Our great sponsors
-
nipe
Discontinued An engine to make Tor network your default gateway [Moved to: https://github.com/htrgouvea/nipe] (by GouveaHeitor)
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
CarbonCopy
A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
Ciphey
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
-
RsaCtfTool
RSA attack tool (mainly for ctf) - retrieve private key from weak public key and/or uncipher data
-
-
RedELK
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
-
-
trevorc2
TrevorC2 is a legitimate website (browsable) that tunnels client/server communications for covert command execution.
-
pwnat
The only tool/technique to punch holes through firewalls/NATs where multiple clients & server can be behind separate NATs without any 3rd party involvement. Pwnat is a newly developed technique, exploiting a property of NAT translation tables, with no 3rd party, port forwarding, DMZ, DNS, router admin requirements, STUN/TURN/UPnP/ICE, or spoofing.
-
QueenSono
Golang binary for data exfiltration with ICMP protocol (+ ICMP bindshell, http over ICMP tunneling, ...)
-
unicorn
Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18. (by trustedsec)
-
-
wordpress-exploit-framework
Discontinued A Ruby framework designed to aid in the penetration testing of WordPress systems.
-
-
bruteforce-wallet
Try to find the password of an encrypted Peercoin (or Bitcoin, Litecoin, etc...) wallet file.
-
duplicut
Remove duplicates from MASSIVE wordlist, without sorting it (for dictionary-based password cracking)
-
gocrack
Discontinued GoCrack is a management frontend for password cracking tools written in Go [Moved to: https://github.com/mandiant/gocrack] (by fireeye)
-
-
awesome-industrial-control-system-security
A curated list of resources related to Industrial Control System (ICS) security.
-
-
awesome-vulnerable
A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.
-
awesome-lockpicking
:unlock::sunglasses: A curated list of awesome guides, tools, and other resources related to the security and compromise of locks, safes, and keys.
-
Bella
Bella is a pure python post-exploitation data mining tool & remote administration tool for macOS. 🍎💻
-
x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
-
-
-
pupy
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
-
-
-
torsocks
Library to torify application - NOTE: upstream has been moved to https://gitweb.torproject.org/torsocks.git
-
-
legion
Legion is an open source, easy-to-use, super-extensible and semi-automated network penetration testing tool that aids in discovery, reconnaissance and exploitation of information systems. (by GoVanguard)
-
-
-
john
John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
-
tsunami-security-scanner
Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
-
dnstwist
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
-
impacket
Discontinued Impacket is a collection of Python classes for working with network protocols. [Moved to: https://github.com/SecureAuthCorp/impacket] (by CoreSecurity)
-
routersploit
Discontinued Exploitation Framework for Embedded Devices [Moved to: https://github.com/threat9/routersploit] (by reverse-shell)
-
LOIC
Discontinued Deprecated - Low Orbit Ion Cannon - An open source network stress tool, written in C#. Based on Praetox's LOIC project. USE ON YOUR OWN RISK. WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. IF YOU GET V& IT IS YOUR FAULT.
-
-
Memcrashed-DDoS-Exploit
DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API
-
-
-
CloudFail
Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
-
masscan
TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
-
bettercap
The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.
-
-
-
passivedns-client
passivedns-client provides a library and a query tool for querying several passive DNS providers
-
-
-
mitmproxy
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
-
awesome-pcaptools
A collection of tools developed by other researchers in the Computer Science area to process network traces. All the right reserved for the original authors.
-
-
-
-
Kaitai Struct
Kaitai Struct: declarative language to generate binary data parsers in C++ / C# / Go / Java / JavaScript / Lua / Nim / Perl / PHP / Python / Ruby
-
-
scapy
Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.
-
lambda-proxy
Lambda-Proxy creates an HTTP proxy listening on localhost port 8082. When it receives an HTTP POST request with a very specific structure , it will parse the request, extract the relevant data required for the test, and will invoke your AWS Lambda function using the AWS SDK client.invoke() method. It was created for testing AWS Lambda functions with SQLMap as described here: https://www.puresec.io/blog/automated-sql-injection-testing-of-serverless-functions-on-a-shoestring-budget-and-some-good-m
-
i2p.i2p
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties.
-
-
evilgrade
Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.
-
lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
-
-
awesome-dva
A curated list of "damn vulnerable apps" and exploitable VMs / wargames. See contributing.md for information.
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
See also awesome-tor.
Nipe - Script to redirect all traffic from the machine to the Tor network.
dos-over-tor - Proof of concept denial of service over Tor stress test tool.
kalitorify - Transparent proxy through Tor for Kali Linux OS.
