

-
See also awesome-tor.
-
CodeRabbit
CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
-
nipe
Discontinued An engine to make Tor network your default gateway [Moved to: https://github.com/htrgouvea/nipe] (by GouveaHeitor)
Nipe - Script to redirect all traffic from the machine to the Tor network.
-
dos-over-tor - Proof of concept denial of service over Tor stress test tool.
-
kalitorify - Transparent proxy through Tor for Kali Linux OS.
-
AntiVirus Evasion Tool (AVET) - Post-process exploits containing executable files targeted for Windows machines to avoid being recognized by antivirus software.
-
CarbonCopy
A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux
CarbonCopy - Tool that creates a spoofed certificate of any online website and signs an Executable for AV evasion.
-
UniByAv - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key.
-
Nutrient
Nutrient - The #1 PDF SDK Library. Bad PDFs = bad UX. Slow load times, broken annotations, clunky UX frustrates users. Nutrient’s PDF SDKs gives seamless document experiences, fast rendering, annotations, real-time collaboration, 100+ features. Used by 10K+ devs, serving ~half a billion users worldwide. Explore the SDK for free.
-
peCloakCapstone - Multi-platform fork of the peCloak.py automated malware antivirus evasion tool.
-
Ciphey
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
Ciphey - Automated decryption tool using artificial intelligence and natural language processing.
-
RsaCtfTool
RSA attack tool (mainly for ctf) - retrieve private key from weak public key and/or uncipher data
RsaCtfTool - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks.
-
ctf-tools - Collection of setup scripts to install various security research tools easily and quickly deployable to new machines.
-
shellpop - Easily generate sophisticated reverse or bind shell commands to help you save time during penetration tests.
-
Lair - Reactive attack collaboration framework and web application built with meteor.
-
Pentest Collaboration Framework (PCF) - Open source, cross-platform, and portable toolkit for automating routine pentest processes with a team.
-
RedELK
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
RedELK - Track and alarm about Blue Team activities while providing better usability in long term offensive operations.
-
DET - Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.
-
trevorc2
TrevorC2 is a legitimate website (browsable) that tunnels client/server communications for covert command execution.
TrevorC2 - Client/server tool for masking command and control and data exfiltration through a normally browsable website, not typical HTTP POST requests.
-
dnscat2 - Tool designed to create an encrypted command and control channel over the DNS protocol, which is an effective tunnel out of almost every network.
-
pwnat
The only tool/technique to punch holes through firewalls/NATs where multiple clients & server can be behind separate NATs without any 3rd party involvement. Pwnat is a newly developed technique, exploiting a property of NAT translation tables, with no 3rd party, port forwarding, DMZ, DNS, router admin requirements, STUN/TURN/UPnP/ICE, or spoofing.
pwnat - Punches holes in firewalls and NATs.
-
QueenSono
Golang binary for data exfiltration with ICMP protocol (+ ICMP bindshell, http over ICMP tunneling, ...)
QueenSono - Client/Server Binaries for data exfiltration with ICMP. Useful in a network where ICMP protocol is less monitored than others (which is a common case).
-
unicorn
Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18. (by trustedsec)
Magic Unicorn - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or certutil (using fake certificates).
-
Pwntools - Rapid exploit development framework built for use in CTFs.
-
peda - Python Exploit Development Assistance for GDB.
-
wordpress-exploit-framework
Discontinued A Ruby framework designed to aid in the penetration testing of WordPress systems.
Wordpress Exploit Framework - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
-
Hwacha - Post-exploitation tool to quickly execute payloads via SSH on one or more Linux systems simultaneously.
-
Linux Exploit Suggester - Heuristic reporting on potentially viable exploits for a given GNU/Linux system.
-
bruteforce-wallet
Try to find the password of an encrypted Peercoin (or Bitcoin, Litecoin, etc...) wallet file.
BruteForce Wallet - Find the password of an encrypted wallet file (i.e. wallet.dat).
-
duplicut
Remove duplicates from MASSIVE wordlist, without sorting it (for dictionary-based password cracking)
duplicut - Quickly remove duplicates, without changing the order, and without getting OOM on huge wordlists.
-
gocrack
Discontinued GoCrack is a management frontend for password cracking tools written in Go [Moved to: https://github.com/mandiant/gocrack] (by fireeye)
GoCrack - Management Web frontend for distributed password cracking sessions using hashcat (or other supported tools) written in Go.
-
hate_crack - Tool for automating cracking methodologies through Hashcat.
-
JWT Cracker - Simple HS256 JSON Web Token (JWT) token brute force cracker.
-
Bless - High quality, full featured, cross-platform graphical hex editor written in Gtk#.
-
hexedit - Simple, fast, console-based hex editor.
