliance Report; parse Nessus CIS benchmark scan files and generate HTML reports | PowerShell | Free | False | |
| vuldash | [Website] | [Source] | Vulnerability Dashboard; vulnerability management, project management and report generation | PHP | Free | False |
| VULNREPO | [Website] | [Source] | Vulnerability report generator | JavaScript | Free | False |
| Vulnreport | [Website] | [Source] | Pentesting management and automation platform | Ruby | Free | False |
| WriteHat | [Website] | [Source] | Collaborative penetration test reporting platform | Python | Free | False |
Configuration audit
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| Nipper Studio | [Website] | Tool that parse router, switch, firewall configuration to discover vulnerabilities | Paid | False | ||
| Nipper-ng | [Source] | Tool that parse router, switch, firewall configuration to discover vulnerabilities | Cplusplus | Free | False |
Cracking (Hash)
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| Bopscrk | [Source] | Before Outset PaSsword CRacKing, password wordlist generator with exclusive features like lyrics based mode | Python | Free | False | |
| CeWL | [Source] | Custom wordlist generator based on website crawling | Ruby | Free | False | |
| CrackerJack | [Website] | [Source] | Basic Web Interface for Hashcat | Python | Free | False |
| Cracklord | [Website] | [Source] | Scalable, pluggable, and distributed system for password cracking, supports Hashcat | Go | Free | False |
| CrackQ | [Source] | Hashcat cracking queue system, API and WebUI | Python | Free | False | |
| CrackStation | [Website] | [Source] | Pre-computed lookup tables to crack password hashes | PHP | Free | True |
| crunch | [Source] | Wordlist generator | C | Free | False | |
| CUPP | [Source] | Common User Passwords Profiler, wordlist generator based on user profiling | Python | Free | False | |
| Duplicut | [Source] | Remove duplicates from massive wordlist, without sorting it (for dictionary-based password cracking) | C | Free | False | |
| GoCrack | [Source] | Management frontend for password cracking tools, supporting hashcat | Go | Free | False | |
| Hashcat | [Website] | [Source] | Password cracking tool | C | Free | False |
| Hashtopolis | [Source] | Hashcat wrapper for distributed hashcracking | PHP | Free | False | |
| Hashview | [Website] | [Source] | Web-UI for managing, organizing, automating Hashcat commands/tasks | Ruby | Free | False |
| John The Ripper | [Website] | Password cracking tool | C | Free | False | |
| John the Ripper, Jumbo version | [Website] | [Source] | Password cracking tool, community-enhanced version of John The Ripper | C | Free | False |
| lyricpass | [Source] | Tool to generate wordlists based on lyrics | Python | Free | False | |
| Mentalist | [Source] | Graphical tool for custom wordlist generation, can output rules compatible with Hashcat and John the Ripper | Python | Free | False | |
| Ophcrack | [Website] | [Source] | Windows password cracker based on rainbow tables | Free | False | |
| pnwgen | [Source] | Phone number wordlist generator | Python | Free | False | |
| PowerSniper | [Source] | Password spraying script and helper for creating password lists | PowerShell | Free | False | |
| pydictor | [Source] | Multi-method password wordlist generator | Python | Free | False | |
| rulesfinder | [Source] | Machine-learn password mangling rules; finds efficient password mangling rules (for John the Ripper or Hashcat) for a given dictionary and a list of passwords | Rust | Free | False | |
| TTPassGen | [Source] | Flexible and scriptable password dictionary/wordlist generator | Python | Free | False | |
| WebHashcat | [Source] | Hashcat WebUI with distributed cracking sessions and analytics | Python | Free | False | |
| wordlistctl | [Source] | Fetch, install and search wordlist archives from websites and torrent peers | Python | Free | False |
Cryptography
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| crypto-identifier | [Source] | Tool that try to identify what cipher is used and uncipher the data | Python | Free | False | |
| Crypton | [Source] | Library consisting of explanation and implementation of all the existing attacks on various Encryption Systems, Digital Signatures, Hashing Algorithms along with example challenges from CTFs | Python | Free | False | |
| Dcode | [Website] | Code and decode all kind of checksums, algorithms, codes or ciphers | Free | True | ||
| FeatherDuster | [Source] | Cryptanalysis tool and library | Python | Free | False | |
| Haiti | [Website] | [Source] | A CLI tool to identify the hash type of a given hash | Ruby | Free | False |
| hashID | [Source] | Identify the different types of hashes | Python | Free | False | |
| PkCrack | [Website] | Tool for breaking PkZip encryption | Free | False | ||
| RsaCtfTool | [Source] | Tool to conduct manual or automated attack on RSA | Python | Free | False | |
| RSATool | [Source] | Tool to calculate RSA parameters | Python | Free | False | |
| RSHack | [Source] | RSA attack and key manipulation tool | Free | False | ||
| XORTool | [Source] | Tool to analyze multi-byte xor cipher | Python | Free | False |
Digital Forensics
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| Cerbero Profiler | [Website] | File analyzer and inspector | Paid | False | ||
| dnscat2 | [Source] | Encrypted command-and-control (C&C) channel over the DNS protocol, data exfiltration | Cplusplus | Free | False | |
| ExifTool | [Website] | [Source] | Library and CLI tool for reading, writing and editing metadata for a lot of file types | Perl | Free | False |
| extundelete | [Website] | [Source] | Tool to recover deleted files from an ext3 or ext4 partition | Free | False | |
| Fibratus | [Source] | Tool for exploration and tracing of the Windows kernel | Python | Free | False | |
| Foremost | [Website] | [Source] | CLI tool to recover files based on their headers, footers, and internal data structures | Free | False | |
| rekall | [Website] | [Source] | Volatile memory extraction utility | Python | Free | False |
| rekall (Fireeye fork) | [Source] | Fork of rekall with support for Windows 10 memory compression | Python | Free | False | |
| ResourcesExtract | [Website] | Scans dll/ocx/exe files and extract all resources found, Windows only | Free | False | ||
| shellbags | [Source] | Shellbag parser (Windows Registry Keys) | Python | Free | False | |
| volatility | [Website] | [Source] | Volatile memory extraction utility | Python | Free | False |
| volatility (Fireeye fork) | [Source] | Fork of volatility with support for Windows 10 memory compression | Python | Free | False |
Honeypot and Decoy
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| Canarytokens | [Website] | [Source] | quickly deployable honeypot with docker image, the online service allows to get alerted by email for URL token, DNS token, unique email address, custom image, MS word doc., Acrobat Reader PDF doc., and more | Free | True | |
| DejaVU | [Source] | Deception framework which can be used to deploy decoys across the infrastructure | Free | False |
Incident Response
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| DFIRTrack | [Source] | Incident response tracking web application, focused on handling one major incident with a lot of affected systems | Python | Free | False | |
| IntelMQ | [Source] | Solution for collecting and processing security feeds using a message queuing protocol | Python | Free | False | |
| SCOT | [Website] | [Source] | Sandia Cyber Omni Tracker; cyber security incident response management system and knowledge base | Perl | Free | False |
Intentionally Vulnerable Applications
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| bWAPP | [Website] | [Source] | Buggy Web Application, insecure webapp for security trainings | PHP | Free | False |
| DVIA | [Website] | [Source] | Damn Vulnerable iOS App, insecure webapp for mobile security trainings | Swift | Free | False |
| DVWA | [Website] | [Source] | Damn Vulnerable Web Application, insecure webapp for security trainings | PHP | Free | False |
