| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| ASLRay | [Source] | Tool for ASLR bypass with stack-spraying | Shell | Free | False | |
| heaphopper | [Website] | [Source] | Bounded model checking framework for Heap-implementations | Python | Free | False |
| libformatstr | [Source] | Library to simplify format string exploitation | Python | Free | False | |
| pwntools | [Source] | Framework and exploit development library | Python | Free | False | |
| pwntools-ruby | [Source] | Framework and exploit development library, ported onto ruby | Ruby | Free | False | |
| ROPgadget | [Website] | [Source] | Framework for ROP exploitation | Python | Free | False |
Tools
Note: Paid softwares may exist in a free limited version or a demo version
Binary Exploitation
Bug Bounty
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| bbr | [Source] | Generation of bug bounty reports based on user provided templates | Go | Free | False | |
| bbrecon | [Website] | [Source] | Service enumerating all targets on Internet covered by a bug bounty program | Python | Free | True |
| BBstats | [Source] | Aggregate reports/bounties from different platforms in order to create combined stats and graphs | PHP | Free | False | |
| Bounty Dashboard | [Source] | Aggregate reports/bounties from different platforms in order to create combined stats and graphs, report and template management system, invoice creation system | PHP | Free | False | |
| bounty-targets | [Source] | Crawls bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) hourly and dumps them into another git repo | Ruby | Free | False | |
| BountyDash | [Source] | Dashboard to combine rewards from all platforms, giving insights about progress and bug hunting patterns | PHP | Free | False | |
| bountyplz | [Source] | Automated bug bounty reporting/submission, supports HackerOne and Bugcrowd | Shell | Free | False | |
| BugBounty Web App | [Source] | App that helps bug bounty hunters to manage their bounties and target list | Python | Free | False | |
| Bugbountydash | [Source] | Terminal dashboard for bug bounty hunters that use HackerOne and Bugcrowd | JavaScript | Free | False | |
| Hackerone::Client | [Source] | A limited client library for interacting with HackerOne | Ruby | Free | False | |
| Needle | [Source] | Chrome extension for instant access to bug bounty submission dashboard of various platforms and publicly disclosed reports | HTML | Free | False |
Cloud
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| AWS Extender CLI | [Source] | Test S3 buckets as well as Google Storage buckets and Azure Storage containers for common misconfiguration issues | Python | Free | False | |
| Pacu | [Website] | [Source] | AWS exploitation framework | Python | Free | False |
| Smogcloud | [Source] | Identify AWS cloud assets | Go | Free | False |
Code Analysis
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| Adhrit | [Website] | [Source] | Android APK reversing and analysis suite | Python | Free | False |
| AndroBugs Framework | [Source] | Android APK vulnerability analyzer | Python | Free | False | |
| APKLeaks | [Source] | Scanning APK file for URIs, endpoints and secrets | Python | Free | False | |
| MobSF | [Source] | Android APK vulnerability analyzer | Python | Free | False | |
| NodeJsScan | [Source] | Static security code scanner for Node.js applications | Python | Free | False | |
| QARK | [Source] | Android APK vulnerability analyzer | Python | Free | False | |
| SonarQube | [Website] | [Source] | Automatic code review tool to detect bugs, vulnerabilities; continuous code inspection automated with static code analysis rules | Java | Free | False |
| StaCoAn | [Source] | Mobile applications static code analysis tool | Python | Free | False | |
| SUPER | [Website] | [Source] | Android APK vulnerability analyzer | Rust | Free | False |
| Trivy | [Website] | [Source] | Vulnerability and misconfiguration scanner for containers (OS and language-specific packages) | Go | Free | False |
| wpBullet | [Source] | Static code analysis for WordPress Plugins and Themes (and PHP) | Python | Free | False |
Collaboration and Report
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| Archery | [Website] | [Source] | Vulnerability Assessment and Management tool, run scan and manage vulnerabilities | Python | Free | False |
| AttackForge.com | [Website] | Penetration test collaboration platform: vulnerability management and reporting | Free | True | ||
| Bulwark | [Source] | Collaborative penetration test, vulnerability management and reporting platform | JavaScript | Free | False | |
| Canopy | [Website] | Penetration test platform: vulnerability management and reporting | Paid | False | ||
| CTFNote | [Source] | Collaborative platform for CTF teams, event planning, credentials sharing, tasks management, notes taking | JavaScript | Free | False | |
| DART | [Source] | Documentation And Reporting Tool; Collaborative penetration test and vulnerability management platform | Python | Free | False | |
| DefectDojo | [Website] | [Source] | Vulnerability management application built for DevOps and continuous security integration | Python | Free | False |
| Dradis | [Website] | [Source] | Collaborative penetration test, vulnerability management and reporting platform | Ruby | Paid | False |
| envizon | [Website] | [Source] | Vulnerability management and reporting platform | Ruby | Free | False |
| Faraday | [Website] | [Source] | Collaborative penetration test and reporting platform | Python | Paid | False |
| Ghostwriter | [Website] | [Source] | Project management and reporting engine | Python | Free | False |
| hackOx | [Website] | [Source] | Modular web based pentesting interface designed to run on Raspberry Pi | PHP | Free | False |
| Hackuity | [Website] | Risk Based Vulnerablity Management platform | Paid | False | ||
| Hive | [Website] | Collaborative penetration test and reporting platform | Paid | False | ||
| Kvasir | [Source] | Pentest data management tool | Python | Free | False | |
| Lair | [Website] | [Source] | Collaborative penetration test and vulnerability management framework | JavaScript | Free | False |
| MISP | [Website] | [Source] | Malware Information Sharing Platform, an Open Source threat intelligence plateform and open standards for threat information sharing | PHP | Free | False |
| NightWriter | [Website] | Modern real-time collaborative editing tool secured by end-to-end encryption | Go | Free | False | |
| oneVault | [Website] | Collaborative penetration test, vulnerability management and reporting platform | Paid | False | ||
| OSCP Exam Report Template in Markdown | [Website] | [Source] | Markdown templates for OSCP exam report | Markdown | Free | False |
| OWASP PenText | [Website] | [Source] | Collection of XML templates, XML schemas and XSLT code, to generate IT security documents including test reports, offers and invoices | Free | False | |
| PatrOwl | [Website] | [Source] | Security operations orchestration and continuous threat management platform | Python | Free | False |
| PeTeReport | [Source] | Collaborative penetration test, vulnerability management and reporting platform | Python | Free | False | |
| Pentest Collaboration Framework | [Source] | Collaborative penetration test, vulnerability management and reporting platform | Python | Free | False | |
| PenTest.WS | [Website] | Collaborative penetration test, vulnerability management and reporting platform | Paid | False | ||
| PlexTrac | [Website] | Collaborative penetration test reporting and vulnerability management platform | Paid | False | ||
| Pollenisator | [Source] | Collaborative penetration test and reporting platform (DB + clients, no WebUI) | Python | Free | False | |
| Prithvi | [Website] | [Source] | Report generation tool for pentester with provided OWASP data | JavaScript | Free | False |
| PwnDoc | [Source] | Collaborative penetration test reporting platform | JavaScript | Free | False | |
| Reconmap | [Website] | [Source] | Penetration test planning, automation and reporting | PHP | Free | False |
| Reporter | [Website] | Collaborative penetration test reporting platform | Paid | True | ||
| Serpico | [Source] | SimplE RePort wrIting and CollaboratiOn tool, penetration testing report generation and collaboration tool | Ruby | Free | False | |
| Serpico-NG | [Source] | SimplE RePort wrIting and CollaboratiOn tool NEXT-GENERATION, penetration testing report generation and collaboration tool, fork of Serpico | Ruby | Free | False | |
| Sh00t | [Source] | Pentesting platform with dynamic task manager, checklists, bug template & bug report | Python | Free | False | |
| Smersh | [Source] | Pentest oriented collaborative tool used to track the progress of your company's engagements and generate reports | PHP | Free | False | |
| SwiftnessX | [Source] | Cross-platform note-taking and target-tracking app for penetration testers | JavaScript | Free | False | |
| vcr | [Source] | Vulnerability Compliance Report; parse Nessus CIS benchmark scan files and generate HTML reports | PowerShell | Free | False | |
| vuldash | [Website] | [Source] | Vulnerability Dashboard; vulnerability management, project management and report generation | PHP | Free | False |
| VULNREPO | [Website] | [Source] | Vulnerability report generator | JavaScript | Free | False |
| Vulnreport | [Website] | [Source] | Pentesting management and automation platform | Ruby | Free | False |
| WriteHat | [Website] | [Source] | Collaborative penetration test reporting platform | Python | Free | False |
Configuration audit
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| Nipper Studio | [Website] | Tool that parse router, switch, firewall configuration to discover vulnerabilities | Paid | False | ||
| Nipper-ng | [Source] | Tool that parse router, switch, firewall configuration to discover vulnerabilities | Cplusplus | Free | False |
Cracking (Hash)
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| BEWGor | [Source] | Bull's Eye Wordlist Generator, password wordlist generator based on target information | Python | Free | False | |
| Bopscrk | [Source] | Before Outset PaSsword CRacKing, password wordlist generator with exclusive features like lyrics based mode | Python | Free | False | |
| CeWL | [Source] | Custom wordlist generator based on website crawling | Ruby | Free | False | |
| ComPP | [Source] | Company Passwords Profiler helps making a bruteforce wordlist for a targeted company | Python | Free | False | |
| cook | [Source] | Wordlist generator: create permutations and combinations of words with predefined sets of extensions, words and patterns/function to create complex endpoints, wordlists and passwords | Go | Free | False | |
| Cracken | [Source] | Password wordlist generator, Smartlist creation and password hybrid-mask | Rust | Free | False | |
| CrackerJack | [Website] | [Source] | Basic Web Interface for Hashcat | Python | Free | False |
| Cracklord | [Website] | [Source] | Scalable, pluggable, and distributed system for hash cracking, supports Hashcat | Go | Free | False |
| CrackQ | [Source] | Hashcat cracking queue system, API and WebUI | Python | Free | False | |
| CrackStation | [Website] | [Source] | Pre-computed lookup tables to crack password hashes | PHP | Free | True |
| crunch | [Source] | Wordlist generator | C | Free | False | |
| CUPP | [Source] | Common User Passwords Profiler, wordlist generator based on user profiling | Python | Free | False | |
| Duplicut | [Source] | Remove duplicates from massive wordlist, without sorting it (for dictionary-based password cracking) | C | Free | False | |
| elpscrk | [Source] | Wordlist generator based on user profiling | Python | Free | False | |
| GoCrack | [Source] | Management frontend for hash cracking tools, supporting hashcat | Go | Free | False | |
| Hashcat | [Website] | [Source] | Hash cracking tool | C | Free | False |
| hashcobra | [Source] | Hash cracking tool using rainbow tables | CPlusPlus | Free | False | |
| Hashtopolis | [Source] | Hashcat wrapper for distributed hashcracking | PHP | Free | False | |
| Hashview | [Website] | [Source] | Web-UI for managing, organizing, automating Hashcat commands/tasks | Ruby | Free | False |
| John The Ripper | [Website] | Hash cracking tool | C | Free | False | |
| John the Ripper, Jumbo version | [Website] | [Source] | Hash cracking tool, community-enhanced version of John The Ripper | C | Free | False |
| Kraker | [Source] | Distributed password brute-force system, supports Hashcat | PHP | Free | False | |
| longtongue | [Source] | Password wordlist generator based on target information | Python | Free | False | |
| lyricpass | [Source] | Tool to generate wordlists based on lyrics | Python | Free | False | |
| Mentalist | [Source] | Graphical tool for custom wordlist generation, can output rules compatible with Hashcat and John the Ripper | Python | Free | False | |
| Ophcrack | [Website] | [Source] | Windows hash cracker based on rainbow tables | Free | False | |
| pnwgen | [Source] | Phone number wordlist generator | Python | Free | False | |
| PowerSniper | [Source] | Password spraying script and helper for creating password lists | PowerShell | Free | False | |
| pydictor | [Source] | Multi-method password wordlist generator | Python | Free | False | |
| rulesfinder | [Source] | Machine-learn password mangling rules; finds efficient password mangling rules (for John the Ripper or Hashcat) for a given dictionary and a list of passwords | Rust | Free | False | |
| Spraygen | [Source] | Permutation-based password list generator | Python | Free | False | |
| TTPassGen | [Source] | Flexible and scriptable password dictionary/wordlist generator | Python | Free | False | |
| WebHashcat | [Source] | Hashcat WebUI with distributed cracking sessions and analytics | Python | Free | False | |
| WOG | [Website] | [Source] | Weakpass rule-based online generator; generates a wordlist based on a set of words entered by the user | Javascript | Free | True |
| wordlist.rb | [Source] | Library for reading, combining, manipulating, and building wordlists, efficiently | Ruby | Free | False | |
| wordlistctl | [Source] | Fetch, install and search wordlist archives from websites and torrent peers | Python | Free | False |
Cryptography
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| Cipher Suite Info | [Website] | [Source] | A searchable directory of TLS ciphersuites and related security details | Python | Free | True |
| crypto-identifier | [Source] | Tool that try to identify what cipher is used and uncipher the data | Python | Free | False | |
| Crypton | [Source] | Library consisting of explanation and implementation of all the existing attacks on various Encryption Systems, Digital Signatures, Hashing Algorithms along with example challenges from CTFs | Python | Free | False | |
| Dcode | [Website] | Code and decode all kind of checksums, algorithms, codes or ciphers | Free | True | ||
| FeatherDuster | [Source] | Cryptanalysis tool and library | Python | Free | False | |
| Haiti | [Website] | [Source] | A CLI tool to identify the hash type of a given hash | Ruby | Free | False |
| hashID | [Source] | Identify the different types of hashes | Python | Free | False | |
| JWT-Key-Recovery | [Source] | Recover the public key used to sign JWT tokens | Python | Free | False | |
| PkCrack | [Website] | Tool for breaking PkZip encryption | Free | False | ||
| RsaCtfTool | [Source] | Tool to conduct manual or automated attack on RSA | Python | Free | False | |
| RSATool | [Source] | Tool to calculate RSA parameters | Python | Free | False | |
| RSHack | [Source] | RSA attack and key manipulation tool | Free | False | ||
| XORTool | [Source] | Tool to analyze multi-byte xor cipher | Python | Free | False |
Digital Forensics
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| Andriller | [Source] | Software utility with a collection of forensic tools for smartphones; performs read-only, non-destructive acquisition | Python | Free | False | |
| Cerbero Profiler | [Website] | File analyzer and inspector | Paid | False | ||
| dnscat2 | [Source] | Encrypted command-and-control (C&C) channel over the DNS protocol, data exfiltration | Cplusplus | Free | False | |
| ExifTool | [Website] | [Source] | Library and CLI tool for reading, writing and editing metadata for a lot of file types | Perl | Free | False |
| extundelete | [Website] | [Source] | Tool to recover deleted files from an ext3 or ext4 partition | Free | False | |
| Fibratus | [Source] | Tool for exploration and tracing of the Windows kernel | Python | Free | False | |
| Foremost | [Website] | [Source] | CLI tool to recover files based on their headers, footers, and internal data structures | Free | False | |
| rekall | [Website] | [Source] | Volatile memory extraction utility | Python | Free | False |
| rekall (Fireeye fork) | [Source] | Fork of rekall with support for Windows 10 memory compression | Python | Free | False | |
| ResourcesExtract | [Website] | Scans dll/ocx/exe files and extract all resources found, Windows only | Free | False | ||
| shellbags | [Source] | Shellbag parser (Windows Registry Keys) | Python | Free | False | |
| volatility | [Website] | [Source] | Volatile memory extraction utility | Python | Free | False |
| volatility (Fireeye fork) | [Source] | Fork of volatility with support for Windows 10 memory compression | Python | Free | False |
Honeypot and Decoy
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| Canarytokens | [Website] | [Source] | quickly deployable honeypot with docker image, the online service allows to get alerted by email for URL token, DNS token, unique email address, custom image, MS word doc., Acrobat Reader PDF doc., and more | Free | True | |
| DejaVU | [Source] | Deception framework which can be used to deploy decoys across the infrastructure | Free | False |
Incident Response
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| DFIRTrack | [Source] | Incident response tracking web application, focused on handling one major incident with a lot of affected systems | Python | Free | False | |
| IntelMQ | [Source] | Solution for collecting and processing security feeds using a message queuing protocol | Python | Free | False | |
| SCOT | [Website] | [Source] | Sandia Cyber Omni Tracker; cyber security incident response management system and knowledge base | Perl | Free | False |
Intentionally Vulnerable Applications
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| Bust-A-Kube | [Website] | Intentionally-vulnerable Kubernetes cluster, intended to help people self-train on attacking and defending Kubernetes clusters | PHP | Free | False | |
| bWAPP | [Website] | [Source] | Buggy Web Application, insecure webapp for security trainings | PHP | Free | False |
| DVIA | [Website] | [Source] | Damn Vulnerable iOS App, insecure webapp for mobile security trainings | Swift | Free | False |
| DVWA | [Website] | [Source] | Damn Vulnerable Web Application, insecure webapp for security trainings | PHP | Free | False |
| Google Gruyere | [Website] | [Source] | Codelab for white-box and black-box hacking | Python | Free | True |
| Hackazon | [Source] | Intentionally vulnerable web shopping application using modern technologies and containing configurable areas | PHP | Free | False | |
| Metasploitable | [Source] | VM that is built from the ground up with a large amount of security vulnerabilities | Free | False | ||
| OWASP Juice Shop | [Website] | [Source] | Insecure web application with >85 challenges; supports CTFs, custom themes, tutorial mode etc. | JavaScript | Free | False |
| OWASP Mutillidae II | [Website] | [Source] | Intentionally vulnerable web-application containing some OWASP Top Ten vulnerabilities, with hints and switch for secure version of the code | PHP | Free | False |
| OWASP WebGoat | [Website] | [Source] | Deliberately insecure web application to teach web application security lessons | Java | Free | False |
| XVNA | [Source] | Extreme Vulnerable Node Application, insecure webapp for security trainings | JavaScript | Free | False |
Networking
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| ActiveDirectoryEnumeration | [Source] | Enumerate AD through LDAP with a collection of helpfull scripts being bundled: ASREPRoasting, Kerberoasting, dump AD as BloodHound JSON files, searching GPOs in SYSVOL for cpassword and decrypting, run without creds | Python | Free | False | |
| ad-ldap-enum | [Source] | LDAP based Active Directory user and group enumeration tool | Python | Free | False | |
| adfsbrute | [Source] | Test credentials against Active Directory Federation Services (ADFS), allowing password spraying or bruteforce attacks | Python | Free | False | |
| archtorify | [Source] | Script for Arch Linux which use iptables settings to create a transparent proxy through Tor Network | Shell | Free | False | |
| Arecibo | [Source] | Endpoint for Out-of-Band Exfiltration (DNS & HTTP) | Python | Free | False | |
| bettercap | [Website] | [Source] | MITM framework | Ruby | Free | False |
| bettercap web UI | [Website] | [Source] | Web UI for bettercap | TypeScript | Free | False |
| boofuzz | [Source] | Network protocol fuzzing framework | Python | Free | False | |
| Boomerang | [Source] | Client/Server HTTP pivoting tool | Go | Free | False | |
| BruteSpray | [Source] | Takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa | Python | Free | False | |
| BruteX | [Source] | Tool using nmap and hydra to automatically bruteforce network service accounts | Shell | Free | False | |
| Carnivore | [Website] | [Source] | Assessment of on-premises Microsoft servers such as ADFS, Skype, Exchange, and RDWeb | CSharp | Free | False |
| CapAnalysis | [Website] | [Source] | PCAP analyzer | C | Free | True |
| Cerbrutus | [Source] | Network services credentials brute-forcer: SSH, FTP | Python | Free | False | |
| chisel | [Source] | Fast TCP tunneling over HTTP secured by SSH | Go | Free | False | |
| CloudShark | [Website] | PCAP analyzer | Paid | True | ||
| Evil-WinRM | [Source] | Enhanced WinRM shell | Ruby | Free | False | |
| Garfield | [Source] | Attack framework for distributed systems | Python | Free | False | |
| Girsh | [Source] | Detect the OS and execute the correct commands to upgrade it to a full interactive reverse shell | Go | Free | False | |
| Go-RouterSocks | [Source] | Socks proxy router to handle multi-clients on the same port | Go | Free | False | |
| GoMapEnum | [Source] | User enumeration and password bruteforce on Azure, ADFS, OWA, O365 and gather emails on Linkedin | Go | Free | False | |