-
awesome-industrial-control-system-security
A curated list of resources related to Industrial Control System (ICS) security.
See also awesome-industrial-control-system-security.
-
isf
Discontinued ISF(Industrial Control System Exploitation Framework),a exploitation framework based on Python
Industrial Exploitation Framework (ISF) - Metasploit-like exploit framework based on routersploit designed to target Industrial Control Systems (ICS), SCADA devices, PLC firmware, and more.
-
s7scan - Scanner for enumerating Siemens S7 PLCs on a TCP/IP or LLC network.
-
awesome-vulnerable
A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.
See also awesome-vulnerable.
-
awesome-lockpicking
:unlock::sunglasses: A curated list of awesome guides, tools, and other resources related to the security and compromise of locks, safes, and keys.
See awesome-lockpicking.
-
Bella
Bella is a pure python post-exploitation data mining tool & remote administration tool for macOS. 🍎💻
Bella - Pure Python post-exploitation data mining and remote administration tool for macOS.
-
x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
x64dbg - Open source x64/x32 debugger for windows.
-
EvilOSX - Modular RAT that uses numerous evasion and exfiltration techniques out-of-the-box.
-
AutoSploit - Automated mass exploiter, which collects target by employing the Shodan.io API and programmatically chooses Metasploit exploit modules based on the Shodan query.
-
OWASP Zed Attack Proxy (ZAP) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
-
Decker - Penetration testing orchestration and automation framework, which allows writing declarative, reusable configurations capable of ingesting variables and using outputs of tools it has run as inputs to others.
-
Faraday - Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.
-
pupy
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
Pupy - Cross-platform (Windows, Linux, macOS, Android) remote administration and post-exploitation tool.
-
Wappalyzer - Wappalyzer uncovers the technologies used on websites.
-
CrackMapExec - Swiss army knife for pentesting networks.
-
torsocks
Library to torify application - NOTE: upstream has been moved to https://gitweb.torproject.org/torsocks.git
Tor - Free software and onion routed overlay network that helps you defend against traffic analysis.
-
IKEForce - Command line IPSEC VPN brute forcing tool for Linux that allows group name/ID enumeration and XAUTH brute forcing capabilities.
-
legion
Discontinued Legion is an open source, easy-to-use, super-extensible and semi-automated network penetration testing tool that aids in discovery, reconnaissance and exploitation of information systems. (by Abacus-Group-RTO)
Legion - Graphical semi-automated discovery and reconnaissance framework based on Python 3 and forked from SPARTA.
-
Printer Exploitation Toolkit (PRET) - Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
-
sslstrip - Demonstration of the HTTPS stripping attacks.
-
Spiderfoot - Multi-source OSINT automation tool with a Web UI and report visualizations.
-
SigPloit - Signaling security testing framework dedicated to telecom security for researching vulnerabilites in the signaling protocols used in mobile (cellular phone) operators.
-
Smart Install Exploitation Tool (SIET) - Scripts for identifying Cisco Smart Install-enabled switches on a network and then manipulating them.
-
john
John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
John the Ripper - Fast password cracker.
-
THC Hydra - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more.
-
tsunami-security-scanner
Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
Tsunami - General purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
-
Zarp - Network attack tool centered around the exploitation of local networks.
-
dnstwist
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
dnstwist - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage.
-
impacket
Discontinued Impacket is a collection of Python classes for working with network protocols. [Moved to: https://github.com/SecureAuthCorp/impacket] (by CoreSecurity)
impacket - Collection of Python classes for working with network protocols.
-
pivotsuite - Portable, platform independent and powerful network pivoting toolkit.
-
routersploit
Discontinued Exploitation Framework for Embedded Devices [Moved to: https://github.com/threat9/routersploit] (by reverse-shell)
routersploit - Open source exploitation framework similar to Metasploit but dedicated to embedded devices.
-
rshijack - TCP connection hijacker, Rust rewrite of shijack.
-
Anevicon - Powerful UDP-based load generator, written in Rust.
-
LOIC
Discontinued Deprecated - Low Orbit Ion Cannon - An open source network stress tool, written in C#. Based on Praetox's LOIC project. USE ON YOUR OWN RISK. WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. IF YOU GET V& IT IS YOUR FAULT.
Low Orbit Ion Canon (LOIC) - Open source network stress tool written for Windows.
-
Metasploit - Software for offensive security teams to help verify vulnerabilities and manage security assessments.
-
Memcrashed-DDoS-Exploit
DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API
Memcrashed - DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API.
-
SlowLoris - DoS tool that uses low bandwidth on the attacking side.
-
T50 - Faster network stress tool.