| Google Gruyere | [Website] | [Source] | Codelab for white-box and black-box hacking | Python | Free | True |
| Hackazon | [Source] | Intentionally vulnerable web shopping application using modern technologies and containing configurable areas | PHP | Free | False | |
| OWASP Juice Shop | [Website] | [Source] | Insecure web application with >85 challenges; supports CTFs, custom themes, tutorial mode etc. | JavaScript | Free | False |
| OWASP Mutillidae II | [Website] | [Source] | Intentionally vulnerable web-application containing some OWASP Top Ten vulnerabilities, with hints and switch for secure version of the code | PHP | Free | False |
| OWASP WebGoat | [Website] | [Source] | Deliberately insecure web application to teach web application security lessons | Java | Free | False |
| XVNA | [Source] | Extreme Vulnerable Node Application, insecure webapp for security trainings | JavaScript | Free | False |
Networking
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| ActiveDirectoryEnumeration | [Source] | Enumerate AD through LDAP with a collection of helpfull scripts being bundled: ASREPRoasting, Kerberoasting, dump AD as BloodHound JSON files, searching GPOs in SYSVOL for cpassword and decrypting, run without creds | Python | Free | False | |
| ad-ldap-enum | [Source] | LDAP based Active Directory user and group enumeration tool | Python | Free | False | |
| archtorify | [Source] | Script for Arch Linux which use iptables settings to create a transparent proxy through Tor Network | Shell | Free | False | |
| Arecibo | [Source] | Endpoint for Out-of-Band Exfiltration (DNS & HTTP) | Python | Free | False | |
| bettercap | [Website] | [Source] | MITM framework | Ruby | Free | False |
| bettercap web UI | [Website] | [Source] | Web UI for bettercap | TypeScript | Free | False |
| boofuzz | [Source] | Network protocol fuzzing framework | Python | Free | False | |
| BruteSpray | [Source] | Takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa | Python | Free | False | |
| BruteX | [Source] | Tool using nmap and hydra to automatically bruteforce network service accounts | Shell | Free | False | |
| Carnivore | [Website] | [Source] | Assessment of on-premises Microsoft servers such as ADFS, Skype, Exchange, and RDWeb | CSharp | Free | False |
| CapAnalysis | [Website] | [Source] | PCAP analyzer | C | Free | True |
| chisel | [Source] | Fast TCP tunneling over HTTP secured by SSH | Go | Free | False | |
| CloudShark | [Website] | PCAP analyzer | Paid | True | ||
| Evil-WinRM | [Source] | Enhanced WinRM shell | Ruby | Free | False | |
| Garfield | [Source] | Attack framework for distributed systems | Python | Free | False | |
| goddi | [Source] | Active Directory domain information dumper | Go | Free | False | |
| HASSH | [Source] | Network fingerprinting standard which can be used to identify specific client and server SSH implementations | Python | Free | False | |
| HellRaiser | [Source] | Scan with nmap to correlate CPE's found with cve-search to enumerate vulnerabilities | Ruby | Free | False | |
| Hydra | [Website] | [Source] | Network login cracker | C | Free | False |
| kalitorify | [Source] | Script for Kali Linux which use iptables settings to create a transparent proxy through Tor Network | Shell | Free | False | |
| Ligolo | [Source] | Pivot / reverse tunneling tool with SOCKS5 et TCP tunnel support | Go | Free | False | |
| Masscan | [Source] | Port scanner for massive networks | C | Free | False | |
| Medusa | [Website] | Network login cracker | Free | False | ||
| Medusa-gui | [Source] | GUI for Medusa | Java | Free | False | |
| Ncrack | [Website] | [Source] | Reliable and adaptative network login cracker supporting a large number of protocols | Cplusplus | Free | False |
| nemesis | [Website] | [Source] | Packet manipulation CLI tool; craft and inject packets of several protocols | Python | Free | False |
| Netfort Free Cloud Based PCAP Analysis | [Website] | PCAP analyzer; needs registration | Free | True | ||
| NetworkMiner | [Website] | Network sniffer/packet capturing tool | Free | False | ||
| NetworkTotal | [Website] | PCAP analyzer; using Suricata | Free | True | ||
| Nipe | [Source] | Script to make TOR as default gateway | Perl | Free | False | |
| Nmap | [Website] | [Source] | Tool for network discovery and security auditing | C | Free | False |
| NMapGUI | [Source] | Advanced GUI for Nmap | Java | Free | False | |
| Nozzlr | [Source] | Multithreaded and modular bruteforce framework with network templates | Python | Free | False | |
| onesixtyone | [Source] | SNMP scanner | C | Free | False | |
| OOB-Server | [Source] | Bind9 DNS server for pentesters to use for Out-of-Band vulnerabilities | Shell | Free | False | |
| PacketFu | [Source] | Packet manipulation library; forge, send, decode, capture packets of a wide number of protocols | Ruby | Free | False | |
| PacketTotal | [Website] | PCAP analyzer; using Bro, Suricata and Elasticsearch | Free | True | ||
| PacketWhisper | [Source] | Stealthy Data exfiltration via DNS, without the need for attacker-controlled Name Servers or domain | Python | Free | False | |
| Patator | [Source] | Multi-protocol bruteforce tool | Python | Free | False | |
| polarbearscan | [Website] | [Source] | Port scanner and banner grabber | C | Free | False |
| Polymorph | [Source] | Real-time network packet manipulation framework | Python | Free | False | |
| pwncat | [Website] | [Source] | Sophisticated bind and reverse shell handler with many features as well as a drop-in replacement or compatible complement to netcat, ncat or socat | Python | Free | False |
| rdp-sec-check | [Source] | Script to enumerate security settings of an RDP Service | Perl | Free | False | |
| Responder | [Source] | LLMNR, NBT-NS and MDNS poisoner to intercept authentication requests/answers | Python | Free | False | |
| RMIScout | [Website] | [Source] | Enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities through wordlist and bruteforce strategies | Java | Free | False |
| sandmap | [Source] | Metasploit-like CLI interface for Nmap Script Engine (NSE) | Shell | Free | False | |
| Scapy | [Website] | [Source] | Packet manipulation library; forge, send, decode, capture packets of a wide number of protocols | Python | Free | False |
| Seth | [Source] | RDP MitM tool | Python | Free | False | |
| Singularity | [Website] | [Source] | DNS rebinding attack framework | Go | Free | False |
| SNMP Brute | [Source] | SNMP brute force, enumeration, CISCO config downloader and password cracking script | Python | Free | False | |
| snmpbw.pl | [Source] | Multithreaded script for bulk walking targeted host systems for SNMP data | Perl | Free | False | |
| ssh-audit | [Website] | [Source] | SSH scanner that detects protocol, version, grab banner, recognize software and operating system, output algorithm information and recommendations | Python | Free | False |
| Tsunami | [Source] | Network security scanner with an extensible plugin system | Java | Free | False | |
| WebMap v1 | [Source] | A web dashboard for nmap XML report | Python | Free | False | |
| WebMap v2 | [Source] | A web dashboard for nmap XML report | https://github.com/Nazicc/WebMap | Free | False | |
| Whonow | [Source] | DNS Server for executing DNS Rebinding attacks | JavaScript | Free | False | |
| windapsearch | [Source] | Script to enumerate users, groups and computers from a Windows domain through LDAP queries | Python | Free | False | |
| Wireshark | [Website] | [Source] | Network protocol analyzer | Cplusplus | Free | False |
| yersinia | [Source] | Framework for layer 2 attacks | C | Free | False | |
| Zenmap | [Website] | [Source] | GUI for Nmap | Python | Free | False |
| Zmap | [Website] | [Source] | Collection of tools to scan and study massive networks | C | Free | False |
OSINT and Reconnaissance
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| Amass | [Website] | [Source] | DNS enumeration and network mapping tool suite: scraping, recursive brute forcing, crawling web archives, reverse DNS sweeping | Go | Free | False |