AntiVirus Evasion Tool (AVET) - Post-process exploits containing executable files targeted for Windows machines to avoid being recognized by antivirus software.
CarbonCopy - Tool that creates a spoofed certificate of any online website and signs an Executable for AV evasion.
UniByAv - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key.
peCloakCapstone - Multi-platform fork of the peCloak.py automated malware antivirus evasion tool.
Ciphey - Automated decryption tool using artificial intelligence and natural language processing.
RsaCtfTool - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks.
ctf-tools - Collection of setup scripts to install various security research tools easily and quickly deployable to new machines.
shellpop - Easily generate sophisticated reverse or bind shell commands to help you save time during penetration tests.
Lair - Reactive attack collaboration framework and web application built with meteor.
Pentest Collaboration Framework (PCF) - Open source, cross-platform, and portable toolkit for automating routine pentest processes with a team.
RedELK - Track and alarm about Blue Team activities while providing better usability in long term offensive operations.
DET - Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.
TrevorC2 - Client/server tool for masking command and control and data exfiltration through a normally browsable website, not typical HTTP POST requests.
dnscat2 - Tool designed to create an encrypted command and control channel over the DNS protocol, which is an effective tunnel out of almost every network.
pwnat - Punches holes in firewalls and NATs.
QueenSono - Client/Server Binaries for data exfiltration with ICMP. Useful in a network where ICMP protocol is less monitored than others (which is a common case).
Magic Unicorn - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or certutil (using fake certificates).
Pwntools - Rapid exploit development framework built for use in CTFs.
peda - Python Exploit Development Assistance for GDB.
Wordpress Exploit Framework - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
Hwacha - Post-exploitation tool to quickly execute payloads via SSH on one or more Linux systems simultaneously.
Linux Exploit Suggester - Heuristic reporting on potentially viable exploits for a given GNU/Linux system.
BruteForce Wallet - Find the password of an encrypted wallet file (i.e. wallet.dat).
duplicut - Quickly remove duplicates, without changing the order, and without getting OOM on huge wordlists.
GoCrack - Management Web frontend for distributed password cracking sessions using hashcat (or other supported tools) written in Go.
hate_crack - Tool for automating cracking methodologies through Hashcat.
JWT Cracker - Simple HS256 JSON Web Token (JWT) token brute force cracker.
Bless - High quality, full featured, cross-platform graphical hex editor written in Gtk#.
hexedit - Simple, fast, console-based hex editor.
See also awesome-industrial-control-system-security.
Industrial Exploitation Framework (ISF) - Metasploit-like exploit framework based on routersploit designed to target Industrial Control Systems (ICS), SCADA devices, PLC firmware, and more.
s7scan - Scanner for enumerating Siemens S7 PLCs on a TCP/IP or LLC network.
See also awesome-vulnerable.
See awesome-lockpicking.
Bella - Pure Python post-exploitation data mining and remote administration tool for macOS.
x64dbg - Open source x64/x32 debugger for windows.
EvilOSX - Modular RAT that uses numerous evasion and exfiltration techniques out-of-the-box.
AutoSploit - Automated mass exploiter, which collects target by employing the Shodan.io API and programmatically chooses Metasploit exploit modules based on the Shodan query.
OWASP Zed Attack Proxy (ZAP) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
Decker - Penetration testing orchestration and automation framework, which allows writing declarative, reusable configurations capable of ingesting variables and using outputs of tools it has run as inputs to others.
Faraday - Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.
Pupy - Cross-platform (Windows, Linux, macOS, Android) remote administration and post-exploitation tool.
Wappalyzer - Wappalyzer uncovers the technologies used on websites.
CrackMapExec - Swiss army knife for pentesting networks.
Tor - Free software and onion routed overlay network that helps you defend against traffic analysis.
IKEForce - Command line IPSEC VPN brute forcing tool for Linux that allows group name/ID enumeration and XAUTH brute forcing capabilities.
Legion - Graphical semi-automated discovery and reconnaissance framework based on Python 3 and forked from SPARTA.
Printer Exploitation Toolkit (PRET) - Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
sslstrip - Demonstration of the HTTPS stripping attacks.
Spiderfoot - Multi-source OSINT automation tool with a Web UI and report visualizations.
SigPloit - Signaling security testing framework dedicated to telecom security for researching vulnerabilites in the signaling protocols used in mobile (cellular phone) operators.