| goddi | [Source] | Active Directory domain information dumper | Go | Free | False | |
| HASSH | [Source] | Network fingerprinting standard which can be used to identify specific client and server SSH implementations | Python | Free | False | |
| HellRaiser | [Source] | Scan with nmap to correlate CPE's found with cve-search to enumerate vulnerabilities | Ruby | Free | False | |
| Hydra | [Website] | [Source] | Network login cracker | C | Free | False |
| kalitorify | [Source] | Script for Kali Linux which use iptables settings to create a transparent proxy through Tor Network | Shell | Free | False | |
| Krbrelayx | [Website] | [Source] | Toolkit for abusing unconstrained delegation | Python | Free | False |
| Ligolo | [Source] | Pivot / reverse tunneling tool with SOCKS5 et TCP tunnel support | Go | Free | False | |
| lsassy | [Source] | CLI tool and library to extract credentials from lsass remotely | Python | Free | False | |
| Mail.Rip V2 | [Source] | SMTP credentials bruteforcer / checker | Python | Free | False | |
| Masscan | [Source] | Port scanner for massive networks | C | Free | False | |
| Medusa | [Website] | Network login cracker | Free | False | ||
| Medusa-gui | [Source] | GUI for Medusa | Java | Free | False | |
| ncat | [Website] | [Source] | Improved reimplementation of Netcat by nmap team; Supports TCP and UDP, IPv4 and IPv6, SSL, proxy (HTTP and SOCKS4) | C | Free | False |
| Ncrack | [Website] | [Source] | Reliable and adaptative network login cracker supporting a large number of protocols | Cplusplus | Free | False |
| nemesis | [Website] | [Source] | Packet manipulation CLI tool; craft and inject packets of several protocols | Python | Free | False |
| Netfort Free Cloud Based PCAP Analysis | [Website] | PCAP analyzer; needs registration | Free | True | ||
| NetworkMiner | [Website] | Network sniffer/packet capturing tool | Free | False | ||
| NetworkTotal | [Website] | PCAP analyzer; using Suricata | Free | True | ||
| Nipe | [Source] | Script to make TOR as default gateway | Perl | Free | False | |
| Nmap | [Website] | [Source] | Tool for network discovery and security auditing | C | Free | False |
| nmap-parse-output | [Source] | Converts / manipulates / extracts data from a nmap scan output | Shell | Free | False | |
| NMapGUI | [Source] | Advanced GUI for Nmap | Java | Free | False | |
| Nozzlr | [Source] | Multithreaded and modular bruteforce framework with network templates | Python | Free | False | |
| onesixtyone | [Source] | SNMP scanner | C | Free | False | |
| OOB-Server | [Source] | Bind9 DNS server for pentesters to use for Out-of-Band vulnerabilities | Shell | Free | False | |
| PacketFu | [Source] | Packet manipulation library; forge, send, decode, capture packets of a wide number of protocols | Ruby | Free | False | |
| PacketTotal | [Website] | PCAP analyzer; using Bro, Suricata and Elasticsearch | Free | True | ||
| PacketWhisper | [Source] | Stealthy Data exfiltration via DNS, without the need for attacker-controlled Name Servers or domain | Python | Free | False | |
| Patator | [Source] | Multi-protocol bruteforce tool | Python | Free | False | |
| PKINIT tools | [Source] | Kerberos PKINIT and relaying to AD CS | Python | Free | False | |
| polarbearscan | [Website] | [Source] | Port scanner and banner grabber | C | Free | False |
| Polymorph | [Source] | Real-time network packet manipulation framework | Python | Free | False | |
| pwncat | [Website] | [Source] | Sophisticated bind and reverse shell handler with many features as well as a drop-in replacement or compatible complement to netcat, ncat or socat | Python | Free | False |
| pwncat-caleb | [Website] | [Source] | Fancy reverse and bind shell handler, can perform automated actions on the remote host including enumeration, implant installation and privilege escalation; attempt to spawn a pseudoterminal (pty) for a full interactive session | Python | Free | False |
| PyWhisker | [Source] | Persistent and stealthy backdooring of user and computer Active Directory objects | Python | Free | False | |
| rdp-sec-check | [Source] | Script to enumerate security settings of an RDP Service | Perl | Free | False | |
| Responder | [Source] | LLMNR, NBT-NS and MDNS poisoner to intercept authentication requests/answers | Python | Free | False | |
| RMIScout | [Website] | [Source] | Enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities through wordlist and bruteforce strategies | Java | Free | False |
| RouterSploit | [Source] | Exploitation framework for embedded devices: exploits, default credentials, scanners, payloads | Python | Free | False | |
| ruby-nmap | [Source] | Library for nmap, allows automating nmap and parsing nmap XML files | Ruby | Free | False | |
| Rustcat | [Website] | [Source] | Port and reverse shell listener; less features than ncat, pwncat, pwncat-caleb but has command history | Rust | Free | False |
| sandmap | [Source] | Metasploit-like CLI interface for Nmap Script Engine (NSE) | Shell | Free | False | |
| Scapy | [Website] | [Source] | Packet manipulation library; forge, send, decode, capture packets of a wide number of protocols | Python | Free | False |
| Seth | [Source] | RDP MitM tool | Python | Free | False | |
| Singularity | [Website] | [Source] | DNS rebinding attack framework | Go | Free | False |
| sJET | [Source] | JMX Exploitation Toolkit | Python | Free | False | |
| Snaffler | [Source] | Find credentials and valuable information from windows active directory environments (shares, files) | CSharp | Free | False | |
| SNMP Brute | [Source] | SNMP brute force, enumeration, CISCO config downloader and password cracking script | Python | Free | False | |
| snmpbw.pl | [Source] | Multithreaded script for bulk walking targeted host systems for SNMP data | Perl | Free | False | |
| ssh-audit | [Website] | [Source] | SSH scanner that detects protocol, version, grab banner, recognize software and operating system, output algorithm information and recommendations | Python | Free | False |
| Tsunami | [Source] | Network security scanner with an extensible plugin system | Java | Free | False | |
| WebMap v1 | [Source] | A web dashboard for nmap XML report | Python | Free | False | |
| WebMap v2 | [Source] | A web dashboard for nmap XML report | https://github.com/Nazicc/WebMap | Free | False | |
| Whonow | [Source] | DNS Server for executing DNS Rebinding attacks | JavaScript | Free | False | |
| windapsearch | [Source] | Script to enumerate users, groups and computers from a Windows domain through LDAP queries | Python | Free | False | |
| Wireshark | [Website] | [Source] | Network protocol analyzer | Cplusplus | Free | False |
| Xprobe2 | [Source] | Remote active operating system fingerprinting | CPlusPlus | Free | False | |
| yersinia | [Source] | Framework for layer 2 attacks | C | Free | False | |
| Zenmap | [Website] | [Source] | GUI for Nmap | Python | Free | False |
| Zmap | [Website] | [Source] | Collection of tools to scan and study massive networks | C | Free | False |
OSINT and Reconnaissance
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| Amass | [Website] | [Source] | DNS enumeration and network mapping tool suite: scraping, recursive brute forcing, crawling web archives, reverse DNS sweeping | Go | Free | False |
| Asnlookup | [Source] | Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it | Python | Free | False | |
| AttackSurfaceMapper | [Source] | Subdomain enumerator | Python | Free | False | |
| AutoRecon | [Source] | Multi-threaded network reconnaissance tool which performs automated enumeration of services | Python | Free | False | |
| badKarma | [Source] | Advanced network reconnaissance tool | Python | Free | False | |
| Belati | [Source] | OSINT tool, collect data and document actively or passively | Python | Free | False | |
| Certstream | [Website] | [Source] | Intelligence feed that gives real-time updates from the Certificate Transparency Log network | Elixir | Free | False |
| Darkshot | [Source] | Lightshot scraper with multi-threaded OCR and auto categorizing screenshots | Python | Free | False | |
| dataleaks | [Source] | Self-hosted data breach search engine | PHP | Free | False | |
| datasploit | [Website] | [Source] | OSINT framework, find, aggregate and export data | Python | Free | False |
| DeadTrap | [Website] | [Source] | Track down footprints of a phone number | Python | Free | False |
| DNSDumpster | [Website] | Domain research tool that can discover hosts related to a domain | Free | True | ||
| dnsenum | [Source] | DNS reconnaissance tool: AXFR, DNS records enumeration, subdomain bruteforce, range reverse lookup | Perl | Free | False | |
| dnsenum2 | [Source] | Continuation of dnsenum project | Perl | Free | False | |
| DNSRecon | [Source] | DNS reconnaissance tool: AXFR, DNS records enumeration, TLD expansion, wildcard resolution, subdomain bruteforce, PTR record lookup, check for cached records | Python | Free | False | |
| dnsx | [Source] | Multi-purpose DNS toolkit allow to run multiple DNS queries | Go | Free | False | |
| EagleEye | [Source] | OSINT tool, image recognition on instagram, facebook and twitter | Python | Free | False | |
| eTools.ch | [Website] | Metasearch engine, query 16 search engines in parallel | Free | True | ||
| Facebook_OSINT_Dump | [Source] | OSINT tool, facebook profile dumper, windows and chrome only | Shell | Free | False | |
| FinalRecon | [Source] | Web reconnaissance script | Python | Free | False | |
| Findomain | [Source] | Fast subdomain enumerator | Rust | Free | False | |
| FOCA | [Website] | [Source] | OSINT framework and metadata analyser | Csharp | Free | False |
| GHunt | [Source] | Investigate Google accounts with emails and find name, usernames, Youtube Channel, probable location, Maps reviews, etc. | Python | Free | False | |
| gitGraber | [Source] | Monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe, etc. | Python | Free | False | |
| Gorecon | [Source] | Reconnaissance toolkit | Go | Free | False | |
| GoSeek | [Source] | Username lookup comparable to Maigret/Sherlock, IP Lookup, License Plate & VIN Lookup, Info Cull, and Fake Identity Generator | Free | False | ||
| gOSINT | [Source] | OSINT framework; find mails, dumps, retrieve Telegram history and info about hosts | Go | Free | False | |
| h8mail | [Source] | Email OSINT & Password breach hunting tool; supports chasing down related email | Python | Free | False | |
| Harpoon | [Source] | CLI tool; collect data and document actively or passively | Python | Free | False | |
| holehe | [Source] | Check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function | Python | Free | False | |
| IVRE | [Website] | [Source] | IVRE (Instrument de veille sur les réseaux extérieurs) or DRUNK (Dynamic Recon of UNKnown networks); network recon framework including tools ofr passive and active recon | Python | Free | False |
| kitphishr | [Source] | Hunts for phishing kit source code by traversing URL folders and searching in open directories for zip files; supports list of URLs or PhishTank | Go | Free | False | |
| Kostebek | [Source] | Tool to find firms domains by searching their trademark information | Python | Free | False | |
| LeakDB | [Source] | Normalize, deduplicate, index, sort, and search leaked data sets on the multi-terabyte-scale | Go | Free | False | |
| LeakIX | [Source] | Search engine for devices and services exposed on the Internet | Free | True | ||
| LeakLooker | [Source] | Discover, browse and monitor database/source code leaks | Python | Free | False | |
| leakScraper | [Source] | Set of tools to process and visualize huge text files containing credentials | Python | Free | False | |
| LinEnum | [Source] | System script for local Linux enumeration and privilege escalation checks | Shell | Free | False | |
| LittleBrother | [Source] | Information gathering (OSINT) on a person (EU), checks social networks and Pages Jaunes | Python | Free | False | |
| Maigret | [Source] | Collect a dossier on a person by username from a huge number of sites, and extract details from them | Python | Free | False | |
| MassDNS | [Source] | High-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration) | C | Free | False | |
| Metabigor | [Source] | OSINT tool that doesn't require any API key | Go | Free | False | |
| Netflip | [Source] | Scrape sensitive information from paste sites | CSharp | Free | False | |
| NExfil | [Source] | Finding profiles by username over 350 websites | Python | Free | False | |
| Nmmapper | [Website] | Cybersecurity tools offered as SaaS: nmap, subdomain finder (Sublist3r, DNScan, Anubis, Amass, Lepus, Findomain, Censys), theHarvester, etc. | Paid | True | ||
| nqntnqnqmb | [Source] | Retrieve information on linkedin profiles, companies on linkedin and search on linkedin companies/persons | Python | Free | False | |
| Oblivion | [Source] | Data leak checker and monitoring | Python | Free | False | |
| ODIN | [Source] | Observe, Detect, and Investigate Networks, Automated reconnaissance tool | Python | Free | False | |
| Omnibus | [Source] | OSINT framework; collection of tools | Python | Free | False | |
| OneForAll | [Source] | Subdomain enumeration tool | Python | Free | False | |
| OnionSearch | [Source] | Script that scrapes urls on different .onion search engines | Python | Free | False | |
| OSINT Framework | [Website] | [Source] | A web-based collection of tools and resources for OSINT | Javascript | Free | True |
| Osintgram | [Source] | Interactive shell to perform analysis on Instagram account of any users by their nickname | Python | Free | False | |
| Osmedeus | [Website] | [Source] | Automated framework for reconnaissance and vulnerability scanning | Python | Free | False |
| Photon | [Source] | Fast crawler designed for OSINT | Python | Free | False | |
| PITT | [Source] | Web browser loaded with links and extensions for doing OSINT | Free | False | ||
| ProjectDiscovery | [Website] | [Source] | Monitor, collect and continuously query the assets data via a simple webUI | Go | Free | True |
| Qualear | [Source] | Reconnaissance Apparatus; Information gathering, conglomerate of tools including custom algorithms, API wrappers | Go | Free | False | |
| ReconDog | [Source] | Multi-purpose reconnaissance tool, CMS detection, reverse IP lookup, port scan, etc. | Python | Free | False | |
| Recon-ng | [Source] | Web-based reconnaissance tool | Python | Free | False | |
| Reconnoitre | [Source] | Tool made to automate information gathering and service enumeration while storing results | Python | Free | False | |
| ReconScan | [Source] | Network reconnaissance and vulnerability assessment tools | Python | Free | False | |
| Recsech | [Source] | Web reconnaissance and vulnerability scanner tool | PHP | Free | False | |
| Red Team Arsenal | [Source] | Automated reconnaissance scanner and security checks | Python | Free | False | |
| reNgine | [Website] | [Source] | Automated recon framework for web applications; customizable scan engines & pipeline of reconnaissance | Python | Free | False |
| Sandmap | [Website] | [Source] | Network and system reconnaissance scanner using Nmap | Shell | Free | False |
| SearchDNS | [Website] | Netcraft tool; Search and find information for domains and subdomains | Free | True | ||
| Sherlock | [Website] | [Source] | Hunt down social media accounts by username across social networks | Python | Free | False |
| Shodan | [Website] | Search devices connected to the internet; helps find information about desktops, servers, IoT devices; including metadata such as the software running | Free | True | ||
| shosubgo | [Source] | Grab subdomains using Shodan api | Go | Free | False | |
| shuffledns | [Source] | Wrapper around massdns that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support | Go | Free | False | |
| SiteBroker | [Source] | Tool for information gathering and penetration test automation | Python | Free | False | |
| Sn1per | [Source] | Automated reconnaissance scanner | Shell | Free | False | |
| spiderfoot | [Website] | [Source] | OSINT framework, collect and manage data, scan target | Python | Free | False |
| Stalker | [Source] | Automated scanning of social networks and other websites, using a single nickname | Python | Free | False | |
| SubDomainizer | [Source] | Find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github | Python | Free | False | |
| subfinder | [Website] | [Source] | Discovers valid subdomains for websites, designed as a passive framework to be useful for bug bounties and safe for penetration testing | Go | Free | False |
| Sublist3r | [Source] | Subdomains enumeration tool | Python | Free | False | |
| Sudomy | [Source] | Subdomain enumeration tool | Python | Free | False | |
| Th3inspector | [Source] | Multi-purpose information gathering tool | Perl | Free | False | |
| theHarvester | [Source] | Multi-purpose information gathering tool: emails, names, subdomains, IPs, URLs | Python | Free | False | |
| tinfoleak | [Source] | Twitter intelligence analysis tool | Python | Free | False | |
| Totem | [Source] | Retrieve information about ads of a facebook page, retrieve the number of people targeted, how much the ad cost and a lot of other information | Python | Free | False | |
| trape | [Source] | Analysis and research tool, which allows people to track and execute intelligent social engineering attacks in real time | Python | Free | False | |
| TWINT | [Source] | Twitter Intelligence Tool; Twitter scraping & OSINT tool that doesn't use Twitter's API, allowing one to scrape a user's followers, following, Tweets and more while evading most API limitations | Python | Free | False |
Other
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| ADB-Toolkit | [Source] | Wrapper around adb to ease certain tasks | Shell | Free | False | |
| Atheris | [Source] | Coverage-guided Python fuzzing engine | Shell | Free | False | |
| Avast Hack Check | [Website] | Service to check if an account has been compromised in a data breach, send an email with the breaches not the password | Free | True | ||
| BreachAlarm | [Website] | Service to check if an account has been compromised in a data breach, only tells if the account is compromised | Free | True | ||
| BreachDirectory | [Website] | Service to check if an account has been compromised in a data breach, display the breaches, partial password and hash | Free | True | ||
| ctf-party | [Website] | [Source] | Library to enhance and speed up script/exploit writing for CTF players | Ruby | Free | False |
| CyberChef | [Website] | [Source] | Data manipulation toolkit in web browser | JavaScript | Free | False |
| cybernews personal data leak check | [Website] | Service to check if an account has been compromised in a data breach, only tells if the account is compromised | Free | True | ||
| DeHashed | [Website] | Service to check if an account has been compromised in a data breach | Paid | True | ||
| discover | [Source] | Scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit | Shell | Free | False | |
| Firefox Monitor | [Website] | Service to check if an account has been compromised in a data breach, display the breaches not the password | Free | True | ||
| F-Secure Identity Theft Checker | [Website] | Service to check if an account has been compromised in a data breach, send an email with the breaches not the password | Free | True | ||
| Godehashed | [Source] | Uses the dehashed.com API to search for compromised assets | Go | Free | False | |
| gtfo | [Source] | CLI for searching gtfobins and lolbas from the terminal | Python | Free | False | |
| GTFOBLookup | [Source] | CLI for earching gtfobins and lolbas from the terminal; allows more advanced search than gtfo | Python | Free | False | |
| HackTools | [Source] | Web browser extension (Chromium, Firefox, Safari) including common functions for web pentest | JavaScript | Free | False | |
| Have I been pwned? | [Website] | Service to check if an account has been compromised in a data breach, display the breaches not the password | Free | True | ||
| hideNsneak | [Source] | CLI tool for ephemeral penetration testing, rapidly deploy and manage various cloud services | Go | Free | False | |
| inlite | [Website] | Scan QR-code, 1D, DataMatrix, Postal, PDF417, and more | Free | True | ||
| Interlace | [Source] | Turn single threaded command line applications into a multi-threaded application with CIDR and glob support | Python | Free | False | |
| itdis | [Website] | [Source] | Is This Domain In Scope; a small tool that allows you to check if a list of domains you have been provided is in the scope of your pentest or not | Ruby | Free | False |
| Leak Lookup | [Website] | Service to check if an account has been compromised in a data breach, requires an account | Free | True | ||
| Metasploit | [Website] | [Source] | Tool and framework for pentesting system, web and many more, contains a lot a ready to use exploit, 4 versions: Pro (paid), Express (paid), Community (free with GUI but on request), Framework (free, open source, CLI) | Ruby | Paid | False |
| NameScan Email Compromised Check | [Website] | Service to check if an account has been compromised in a data breach, display the breaches not the password | Free | True | ||
| objection | [Source] | Runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak | Python | Free | False | |
| OpenVAS | [Website] | [Source] | Open Vulnerability Assessment Scanner | C | Free | False |
| Pass Station | [Website] | [Source] | CLI & library to search for default credentials among thousands of Products / Vendors | Ruby | Free | False |
| PentestBox | [Website] | [Source] | Pre-configured portable penetration testing environment for Windows, all-in-one box | Free | False | |
| Pipal | [Website] | [Source] | Analyze password dump and return statistics about passwords' strengh | Ruby | Free | False |
| pwndb | [Website] | Service to check if an account has been compromised in a data breach, display the full password | Free | True | ||
| PWDQUERY | [Website] | Service to check if an account has been compromised in a data breach, doesn't display breaches, partially display password | Free | True | ||
| rawsec_cli | [Website] | [Source] | Rawsec Inventory search CLI to find security tools and resources | Python | Free | False |
| Reverse Shell Generator | [Website] | [Source] | Web-based reverse shell generator, includes features such as listener generation, raw mode, bind shell generation, msfvenom generation, payload encoding, many different languages, tools and shells supported | JavaScript | Free | True |
| Ronin | [Website] | [Source] | Platform for vulnerability research and exploit development, it allows for the rapid development and distribution of code, Exploits or Payloads, Scanners, etc, via Repositories | Ruby | Free | False |
| Scrounger | [Source] | Mobile application testing toolkit, the mobile metasploit-like framework | Python | Free | False | |
| Seccubus | [Website] | [Source] | Vulnerability scanning, reporting and analysis | JavaScript | Free | False |
| SprayingToolkit | [Source] | Password spraying scripts for Lync/S4B and OWA | Python | Free | False | |
| Tool-X | [Source] | Kali linux hacking tool installer | Python | Free | False | |
| UK Data Breaches | [Website] | Service to check if an account has been compromised in a data breach, display the breaches not password | Free | True | ||
| v0lt | [Source] | CTF toolkit / framework | Python | Free | False | |
| VBSmin | [Website] | [Source] | VBScript minifier | Ruby | Free | False |
| webqr | [Website] | Scan & create QR-code | Free | True | ||
| ysoserial | [Source] | Tool for generating payloads that exploit unsafe Java object deserialization | Java | Free | False |
Plugins
| Name | For | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|---|
| AWS Extender | Burp Suite | [Source] | Identify and test S3 buckets, Google Storage buckets and Azure Storage containers for common misconfiguration | Python | Free | False | |
| BurpBounty | Burp Suite | [Source] | Scan Check Builder in BApp Store, improve the active and passive scanner by means of personalized rules through a graphical interface | Java | Free | False | |
| HopLa | Burp Suite | [Source] | Adds autocompletion support and useful payloads in Burp Suite | Java | Free | False | |
| http-screenshot-html | Nmap | [Source] | Nmap NSE script that scans for http server, takes a screenshot of them, and organizes the results into an HTML report | Lua | Free | False | |
| Hyperpwn | Hyper | [Source] | Improve the display when debugging with GDB, needs GEF, pwndbg or peda to be loaded in GDB as a backend | JavaScript | Free | False | |
| GEF | GDB | [Source] | GDB Enhanced Features, multi-architecture | Python | Free | False | |
| Mona | Immunity Debugger | [Source] | Set of commands for Immunity Debugger | Python | Free | False | |
| PEDA | GDB | [Source] | Python Exploit Development Assistance, (only python2.7) | Python | Free | False | |
| Pwndbg | GDB | [Source] | Enhance GDB, for exploit development and reverse engineering | Python | Free | False | |
| PwnFox | Burp Suite / Firefox | [Source] | Allow to have multiple identities in the same browser using firefox containers and hightlight the profile used with different colors | JavaScript | Free | False | |
| Sploitego | Maltego | [Source] | Maltego penetration testing Transforms | Python | Free | False | |
| Stepper | Burp Suite | [Source] | Evolution of Burp Suite's Repeater tool, providing the ability to create sequences of steps and define regular expressions to extract values from responses | Java | Free | False | |
| XSSor | Burp Suite | [Source] | semi-automatic reflected and persistent XSS scanner | Python | Free | False | |
| YesWeBurp | Burp Suite | [Source] | Access to all bug bounty programs directly inside Burp | Kotlin | Free | False |
Red Teaming
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| AntiScan.Me | [Website] | Multi-AV checker that doesn't distribute the check results, based on Dyncheck.com | Paid | True | ||
| AVET | [Source] | AntiVirus Evasion Tool; targeting windows machines with executable files | Free | False | ||
| fireELF | [Source] | Fileless linux malware framework | Python | Free | False | |
| Gophish | [Website] | [Source] | Phishing toolkit providing the ability to setup and execute phishing engagements and security awareness training | Go | Free | True |
| Kage | [Source] | Graphical user interface for Metasploit Meterpreter and session handler | JavaScript | Free | False | |
| King Phisher | [Source] | A tool for testing and promoting user awareness by simulating real world phishing attacks | Python | Free | False | |
| Kubesploit | [Source] | Post-exploitation HTTP/2 Command & Control server and agent focused on containerized environments | Go | Free | False | |
| lateralus | [Source] | Terminal based phishing campaign tool | Go | Free | False | |
| link | [Source] | Command and control framework; HTTPS communication, process injection, in-memory .NET assembly execution, SharpCollection tools, sRDI implementation for shellcode generation, Windows link reloads DLLs from disk into current process | Rust | Free | False | |
| LP-DB | [Website] | [Source] | Login Pages Database forms a knowledge base on login pages related to malicious activities (C2 panels, phishing kits...) | JavaScript | Free | False |
| macro_pack | [Source] | Obfuscation and generation of retro formats such as MS Office documents or VBS like format | Python | Free | False | |
| Merlin | [Source] | Post-exploitation HTTP/2 Command & Control server and agent | Go | Free | False | |
| MÃstica | [Source] | Allows to embed data into application layer protocol fields, with the goal of establishing a bi-directional channel for arbitrary communications; supports encapsulation into HTTP, HTTPS, DNS and ICMP protocols | Python | Free | False | |
| Mythic | [Source] | Collaborative red teaming framework | Python | Free | False | |
| Octopus | [Source] | Pre-operation C2 server | Python | Free | False | |
| Overlord | [Website] | [Source] | CLI used to build Red Teaming infrastructure in an automated way, supports AWS and Digital Ocean | Python | Free | False |
| PEzor | [Website] | [Source] | Shellcode & PE Packer | CPlusPlus | Free | False |
| Pupy | [Source] | Cross-platform, multi function remote access tool (RAT) and post-exploitation tool; fileless/all-in-memory execution, low footprint, multi-transport | Python | Free | False | |
| Quasar | [Source] | Remote Administration Tool (RAT) for Windows | CSharp | Free | False | |
| Redcloud | [Source] | Automated Red Team Infrastructure deployment using Docker | Python | Free | False | |
| ReelPhish | [Source] | Real time phishing tool | Python | Free | False | |
| Ruler | [Source] | Interact with Exchange servers remotely, through either the MAPI/HTTP or RPC/HTTP to abuse the client-side Outlook features and gain a shell | Go | Free | False | |
| ScareCrow | [Source] | Payload creation framework designed around EDR bypass | Go | Free | False | |
| SearchSploit | [Website] | [Source] | CLI tool to search among Exploit-DB exploits | Shell | Free | False |
| SHAD0W | [Website] | [Source] | Modular C2 framework designed to successfully operate covertly on heavily monitored environments | Python | Free | False |
| Sliver | [Source] | Cross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS; remote access tool (RAT) | Go | Free | False | |
| SocialFish | [Source] | Phishing targeting social media logins; supports Ngrok tunneling and a mobile controller | Python | Free | False | |
| UBoat | [Source] | HTTP botnet PoC | CPlusPlus | Free | False | |
| Zphisher | [Source] | Automated phishing tool with multiple tunneling options; fork of Shellphish | Shell | Free | False |
Reverse Engineering
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| androguard | [Source] | Tool for reverse engineering and malware analysis of Android applications | Python | Free | False | |
| angr | [Source] | Platform-agnostic binary analysis framework | Python | Free | False | |
| ANY RUN | [Website] | Online virtual machine for malware hunting, sandbox with interactive access, real-time data-flow | Free | True | ||
| Apk2Gold | [Source] | Android decompiler (wrapper for apktool, dex2jar, and jd-gui) | Shell | Free | False | |
| Apktool | [Website] | [Source] | Android disassembler and rebuilder | Java | Free | False |
| arm_now | [Source] | Tool that allows instant setup of virtual machines on various architectures for reverse, exploit, fuzzing and programming purpose | Python | Free | False | |
| Barf | [Source] | Binary Analysis and Reverse engineering Framework | Python | Free | False | |
| bearparser | [Website] | [Source] | PE parsing library (from PE-bear) | CPlusPlus | Free | False |
| Binary Ninja | [Website] | Crossplatform binary analysis framework | Python | Paid | False | |
| binutils | [Website] | [Source] | GNU collection of binary tools | C | Free | False |
| binwalk | [Source] | Analyze, reverse engineer and extract firmware images (and other files, also usefull for Digital Forensics) | Python | Free | False | |
| Dexcalibur | [Website] | [Source] | Android reverse engineering platform focus on instrumentation automation (decompile/disass intercepted bytecode at runtime, write hook code, search interesting pattern | JavaScript | Paid | False |
| boomerang | [Source] | x86 binaries to C decompiler | Cplusplus | Free | False | |
| ctf_import | [Website] | [Source] | Library to run basic functions from stripped binaries | C | Free | False |
| CFF Explorer | [Website] | PE Editor | Free | False | ||
| Cutter | [Source] | Qt and C++ GUI for radare2 | CPlusPlus | Free | False | |
| Decompiler.com | [Website] | C#, Python, Android and Java online decompiler | Free | True | ||
| Defuse online disassembler | [Website] | Online x86 (32/64 bits) assembler and disassembler | Free | True | ||
| de4dot | [Source] | .NET deobfuscator and unpacker | CSharp | Free | False | |
| dnSpy | [Source] | .NET assembly debugger, decompiler and editor | CSharp | Free | False | |
| Droidefense | [Website] | [Source] | Android apps/malware analysis/reversing tool | Java | Free | False |
| edb | [Source] | Cross platform AArch32/x86/x86-64 debugger | CPlusPlus | Free | False | |
| Flare | [Website] | Processes SWF and extract scripts from it | Free | False | ||
| Flasm | [Website] | [Source] | Disassembler tool for SWF bytecode | Free | False | |
| Frida | [Website] | [Source] | Dynamic code instrumentation toolkit | C | Free | False |
| GDB | [Website] | [Source] | GNU debugger | Cplusplus | Free | False |
| Ghidra | [Website] | [Source] | Software reverse engineering (SRE) suite of tools: disassembly, assembly, decompilation, graphing, scripting, etc. | Java | Free | False |
| Hiew | [Website] | x86_64 disassembler for multiple formats | Paid | False | ||
| Hopper | [Website] | Disassembler, decompiler and debugger | Paid | False | ||
| IDA Pro | [Website] | Disassembler and debugger | Paid | False | ||
| ILSpy | [Source] | .NET assembly browser and decompiler to C# | CSharp | Free | False | |
| ImmunityDbg | [Website] | Windows debugger with Python scripting support | Free | False | ||
| jadx | [Source] | DEX to Java decompiler | Java | Free | False | |
| Java Decompilers | [Website] | .JAR and .Class to Java decompiler | Free | True | ||
| JD-GUI | [Website] | GUI tool decompiling JAVA | Java | Free | False | |
| JEB | [Website] | Disassembler, decompiler and debugger | Paid | False | ||
| JPEXS Free Flash Decompiler | [Source] | A.k.a ffdec, flash SWF decompiler | Java | Free | False | |
| JSDetox | [Website] | [Source] | Javascript deobfustcator | Ruby | Free | False |
| Kemon | [Source] | macOS kernel pre and post callback-based framework | C | Free | False | |
| Krakatau | [Source] | Java decompiler, assembler, and disassembler | Java | Free | False | |
| Kaitai Struct | [Website] | [Source] | Declarative language to generate binary data parsers in various languages | Free | False | |
| ldd | [Website] | Tool that print shared library dependencies | Free | False | ||
| Metasm | [Website] | [Source] | Assembler, disassembler, compiler and debugger | Ruby | Free | False |
| Medusa | [Source] | Interactive multi-architecture and multi-formats disassembler running on Windows and Linux | Cplusplus | Free | False | |
| ODA | [Website] | Advanced multi-architecture online disassembler supporting a lot of architectures and object file formats | Free | True | ||
| OllyDbg | [Website] | Windows debugger | Free | False | ||
| Pe-bear | [Website] | PE reverse tool: recognizes packers, fast disassembler, visualization of sections layout, selective comparing of two chosen PE files | Free | False | ||
| PE Explorer Disassembler | [Website] | Windows disassembler | Paid | False | ||
| PE Insider | [Website] | PE viewer, closed source and windows only | Free | False | ||
| Plasma | [Source] | x86/ARM/MIPS interactive disassembler | Python | Free | False | |
| Qira | [Website] | [Source] | Timeless debugger (QIRA = QEMU Interactive Runtime Analyser) | C | Free | False |
| RABCDAsm | [Website] | [Source] | ActionScript disassembler | D | Free | False |
| radare2 | [Website] | [Source] | Crossplatform binary analysis framework, disassembler, decompiler and debugger, support collaborative analysis | C | Free | False |
| rbkb | [Source] | Ruby BlackBag; a miscellaneous collection of command-line tools and ruby library helpers related to pen-testing and reversing | Ruby | Free | False | |
| Relyze | [Website] | x86 and ARM graphical interactive disassembler with Ruby plugin framework | Paid | False | ||
| RetDec | [Website] | [Source] | Multi file formats and architectures machine-code decompiler | Cplusplus | Free | False |
| sandsifter | [Source] | x86 processor fuzzer | Python | Free | False | |
| Snowman | [Website] | [Source] | Native code to C/C++ decompiler, supporting x86, AMD64, and ARM architectures, exists as standalone app or as a plug-in | Cplusplus | Free | False |
| strace | [Source] | Debugger for Linux | Free | False | ||
| Swftools | [Website] | [Source] | Collection of utilities to work with SWF files | C | Free | False |
| Triton | [Website] | [Source] | Dynamic binary analysis framework, automate reverse engineering | Cplusplus | Free | False |
| UglifyJS2 | [Website] | [Source] | JavaScript obfuscator or beautifier toolkit | JavaScript | Free | False |
| uncompyle | [Source] | Python 2.7 binaries (.pyc) decompiler | Python | Free | False | |
| uncompyle6 | [Source] | Python 1.5, 2.1 to 2.7, 3.1 to 3.6 binaries (.pyc) decompiler | Python | Free | False | |
| Vais | [Source] | SWF vulnerability and information scanner | Ruby | Free | False | |
| WinDbg | [Website] | Windows debugger | Free | False | ||
| x64dbg | [Website] | [Source] | Windows debugger | Cplusplus | Free | False |
| XenoScan | [Source] | Processes memory scanner | Cplusplus | Free | False | |
| Xori | [Website] | [Source] | Disassembly and static analysis library that provides triage analysis data | Rust | Free | False |
| xxxswf | [Source] | Small script for carving, scanning, compressing, decompressing and analyzing SWF files | Python | Free | False |
Steganography
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| Aperi'Solve | [Website] | [Source] | Steganalysis web platform with layer, zsteg, steghide and exiftool analysis | Python | Free | False |
| Audacity | [Website] | [Source] | Tool to edit and analyze audio tracks | Free | False | |
| exif | [Source] | Shows EXIF information for JPEG files only | C | Free | False | |
| ExifTool | [Website] | [Source] | Library and CLI tool to read and write meta information (EXIF, GPS, IPTC, XMP, JFIF, …) in files (JPEG, PNG, SVG, MPEG, …) | Perl | Free | False |
| Exiv2 | [Website] | [Source] | Library and CLI tool to read and write meta information (Exif, IPTC & XMP metadata and ICC Profile) in images (JPEG, TIFF, PNG, …) | Cplusplus | Free | False |
| ImageMagick | [Website] | [Source] | Software suite and library to create, edit, compose, or convert images | C | Free | False |
| Outguess | Tool to hide messages in files (website down since 2004) | Free | False | |||
| PNGtools | [Website] | [Source] | Suite of tools to work with PNG images | C | Free | False |
| SHIT | [Source] | Stego Helper Identification Tool, multi-purpose image steganography tool | Python | Free | False | |
| SmartDeblur | [Source] | To to restore defocused and blurred images (update binary only for Windows, Mac OS binary out of date) | Cplusplus | Free | False | |
| Sonic Visualiser | [Website] | [Source] | Tool to edit and analyze audio tracks | Free | False | |
| Steganabara | [Source] | Steganography analysis tool | Java | Free | False | |
| Steghide | [Website] | [Source] | Tool to hide messages in images | Free | False | |
| StegOnline | [Website] | [Source] | Stego image toolsuite in the browser | JavaScript | Free | True |
| StegoVeritas | [Source] | Automatic tool to bruteforce LSB, transform image, extract metadata or trailing data | Python | Free | False | |
| StegSolve | GUI tool to analyse images | Java | Free | False | ||
| zsteg | [Source] | Tool to detect hidden data in PNG and BMP | Ruby | Free | False |
System Exploitation
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| Android_Emuroot | [Source] | Grants root privileges on the fly to shells running on Android virtual machines that use google-provided emulator images called Google API Playstore | Python | Free | False | |
| bkhive | [Source] | Dump the syskey bootkey from a Windows NT/2K/XP system hive, often used with samdump2, part of the ophcrack project | Free | False | ||
| BloodHound | [Website] | [Source] | Tool to reveal the hidden and unintended relationships within an Active Directory environment | PowerShell | Free | False |
| cookie_crimes | [Website] | [Source] | Read local Chrome cookies without root or decrypting and display then in JSON | Python | Free | False |
| CookieCrimesJS | [Source] | Read local Chrome cookies without root or decrypting and display then in JSON; Javascript implementation of cookie_crimes | JavaScript | Free | False | |
| CrackMapExec | [Source] | Post-exploitation tool to asses Active Directory networks | Python | Free | False | |
| creddump | [Source] | Dump windows credentials | Python | Free | False | |
| DCOMrade | [Source] | Script that is able to enumerate the possible vulnerable DCOM applications that might allow for lateral movement, code execution, data exfiltration, etc. | PowerShell | Free | False | |
| DLLInjector | [Source] | Dll injection tool | Cplusplus | Free | False | |
| DLLPasswordFilterImplant | [Source] | Password filter DLL, triggered on password change to exfiltrate credentials | C | Free | False | |
| Empire | [Website] | [Source] | PowerShell and Python post-exploitation agent | Shell | Free | False |
| Empire GUI | [Website] | [Source] | GUI for Empire framework | JavaScript | Free | False |
| enum4linux | [Source] | Windows Samba enumeration tool | Perl | Free | False | |
| enum4linux-ng | [Source] | Windows Samba enumeration tool, next generation version of enum4linux | Python | Free | False | |
| FFM | [Source] | Freedom Fighting Mode (FFM), hacking harness, post-exploitation tool | Python | Free | False | |
| GH DLL Injector | [Website] | [Source] | DLL injection library supporting x86, WOW64 and x64 injections; 5 injection methods, 4 shellcode execution methods and various additional options; session separation can be bypassed with all methods | CPlusPlus | Free | False |
| goddi | [Source] | Active Directory domain information dumper | Go | Free | False | |
| LaZagne | [Source] | Password retriever | Python | Free | False | |
| LinEnum | [Source] | Linux enumeration and privilege escalation script | Shell | Free | False | |
| Linux Exploit Suggester 2 | [Source] | Linux kernel exploit suggester | Perl | Free | False | |
| linux-exploit-suggester.sh | [Source] | Linux kernel exploit suggester | Shell | Free | False | |
| linuxprivchecker.py | [Source] | Linux privilege escalation check script | Python | Free | False | |
| lynis | [Website] | [Source] | Security auditing and hardening tool, for UNIX-based systems | Shell | Free | False |
| Nishang | [Source] | Framework, collection of scripts and payloads in PowerShell for offensive security, penetration testing and red teaming | PowerShell | Free | False | |
| p0wnedShell | [Source] | PowerShell runspace post exploitation toolkit | CSharp | Free | False | |
| PEASS | [Source] | Privilege Escalation Awesome Scripts SUITE; winPEAS and linPEAS are local privilege escalation scripts for Windows and Linux | Shell | Free | False | |
| Powerless | [Source] | A Windows privilege escalation enumeration BAT script designed for legacy Windows machines without Powershell | Shell | Free | False | |
| PowerSploit | [Source] | Powershell exploitation framework | Powershell | Free | False | |
| pspy | [Source] | CLI tool designed to snoop on processes without need for root permissions; it allows to see commands run by other users, cron jobs, etc. as they execute | Go | Free | False | |
| RedSnarf | [Source] | Retrieves hashes and credentials from Windows workstations, servers and domain controllers using OpSec Safe Techniques | Python | Free | False | |
| samdump2 | [Source] | Retrieves syskey and extract hashes from Windows 2k/NT/XP/Vista SAM, often used with bkhive, part of the ophcrack project | Free | False | ||
| scavenger | [Source] | multi-threaded post-exploitation scanning tool for scavenging systems, finding most frequently used files and folders as well as interesting files containing sensitive information | Python | Free | False | |
| SharpShooter | [Source] | Payload Generation Framework for C# source code | VB | Free | False | |
| ShellPop | [Source] | Tool to craft bind and reverse shells in several languages | Python | Free | False | |
| unicorn | [Source] | Tool for using a PowerShell downgrade attack and inject shellcode into memory | Python | Free | False | |
| WES-NG | [Source] | Windows Exploit Suggester - Next Generation; analyses Windows targets patch levels to find exploits and Metasploit modules; works well with newer system (eg Windows 10) thanks to MSRC support | Python | Free | False | |
| Windows-Exploit-Suggester | [Source] | Analyses Windows targets patch levels to find exploits and Metasploit modules, works only for older systems (eg Windows XP, Vista, etc.) because it relies on MS Security KBs | Python | Free | False |
Threat Intelligence
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| Maltego | [Website] | Interactive data mining tool that renders directed graphs for link analysis. The tool is used in online investigations for finding relationships between pieces of information from various sources located on the Internet (exists in Community Edition) | Paid | False | ||
| MISP | [Website] | [Source] | Threat intelligence platform & open standards for threat information sharing (formerly known as Malware Information Sharing Platform) | PHP | Free | False |
| Netglub | [Website] | [Source] | Maltego alternative | Free | False | |
| PatrowlHears | [Website] | [Source] | Provides a unified source of vulnerability, exploit and threat Intelligence feeds; comprehensive and continuously updated vulnerability database scored and enriched with exploit and threat news information | Python | Paid | |
| threatfeeds.io | [Website] | Open-source threat intelligence feeds; sharing malware URLs, IP reputation, bad IPs, etc. | Free | True | ||
| Yeti | [Website] | [Source] | Organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository | Python | Free | False |
Vulnerability Assessment
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| cve-search | [Source] | Tool to import CVE and CPE into a MongoDB to facilitate search and processing of CVEs | Python | Free | False | |
| cvss-suite | [Source] | CVSS calculator library | Ruby | Free | False | |
| go-cve-dictionary | [Source] | Self-hosted CVE feed server | Go | Free | False | |
| GVM | [Website] | [Source] | The Greenbone Vulnerability Management (GVM) is a framework of several services: gvmd is the central service that consolidates plain vulnerability scanning into a full vulnerability management solution. The Greenbone Security Assistant (GSA) is the web interface of GVM. The main scanner (OpenVAS) is a full-featured scan engine that executes a continuously updated and extended feed of Network Vulnerability Tests (NVTs). Complementary to the web interface, GVM-Tools allows batch processing / scripting via the Greenbone Management Protocol (GMP). Additional scanners can be integrated via the Open Scanner Protocol (OSP) | C | Paid | False |
| nvd_feed_api | [Website] | [Source] | A ruby API for NVD CVE feeds management, the library will help you to download and manage NVD Data Feeds, search for CVEs, build your vulerability assesment platform or vulnerability database | Ruby | Free | False |
| SECMON | [Website] | [Source] | Web-based platform for the automation of infosec watching and vulnerability management | Python | Free | False |
| ThreatMapper | [Website] | [Source] | Identify vulnerabilities in running containers, images, hosts and repositories | Go | Free | False |
| VRT Ruby Wrapper | [Website] | [Source] | Wrapper for the Vulnerability Rating Taxonomy | Ruby | Free | False |
| Vulnogram | [Website] | [Source] | Create and edit CVE information in CVE JSON format | JavaScript | Free | True |
| Vuls | [Website] | [Source] | Agentless system vulnerability scanner for Linux/FreeBSD with a dashboard (VulsRepo) for analyzing the scan results | Go | Free | False |
Web Application Exploitation
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| 1u.ms | [Website] | zero-configuration DNS utilities for assisting in detection and exploitation of SSRF-related vulnerabilities | Free | True | ||
| 230-OOB | [Website] | [Source] | FTP server for OOB XXE attacks | Python | Free | False |
| Acunetix | [Website] | Web application security scanner | Paid | True | ||
| altair | [Source] | Modular web vulnerability scanner | Python | Free | False | |
| API-fuzzer | [Source] | Library to fuzz request attributes using common pentesting techniques and lists vulnerabilities | Ruby | Free | False | |
| Aquatone | [Website] | [Source] | Domain flyover tool; visual inspection of websites across a large amount of hosts and is convenient for quickly gaining an overview of HTTP-based attack surface | Go | Free | False |
| Arachni | [Website] | [Source] | Web application security scanner framework | Ruby | Free | False |
| Arjun | [Source] | HTTP Parameter Discovery Suite | Python | Free | False | |
| AssassinGo | [Website] | [Source] | Web pentest framework for information gathering and vulnerability scanning | Go | Free | False |
| Astra | [Website] | [Source] | REST API penetration testing tool | Python | Free | False |
| Atlas | [Source] | Tool that suggests sqlmap tampers to bypass WAF/IDS/IPS based on status codes | Python | Free | False | |
| BaRMIe | [Source] | Java RMI enumeration and attack tool | Java | Free | False | |
| Beeceptor | [Website] | HTTP request collector and inspector | Paid | True | ||
| Blazy | [Source] | Login page bruteforcer: CSRF, SQLi, Clickjacking, WAF detection | Python | Free | False | |
| Burp Suite | [Website] | Intercepting proxy to replay, inject, scan and fuzz HTTP requests (a limited free version exists) | Java | Paid | False | |
| Cansina | [Source] | Web directory and file scanner (wordlist bruteforce) | Python | Free | False | |
| Chankro | [Source] | Tool to bypass disable_functions and open_basedir in PHP by calling sendmail and setting LD_PRELOAD environment variable | Python | Free | False | |
| Charles | [Website] | Intercepting proxy to replay, inject, scan and fuzz HTTP requests | Java | Paid | False | |
| CloudFrunt | [Source] | Scanner to identify misconfigured CloudFront domains | Python | Free | False | |
| CMSeek | [Source] | CMS detection and exploitation suite; capable of detecting more than 130 CMS | Python | Free | False | |
| CMSmap | [Source] | WordPress, Joomla, Drupal, Moodle CMS security scanner | Python | Free | False | |
| CMSScan | [Source] | Wordpress, Drupal, Joomla, vBulletin CMS security scanner with dashboard | Python | Free | False | |
| commix | [Website] | [Source] | Web-based command injection tester | Python | Free | False |
| CSP Evaluator | [Website] | [Source] | Check Content Security Policy (CSP) configuration and assists with the reviewing process | JavaScript | Free | False |
| CSWSH | [Website] | Cross-Site WebSocket Hijacking Tester | Free | False | ||
| dirb | [Website] | [Source] | Web directory and file scanner (wordlist bruteforce) | Free | False | |
| dirsearch | [Source] | Web directory and file scanner (wordlist bruteforce) | Python | Free | False | |
| distributed-jwt-cracker | [Website] | [Source] | HS256 JWT token distributed brute force cracker | JavaScript | Free | False |
| docem | [Source] | Uility to embed XXE and XSS payloads in docx, odt, pptx, etc | Python | Free | False | |
| DotDotPwn | [Website] | [Source] | Directory Traversal fuzzer | Perl | Free | False |
| droopescan | [Source] | CMS scanner supporting SilverStripe and Wordpress, having partial support for Joomla, Moodle, Drupal | Python | Free | False | |
| drupwn | [Source] | Drupal CMS enumeration and exploitation tool | Python | Free | False | |
| dtd-finder | [Source] | Identify DTDs on filesystem snapshot and build XXE payloads using those local DTDs | Kotlin | Free | False | |
| DVCS-Pillage | [Source] | Dump web accessible (distributed) version control systems (DVCS/VCS): GIT, Mercurial/hg, Bazaar/bzr, … | Shell | Free | False | |
| dvcs-ripper | [Source] | Dump web accessible (distributed) version control systems (DVCS/VCS): SVN, GIT, Mercurial/hg, Bazaar/bzr, … | Perl | Free | False | |
| Enemies Of Symfony | [Source] | Loots information from a Symfony target using profiler | Python | Free | False | |
| EyeWitness | [Source] | Take screenshots of websites, provide some server header info, and identify default credentials if possible | Python | Free | False | |
| Fav-up | [Source] | Favicon fingerprinting using Shodan | Python | Free | False | |
| FavFreak | [Source] | Favicon fingerprinting | Python | Free | False | |
| Favinizer | [Source] | Favicon fingerprinting | Python | Free | False | |
| feroxbuster | [Source] | Web directory and file scanner (wordlist bruteforce) | Rust | Free | False | |
| ffuf | [Source] | Web directory and file scanner (wordlist bruteforce) | Go | Free | False | |
| Fingerprinter | [Source] | CMS version detection tool | Ruby | Free | False | |
| Flask Session Cookie Decoder/Encoder | [Source] | A script that let you encode and decode a Flask session cookie | Python | Free | False | |
| FockCache | [Source] | Test Cache Poisoning | Go | Free | False | |
| Fuxi | [Source] | Penetration testing platform, automate some scan & attack | Python | Free | False | |
| Fuzzapi | [Source] | Web-UI for API-fuzzer | Ruby | Free | False | |
| git-dump | [Source] | Dump the contents of a remote git repository without directory listing enabled | JavaScript | Free | False | |
| git-dumper | [Source] | Dump the contents of a remote git repository without directory listing enabled | Python | Free | False | |
| GitTools | [Source] | 3 tools: Finder (find websites with .git repository exposed), Dumper (dump exposed .git), Extractor (extract commits and their content from a broken repository) | Shell | Free | False | |
| Gobuster | [Source] | Web directory, file and DNS scanner (wordlist bruteforce) | Go | Free | False | |
| Gopherus | [Source] | Generates gopher link for exploiting SSRF and gaining RCE access from unprotected services | Python | Free | False | |
| gowitness | [Source] | Take screenshots of websites | Go | Free | False | |
| GraphQLmap | [Source] | Scripting engine to interact with a graphql endpoint for pentesting purposes | Python | Free | False | |
| Guppy Proxy | [Source] | GUI HTTP intercepting proxy based on Pappy Proxy | Python | Free | False | |
| Hetty | [Source] | HTTP toolkit for security research; alternative to BurpSuite | Go | Free | False | |
| Hookbin | [Website] | [Source] | HTTP request collector and inspector | Java | Free | True |
| httpscreenshot | [Source] | Take screenshots of websites | Python | Free | False | |
| httpx | [Source] | Multi-purpose HTTP toolkit allows to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads | Go | Free | False | |
| HUNT | [Source] | HUNT Suite is a collection of Burp Suite Pro/Free and OWASP ZAP extensions | Python | Free | True | |
| InQL | [Source] | GraphQL security audit | Python | Free | False | |
| Interactsh | [Website] | [Source] | HTTP request collector and inspector; OOB interaction gathering server and client library; DNS / HTTP / SMTP interaction support | Go | Free | True |
| IronWASP | [Website] | [Source] | Web security/vulnerability scanner (native for Windows only) | C | Free | False |
| Jaeles | [Website] | [Source] | Framework for building your own Web Application Scanner | Go | Free | False |
| JAST | [Source] | Take screenshots of websites | Python | Free | False | |
| JWT cracker | [Source] | Multi-threaded JWT brute-force cracker | C | Free | False | |
| jwt-cracker | [Website] | [Source] | HS256 JWT token brute force cracker | JavaScript | Free | False |
| jwt-hack | [Source] | A toolkit for JWT tokens security testing | Go | Free | False | |
| jwt_tool | [Source] | A toolkit for validating, forging and cracking JWT tokens | Python | Free | False | |
| jwtcat | [Source] | JWT brute-force cracker | Python | Free | False | |
| Liffy | [Source] | LFI exploitation tool | Python | Free | False | |
| LFI Freak | [Source] | LFI scan and exploit tool | Python | Free | False | |
| LFI Suite | [Source] | Automatic LFI scanner and exploiter | Python | Free | False | |
| LightBulb | [Website] | [Source] | Framework for auditing web application firewalls and filters | Python | Free | False |
| Kadimus | [Source] | LFI, RFI, RCE scanner | C | Free | False | |
| Malzilla | [Website] | [Source] | Web oriented deobfuscating tool | Free | False | |
| mitmproxy | [Website] | [Source] | Interactive HTTPS proxy | Python | Free | False |
| Mockbin | [Website] | [Source] | HTTP request collector and inspector | JavaScript | Free | True |
| monsoon | [Website] | [Source] | Web directory and file scanner (wordlist bruteforce) | Go | Free | False |
| MyJWT | [Source] | A toolkit for signing, forging and cracking JWT tokens | Python | Free | False | |
| Netsparker | [Website] | Web application security scanner | Paid | True | ||
| nikto | [Website] | [Source] | Very light web security scanner | Perl | Free | False |
| NoSQLMap | [Source] | Automated NoSQL database enumeration and web application exploitation tool | Python | Free | False | |
| Nosql-Exploitation-Framework | [Source] | NoSQL scanning and exploitation framework | Python | Free | False | |
| Nuclei | [Website] | [Source] | Web application security scanner based on templates | Go | Free | False |
| NtHiM | [Source] | Now, the Host is Mine!; sub-domain takeover detection | Rust | Free | False | |
| otori | [Website] | On The Outside, Reaching In, exploitation toolbox for XXE attacks | Python | Free | False | |
| OWASP JoomScan | [Source] | Joomla vulnerability scanner | Perl | Free | False | |
| OWASP ZAP | [Website] | [Source] | OWASP Zed Attack Proxy, intercepting proxy to replay, inject, scan and fuzz HTTP requests | Java | Free | False |
| oxml_xxe | [Source] | Tool for embedding XXE/XML exploits into different filetypes (docx/xlsx, odt/ods, svg, xml, etc.) | Ruby | Free | False | |
| Panoptic | [Website] | [Source] | Automatic LFI and Path Traversal exploitation tool | Python | Free | False |
| Pappy Proxy | [Website] | [Source] | Proxy Attack Proxy ProxY, HTTP intercepting proxy | Python | Free | False |
| ParamSpider | [Source] | Finds parameters from web archives of the entered domain | Python | Free | False | |
| Paros | [Source] | Intercepting proxy to replay, inject, scan and fuzz HTTP requests | Java | Free | False | |
| PeepingTom | [Source] | Take screenshots of websites | Python | Free | False | |
| PHPGGC | [Source] | PHP Generic Gadget Chains, library of unserialize() payloads along with a tool to generate them, supporting various PHP frameworks | PHP | Free | False | |
| Portswigger Labs Inspector | [Website] | Javascript expression evaluator and inspector | JavaScript | Free | True | |
| PowerUpSQL | [Source] | Toolkit for attacking MS SQL Server, discovery, configuration auditing, privilege escalation, post exploitation | Powershell | Free | False | |
| Rabid | [Website] | [Source] | CLI tool and library allowing to simply decode all kind of BigIP cookies | Ruby | Free | True |
| RequestBin | [Website] | [Source] | HTTP request collector and inspector | Python | Free | True |
| RequestCatcher | [Website] | [Source] | HTTP request collector and inspector | Go | Free | True |
| See-SURF | [Source] | SSRF scanner to find entry points | Python | Free | False | |
| Simple Local File Inclusion Exploiter | [Website] | [Source] | LFI exploit tool | Python | Free | False |
| Sitadel | [Source] | Web application security scanner, rewrite and newer version of WAScan | Python | Free | False | |
| SleuthQL | [Source] | Tool that parses Burp history to discover potential SQL injection points and prepare SQLmap request files | Python | Free | False | |
| Smuggler | [Source] | HTTP request smuggling, desync testing | Python | Free | False | |
| snallygaster | [Source] | Web scanner that looks for files accessible on web servers that shouldn't be public | Python | Free | False | |
| spidr | [Source] | Web spidering library that can spider a site, multiple domains, certain links or infinitely | Ruby | Free | False | |
| sqlmap | [Website] | [Source] | Automatic SQL injection tool | Python | Free | False |
| SQLiv | [Source] | SQL injection scanner, find vulnerable entry points | Python | Free | False | |
| ssllabs-scan | [Website] | [Source] | CLI reference-implementation client for Qualys SSL Labs APIs, designed for automated and/or bulk testing | Go | Free | False |
| sslscan2 | [Source] | Tests SSL/TLS enabled services to discover supported cipher suites | C | Free | False | |
| SSLyze | [Source] | SSL analysis library and a CLI tools | Python | Free | False | |
| SSRF Proxy | [Source] | Facilitates tunneling HTTP communications through servers vulnerable to SSRF | Ruby | Free | False | |
| SSRFmap | [Source] | Automatic SSRF fuzzer and exploitation tool | Python | Free | False | |
| SSRF Sheriff | [Source] | Genereate custom endpoint to test SSRF; support any HTTP method, content-specific responses, configurable secret token | Go | Free | False | |
| testssl.sh | [Website] | [Source] | TLS/SSL scanner to find weak ciphers, protocols or flaws | Shell | Free | False |
| TIDoS Framework | [Source] | Comprehensive web-app audit framework | Python | Free | False | |
| TLS map | [Website] | [Source] | CLI & library for mapping TLS cipher algorithm names: IANA, OpenSSL, GnUTLS, NSS | Ruby | Free | False |
| Tracy | [Source] | Tool that help to manually find XSS | Go | Free | False | |
| tplmap | [Source] | SSTI and code injection detection and exploitation tool | Python | Free | False | |
| Uniscan | [Source] | RFI, LFi and RCE scanner | Perl | Free | False | |
| V3n0M | [Source] | Web dork and vulnerability scanner | Python | Free | False | |
| Vega | [Website] | [Source] | Multi-platform web scanner and intercepting proxy | Java | Free | False |
| VOOKI | [Website] | Windows only web application and REST API vulnerability scanner | Free | False | ||
| w3af | [Website] | [Source] | Web application attack and audit framework, web-oriented security scanner | Python | Free | False |
| WAFNinja | [Source] | WAF bypassing tool | Python | Free | False | |
| wapiti | [Website] | [Source] | Web-oriented vulnerability scanner, can generates reports | Free | False | |
| WAScan | [Source] | Web application security scanner | Python | Free | False | |
| Webhook Tester | [Website] | [Source] | HTTP request collector and inspector | PHP | Free | True |
| Weevely | [Source] | Web shell for post-exploitation working with a PHP agent | Python | Free | False | |
| Wfuzz | [Website] | [Source] | Web application fuzzer framework | Python | Free | False |
| What CMS | [Website] | Service able to detect more than 430 CMS, find version used for some CMS, has an API for batch detection | Free | True | ||
| WhatWeb | [Website] | [Source] | Web scanner, recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices, also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more | Ruby | Free | False |
| wikto | [Source] | Nikto for Windows; web security scanner | CSharp | Free | False | |
| WitnessMe | [Source] | Take screenshots of websites, provide some server header info, and identify default credentials if possible | Python | Free | False | |
| WPScan | [Website] | [Source] | WordPress CMS vulnerability scanner | Ruby | Free | True |
| WS-Attacker | [Source] | Modular framework for SOAP web services penetration testing | Java | Free | False | |
| WSFuzzer | [Website] | [Source] | Fuzzing penetration testing tool for testing HTTP SOAP based web services | Python | Free | False |
| WSSAT | [Website] | [Source] | Web Service Security Assessment Tool; WS, REST API, SOAP API dynamic scanner | CSharp | Free | False |
| XAttacker | [Source] | CMS detection and exploitation suite | Perl | Free | False | |
| XCat | [Website] | [Source] | Automate XPath injection/XXE attacks to retrieve documents | Python | Free | False |
| Xenotix | [Website] | [Source] | XSS detection and exploit framework (Windows only) | Python | Free | False |
| Xray | [Website] | [Source] | Web security scanner (XSS, SQLi, SSRF, XXE, etc.) | Go | Free | False |
| XSpear | [Source] | XSS Scanner | Ruby | Free | False | |
| XSRFProbe | [Source] | Advanced Cross Site Request Forgery (CSRF/XSRF) audit and exploitation toolkit | Python | Free | False | |
| XSS hunter | [Website] | XSS probes host for finding blind XSS | Free | True | ||
| XSS'OR | [Website] | [Source] | Multi-purpose tool for XSS or JavaScript analysis | JavaScript | Free | True |
| XSS'OR 2 | [Website] | [Source] | Multi-purpose tool for XSS or JavaScript analysis | JavaScript | Free | True |
| XSSCon | [Source] | XSS automatic scanner | Python | Free | False | |
| XSSer | [Website] | [Source] | XSS automatic scanner and exploiter | Python | Free | False |
| XSStrike | [Source] | XSS detection tool, parser, payload generator, fuzzing engine, crawler | Python | Free | False | |
| XXEinjector | [Source] | Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods | Ruby | Free | False | |
| xxeserv | [Source] | HTTP and FTP server for OOB XXE attacks | Go | Free | False | |
| XXExploiter | [Website] | [Source] | Generates XML payloads, and automatically starts a server to serve the needed DTD's or to do data exfiltration for XXE attacks | JavaScript | Free | False |
| xxxpwn | [Source] | XPath injection tool, designed for blind injection | Python | Free | False | |
| xxxpwn_smart | [Source] | XPath injection tool, fork of xxxpwn adding further optimizations and tweaks, uses predictive text based on a dictionary of words/phrases vs frequencies of occurrence | Python | Free | False | |
| YASUO | [Source] | Scans for vulnerable & exploitable 3rd-party web applications | Ruby | Free | False |
Wireless
| Name | Website | Source | Description | Programming language | Price | Online |
|---|---|---|---|---|---|---|
| Aircrack-Ng | [Website] | [Source] | Suite of tools to assess WiFi network security (cracking WEP and WPA PSK) | C | Free | False |
| airgeddon | [Source] | Wireless network audit script | Shell | Free | False | |
| BtleJack | [Source] | Bluetooth Low Energy Swiss-army knife | Python | Free | False | |
| Crunch-Cracker | [Source] | Wordlist generator and Wi-Fi cracker | Shell | Free | False | |
| Fluxion | [Website] | [Source] | MITM WPA attack tool | Shell | Free | False |
| FruityWiFi | [Source] | Wireless network auditing tool controlled by a web interface | PHP | Free | False | |
| Hijacker | [Source] | Android GUI for Aircrack, Airodump, Aireplay, MDK3 and Reaver | Java | Free | False | |
| Infernal-Wireless | [Source] | Automated wireless hacking tool | Python | Free | False | |
| MDK3-master | [Source] | PoC tool to exploit common IEEE 802.11 protocol weaknesses | C | Free | False | |
| MDK4 | [Source] | PoC tool to exploit common IEEE 802.11 protocol weaknesses | C | Free | False | |
| Modmobjam | [Source] | Cellular networks jamming PoC for mobile equipments | Python | Free | False | |
| Modmobmap | [Source] | Tool to retrieve information of cellular networks | Python | Free | False | |
| reaver-wps | [Source] | Bruteforce WPS tool | C | Free | False | |
| reaver-wps (t6x fork) | [Source] | Bruteforce WPS tool | C | Free | False | |
| trackerjacker | [Source] | Tool for mapping and tacking wifi networks and devices through raw 802.11 monitoring | Python | Free | False | |
| Wifi-Biter | [Source] | Dictionary generator used to generate dictionaries/wordlist for Wireless Router Passwords | Python | Free | False | |
| wifijammer | [Source] | Script to jam wifi clients and access points | Python | Free | False | |
| wifite2 | [Source] | Script for auditing wireless networks that runs existing wireless-auditing tools | Python | Free | False |