| Aquatone | [Website] | [Source] | Domain flyover tool; visual inspection of websites across a large amount of hosts and is convenient for quickly gaining an overview of HTTP-based attack surface | Go | Free | False |
| Asnlookup | [Source] | Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it | Python | Free | False | |
| AutoRecon | [Source] | Multi-threaded network reconnaissance tool which performs automated enumeration of services | Python | Free | False | |
| badKarma | [Source] | Advanced network reconnaissance tool | Python | Free | False | |
| Belati | [Source] | OSINT tool, collect data and document actively or passively | Python | Free | False | |
| Darkshot | [Source] | Lightshot scraper with multi-threaded OCR and auto categorizing screenshots | Python | Free | False | |
| datasploit | [Website] | [Source] | OSINT framework, find, aggregate and export data | Python | Free | False |
| DeadTrap | [Website] | [Source] | Track down footprints of a phone number | Python | Free | False |
| dnsenum | [Source] | DNS reconnaissance tool: AXFR, DNS records enumeration, subdomain bruteforce, range reverse lookup | Perl | Free | False | |
| dnsenum2 | [Source] | Continuation of dnsenum project | Perl | Free | False | |
| DNSRecon | [Source] | DNS reconnaissance tool: AXFR, DNS records enumeration, TLD expansion, wildcard resolution, subdomain bruteforce, PTR record lookup, check for cached records | Python | Free | False | |
| EagleEye | [Source] | OSINT tool, image recognition on instagram, facebook and twitter | Python | Free | False | |
| eTools.ch | [Website] | Metasearch engine, query 16 search engines in parallel | Free | True | ||
| Facebook_OSINT_Dump | [Source] | OSINT tool, facebook profile dumper, windows and chrome only | Shell | Free | False | |
| FinalRecon | [Source] | Web reconnaissance script | Python | Free | False | |
| Findomain | [Source] | Fast subdomain enumerator | Rust | Free | False | |
| FOCA | [Website] | [Source] | OSINT framework and metadata analyser | Csharp | Free | False |
| GHunt | [Source] | Investigate Google accounts with emails and find name, usernames, Youtube Channel, probable location, Maps reviews, etc. | Python | Free | False | |
| gitGraber | [Source] | Monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe, etc. | Python | Free | False | |
| Gorecon | [Source] | Reconnaissance toolkit | Go | Free | False | |
| gOSINT | [Source] | OSINT framework; find mails, dumps, retrieve Telegram history and info about hosts | Go | Free | False | |
| h8mail | [Source] | Email OSINT & Password breach hunting tool; supports chasing down related email | Python | Free | False | |
| Harpoon | [Source] | CLI tool; collect data and document actively or passively | Python | Free | False | |
| holehe | [Source] | Check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function | Python | Free | False | |
| IVRE | [Website] | [Source] | IVRE (Instrument de veille sur les réseaux extérieurs) or DRUNK (Dynamic Recon of UNKnown networks); network recon framework including tools ofr passive and active recon | Python | Free | False |
| kitphishr | [Source] | Hunts for phishing kit source code by traversing URL folders and searching in open directories for zip files; supports list of URLs or PhishTank | Go | Free | False | |
| Kostebek | [Source] | Tool to find firms domains by searching their trademark information | Python | Free | False | |
| LeakLooker | [Source] | Discover, browse and monitor database/source code leaks | Python | Free | False | |
| leakScraper | [Source] | Set of tools to process and visualize huge text files containing credentials | Python | Free | False | |
| LinEnum | [Source] | System script for local Linux enumeration and privilege escalation checks | Shell | Free | False | |
| LittleBrother | [Source] | Information gathering (OSINT) on a person (EU), checks social networks and Pages Jaunes | Python | Free | False | |
| Maigret | [Source] | Collect a dossier on a person by username from a huge number of sites, and extract details from them | Python | Free | False | |
| MassDNS | [Source] | High-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration) | C | Free | False | |
| Metabigor | [Source] | OSINT tool that doesn't require any API key | Go | Free | False | |
| nqntnqnqmb | [Source] | Retrieve information on linkedin profiles, companies on linkedin and search on linkedin companies/persons | Python | Free | False | |
| ODIN | [Source] | Observe, Detect, and Investigate Networks, Automated reconnaissance tool | Python | Free | False | |
| Omnibus | [Source] | OSINT framework; collection of tools | Python | Free | False | |
| OneForAll | [Source] | Subdomain enumeration tool | Python | Free | False | |
| OnionSearch | [Source] | Script that scrapes urls on different .onion search engines | Python | Free | False | |
| OSINT Framework | [Website] | [Source] | A web-based collection of tools and resources for OSINT | Javascript | Free | True |
| Osmedeus | [Website] | [Source] | Automated framework for reconnaissance and vulnerability scanning | Python | Free | False |
| Photon | [Source] | Fast crawler designed for OSINT | Python | Free | False | |
| PITT | [Source] | Web browser loaded with links and extensions for doing OSINT | Free | False | ||
| ProjectDiscovery | [Website] | [Source] | Monitor, collect and continuously query the assets data via a simple webUI | Go | Free | True |
| ReconDog | [Source] | Multi-purpose reconnaissance tool, CMS detection, reverse IP lookup, port scan, etc. | Python | Free | False | |
| Recon-ng | [Source] | Web-based reconnaissance tool | Python | Free | False | |
| Reconnoitre | [Source] | Tool made to automate information gathering and service enumeration while storing results | Python | Free | False | |
| ReconScan | [Source] | Network reconnaissance and vulnerability assessment tools | Python | Free | False | |
| Recsech | [Source] | Web reconnaissance and vulnerability scanner tool | PHP | Free | False | |
| Red Team Arsenal | [Source] | Automated reconnaissance scanner and security checks | Python | Free | False | |
| reNgine | [Website] | [Source] | Automated recon framework for web applications; customizable scan engines & pipeline of reconnaissance | Python | Free | False |
| Sandmap | [Website] | [Source] | Network and system reconnaissance scanner using Nmap | Shell | Free | False |
| SearchDNS | [Website] | Netcraft tool; Search and find information for domains and subdomains | Free | True | ||
| Sherlock | [Website] | [Source] | Hunt down social media accounts by username across social networks | Python | Free | False |
| shosubgo | [Source] | Grab subdomains using Shodan api | Go | Free | False | |
| shuffledns | [Source] | Wrapper around massdns that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support | Go | Free | False | |
| SiteBroker | [Source] | Tool for information gathering and penetration test automation | Python | Free | False | |
| Sn1per | [Source] | Automated reconnaissance scanner | Shell | Free | False | |
| spiderfoot | [Website] | [Source] | OSINT framework, collect and manage data, scan target | Python | Free | False |
| Stalker | [Source] | Automated scanning of social networks and other websites, using a single nickname | Python | Free | False | |
| SubDomainizer | [Source] | Find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github | Python | Free | False | |
| subfinder | [Website] | [Source] | Discovers valid subdomains for websites, designed as a passive framework to be useful for bug bounties and safe for penetration testing | Go | Free | False |
| Sublist3r | [Source] | Subdomains enumeration tool | Python | Free | False | |
| Sudomy | [Source] | Subdomain enumeration tool | Python | Free | False | |
| Th3inspector | [Source] | Multi-purpose information gathering tool | Perl | Free | False | |
| theHarvester | [Source] | Multi-purpose information gathering tool: emails, names, subdomains, IPs, URLs | Python | Free | False | |
| tinfoleak | [Source] | Twitter intelligence analysis tool | Python | Free | False | |
| Totem | [Source] | Retrieve information about ads of a facebook page, retrieve the number of people targeted, how much the ad cost and a lot of other information | Python | Free | False | |
| trape | [Source] | Analysis and research tool, which allows people to track and execute intelligent social engineering attacks in real time | Python | Free | False | |
| TWINT | [Source] | Twitter Intelligence Tool; Twitter scraping & OSINT tool that doesn't use Twitter's API, allowing one to scrape a user's followers, following, Tweets and more while evading most API limitations | Python | Free | False |
Other
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| ADB-Toolkit | [Source] | Wrapper around adb to ease certain tasks | Shell | Free | False | |
| Atheris | [Source] | Coverage-guided Python fuzzing engine | Shell | Free | False | |
| ctf-party | [Website] | [Source] | Library to enhance and speed up script/exploit writing for CTF players | Ruby | Free | False |
| CyberChef | [Website] | [Source] | Data manipulation toolkit in web browser | JavaScript | Free | False |
| DeHashed | [Website] | Service to check if an account has been compromised in a data breach | Paid | True | ||
| discover | [Source] | Scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit | Shell | Free | False | |
| Firefox Monitor | [Website] | Service to check if an account has been compromised in a data breach | Free | True | ||
| gtfo | [Source] | CLI for searching gtfobins and lolbas from the terminal | Python | Free | False | |
| GTFOBLookup | [Source] | CLI for earching gtfobins and lolbas from the terminal; allows more advanced search than gtfo | Python | Free | False | |
| Have i been pwned? | [Website] | Service to check if an account has been compromised in a data breach | Free | True | ||
| hideNsneak | [Source] | CLI tool for ephemeral penetration testing, rapidly deploy and manage various cloud services | Go | Free | False | |
| inlite | [Website] | Scan QR-code, 1D, DataMatrix, Postal, PDF417, and more | Free | True | ||
| Interlace | [Source] | Turn single threaded command line applications into a multi-threaded application with CIDR and glob support | Python | Free | False | |
| itdis | [Website] | [Source] | Is This Domain In Scope; a small tool that allows you to check if a list of domains you have been provided is in the scope of your pentest or not | Ruby | Free | False |
| Metasploit | [Website] | [Source] | Tool and framework for pentesting system, web and many more, contains a lot a ready to use exploit, 4 versions: Pro (paid), Express (paid), Community (free with GUI but on request), Framework (free, open source, CLI) | Ruby | Paid | False |
| objection | [Source] | Runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak | Python | Free | False | |
| OpenVAS | [Website] | [Source] | Open Vulnerability Assessment Scanner | C | Free | False |
| PentestBox | [Website] | [Source] | Pre-configured portable penetration testing environment for Windows, all-in-one box | Free | False | |
| PWDQUERY | [Website] | Service to check if an account has been compromised in a data breach | Free | True | ||
| rawsec_cli | [Website] | [Source] | Rawsec Inventory search CLI to find security tools and resources | Python | Free | False |
| Ronin | [Website] | [Source] | Platform for vulnerability research and exploit development, it allows for the rapid development and distribution of code, Exploits or Payloads, Scanners, etc, via Repositories | Ruby | Free | False |
| Scrounger | [Source] | Mobile application testing toolkit, the mobile metasploit-like framework | Python | Free | False | |
| Seccubus | [Website] | [Source] | Vulnerability scanning, reporting and analysis | JavaScript | Free | False |
| SprayingToolkit | [Source] | Password spraying scripts for Lync/S4B and OWA | Python | Free | False | |
| Tool-X | [Source] | Kali linux hacking tool installer | Python | Free | False | |
| v0lt | [Source] | CTF toolkit / framework | Python | Free | False | |
| VBSmin | [Website] | [Source] | VBScript minifier | Ruby | Free | False |
| webqr | [Website] | Scan & create QR-code | Free | True | ||
| ysoserial | [Source] | Tool for generating payloads that exploit unsafe Java object deserialization | Java | Free | False |
Plugins
| Name | For | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|---|
| AWS Extender | Burp Suite | [Source] | Identify and test S3 buckets, Google Storage buckets and Azure Storage containers for common misconfiguration | Python | Free | False | |
| BurpBounty | Burp Suite | [Source] | Scan Check Builder in BApp Store, improve the active and passive scanner by means of personalized rules through a graphical interface | Java | Free | False | |
| GEF | GDB | [Source] | GDB Enhanced Features, multi-architecture | Python | Free | False | |
| Mona | Immunity Debugger | [Source] | Set of commands for Immunity Debugger | Python | Free | False | |
| PEDA | GDB | [Source] | Python Exploit Development Assistance, (only python2.7) | Python | Free | False | |
| Pwndbg | GDB | [Source] | Enhance GDB, for exploit development and reverse engineering | Python | Free | False | |
| Sploitego | Maltego | [Source] | Maltego penetration testing Transforms | Python | Free | False | |
| Stepper | Burp Suite | [Source] | Evolution of Burp Suite's Repeater tool, providing the ability to create sequences of steps and define regular expressions to extract values from responses | Java | Free | False | |
| XSSor | Burp Suite | [Source] | semi-automatic reflected and persistent XSS scanner | Python | Free | False |
Red Teaming
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| fireELF | [Source] | Fileless linux malware framework | Python | Free | False | |
| Gophish | [Website] | [Source] | Phishing toolkit providing the ability to setup and execute phishing engagements and security awareness training | Go | Free | True |
| Kage | [Source] | Graphical user interface for Metasploit Meterpreter and session handler | JavaScript | Free | False | |
| King Phisher | [Source] | A tool for testing and promoting user awareness by simulating real world phishing attacks | Python | Free | False | |
| Pupy | [Source] | Cross-platform, multi function remote access tool (RAT) and post-exploitation tool; fileless/all-in-memory execution, low footprint, multi-transport | Python | Free | False | |
| Quasar | [Source] | Remote Administration Tool (RAT) for Windows | CSharp | Free | False | |
| Redcloud | [Source] | Automated Red Team Infrastructure deployment using Docker | Python | Free | False | |
| SHAD0W | [Website] | [Source] | Modular C2 framework designed to successfully operate covertly on heavily monitored environments | Python | Free | False |
| Sliver | [Source] | Cross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS; remote access tool (RAT) | Go | Free | False | |
| SocialFish | [Source] | Phishing targeting social media logins; supports Ngrok tunneling and a mobile controller | Python | Free | False | |
| UBoat | [Source] | HTTP botnet PoC | CPlusPlus | Free | False | |
| Zphisher | [Source] | Automated phishing tool with multiple tunneling options; fork of Shellphish | Shell | Free | False |
Reverse Engineering
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| androguard | [Source] | Tool for reverse engineering and malware analysis of Android applications | Python | Free | False | |
| angr | [Source] | Platform-agnostic binary analysis framework | Python | Free | False | |
| ANY RUN | [Website] | Online virtual machine for malware hunting, sandbox with interactive access, real-time data-flow | Free | True | ||
| Apk2Gold | [Source] | Android decompiler (wrapper for apktool, dex2jar, and jd-gui) | Shell | Free | False | |
| Apktool | [Website] | [Source] | Android disassembler and rebuilder | Java | Free | False |
| arm_now | [Source] | Tool that allows instant setup of virtual machines on various architectures for reverse, exploit, fuzzing and programming purpose | Python | Free | False | |
| Barf | [Source] | Binary Analysis and Reverse engineering Framework | Python | Free | False | |
| bearparser | [Website] | [Source] | PE parsing library (from PE-bear) | CPlusPlus | Free | False |
| Binary Ninja | [Website] | Crossplatform binary analysis framework | Python | Paid | False | |
| binutils | [Website] | [Source] | GNU collection of binary tools | C | Free | False |
| binwalk | [Source] | Analyze, reverse engineer and extract firmware images (and other files, also usefull for Digital Forensics) | Python | Free | False | |
| boomerang | [Source] | x86 binaries to C decompiler | Cplusplus | Free | False | |
| ctf_import | [Website] | [Source] | Library to run basic functions from stripped binaries | C | Free | False |
| CFF Explorer | [Website] | PE Editor | Free | False | ||
| Cutter | [Source] | Qt and C++ GUI for radare2 | CPlusPlus | Free | False | |
| Defuse online disassembler | [Website] | Online x86 (32/64 bits) assembler and disassembler | Free | True | ||
| dnSpy | [Source] | .NET assembly debugger, decompiler and editor | CSharp | Free | False | |
| Droidefense | [Website] | [Source] | Android apps/malware analysis/reversing tool | Java | Free | False |
| edb | [Source] | Cross platform AArch32/x86/x86-64 debugger | CPlusPlus | Free | False | |
| Flare | [Website] | Processes SWF and extract scripts from it | Free | False | ||
| Flasm | [Website] | [Source] | Disassembler tool for SWF bytecode | Free | False | |
| Frida | [Website] | [Source] | Dynamic code instrumentation toolkit | C | Free | False |
| GDB | [Website] | [Source] | GNU debugger | Cplusplus | Free | False |
| Ghidra | [Website] | [Source] | Software reverse engineering (SRE) suite of tools: disassembly, assembly, decompilation, graphing, scripting, etc. | Java | Free | False |
| Hiew | [Website] | x86_64 disassembler for multiple formats | Paid | False | ||
| Hopper | [Website] | Disassembler, decompiler and debugger | Paid | False | ||
| IDA Pro | [Website] | Disassembler and debugger | Paid | False | ||
| ILSpy | [Source] | .NET assembly browser and decompiler to C# | CSharp | Free | False | |
| ImmunityDbg | [Website] | Windows debugger with Python scripting support | Free | False | ||
| jadx | [Source] | DEX to Java decompiler | Java | Free | False | |
| Java Decompilers | [Website] | .JAR and .Class to Java decompiler | Free | True | ||
| JD-GUI | [Website] | GUI tool decompiling JAVA | Java | Free | False | |
| JEB | [Website] | Disassembler, decompiler and debugger | Paid | False | ||
| JPEXS Free Flash Decompiler | [Source] | A.k.a ffdec, flash SWF decompiler | Java | Free | False | |
| JSDetox | [Website] | [Source] | Javascript deobfustcator | Ruby | Free | False |
| Kemon | [Source] | macOS kernel pre and post callback-based framework | C | Free | False | |
| Krakatau | [Source] | Java decompiler, assembler, and disassembler | Java | Free | False | |
| ldd | [Website] | Tool that print shared library dependencies | Free | False | ||
| Metasm | [Website] | [Source] | Assembler, disassembler, compiler and debugger | Ruby | Free | False |
| Medusa | [Source] | Interactive multi-architecture and multi-formats disassembler running on Windows and Linux | Cplusplus | Free | False | |
| ODA | [Website] | Advanced multi-architecture online disassembler supporting a lot of architectures and object file formats | Free | True | ||
| OllyDbg | [Website] | Windows debugger | Free | False | ||
| Pe-bear | [Website] | PE reverse tool: recognizes packers, fast disassembler, visualization of sections layout, selective comparing of two chosen PE files | Free | False | ||
| PE Explorer Disassembler | [Website] | Windows disassembler | Paid | False | ||
| PE Insider | [Website] | PE viewer, closed source and windows only | Free | False | ||
| Plasma | [Source] | x86/ARM/MIPS interactive disassembler | Python | Free | False | |
| Qira | [Website] | [Source] | Timeless debugger (QIRA = QEMU Interactive Runtime Analyser) | C | Free | False |
| RABCDAsm | [Website] | [Source] | ActionScript disassembler | D | Free | False |
| radare2 | [Website] | [Source] | Crossplatform binary analysis framework, disassembler, decompiler and debugger, support collaborative analysis | C | Free | False |
| rbkb | [Source] | Ruby BlackBag; a miscellaneous collection of command-line tools and ruby library helpers related to pen-testing and reversing | Ruby | Free | False | |
| Relyze | [Website] | x86 and ARM graphical interactive disassembler with Ruby plugin framework | Paid | False | ||
| RetDec | [Website] | [Source] | Multi file formats and architectures machine-code decompiler | Cplusplus | Free | False |
| sandsifter | [Source] | x86 processor fuzzer | Python | Free | False | |
| Snowman | [Website] | [Source] | Native code to C/C++ decompiler, supporting x86, AMD64, and ARM architectures, exists as standalone app or as a plug-in | Cplusplus | Free | False |
| strace | [Source] | Debugger for Linux | Free | False | ||
| Swftools | [Website] | [Source] | Collection of utilities to work with SWF files | C | Free | False |
| Triton | [Website] | [Source] | Dynamic binary analysis framework, automate reverse engineering | Cplusplus | Free | False |
| UglifyJS2 | [Website] | [Source] | JavaScript obfuscator or beautifier toolkit | JavaScript | Free | False |
| uncompyle | [Source] | Python 2.7 binaries (.pyc) decompiler | Python | Free | False | |
| uncompyle6 | [Source] | Python 1.5, 2.1 to 2.7, 3.1 to 3.6 binaries (.pyc) decompiler | Python | Free | False | |
| Vais | [Source] | SWF vulnerability and information scanner | Ruby | Free | False | |
| WinDbg | [Website] | Windows debugger | Free | False | ||
| x64dbg | [Website] | [Source] | Windows debugger | Cplusplus | Free | False |
| XenoScan | [Source] | Processes memory scanner | Cplusplus | Free | False | |
| Xori | [Website] | [Source] | Disassembly and static analysis library that provides triage analysis data | Rust | Free | False |
| xxxswf | [Source] | Small script for carving, scanning, compressing, decompressing and analyzing SWF files | Python | Free | False |
Steganography
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| Aperi'Solve | [Website] | [Source] | Steganalysis web platform with layer, zsteg, steghide and exiftool analysis | Python | Free | False |
| Audacity | [Website] | [Source] | Tool to edit and analyze audio tracks | Free | False | |
| exif | [Source] | Shows EXIF information for JPEG files only | C | Free | False | |
| ExifTool | [Website] | [Source] | Library and CLI tool to read and write meta information (EXIF, GPS, IPTC, XMP, JFIF, …) in files (JPEG, PNG, SVG, MPEG, …) | Perl | Free | False |
| Exiv2 | [Website] | [Source] | Library and CLI tool to read and write meta information (Exif, IPTC & XMP metadata and ICC Profile) in images (JPEG, TIFF, PNG, …) | Cplusplus | Free | False |
| ImageMagick | [Website] | [Source] | Software suite and library to create, edit, compose, or convert images | C | Free | False |
| Outguess | Tool to hide messages in files (website down since 2004) | Free | False | |||
| PNGtools | [Website] | [Source] | Suite of tools to work with PNG images | C | Free | False |
| SHIT | [Source] | Stego Helper Identification Tool, multi-purpose image steganography tool | Python | Free | False | |
| SmartDeblur | [Source] | To to restore defocused and blurred images (update binary only for Windows, Mac OS binary out of date) | Cplusplus | Free | False | |
| Sonic Visualiser | [Website] | [Source] | Tool to edit and analyze audio tracks | Free | False | |
| Steganabara | [Source] | Steganography analysis tool | Java | Free | False | |
| Steghide | [Website] | [Source] | Tool to hide messages in images | Free | False | |
| StegOnline | [Website] | [Source] | Stego image toolsuite in the browser | JavaScript | Free | True |
| StegoVeritas | [Source] | Automatic tool to bruteforce LSB, transform image, extract metadata or trailing data | Python | Free | False | |
| StegSolve | GUI tool to analyse images | Java | Free | False | ||
| zsteg | [Source] | Tool to detect hidden data in PNG and BMP | Ruby | Free | False |
System Exploitation
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| Android_Emuroot | [Source] | Grants root privileges on the fly to shells running on Android virtual machines that use google-provided emulator images called Google API Playstore | Python | Free | False | |
| bkhive | [Source] | Dump the syskey bootkey from a Windows NT/2K/XP system hive, often used with samdump2, part of the ophcrack project | Free | False | ||
| BloodHound | [Website] | [Source] | Tool to reveal the hidden and unintended relationships within an Active Directory environment | PowerShell | Free | False |
| cookie_crimes | [Website] | [Source] | Read local Chrome cookies without root or decrypting and display then in JSON | Python | Free | False |
| CookieCrimesJS | [Source] | Read local Chrome cookies without root or decrypting and display then in JSON; Javascript implementation of cookie_crimes | JavaScript | Free | False | |
| CrackMapExec | [Source] | Post-exploitation tool to asses Active Directory networks | Python | Free | False | |
| creddump | [Source] | Dump windows credentials | Python | Free | False | |
| DCOMrade | [Source] | Script that is able to enumerate the possible vulnerable DCOM applications that might allow for lateral movement, code execution, data exfiltration, etc. | PowerShell | Free | False | |
| DLLInjector | [Source] | Dll injection tool | Cplusplus | Free | False | |
| DLLPasswordFilterImplant | [Source] | Password filter DLL, triggered on password change to exfiltrate credentials | C | Free | False | |
| Empire | [Website] | [Source] | PowerShell and Python post-exploitation agent | Shell | Free | False |
| Empire GUI | [Website] | [Source] | GUI for Empire framework | JavaScript | Free | False |
| enum4linux | [Source] | Windows Samba enumeration tool | Perl | Free | False | |
| enum4linux-ng | [Source] | Windows Samba enumeration tool, next generation version of enum4linux | Python | Free | False | |
| FFM | [Source] | Freedom Fighting Mode (FFM), hacking harness, post-exploitation tool | Python | Free | False | |
| goddi | [Source] | Active Directory domain information dumper | Go | Free | False | |
| LaZagne | [Source] | Password retriever | Python | Free | False | |
| LinEnum | [Source] | Linux enumeration and privilege escalation script | Shell | Free | False | |
| Linux Exploit Suggester 2 | [Source] | Linux kernel exploit suggester | Perl | Free | False | |
| linux-exploit-suggester.sh | [Source] | Linux kernel exploit suggester | Shell | Free | False | |
| linuxprivchecker.py | [Source] | Linux privilege escalation check script | Python | Free | False | |
| lynis | [Website] | [Source] | Security auditing and hardening tool, for UNIX-based systems | Shell | Free | False |
| Nishang | [Source] | Framework, collection of scripts and payloads in PowerShell for offensive security, penetration testing and red teaming | PowerShell | Free | False | |
| p0wnedShell | [Source] | PowerShell runspace post exploitation toolkit | CSharp | Free | False | |
| PEASS | [Source] | Privilege Escalation Awesome Scripts SUITE; winPEAS and linPEAS are local privilege escalation scripts for Windows and Linux | Shell | Free | False | |
| Powerless | [Source] | A Windows privilege escalation enumeration BAT script designed for legacy Windows machines without Powershell | Shell | Free | False | |
| PowerSploit | [Source] | Powershell exploitation framework | Powershell | Free | False | |
| pspy | [Source] | CLI tool designed to snoop on processes without need for root permissions; it allows to see commands run by other users, cron jobs, etc. as they execute | Go | Free | False | |
| RedSnarf | [Source] | Retrieves hashes and credentials from Windows workstations, servers and domain controllers using OpSec Safe Techniques | Python | Free | False | |
| samdump2 | [Source] | Retrieves syskey and extract hashes from Windows 2k/NT/XP/Vista SAM, often used with bkhive, part of the ophcrack project | Free | False | ||
| scavenger | [Source] | multi-threaded post-exploitation scanning tool for scavenging systems, finding most frequently used files and folders as well as interesting files containing sensitive information | Python | Free | False | |
| SharpShooter | [Source] | Payload Generation Framework for C# source code | VB | Free | False | |
| ShellPop | [Source] | Tool to craft bind and reverse shells in several languages | Python | Free | False | |
| unicorn | [Source] | Tool for using a PowerShell downgrade attack and inject shellcode into memory | Python | Free | False | |
| WES-NG | [Source] | Windows Exploit Suggester - Next Generation; analyses Windows targets patch levels to find exploits and Metasploit modules; works well with newer system (eg Windows 10) thanks to MSRC support | Python | Free | False | |
| Windows-Exploit-Suggester | [Source] | Analyses Windows targets patch levels to find exploits and Metasploit modules, works only for older systems (eg Windows XP, Vista, etc.) because it relies on MS Security KBs | Python | Free | False |
Threat Intelligence
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| Maltego | [Website] | Interactive data mining tool that renders directed graphs for link analysis. The tool is used in online investigations for finding relationships between pieces of information from various sources located on the Internet (exists in Community Edition) | Paid | False | ||
| MISP | [Website] | [Source] | Threat intelligence platform & open standards for threat information sharing (formerly known as Malware Information Sharing Platform) | PHP | Free | False |
| threatfeeds.io | [Website] | Open-source threat intelligence feeds; sharing malware URLs, IP reputation, bad IPs, etc. | Free | True |
Vulnerability Assessment
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| cve-search | [Source] | Tool to import CVE and CPE into a MongoDB to facilitate search and processing of CVEs | Python | Free | False | |
| cvss-suite | [Source] | CVSS calculator library | Ruby | Free | False | |
| GVM | [Website] | [Source] | The Greenbone Vulnerability Management (GVM) is a framework of several services: gvmd is the central service that consolidates plain vulnerability scanning into a full vulnerability management solution. The Greenbone Security Assistant (GSA) is the web interface of GVM. The main scanner (OpenVAS) is a full-featured scan engine that executes a continuously updated and extended feed of Network Vulnerability Tests (NVTs). Complementary to the web interface, GVM-Tools allows batch processing / scripting via the Greenbone Management Protocol (GMP). Additional scanners can be integrated via the Open Scanner Protocol (OSP) | C | Paid | False |
| nvd_feed_api | [Website] | [Source] | A ruby API for NVD CVE feeds management, the library will help you to download and manage NVD Data Feeds, search for CVEs, build your vulerability assesment platform or vulnerability database | Ruby | Free | False |
| ThreatMapper | [Website] | [Source] | Identify vulnerabilities in running containers, images, hosts and repositories | Go | Free | False |
| VRT Ruby Wrapper | [Website] | [Source] | Wrapper for the Vulnerability Rating Taxonomy | Ruby | Free | False |
| Vulnogram | [Website] | [Source] | Create and edit CVE information in CVE JSON format | JavaScript | Free | True |
| Vuls | [Website] | [Source] | Agentless system vulnerability scanner for Linux/FreeBSD with a dashboard (VulsRepo) for analyzing the scan results | Go | Free | False |
Web Application Exploitation
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| 230-OOB | [Website] | [Source] | FTP server for OOB XXE attacks | Python | Free | False |
| Acunetix | [Website] | Web application security scanner | Paid | True | ||
| API-fuzzer | [Source] | Library to fuzz request attributes using common pentesting techniques and lists vulnerabilities | Ruby | Free | False | |
| Arachni | [Website] | [Source] | Web application security scanner framework | Ruby | Free | False |
| Arjun | [Source] | HTTP Parameter Discovery Suite | Python | Free | False | |
| AssassinGo | [Website] | [Source] | Web pentest framework for information gathering and vulnerability scanning | Go | Free | False |
| Astra | [Website] | [Source] | REST API penetration testing tool | Python | Free | False |
| Atlas | [Source] | Tool that suggests sqlmap tampers to bypass WAF/IDS/IPS based on status codes | Python | Free | False | |
| BaRMIe | [Source] | Java RMI enumeration and attack tool | Java | Free | False | |
| Blazy | [Source] | Login page bruteforcer: CSRF, SQLi, Clickjacking, WAF detection | Python | Free | False | |
| Burp Suite | [Website] | Intercepting proxy to replay, inject, scan and fuzz HTTP requests (a limited free version exists) | Java | Paid | False | |
| Chankro | [Source] | Tool to bypass disable_functions and open_basedir in PHP by calling sendmail and setting LD_PRELOAD environment variable | Python | Free | False | |
| Charles | [Website] | Intercepting proxy to replay, inject, scan and fuzz HTTP requests | Java | Paid | False | |
| CloudFrunt | [Source] | Scanner to identify misconfigured CloudFront domains | Python | Free | False | |
| CMSeek | [Source] | CMS detection and exploitation suite; capable of detecting more than 130 CMS | Python | Free | False | |
| CMSmap | [Source] | WordPress, Joomla, Drupal, Moodle CMS security scanner | Python | Free | False | |
| CMSScan | [Source] | Wordpress, Drupal, Joomla, vBulletin CMS security scanner with dashboard | Python | Free | False | |
| commix | [Website] | [Source] | Web-based command injection tester | Python | Free | False |
| CSP Evaluator | [Website] | [Source] | Check Content Security Policy (CSP) configuration and assists with the reviewing process | JavaScript | Free | False |
| CSWSH | [Website] | Cross-Site WebSocket Hijacking Tester | Free | False | ||
| dirb | [Website] | [Source] | Web directory and file scanner (wordlist bruteforce) | Free | False | |
| dirsearch | [Source] | Web directory and file scanner (wordlist bruteforce) | Python | Free | False | |
| distributed-jwt-cracker | [Website] | [Source] | HS256 JWT token distributed brute force cracker | JavaScript | Free | False |
| docem | [Source] | Uility to embed XXE and XSS payloads in docx, odt, pptx, etc | Python | Free | False | |
| DotDotPwn | [Website] | [Source] | Directory Traversal fuzzer | Perl | Free | False |
| droopescan | [Source] | CMS scanner supporting SilverStripe and Wordpress, having partial support for Joomla, Moodle, Drupal | Python | Free | False | |
| drupwn | [Source] | Drupal CMS enumeration and exploitation tool | Python | Free | False | |
| dvcs-ripper | [Source] | Dump web accessible (distributed) version control systems (DVCS/VCS): SVN, GIT, Mercurial/hg, Bazaar/bzr, … | Perl | Free | False | |
| Enemies Of Symfony | [Source] | Loots information from a Symfony target using profiler | Python | Free | False | |
| EyeWitness | [Source] | Take screenshots of websites, provide some server header info, and identify default credentials if possible | Python | Free | False | |
| Fav-up | [Source] | Favicon fingerprinting using Shodan | Python | Free | False | |
| FavFreak | [Source] | Favicon fingerprinting | Python | Free | False | |
| Favinizer | [Source] | Favicon fingerprinting | Python | Free | False | |
| ffuf | [Source] | Web directory and file scanner (wordlist bruteforce) | Go | Free | False | |
| Fingerprinter | [Source] | CMS version detection tool | Ruby | Free | False | |
| Flask Session Cookie Decoder/Encoder | [Source] | A script that let you encode and decode a Flask session cookie | Python | Free | False | |
| FockCache | [Source] | Test Cache Poisoning | Go | Free | False | |
| Fuxi | [Source] | Penetration testing platform, automate some scan & attack | Python | Free | False | |
| Fuzzapi | [Source] | Web-UI for API-fuzzer | Ruby | Free | False | |
| git-dump | [Source] | Dump the contents of a remote git repository without directory listing enabled | JavaScript | Free | False | |
| GitTools | [Source] | 3 tools: Finder (find websites with .git repository exposed), Dumper (dump exposed .git), Extractor (extract commits and their content from a broken repository) | Shell | Free | False | |
| Gobuster | [Source] | Web directory, file and DNS scanner (wordlist bruteforce) | Go | Free | False | |
| Gopherus | [Source] | Generates gopher link for exploiting SSRF and gaining RCE access from unprotected services | Python | Free | False | |
| Guppy Proxy | [Source] | GUI HTTP intercepting proxy based on Pappy Proxy | Python | Free | False | |
| Hetty | [Source] | HTTP toolkit for security research; alternative to BurpSuite | Go | Free | False | |
| Hookbin | [Website] | [Source] | HTTP request collector and inspector | Java | Free | True |
| HUNT | [Source] | HUNT Suite is a collection of Burp Suite Pro/Free and OWASP ZAP extensions | Python | Free | True | |
| IronWASP | [Website] | [Source] | Web security/vulnerability scanner (native for Windows only) | C | Free | False |
| Jaeles | [Website] | [Source] | Framework for building your own Web Application Scanner | Go | Free | False |
| JWT cracker | [Source] | Multi-threaded JWT brute-force cracker | C | Free | False | |
| jwt-cracker | [Website] | [Source] | HS256 JWT token brute force cracker | JavaScript | Free | False |
| jwt_tool | [Source] | A toolkit for validating, forging and cracking JWT tokens | Python | Free | False | |
| jwtcat | [Source] | JWT brute-force cracker | Python | Free | False | |
| Liffy | [Source] | LFI exploitation tool | Python | Free | False | |
| LFI Freak | [Source] | LFI scan and exploit tool | Python | Free | False | |
| LFI Suite | [Source] | Automatic LFI scanner and exploiter | Python | Free | False | |
| LightBulb | [Website] | [Source] | Framework for auditing web application firewalls and filters | Python | Free | False |
| Kadimus | [Source] | LFI, RFI, RCE scanner | C | Free | False | |
| Malzilla | [Website] | [Source] | Web oriented deobfuscating tool | Free | False | |
| mitmproxy | [Website] | [Source] | Interactive HTTPS proxy | Python | Free | False |
| Mockbin | [Website] | [Source] | HTTP request collector and inspector | JavaScript | Free | True |
| monsoon | [Website] | [Source] | Web directory and file scanner (wordlist bruteforce) | Go | Free | False |
| MyJWT | [Source] | A toolkit for signing, forging and cracking JWT tokens | Python | Free | False | |
| Netsparker | [Website] | Web application security scanner | Paid | True | ||
| nikto | [Website] | [Source] | Very light web security scanner | Perl | Free | False |
| NoSQLMap | [Source] | Automated NoSQL database enumeration and web application exploitation tool | Python | Free | False | |
| Nosql-Exploitation-Framework | [Source] | NoSQL scanning and exploitation framework | Python | Free | False | |
| Nuclei | [Website] | [Source] | Web application security scanner based on templates | Go | Free | False |
| otori | [Website] | On The Outside, Reaching In, exploitation toolbox for XXE attacks | Python | Free | False | |
| OWASP JoomScan | [Source] | Joomla vulnerability scanner | Perl | Free | False | |
| OWASP ZAP | [Website] | [Source] | OWASP Zed Attack Proxy, intercepting proxy to replay, inject, scan and fuzz HTTP requests | Java | Free | False |
| oxml_xxe | [Source] | Tool for embedding XXE/XML exploits into different filetypes (docx/xlsx, odt/ods, svg, xml, etc.) | Ruby | Free | False | |
| Panoptic | [Website] | [Source] | Automatic LFI and Path Traversal exploitation tool | Python | Free | False |
| Pappy Proxy | [Website] | [Source] | Proxy Attack Proxy ProxY, HTTP intercepting proxy | Python | Free | False |
| ParamSpider | [Source] | Finds parameters from web archives of the entered domain | Python | Free | False | |
| Paros | [Source] | Intercepting proxy to replay, inject, scan and fuzz HTTP requests | Java | Free | False | |
| PHPGGC | [Source] | PHP Generic Gadget Chains, library of unserialize() payloads along with a tool to generate them, supporting various PHP frameworks | PHP | Free | False | |
| Portswigger Labs Inspector | [Website] | Javascript expression evaluator and inspector | JavaScript | Free | True | |
| PowerUpSQL | [Source] | Toolkit for attacking MS SQL Server, discovery, configuration auditing, privilege escalation, post exploitation | Powershell | Free | False | |
| Rabid | [Website] | [Source] | CLI tool and library allowing to simply decode all kind of BigIP cookies | Ruby | Free | True |
| RequestBin | [Website] | [Source] | HTTP request collector and inspector | Python | Free | True |
| See-SURF | [Source] | SSRF scanner to find entry points | Python | Free | False | |
| Simple Local File Inclusion Exploiter | [Website] | [Source] | LFI exploit tool | Python | Free | False |
| Sitadel | [Source] | Web application security scanner, rewrite and newer version of WAScan | Python | Free | False | |
| SleuthQL | [Source] | Tool that parses Burp history to discover potential SQL injection points and prepare SQLmap request files | Python | Free | False | |
| snallygaster | [Source] | Web scanner that looks for files accessible on web servers that shouldn't be public | Python | Free | False | |
| sqlmap | [Website] | [Source] | Automatic SQL injection tool | Python | Free | False |
| SQLiv | [Source] | SQL injection scanner, find vulnerable entry points | Python | Free | False | |
| SSLyze | [Source] | SSL analysis library and a CLI tools | Python | Free | False | |
| SSRF Proxy | [Source] | Facilitates tunneling HTTP communications through servers vulnerable to SSRF | Ruby | Free | False | |
| SSRFmap | [Source] | Automatic SSRF fuzzer and exploitation tool | Python | Free | False | |
| testssl.sh | [Website] | [Source] | TLS/SSL scanner to find weak cipherss, protocols or flaws | Shell | Free | False |
| TIDoS Framework | [Source] | Comprehensive web-app audit framework | Python | Free | False | |
| Tracy | [Source] | Tool that help to manually find XSS | Go | Free | False | |
| tplmap | [Source] | SSTI and code injection detection and exploitation tool | Python | Free | False | |
| Uniscan | [Source] | RFI, LFi and RCE scanner | Perl | Free | False | |
| V3n0M | [Source] | Web dork and vulnerability scanner | Python | Free | False | |
| Vega | [Website] | [Source] | Multi-platform web scanner and intercepting proxy | Java | Free | False |
| VOOKI | [Website] | Windows only web application and REST API vulnerability scanner | Free | False | ||
| w3af | [Website] | [Source] | Web application attack and audit framework, web-oriented security scanner | Python | Free | False |
| WAFNinja | [Source] | WAF bypassing tool | Python | Free | False | |
| wapiti | [Website] | [Source] | Web-oriented vulnerability scanner, can generates reports | Free | False | |
| WAScan | [Source] | Web application security scanner | Python | Free | False | |
| Webhook Tester | [Website] | [Source] | HTTP request collector and inspector | PHP | Free | True |
| Weevely | [Source] | Web shell for post-exploitation working with a PHP agent | Python | Free | False | |
| WPScan | [Website] | [Source] | WordPress CMS vulnerability scanner | Ruby | Free | True |
| Wfuzz | [Website] | [Source] | Web application fuzzer framework | Python | Free | False |
| What CMS | [Website] | Service able to detect more than 430 CMS, find version used for some CMS, has an API for batch detection | Free | True | ||
| WhatWeb | [Website] | [Source] | Web scanner, recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices, also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more | Ruby | Free | False |
| wikto | [Source] | Nikto for Windows; web security scanner | CSharp | Free | False | |
| WitnessMe | [Source] | Take screenshots of websites, provide some server header info, and identify default credentials if possible | Python | Free | False | |
| WS-Attacker | [Source] | Modular framework for SOAP web services penetration testing | Java | Free | False | |
| WSFuzzer | [Website] | [Source] | Fuzzing penetration testing tool for testing HTTP SOAP based web services | Python | Free | False |
| WSSAT | [Website] | [Source] | Web Service Security Assessment Tool; WS, REST API, SOAP API dynamic scanner | CSharp | Free | False |
| XAttacker | [Source] | CMS detection and exploitation suite | Perl | Free | False | |
| XCat | [Website] | [Source] | Automate XPath injection/XXE attacks to retrieve documents | Python | Free | False |
| Xenotix | [Website] | [Source] | XSS detection and exploit framework (Windows only) | Python | Free | False |
| Xray | [Website] | [Source] | Web security scanner (XSS, SQLi, SSRF, XXE, etc.) | Go | Free | False |
| XSpear | [Source] | XSS Scanner | Ruby | Free | False | |
| XSRFProbe | [Source] | Advanced Cross Site Request Forgery (CSRF/XSRF) audit and exploitation toolkit | Python | Free | False | |
| XSS hunter | [Website] | XSS probes host for finding blind XSS | Free | True | ||
| XSS'OR | [Website] | [Source] | Multi-purpose tool for XSS or JavaScript analysis | JavaScript | Free | True |
| XSS'OR 2 | [Website] | [Source] | Multi-purpose tool for XSS or JavaScript analysis | JavaScript | Free | True |
| XSSCon | [Source] | XSS automatic scanner | Python | Free | False | |
| XSSer | [Website] | [Source] | XSS automatic scanner and exploiter | Python | Free | False |
| XSStrike | [Source] | XSS detection tool, parser, payload generator, fuzzing engine, crawler | Python | Free | False | |
| XXEinjector | [Source] | Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods | Ruby | Free | False | |
| xxeserv | [Source] | HTTP and FTP server for OOB XXE attacks | Go | Free | False | |
| XXExploiter | [Website] | [Source] | Generates XML payloads, and automatically starts a server to serve the needed DTD's or to do data exfiltration for XXE attacks | JavaScript | Free | False |
| xxxpwn | [Source] | XPath injection tool, designed for blind injection | Python | Free | False | |
| xxxpwn_smart | [Source] | XPath injection tool, fork of xxxpwn adding further optimizations and tweaks, uses predictive text based on a dictionary of words/phrases vs frequencies of occurrence | Python | Free | False | |
| YASUO | [Source] | Scans for vulnerable & exploitable 3rd-party web applications | Ruby | Free | False |
Wireless
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| Aircrack-Ng | [Website] | [Source] | Suite of tools to assess WiFi network security (cracking WEP and WPA PSK) | C | Free | False |
| BtleJack | [Source] | Bluetooth Low Energy Swiss-army knife | Python | Free | False | |
| Crunch-Cracker | [Source] | Wordlist generator and Wi-Fi cracker | Shell | Free | False | |
| Fluxion | [Website] | [Source] | MITM WPA attack tool | Shell | Free | False |
| FruityWiFi | [Source] | Wireless network auditing tool controlled by a web interface | PHP | Free | False | |
| Hijacker | [Source] | Android GUI for Aircrack, Airodump, Aireplay, MDK3 and Reaver | Java | Free | False | |
| Infernal-Wireless | [Source] | Automated wireless hacking tool | Python | Free | False | |
| MDK3-master | [Source] | PoC tool to exploit common IEEE 802.11 protocol weaknesses | C | Free | False | |
| MDK4 | [Source] | PoC tool to exploit common IEEE 802.11 protocol weaknesses | C | Free | False | |
| Modmobjam | [Source] | Cellular networks jamming PoC for mobile equipments | Python | Free | False | |
| Modmobmap | [Source] | Tool to retrieve information of cellular networks | Python | Free | False | |
| reaver-wps | [Source] | Bruteforce WPS tool | C | Free | False | |
| reaver-wps (t6x fork) | [Source] | Bruteforce WPS tool | C | Free | False | |
| trackerjacker | [Source] | Tool for mapping and tacking wifi networks and devices through raw 802.11 monitoring | Python | Free | False | |
| Wifi-Biter | [Source] | Dictionary generator used to generate dictionaries/wordlist for Wireless Router Passwords | Python | Free | False | |
| wifijammer | [Source] | Script to jam wifi clients and access points | Python | Free | False | |
| wifite2 | [Source] | Script for auditing wireless networks that runs existing wireless-auditing tools | Python | Free | False |