Smart Install Exploitation Tool (SIET) - Scripts for identifying Cisco Smart Install-enabled switches on a network and then manipulating them.
John the Ripper - Fast password cracker.
THC Hydra - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more.
Tsunami - General purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
Zarp - Network attack tool centered around the exploitation of local networks.
dnstwist - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage.
impacket - Collection of Python classes for working with network protocols.
pivotsuite - Portable, platform independent and powerful network pivoting toolkit.
routersploit - Open source exploitation framework similar to Metasploit but dedicated to embedded devices.
rshijack - TCP connection hijacker, Rust rewrite of shijack.
Anevicon - Powerful UDP-based load generator, written in Rust.
Low Orbit Ion Canon (LOIC) - Open source network stress tool written for Windows.
Metasploit - Software for offensive security teams to help verify vulnerabilities and manage security assessments.
Memcrashed - DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API.
SlowLoris - DoS tool that uses low bandwidth on the attacking side.
T50 - Faster network stress tool.
UFONet - Abuses OSI layer 7 HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
ACLight - Script for advanced discovery of sensitive Privileged Accounts - includes Shadow Admins.
BlackArch - Arch GNU/Linux-based distribution for penetration testers and security researchers.
AQUATONE - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.
CloudFail - Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
Mass Scan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
BetterCAP - Modular, portable and easily extensible MITM framework.
OWASP Amass - Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc.
ScanCannon - Python script to quickly enumerate large networks by calling masscan to quickly identify open ports and then nmap to gain details on the systems/services on those ports.
XRay - Network (sub)domain discovery and reconnaissance automation tool.
dnsenum - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
dnsmap - Passive DNS network mapper.
dnsrecon - DNS enumeration script.
SQLmap - Automatic SQL injection and database takeover tool.
fierce - Python3 port of the original fierce.pl DNS reconnaissance tool for locating non-contiguous IP space.
passivedns-client - Library and query tool for querying several passive DNS providers.
Snyk Vulnerability DB - Detailed information and remediation guidance for vulnerabilities known by Snyk.
passivedns - Network sniffer that logs all DNS server replies for use in a passive DNS setup.
Hex Fiend - Fast, open source, hex editor for macOS with support for viewing binary diffs.
RustScan - Lightweight and quick open-source port scanner designed to automatically pipe open ports into Nmap.
scanless - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.
smbmap - Handy SMB enumeration tool.
subbrute - DNS meta-query spider that enumerates DNS records, and subdomains.
mitmproxy - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
See also awesome-pcaptools.
Dshell - Network forensic analysis framework.
Netzob - Reverse engineering, traffic generation and fuzzing of communication protocols.
netsniff-ng - Swiss army knife for network sniffing.
sniffglue - Secure multithreaded packet sniffer.
Kaitai Struct - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
hping3 - Network tool able to send custom TCP/IP packets.
pig - GNU/Linux packet crafting tool.
Hashcat - The more fast hash cracker.
scapy - Python-based interactive packet manipulation program and library.
Habu - Python utility implementing a variety of network attacks, such as ARP poisoning, DHCP starvation, and more.
Lambda-Proxy - Utility for testing SQL Injection vulnerabilities on AWS Lambda serverless functions.
MITMf - Framework for Man-In-The-Middle attacks.
I2P - The Invisible Internet Project.
Morpheus - Automated ettercap TCP/IP Hijacking tool.
Gophish - Open-source phishing framework.
SSH MITM - Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.
dnschef - Highly configurable DNS proxy for pentesters.
cppcheck - Extensible C/C++ static analyzer focused on finding bugs.
evilgrade - Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
mallory - HTTP/HTTPS proxy over SSH.
Iodine - Tunnel IPv4 data through a DNS server; useful for exfiltration from networks where Internet access is firewalled, but DNS queries are allowed.
oregano - Python module that runs as a machine-in-the-middle (MITM) accepting Tor client requests.
Lynis - Auditing tool for UNIX-based systems.
SSLyze - Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.
crackpkcs12 - Multithreaded program to crack PKCS#12 files (.p12 and .pfx extensions), such as TLS/SSL certificates.
mimikatz - Credentials extraction tool for Windows operating system.
Awesome Penetration Testing
angr - Platform-agnostic binary analysis framework.
Related posts
- The 36 tools that SaaS can use to keep their product and data safe from criminal hackers (manual research)
- Mixed Vendor Network Monitoring and Management
- Active Malware Campaign Targeting Popular Python Packages Underway
- Pentesting Tools I Use Everyday
- How attackers use exposed Prometheus server to exploit Kubernetes clusters