-
UFONet - Abuses OSI layer 7 HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
-
ACLight - Script for advanced discovery of sensitive Privileged Accounts - includes Shadow Admins.
-
BlackArch - Arch GNU/Linux-based distribution for penetration testers and security researchers.
-
AQUATONE - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.
-
CloudFail
Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
CloudFail - Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
-
masscan
TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
Mass Scan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
-
bettercap
The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.
BetterCAP - Modular, portable and easily extensible MITM framework.
-
OWASP Amass - Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc.
-
ScanCannon - Python script to quickly enumerate large networks by calling masscan to quickly identify open ports and then nmap to gain details on the systems/services on those ports.
-
xray
Discontinued XRay is a tool for recon, mapping and OSINT gathering from public networks. (by evilsocket)
XRay - Network (sub)domain discovery and reconnaissance automation tool.
-
dnsenum - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
-
dnsmap - Passive DNS network mapper.
-
dnsrecon - DNS enumeration script.
-
SQLmap - Automatic SQL injection and database takeover tool.
-
fierce - Python3 port of the original fierce.pl DNS reconnaissance tool for locating non-contiguous IP space.
-
passivedns-client
passivedns-client provides a library and a query tool for querying several passive DNS providers
passivedns-client - Library and query tool for querying several passive DNS providers.
-
Snyk Vulnerability DB - Detailed information and remediation guidance for vulnerabilities known by Snyk.
-
passivedns - Network sniffer that logs all DNS server replies for use in a passive DNS setup.
-
Hex Fiend - Fast, open source, hex editor for macOS with support for viewing binary diffs.
-
RustScan - Lightweight and quick open-source port scanner designed to automatically pipe open ports into Nmap.
-
scanless - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.
-
smbmap - Handy SMB enumeration tool.
-
subbrute - DNS meta-query spider that enumerates DNS records, and subdomains.
-
mitmproxy
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
mitmproxy - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
-
awesome-pcaptools
A collection of tools developed by other researchers in the Computer Science area to process network traces. All the right reserved for the original authors.
See also awesome-pcaptools.
-
Dshell - Network forensic analysis framework.
-
Netzob - Reverse engineering, traffic generation and fuzzing of communication protocols.
-
netsniff-ng - Swiss army knife for network sniffing.
-
sniffglue - Secure multithreaded packet sniffer.
-
Kaitai Struct
Kaitai Struct: declarative language to generate binary data parsers in C++ / C# / Go / Java / JavaScript / Lua / Nim / Perl / PHP / Python / Ruby
Kaitai Struct - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
-
hping3 - Network tool able to send custom TCP/IP packets.
-
pig - GNU/Linux packet crafting tool.
-
Hashcat - The more fast hash cracker.
-
scapy - Python-based interactive packet manipulation program and library.
-
Habu - Python utility implementing a variety of network attacks, such as ARP poisoning, DHCP starvation, and more.
-
lambda-proxy
Lambda-Proxy creates an HTTP proxy listening on localhost port 8082. When it receives an HTTP POST request with a very specific structure , it will parse the request, extract the relevant data required for the test, and will invoke your AWS Lambda function using the AWS SDK client.invoke() method. It was created for testing AWS Lambda functions with SQLMap as described here: https://www.puresec.io/blog/automated-sql-injection-testing-of-serverless-functions-on-a-shoestring-budget-and-some-good-m
Lambda-Proxy - Utility for testing SQL Injection vulnerabilities on AWS Lambda serverless functions.
-
MITMf - Framework for Man-In-The-Middle attacks.
-
i2p.i2p
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties.
I2P - The Invisible Internet Project.
-
Morpheus - Automated ettercap TCP/IP Hijacking tool.
-
Gophish - Open-source phishing framework.
-
SSH MITM - Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.
-
dnschef - Highly configurable DNS proxy for pentesters.
-
cppcheck - Extensible C/C++ static analyzer focused on finding bugs.
-
evilgrade
Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.
evilgrade - Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
-
mallory - HTTP/HTTPS proxy over SSH.
-
Iodine - Tunnel IPv4 data through a DNS server; useful for exfiltration from networks where Internet access is firewalled, but DNS queries are allowed.
-
oregano - Python module that runs as a machine-in-the-middle (MITM) accepting Tor client requests.
-
lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Lynis - Auditing tool for UNIX-based systems.
-
SSLyze - Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.
-
crackpkcs12 - Multithreaded program to crack PKCS#12 files (.p12 and .pfx extensions), such as TLS/SSL certificates.
-
mimikatz - Credentials extraction tool for Windows operating system.
-
awesome-dva
A curated list of "damn vulnerable apps" and exploitable VMs / wargames. See contributing.md for information.
Awesome Penetration Testing
-
angr - Platform-agnostic binary analysis framework.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives