- Penetration Testing OS Distributions
- Multi-paradigm Frameworks
- Network Vulnerability scanners
- Network Tools
- Wireless Network Tools
- Transport Layer Security Tools
- Web Exploitation
- Hex Editors
- Hash Cracking Tools
- Windows Utilities
- GNU/Linux Utilities
- macOS Utilities
- Social Engineering Tools
- OSINT Tools
- Anonymity Tools
- Reverse Engineering Tools
- Side-channel Tools
- Parrot Security OS - Distribution similar to Kali using the same repositories, but with additional features such as Tor and I2P integration.
- Kali - GNU/Linux distribution designed for digital forensics and penetration testing.
- Metasploit - Software for offensive security teams to help verify vulnerabilities and manage security assessments.
- Pentest-tools - Web based platform for several open source reconnaissance and exploitation tools.
- OpenVAS - Open source implementation of the popular Nessus vulnerability assessment system.
- Nexpose - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
- Nessus - Commercial vulnerability assessment tool, sold by Tenable.
- OWASP Dependency Check - Open source static analysis tool that enumerates dependencies used by Java and .NET software code (with experimental support for Python, Ruby, Node.js, C, and C++) and lists security vulnerabilities associated with the dependencies.
- VisualCodeGrepper - Open source static code analysis tool with support for Java, C, C++, C#, PL/SQL, VB, and PHP. VisualCodeGrepper also conforms to OWASP best practices.
- Brakeman - Static analysis security vulnerability scanner for Ruby on Rails applications.
- sobelow - Security-focused static analysis for the Phoenix Framework.
- Progpilot - Static security analysis tool for PHP code.
- ShellCheck - Static code analysis tool for shell script.
- Codebeat (open source) - Open source implementation of commercial static code analysis tool with GitHub integration.
- truffleHog - Git repo scanner.
- SecretScanner - Scans application code for hard coded secrets.
- SecretSearcher - Scans application code for hard coded secrets (includes extended functionality).
- Netsparker Web Application Security Scanner - Commercial web application security scanner to automatically find many different types of security flaws.
- OWASP Zed Attack Proxy (ZAP) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
- Nikto - Noisy but fast black box web server and web application vulnerability scanner.
- WPScan - Black box WordPress vulnerability scanner.
- Log4jCenter - VMWare vCenter Log4Shell exploitation tool.
- Spyse - Web research services that scans the entire internet using OSINT. to simplify the investigation of infrastructure and attack surfaces.
- Spyse.py - Python wrapper for interacting with Spyse API
- pig - GNU/Linux packet crafting tool.
- Network-Tools.com - Website offering an interface to numerous basic network utilities like
ping,traceroute,whois, and more. - Intercepter-NG - Multifunctional network toolkit.
- Legion - Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.
- dsniff - Collection of tools for network auditing and pentesting.
- Printer Exploitation Toolkit (PRET) - Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
- impacket - Collection of Python classes for working with network protocols.
- THC Hydra - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more.
- Ncat - TCP/IP command line utility supporting multiple protocols, included with Nmap.
- Network Detective - White Box tool used for network analysis, enumeration of users, permission, shares, and assets, sold by Rapidfiretools.
- ScoutSuite - Open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments.
- Prowler - Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness.
- PrincipleMapper - Open source AWS IAM vulnerability analysis tool.
- Pacu - AWS exploitation framework.
- CloudSploit - CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts, including: Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI), and GitHub.
- Shodan - Database containing information on all accessible domains on the internet obtained from passive scanning.
- pyShodan - Python 3 script for interacting with Shodan API (requires valid API key).
- zmap - Open source network scanner that enables researchers to easily perform Internet-wide network studies.
- Amass - network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques, maintained by OWASP.
- nmap - Free security scanner for network exploration & security audits.
- Netdiscover - Simple and quick network scanning tool.
- Mass Scan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
- smbmap - Handy SMB enumeration tool.
- LdapMiner - Multiplatform LDAP enumeration utility.
- ldapsearch - Linux command line utility for querying LDAP servers.
- ACLight - Script for advanced discovery of sensitive Privileged Accounts - includes Shadow Admins.
- Pentest-Tools - Online suite of various different pentest related tools.
- BuiltWith - Technology lookup tool for websites.
- tcpdump/libpcap - Common packet analyzer that runs under the command line.
- Wireshark - Widely-used graphical, cross-platform network protocol analyzer.
- Yersinia - Packet and protocol analyzer with MITM capability.
- netsniff-ng - Swiss army knife for for network sniffing.
- Responder - Open source NBT-NS, LLMNR, and MDNS poisoner.
- Responder-Windows - Windows version of the above NBT-NS/LLMNR/MDNS poisoner.
- dnschef - Highly configurable DNS proxy for pentesters.
- mitmproxy - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
- SSH MITM - Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.
- evilgrade - Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
- Ettercap - Comprehensive, mature suite for machine-in-the-middle attacks.
- BetterCAP - Modular, portable and easily extensible MITM framework.
- Aircrack-ng - Set of tools for auditing wireless networks.
- BetterCAP - Wifi, Bluetooth LE, and HID reconnaissance and MITM attack framework, written in Go.
- Wifite - Automated wireless attack tool.
- wifi-pickle - Fake access point attacks.
- SSLyze - Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.
- crackpkcs12 - Multithreaded program to crack PKCS#12 files (
.p12and.pfxextensions), such as TLS/SSL certificates. - SSLScan - Quick command line tool for checking TLS/SSL configuration.
- WPSploit - Exploit WordPress-powered websites with Metasploit.
- SQLmap - Automated SQL injection and database takeover tool.
- tplmap - Automatic server-side template injection and Web server takeover tool.
- wafw00f - Identifies and fingerprints Web Application Firewall (WAF) products.
- IIS-Shortname-Scanner - Command line tool to exploit the Windows IIS tilde information disclosure vulnerability.
- [UUID Decode](https://www.uuidtools.com/decode - Web based tool to extract version and variant information from UUIDs.
- HexEdit.js - Browser-based hex editing.
- Hexinator - World's finest (proprietary, commercial) Hex Editor.
- Frhed - Binary file editor for Windows.
- Cheat Engine - Memory debugger and hex editor for running applications.
- Hashcat - Fast hash cracking utility with support for most known hashes as well as OpenCL and CUDA acceleration.
- John the Ripper - Fast password cracker.
- CeWL - Generates custom wordlists by spidering a target's website and collecting unique words.
- JWT Cracker - Simple HS256 JWT token brute force cracker.
- Rar Crack - RAR bruteforce cracker.
- Mentalist - Graphical tool for custom wordlist generation
- PowerSploit - PowerShell Post-Exploitation Framework.
- Headstart - Lazy man's Windows privilege escalation tool utilizing PowerSploit.
- mimikatz - Credentials extraction tool for Windows operating system.
- Bloodhound - Graphical Active Directory trust relationship explorer.
- Fibratus - Tool for exploration and tracing of the Windows kernel.
- redsnarf - Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers.
- Magic Unicorn - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or
certutil(using fake certificates). - WinPEAS - A series of scripts for Windows Priviledge escalation.
- ldapdomaindump - Active directory domain information dumper
- Linux Exploit Suggester - Heuristic reporting on potentially viable exploits for a given GNU/Linux system.
- Linus - Security auditing tool for Linux and macOS.
- LinPEAS - A series of scripts for Linux priviledge escalation.
- LinEnum - Linex enumeration tool for priviledge escalation.
- Bella - Pure Python post-exploitation data mining and remote administration tool for macOS.
- Linus - Security auditing tool for Linux and macOS.
- GoPhish - Open source phishing toolkit
- Linkedin2username - OSINT Tool: Generate username lists from companies on LinkedIn.
- Modlishka - Flexible reverse proxy tool for phishing engagements.
- Shodan - World's first search engine for Internet-connected devices.
-
- pyShodan - Python 3 script for interacting with Shodan API (requires valid API key).
-
- Maltego - Proprietary software for open source intelligence and forensics, from Paterva.
- Mxtoolbox - Email domain and DNS lookup.
- recon-ng - Full-featured Web Reconnaissance framework written in Python..
- Virus Total - Free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
- PacketTotal - Simple, free, high-quality packet capture file analysis facilitating the quick detection of network-borne malware (using Bro and Suricata IDS signatures under the hood).
- Amass - Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc.
- TruePeopleSearch - OSINT tool for individual research.
- DNSTwist - Open source phishing domain scanner to identify potentially malicious typosquatted domains.
- AlienVault OTX - The World’s First Truly Open Threat Intelligence Community.
- Criminal IP - Web base OSINT platform that enables rapidly collecting technical data on public facing websites.
- GrayHatWarfare - Web based tool for identifying exposed S3 Buckets or Azure BLOBs.
- VirusTotal - Online malware scanner.
- Hybrid Analysis - Online malware scanner.
- WDK/WinDbg - Windows Driver Kit and WinDbg.
- Radare2 - Open source, crossplatform reverse engineering framework.
- plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
- peda - Python Exploit Development Assistance for GDB.
- dnSpy - Tool to reverse engineer .NET assemblies.
- binwalk - Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
- rVMI - Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool.
This work is licensed under a Creative Commons Attribution 4.0 International License.