more_tools.md

Latest Cool Tools

The following are a collection of recently-released pen test tools. I update this list every time that there is a new post and when I find a new one around the Internet. The rest of the repository has hundreds of additional cybersecurity and pen test tools.

---

• GhostDelivery - This Tool Creates A Obfuscated .vbs Script To Download A Payload Hosted On A Server To %TEMP% Directory, Execute Payload And Gain Persistence
• ReverseTCPShell - PowerShell ReverseTCP Shell, Client & Server
• ripVT - Virus Total API Maltego Transform Set For Canari
• Vulners Scanner for Android - Passive Vulnerability Scanning Based On Software Version Fingerprint
• ANDRAX v3 - The First And Unique Penetration Testing Platform For Android Smartphones
• PcapXray v2.5 - A Network Forensics Tool To Visualize A Packet Capture Offline As A Network Diagram
• Python-Iocextract - Advanced Indicator Of Compromise (IOC) Extractor
• Vthunting - A Tiny Script Used To Generate Report About VirusTotal Hunting And Send It By Email, Slack Or Telegram
• Facebash - Facebook Brute Forcer In Shellscript Using TOR
• Finshir - A Coroutines-Driven Low And Slow Traffic Sender, Written In Rust
• autoPwn - Automate Repetitive Tasks For Fuzzing
• Metabigor - Command Line Search Engines Without Any API Key
• Userrecon-Py - Find Usernames In Social Networks
• Amass - In-depth DNS Enumeration And Network Mapping
• Wpbullet - A Static Code Analysis For WordPress (And PHP)
• PhoneSploit - Using Open Adb Ports We Can Exploit A Devive
• Kubolt - Utility For Scanning Public Kubernetes Clusters
• Brutality - A Fuzzer For Any GET Entries
• P4wnP1 A.L.O.A. - Framework Which Turns A Rapsberry Pi Zero W Into A Flexible, Low-Cost Platform For Pentesting, Red Teaming And Physical Engagements
• Sniffglue - Secure Multithreaded Packet Sniffer
• H2Buster - A Threaded, Recursive, Web Directory Brute-Force Scanner Over HTTP/2
• CMSeeK v1.1.2 - CMS Detection And Exploitation Suite - Scan WordPress, Joomla, Drupal And Over 170 Other CMSs
• SSHD-Poison - A Tool To Get Creds Of Pam Based SSHD Authentication
• HiddenWall - Linux Kernel Module Generator For Custom Rules With Netfilter (Block Ports, Hidden Mode, Rootkit Functions, Etc)
• IPFinder CLI - The Official Command Line Client For IPFinder
• VulnX - CMS And Vulnerabilites Detector And An Intelligent Auto Shell Injector
• TeleShadow v3 - Telegram Desktop Session Stealer (Windows)
• Crosslinked - LinkedIn Enumeration Tool To Extract Valid Employee Names From An Organization Through Search Engine Scraping
• Graffiti - A Tool To Generate Obfuscated One Liners To Aid In Penetration Testing
• Kali Linux 2019.2 Release - Penetration Testing and Ethical Hacking Linux Distribution
• Versionscan - A PHP Version Scanner For Reporting Possible Vulnerabilities
• XSSCon - Simple XSS Scanner Tool
• Hydra 9.0 - Fast and Flexible Network Login Hacker
• Flashsploit - Exploitation Framework For ATtiny85 Based HID Attacks
• Scavenger - Crawler Searching For Credential Leaks On Different Paste Sites
• OSIF - Open Source Information Facebook
• Bandit - Tool Designed To Find Common Security Issues In Python Code
• Brutemap - Tool That Automates Testing Accounts To The Site's Login Page
• Acunetix Vulnerability Scanner Now With Network Security Scans
• Project iKy - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
• Miteru - An Experimental Phishing Kit Detection Tool
• SecurityRAT - Tool For Handling Security Requirements In Development
• JWT Tool - A Toolkit For Testing, Tweaking And Cracking JSON Web Tokens
• Trigmap - A Wrapper For Nmap To Automate The Pentest
• Machinae v1.4.8 - Security Intelligence Collector
• WAFW00F v1.0.0 - Detect All The Web Application Firewall!
• Horn3t - Powerful Visual Subdomain Enumeration At The Click Of A Mouse
• Pacbot - Platform For Continuous Compliance Monitoring, Compliance Reporting And Security Automation For The Cloud
• Findomain - A Cross-Platform Tool That Use Certificate Transparency Logs To Find Subdomains
• Sn1per v7.0 - Automated Pentest Framework For Offensive Security Experts
• PAnalizer - Pornography Analizer And Face Searching
• FinalRecon - OSINT Tool For All-In-One Web Reconnaissance
• iCULeak - Tool To Find And Extract Credentials From Phone Configuration Files Hosted On Cisco CUCM
• DumpTheGit - Searches Through Public Repositories To Find Sensitive Information Uploaded To The Github Repositories
• Vulmap - Online Local Vulnerability Scanners Project
• AutoSource - Automated Source Code Review Framework Integrated With SonarQube
• Kerbrute - A Tool To Perform Kerberos Pre-Auth Bruteforcing
• Hackuna - The First Mobile App to Track Hackers
• Joy - A Package For Capturing And Analyzing Network Flow Data And Intraflow Data, For Network Research, Forensics, And Security Monitoring
• Kostebek - Reconnaissance Tool Which Uses Firms Trademark Information To Discover Their Domains
• Termshark - A Terminal UI For Tshark, Inspired By Wireshark
• PeekABoo - Tool To Enable Remote Desktop On The Targeted Machine
• 10Minutemail - Python Temporary Email
• BruteDum - Brute Force Attacks SSH, FTP, Telnet, PostgreSQL, RDP, VNC With Hydra, Medusa And Ncrack
• Cynet Free IR Tool Offering Empowers Responders to Know and Act Against Active Attacks
• CQTools - The New Ultimate Windows Hacking Toolkit
• ExtAnalysis - Browser Extension Analysis Framework
• QRGen - Simple Script For Generating Malformed QRCodes
• ReconT - Reconnaisance / Footprinting / Information Disclosure
• Bashter - Web Crawler, Scanner, And Analyzer Framework
• Adidnsdump - Active Directory Integrated DNS Dumping By Any Authenticated User
• Twint - An Advanced Twitter Scraping And OSINT Tool
• HostHunter - A Recon Tool For Discovering Hostnames Using OSINT Techniques
• Flerken - Obfuscated Command Detection Tool
• ScanQLi - Scanner To Detect SQL Injection Vulnerabilities
• OSINT-Search - Useful For Digital Forensics Investigations Or Initial Black-Box Pentest Footprinting
• Parrot Security 4.6 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind
• Evil Clippy - A Cross-Platform Assistant For Creating Malicious MS Office Documents
• ParamPamPam - Brute Force Discover GET And POST Parameters
• Osmedeus - Fully Automated Offensive Security Tool For Reconnaissance And Vulnerability Scanning
• Okadminfinder3 - Admin Panel Finder / Admin Login Page Finder
• Cutter - Free And Open-Source GUI For Radare2 Reverse Engineering Framework
• NAXSI - An Open-Source, High Performance, Low Rules Maintenance WAF For NGINX
• Raptor WAF v0.6 - Web Application Firewall using DFA
• FTPBruter - A FTP Server Brute Forcing Tool
• Freddy - Automatically Identify Deserialisation Issues In Java And .NET Applications By Using Active And Passive Scans
• Findomain - A Tool That Use Certificate Transparency Logs To Find Subdomains
• Anevicon - A High-Performant UDP-based Load Generator
• Reverie - Automated Pentest Tools Designed For Parrot Linux
• EasySploit - Metasploit Automation (EASIER And FASTER Than EVER)
• PyWhatCMS - Unofficial WhatCMS API Package
• Kubebot - A Security Testing Slackbot Built With A Kubernetes Backend On The Google Cloud Platform
• drAFL - AFL + DynamoRIO = Fuzzing Binaries With No Source Code On Linux
• Ttyd - Share Your Terminal Over The Web
• mongoBuster - Hunt Open MongoDB Instances
• Parameth - This Tool Can Be Used To Brute Discover GET And POST Parameters
• EfiGuard - Disable PatchGuard And DSE At Boot Time
• fireELF - Fileless Linux Malware Framework
• FLASHMINGO - Automatic Analysis Of SWF Files Based On Some Heuristics
• Platypus - A Modern Multiple Reverse Shell Sessions Manager Written In Go
• SilkETW - Flexible C# Wrapper For ETW (Event Tracing for Windows)
• Instantbox - Get A Clean, Ready-To-Go Linux Box In Seconds
• Pepe - Collect Information About Email Addresses From Pastebin
• W12Scan - A Simple Asset Discovery Engine For Cybersecurity
• Instainsane - Multi-threaded Instagram Brute Forcer
• Zeebsploit - Web Scanner / Exploitation / Information Gathering
• TeleKiller - A Tool Session Hijacking And Stealer Local Passcode Telegram Windows
• pwnedOrNot v1.1.7 - OSINT Tool To Find Passwords For Compromised Email Addresses
• 0D1N v2.6 - Web Security Tool To Make Fuzzing At HTTP/S
• CredsLeaker v3 - Tool to Display A Powershell Credentials Box
• GodOfWar - Malicious Java WAR Builder With Built-In Payloads
• XSStrike v3.1.4 - Most Advanced XSS Detection Suite
• Chkdfront - Check Domain Fronting
• QRLJacker v2.0 - QRLJacking Exploitation Framework
• Zeebsploit - Web Scanner / Exploitation / Information Gathering
• Mysql-Magic - Dump Mysql Client Password From Memory
• mXtract v1.2 - Memory Extractor & Analyzer
• DefectDojo v1.5.4 - Application Vulnerability Correlation And Security Orchestration Application
• Free Cynet Threat Assessment for Mid-sized and Large Organizations
• Beagle - An Incident Response And Digital Forensics Tool Which Transforms Security Logs And Data Into Graphs
• ISF - Industrial Control System Exploitation Framework
• Pocsuite3 - An Open-Sourced Remote Vulnerability Testing Framework
• XanXSS - A Simple XSS Finding Tool
• Pyrit - The Famous WPA Precomputed Cracker
• Faraday v3.7 - Collaborative Penetration Test and Vulnerability Management Platform
• PowerShellArsenal - A PowerShell Module Dedicated To Reverse Engineering
• Darksplitz - Exploit Framework
• CHAOS Framework v3.0 - Generate Payloads And Control Remote Windows Systems
• CHAOS Framework v2.0 - Generate Payloads And Control Remote Windows Systems
• ISeeYou - Bash And Javascript Tool To Find The Exact Location Of The Users During Social Engineering Or Phishing Engagements
• Instainsane - Multi-threaded Instagram Brute Forcer
• Evillimiter - Limits Bandwidth Of Devices On The Same Network
• Osmedeus - Fully Automated Offensive Security Tool For Reconnaissance And Vulnerability Scanning
• Mimikatz v2.2.0 - A Post-Exploitation Tool to Extract Plaintexts Passwords, Hash, PIN Code from Memory
• Commando VM - The First of Its Kind Windows Offensive Distribution
• IDArling - Collaborative Reverse Engineering Plugin For IDA Pro & Hex-Rays
• Wireshark Cheatsheet
• FFM (Freedom Fighting Mode) - Open Source Hacking Harness
• Just-Metadata - Tool That Gathers And Analyzes Metadata About IP Addresses
• phpMussel - PHP-based Anti-Virus Anti-Trojan Anti-Malware Solution
• WinPwn - Automation For Internal Windows Penetrationtest
• Reconerator - C# Targeted Attack Reconnaissance Tools
• Mutiny Fuzzing Framework - Network Fuzzer That Operates By Replaying PCAPs Through A Mutational Fuzzer
• Flightsim - A Utility To Generate Malicious Network Traffic And Evaluate Controls
• LAPSToolkit - Tool To Audit And Attack LAPS Environments
• Xori - An Automation-Ready Disassembly And Static Analysis Library For PE32, 32+ And Shellcode
• H2T - Scans A Website And Suggests Security Headers To Apply
• Got-Responded - A Simple Tool To Detect NBT-NS And LLMNR Spoofing
• WPScan v3.4.5 - Black Box WordPress Vulnerability Scanner
• Androwarn - Yet Another Static Code Analyzer For Malicious Android Applications
• FIR - Fast Incident Response
• Webtech - Identify Technologies Used On Websites
• Lynis 2.7.3 - Security Auditing Tool for Unix/Linux Systems
• SMS-Stack - Framework to provided TPC/IP based characteristics to the GSM Short Message Service
• Xerxes - DoS Tool Enhanced
• mXtract - Memory Extractor & Analyzer
• RapidRepoPull - Tool To Quickly Pull And Install Repos From A List
• Goscan - Interactive Network Scanner
• Remot3d v2.0 - Tool Created For Large Pentesters As Well As Just For The Pleasure Of Defacers To Control Server By Backdoors
• Dnsdmpstr - Unofficial API & Client For Dnsdumpster.Com And Hackertarget.Com
• Freevulnsearch - Free And Open NMAP NSE Script To Query Vulnerabilities Via The cve-search.org API
• Armory - A Tool Meant To Take In A Lot Of External And Discovery Data From A Lot Of Tools, Add It To A Database And Correlate All Of Related Information
• DOGE - Darknet Osint Graph Explorer
• Mad-Metasploit - Metasploit Custom Modules, Plugins & Resource Scripts
• Metaforge - An OSINT Metadata Analyzing Tool That Filters Through Tags And Creates Reports
• Hashboy-Tool - A Hash Query Tool
• CarbonCopy - A Tool Which Creates A Spoofed Certificate Of Any Online Website And Signs An Executable For AV Evasion
• Karma - Search of Emails and Passwords on Pwndb
• Arjun v1.3 - HTTP Parameter Discovery Suite
• SocialFish v2 - Educational Phishing Tool & Information Collector
• DNS-Shell - An Interactive Shell Over DNS Channel
• Decker - Declarative Penetration Testing Orchestration Framework
• PFQ - Functional Network Framework For Multi-Core Architectures
• Hostintel - A Modular Python Application To Collect Intelligence For Malicious Hosts
• IoT-Home-Guard - A Tool For Malicious Behavior Detection In IoT Devices
• Acunetix Web Application Vulnerability Report 2019
• Kage - Graphical User Interface For Metasploit Meterpreter And Session Handler
• rootOS - macOS Root Helper
• Vuls - Vulnerability Scanner For Linux/FreeBSD, Agentless, Written In Go
• Reverse Shell Cheat Sheet
• AutoRDPwn v4.8 - The Shadow Attack Framework
• Cat-Nip - Automated Basic Pentest Tool (Designed For Kali Linux)
• Goca Scanner - FOCA fork written in Go
• Chomp Scan - A Scripted Pipeline Of Tools To Streamline The Bug Bounty/Penetration Test Reconnaissance Phase
• Turbinia - Automation And Scaling Of Digital Forensics Tools
• Ghidra - Software Reverse Engineering Framework
• Legion - An Easy-To-Use, Super-Extensible And Semi-Automated Network Penetration Testing Tool That Aids In Discovery, Reconnaissance And Exploitation Of Information Systems
• Reload.sh - Reinstall, Restore And Wipe Your System Via SSH, Without Rebooting
• UserLAnd - The Easiest Way To Run A Linux Distribution or Application on Android
• Cuteit v0.2.1 - IP Obfuscator Made To Make A Malicious Ip A Bit Cuter
• Rpi-Hunter - Automate Discovering And Dropping Payloads On LAN Raspberry Pi's Via SSH
• CMSeeK v1.1.1 - CMS Detection And Exploitation Suite (Scan WordPress, Joomla, Drupal And 150 Other CMSs)
• Faraday v3.6 - Collaborative Penetration Test and Vulnerability Management Platform
• Phantom Evasion - Python AV Evasion Tool Capable To Generate FUD Executable Even With The Most Common 32 Bit Metasploit Payload (Exe/Elf/Dmg/Apk)
• Strelka - Scanning Files At Scale With Python And ZeroMQ
• Imago Forensics - Imago Is A Python Tool That Extract Digital Evidences From Images
• VSHG - Hardware resistance & enhanced security for GnuPG
• Angr - A Powerful And User-Friendly Binary Analysis Platform
• Ntopng - Web-based Traffic And Security Network Traffic Monitoring
• HT-WPS Breaker - High Touch WPS Breaker
• Ophcrack - A Windows Password Cracker Based On Rainbow Tables
• Metasploit Cheat Sheet
• SALT - SLUB ALlocator Tracer For The Linux Kernel
• Command Injection Payload List
• Reko - A General Purpose Binary Decompiler
• Iptables Essentials - Common Firewall Rules And Commands
• HexRaysCodeXplorer - Hex-Rays Decompiler Plugin For Better Code Navigation
• PHP Security Check List
• OSFClone - Open Source Utility To Create And Clone Forensic Disk Images
• Cheat Engine - A Development Environment Focused On Modding
• BeEF - The Browser Exploitation Framework Project
• Eraser - Secure Erase Files from Hard Drives on Windows
• SecLists - A Collection Of Multiple Types Of Lists Used During Security Assessments, Collected In One Place (Usernames, Passwords, URLs, Sensitive Data Patterns, Fuzzing Payloads, Web Shells, And Many More)
• GameGuardian - Android Game Hack/Alteration Tool
• OSINT-SPY - Search using OSINT (Open Source Intelligence)
• Maltego CE - An Interactive Data Mining Tool That Renders Directed Graphs For Link Analysis
• BoNeSi - The DDoS Botnet Simulator
• HoneyPy - A Low To Medium Interaction Honeypot
• Egress-Assess - Tool Used To Test Egress Data Detection Capabilities
• Fibratus - Tool For Exploration And Tracing Of The Windows Kernel
• TROMMEL - Sift Through Embedded Device Files To Identify Potential Vulnerable Indicators
• DCOMrade - Powershell Script For Enumerating Vulnerable DCOM Applications
• Ponce - IDA Plugin For Symbolic Execution Just One-Click Away!
• Kaboom - Automatic Pentest
• SSRFmap - Automatic SSRF Fuzzer And Exploitation Tool
• Pompem - Exploit and Vulnerability Finder
• Lazygit - Simple Terminal UI For Git Commands
• Up (Ultimate Plumber) - Tool For Writing Linux Pipes With Instant Live Preview
• CDF - Crypto Differential Fuzzing
• Justniffer - Network TCP Packet Sniffer
• UEFI Firmware Parser - Parse BIOS/Intel ME/UEFI Firmware Related Structures: Volumes, FileSystems, Files, Etc
• PF_RING - High-Speed Packet Capture, Filtering And Analysis
• Pftriage - Python Tool And Library To Help Analyze Files During Malware Triage And Analysis
• nDPI - Open Source Deep Packet Inspection Software Toolkit
• Hontel - Telnet Honeypot
• Volatility Workbench - A GUI For Volatility Memory Forensics
• HTTrack Website Copier - Web Crawler And Offline Browser
• OSFMount - Mount Disk Images & Create RAM Drives
• Process Hacker - A Free, Powerful, Multi-Purpose Tool That Helps You Monitor System Resources, Debug Software And Detect Malware
• CANalyzat0r - Security Analysis Toolkit For Proprietary Car Protocols
• DFIRTrack - The Incident Response Tracking Application
• Goscan - Interactive Network Scanner
• RedELK - Easy Deployable Tool For Red Teams Used For Tracking And Alarming About Blue Team Activities As Well As Better Usability In Long Term Operations
• Fnord - Pattern Extractor For Obfuscated Code
• Bincat - Binary Code Static Analyser, With IDA Integration
• Bscan - An Asynchronous Target Enumeration Tool
• Modlishka - An Open Source Phishing Tool With 2FA Authentication
• Fwknop - Single Packet Authorization & Port Knocking
• Netsniff-Ng - A Swiss Army Knife For Your Daily Linux Network Plumbing
• Electronegativity - Tool To Identify Misconfigurations And Security Anti-Patterns In Electron Applications
• LOLBAS - Living Off The Land Binaries And Scripts (LOLBins And LOLScripts)
• XIP - Tool To Generate A List Of IP Addresses By Applying A Set Of Transformations Used To Bypass Security Measures E.G. Blacklist Filtering, WAF, Etc.
• Stenographer - A Packet Capture Solution Which Aims To Quickly Spool All Packets To Disk, Then Provide Simple, Fast Access To Subsets Of Those Packets
• Fierce - Semi-Lightweight Scanner That Helps Locate Non-Contiguous IP Space And Hostnames Against Specified Domains
• Bolt - CSRF Scanning Suite
• Pwndb - Search For Creadentials Leaked On Pwndb
• Pown Recon - A Powerful Target Reconnaissance Framework Powered By Graph Theory
• Uncle Spufus - A Tool That Automates Mac Address Spoofing
• CIRTKit - Tools For The Computer Incident Response Team
• ADAPT - Tool That Performs Automated Penetration Testing For WebApps
• Scanner-Cli - A Project Security/Vulnerability/Risk Scanning Tool
• Sn0Int - Semi-automatic OSINT Framework And Package Manager
• FTW - Framework For Testing WAFs
• identYwaf - Blind WAF Identification Tool
• Sh00T - A Testing Environment for Manual Security Testers
• WiGLE - Wifi Wardriving (Nethugging Client For Android)
• LeakLooker - Find Open Databases With Shodan
• SecureTea Project - The Purpose Of This Application Is To Warn The User (Via Various Communication Mechanisms) Whenever Their Laptop Accessed
• ProcDump - A Linux Version Of The ProcDump Sysinternals Tool
• Parrot Security 4.5 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind
• Jok3R - Network And Web Pentest Framework
• Beebug - A Tool For Checking Exploitability
• Conpot - An Open Industrial Control Honeypot
• WPintel - Chrome Extension Designed For WordPress Vulnerability Scanning And Information Gathering
• Malice - VirusTotal Wanna Be (Now With 100% More Hipster)
• Htcap - A Web Application Scanner Able To Crawl Single Page Application (SPA) In A Recursive Manner By Intercepting Ajax Calls And DOM Changes
• Remot3d - An Simple Exploit for PHP Language
• Tyton - Linux Kernel-Mode Rootkit Hunter for 4.4.0-31+
• Crashcast-Exploit - This Tool Allows You Mass Play Any YouTube Video With Chromecasts Obtained From Shodan.io
• Tool-X - A Kali Linux Hacking Tool Installer
• SQLMap v1.3 - Automatic SQL Injection And Database Takeover Tool
• Stretcher - Tool Designed To Help Identify Open Elasticsearch Servers That Are Exposing Sensitive Information
• Aztarna - A Footprinting Tool For Robots
• Hediye - Hash Generator & Cracker Online Offline
• Killcast - Manipulate Chromecast Devices In Your Network
• bypass-firewalls-by-DNS-history - Firewall Bypass Script Based On DNS History Records
• WiFi-Pumpkin v0.8.7 - Framework for Rogue Wi-Fi Access Point Attack
• H8Mail - Email OSINT And Password Breach Hunting
• Kube-Hunter - Hunt For Security Weaknesses In Kubernetes Clusters
• Metasploit 5.0 - The World’s Most Used Penetration Testing Framework
• Interlace - Easily Turn Single Threaded Command Line Applications Into Fast, Multi Threaded Ones With CIDR And Glob Support
• Twifo-Cli - Get User Information Of A Twitter User
• Sitadel - Web Application Security Scanner
• Pe-Sieve - Recognizes And Dumps A Variety Of Potentially Malicious Implants (Replaced/Injected PEs, Shellcodes, Hooks, In-Memory Patches)
• Malboxes - Builds Malware Analysis Windows VMs So That You Don'T Have To
• Snyk - CLI And Build-Time Tool To Find & Fix Known Vulnerabilities In Open-Source Dependencies
• Shed - .NET Runtime Inspector
• Stardox - Github Stargazers Information Gathering Tool
• Commix v2.7 - Automated All-in-One OS Command Injection And Exploitation Tool
• AutoSploit v3.0 - Automated Mass Exploiter
• Faraday v3.5 - Collaborative Penetration Test and Vulnerability Management Platform
• Recaf - A Modern Java Bytecode Editor
• dnSpy - .NET Debugger And Assembly Editor
• Trivy - A Simple And Comprehensive Vulnerability Scanner For Containers, Suitable For CI
• Mallory - HTTP/HTTPS Proxy Over SSH
• ezXSS - An Easy Way For Penetration Testers And Bug Bounty Hunters To Test (Blind) Cross Site Scripting
• Uptux - Linux Privilege Escalation Checks (Systemd, Dbus, Socket Fun, Etc)
• Fail2Ban - Daemon To Ban Hosts That Cause Multiple Authentication Errors
• Dr. Memory - Memory Debugger For Windows, Linux, Mac, And Android
• Gosec - Golang Security Checker
• Virtuailor - IDAPython Tool For Creating Automatic C++ Virtual Tables In IDA Pro
• AtomShields Cli - Security Testing Framework For Repositories And Source Code
• PESTO - PE (files) Statistical Tool
• UBoat - HTTP Botnet Project
• ThreatIngestor - Extract And Aggregate Threat Intelligence
• Pockint - A Portable OSINT Swiss Army Knife For DFIR/OSINT Professionals
• LinPwn - Interactive Post Exploitation Tool
• XORpass - Encoder To Bypass WAF Filters Using XOR Operations
• CloudUnflare - Reconnaissance Real IP Address For Cloudflare Bypass
• Cryptovenom - The Cryptography Swiss Army Knife
• Tor Browser v9.0 - Everything you Need to Safely Browse the Internet
• AutoSploit v4.0 - Automated Mass Exploiter
• Tails 4.0 - Live System to Preserve Your Privacy and Anonymity
• ATTACKdatamap - A Datasource Assessment On An Event Level To Show Potential Coverage Or The MITRE ATT&CK Framework
• JSONBee - A Ready To Use JSONP Endpoints/Payloads To Help Bypass Content Security Policy Of Different Websites
• Arjun v1.6 - HTTP Parameter Discovery Suite
• HomePwn - Swiss Army Knife for Pentesting of IoT Devices
• Femida - Automated Blind-Xss Search For Burp Suite
• Slither v0.6.7 - Static Analyzer For Solidity
• AutoMacTC - Automated Mac Forensic Triage Collector
• Password Lense - Reveal Character Types In A Password
• Osmedeus v2.1 - Fully Automated Offensive Security Framework For Reconnaissance And Vulnerability Scanning
• Snare - Super Next Generation Advanced Reactive honEypot
• UAC-A-Mola - Tool That Allows Security Researchers To Investigate New UAC Bypasses, In Addition To Detecting And Exploiting Known Bypasses
• SUID3NUM - A Script Which Utilizes Python'S Built-In Modules To Find SUID Bins, Separate Default Bins From Custom Bins, Cross-Match Those With Bins In GTFO Bin's Repository & Auto-Exploit Those
• FOCA - Tool To Find Metadata And Hidden Information In The Documents
• IoT-Implant-Toolkit - Toolkit For Implant Attack Of IoT Devices
• Discover - Custom Bash Scripts Used To Automate Various Penetration Testing Tasks Including Recon, Scanning, Parsing, And Creating Malicious Payloads And Listeners With Metasploit
• Rbuster - Yet Another Dirbuster
• XMLRPC Bruteforcer - An XMLRPC Brute Forcer Targeting Wordpress
• Dirstalk - Modern Alternative To Dirbuster/Dirb
• Cotopaxi - Set Of Tools For Security Testing Of Internet Of Things Devices Using Specific Network IoT Protocols
• Auto Re - IDA PRO Auto-Renaming Plugin With Tagging Support
• Gobuster v3.0 - Directory/File, DNS And VHost Busting Tool Written In Go
• RITA - Real Intelligence Threat Analytics
• Eaphammer v1.9.0 - Targeted Evil Twin Attacks Against WPA2-Enterprise Networks
• Postenum - A Clean, Nice And Easy Tool For Basic/Advanced Privilege Escalation Techniques
• Unicorn-Bios - Basic BIOS Emulator For Unicorn Engine
• uniFuzzer - A Fuzzing Tool For Closed-Source Binaries Based On Unicorn And LibFuzzer
• SMTPTester - Tool To Check Common Vulnerabilities In SMTP Servers
• Tylium - Primary Data Pipelines For Intrusion Detection, Security Analytics And Threat Hunting
• Fsmon - Monitor Filesystem On iOS / OS X / Android / FirefoxOS / Linux
• Traxss - Automated XSS Vulnerability Scanner
• DECAF - Short for Dynamic Executable Code Analysis Framework
• Mosca - Manual Search Tool To Find Bugs Like A Grep Unix Command
• MalConfScan - Volatility Plugin For Extracts Configuration Data Of Known Malware
• Ispy - Eternalblue (MS17-010) / Bluekeep (CVE-2019-0708) Scanner And Exploit
• Zeek - A Powerful Network Analysis Framework That Is Much Different From The Typical IDS You May Know
• Maryam - Open-source intelligence (OSINT) Framework
• box.js - A Tool For Studying JavaScript Malware
• FATT - A Script For Extracting Network Metadata And Fingerprints From Pcap Files And Live Network Traffic
• Penta - Open Source All-In-One CLI Tool To Automate Pentesting
• Tarnish - A Chrome Extension Static Analysis Tool To Help Aide In Security Reviews
• B2R2 - Collection Of Useful Algorithms, Functions, And Tools For Binary Analysis
• Userrecon-Py v2.0 - Username Recognition On Various Websites
• DNS Rebinding Tool - DNS Rebind Tool With Custom Scripts
• Fenrir - Simple Bash IOC Scanner
• ManaTI - A Web-Based Tool To Assist The Work Of The Intuitive Threat Analysts
• ThreadBoat - Program Uses Thread Execution Hijacking To Inject Native Shellcode Into A Standard Win32 Application
• SQLMap v1.3.10 - Automatic SQL Injection And Database Takeover Tool
• GiveMeSecrets - Use Regular Expressions To Get Sensitive Information From A Given Repository (GitHub, Pip Or Npm)
• Lockdoor Framework - A Penetration Testing Framework With Cyber Security Resources
• Sub.Sh - Online Subdomain Detect Script
• CryptonDie - A Ransomware Developed For Study Purposes
• Recomposer - Randomly Changes Win32/64 PE Files For 'Safer' Uploading To Malware And Sandbox Sites
• Terraform AWS Secure Baseline - Terraform Module To Set Up Your AWS Account With The Secure Baseline Configuration Based On CIS Amazon Web Services Foundations
• Syhunt Community 6.7 - Web And Mobile Application Scanner
• DumpsterFire - "Security Incidents In A Box!" A Modular, Menu-Driven, Cross-Platform Tool For Building Customized, Time-Delayed, Distributed Security Events
• SecurityNotFound - 404 Page Not Found Webshell
• HRShell - An Advanced HTTPS/HTTP Reverse Shell Built With Flask
• Kube-Alien - Tool To Launches Attack on K8s Cluster from Within
• Rebel-Framework - Advanced And Easy To Use Penetration Testing Framework
• FDsploit - File Inclusion And Directory Traversal Fuzzing, Enumeration & Exploitation Tool
• MemProcFS - The Memory Process File System
• Flare-Emu - Powered by IDA Pro and the Unicorn emulation framework that provides scriptable emulation features for the x86, x86_64, ARM, and ARM64 architectures to reverse engineers
• Firmware Analysis Toolkit - Toolkit To Emulate Firmware And Analyse It For Security Vulnerabilities
• Router Exploit Shovel - Automated Application Generation For Stack Overflow Types On Wireless Routers
• Tachyon - Fast HTTP Dead File Finder
• SKA - Simple Karma Attack
• ArmourBird CSF - Container Security Framework
• Juicy Potato - A Sugared Version Of RottenPotatoNG, With A Bit Of Juice, I.E. Another Local Privilege Escalation Tool, From A Windows Service Accounts To NT AUTHORITY\SYSTEM
• ScoutSuite - Multi-Cloud Security Auditing Tool
• Mitaka - A Browser Extension For OSINT Search
• Kirjuri - Web Application For Managing Cases And Physical Forensic Evidence Items
• SysAnalyzer - Automated Malcode Analysis System
• Pixload - Image Payload Creating/Injecting Tools
• Dolos Cloak - Automated 802.1X Bypass
• Dr. ROBOT - Tool To Enumerate The Subdomains Associated With A Company By Aggregating The Results Of Multiple OSINT Tools
• FudgeC2 - A Collaborative C2 Framework For Purple-Teaming Written In Python3, Powershell And .NET
• Aura-Botnet - A Super Portable Botnet Framework With A Django-based C2 Server
• Project iKy v2.2.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
• Stardox - Github Stargazers Information Gathering Tool
• ACT Platform - Open Platform For Collection And Exchange Of Threat Intelligence Information
• PrivExchange - Exchange Your Privileges For Domain Admin Privs By Abusing Exchange
• PostShell - Post Exploitation Bind/Backconnect Shell
• TinkererShell - A Simple Python Reverse Shell Written Just For Fun
• Stegify - Go Tool For LSB Steganography, Capable Of Hiding Any File Within An Image
• DetExploit - Software That Detect Vulnerable Applications, Not-Installed OS Updates And Notify To User
• Shodan-Eye - Tool That Collects All The Information About All Devices Directly Connected To The Internet Using The Specified Keywords That You Enter
• Anteater - CI/CD Gate Check Framework
• Pyrdp - RDP Man-In-The-Middle And Library For Python3 With The Ability To Watch Connections Live Or After The Fact
• Grapl - Graph Platform For Detection And Response
• Metame - Metame Is A Metamorphic Code Engine For Arbitrary Executables
• Botb - A Container Analysis And Exploitation Tool For Pentesters And Engineers
• gitGraber - Tool To Monitor GitHub To Search And Find Sensitive Data For Different Online Services Such As: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
• fileGPS - A Tool That Help You To Guess How Your Shell Was Renamed After The Server-Side Script Of The File Uploader Saved It
• ActiveReign - A Network Enumeration And Attack Toolset
• Revshellgen - Reverse Shell Generator Written In Python.
• LetsMapYourNetwork - Tool To Visualise Your Physical Network In Form Of Graph With Zero Manual Error
• OpenCTI - Open Cyber Threat Intelligence Platform
• BlackArch Linux v2019.09.01 - Penetration Testing Distribution
• Phishing-Simulation - Aims To Increase Phishing Awareness By Providing An Intuitive Tutorial And Customized Assessment
• PingCastle - Get Active Directory Security At 80% In 20% Of The Time
• Mondoo - Cloud-Native Security And Vulnerability Risk Management
• BLUESPAWN - Windows Based Active Defense Tool To Empower Blue Teams
• EMAGNET - Tool For Find Leaked Databases With 97.1% Accurate To Grab Mail + Password Together From Pastebin Leaks
• PyFuscation - Obfuscate Powershell Scripts By Replacing Function Names, Variables And Parameters
• Btlejack - Bluetooth Low Energy Swiss-army Knife
• mpDNS - Multi-Purpose DNS Server
• Ehtools - Framework Of Serious Wi-Fi Penetration Tools
• Wordlister - A Simple Wordlist Generator And Mangler Written In Python
• Barq - The AWS Cloud Post Exploitation Framework!
• Telegram C# C2 - A Command and Control Tool for Telegram Bot Communication
• HTTP Request Smuggler - Extension For Burp Suite Designed To Help You Launch HTTP Request Smuggling Attacks
• B-XSSRF - Toolkit To Detect And Keep Track On Blind XSS, XXE And SSRF
• 0xsp Mongoose v1.7 - Linux/Windows Privilege Escalation intelligent Enumeration Toolkit
• Constellation - A Graph-Focused Data Visualisation And Interactive Analysis Application
• Hashcatch - Capture Handshakes Of Nearby WiFi Networks Automatically
• Nuages - A Modular C2 Framework
• RedHunt OS v2 - Virtual Machine For Adversary Emulation And Threat Hunting
• Sudomy - Subdomain Enumeration & Analysis
• NebulousAD - Automated Credential Auditing Tool
• PHPStan - PHP Static Analysis Tool (Discover Bugs In Your Code Without Running It!)
• EVABS - Extremely Vulnerable Android Labs
• 4CAN - Open Source Security Tool to Find Security Vulnerabilities in Modern Cars
• AIL Framework - Framework for Analysis of Information Leaks
• Airgeddon v9.21 - A Multi-use Bash Script for Linux Systems to Audit Wireless Networ
• Sublert - Security And Reconnaissance Tool Which Leverages Certificate Transparency To Automatically Monitor New Subdomains Deployed By Specific Organizations And Issued TLS/SSL Certificate
• IPRotate - Extension For Burp Suite Which Uses AWS API Gateway To Rotate Your IP On Every Request
• LDAPDomainDump - Active Directory Information Dumper Via LDAP
• Covenant - A .NET Command And Control Framework For Red Teamers
• AutoRDPwn v5.0 - The Shadow Attack Framework
• PoshC2 - C2 Server and Implants
• Hacktronian - All In One Hacking Tool For Linux & Android
• Pyshark - Python Wrapper For Tshark, Allowing Python Packet Parsing Using Wireshark Dissectors
• Applepie - A Hypervisor For Fuzzing Built With WHVP And Bochs
• PEpper - An Open Source Script To Perform Malware Static Analysis On Portable Executable
• goDoH - A DNS-over-HTTPS C2
• Truegaze - Static Analysis Tool For Android/iOS Apps Focusing On Security Issues Outside The Source Code
• pwnedOrNot v1.2.6 - OSINT Tool to Find Passwords for Compromised Email Addresses
• "Can I Take Over XYZ?" - A List Of Services And How To Claim (Sub)Domains With Dangling DNS Records
• Eyeballer - Convolutional Neural Network For Analyzing Pentest Screenshots
• "Can I Take Over XYZ?" - A List Of Services And How To Claim (Sub)Domains With Dangling DNS Records.
• Dow Jones Hammer - Protect The Cloud With The Power Of The cloud(AWS)
• Firmware Slap - Discovering Vulnerabilities In Firmware Through Concolic Analysis And Function Clustering
• Iris - WinDbg Extension To Perform Basic Detection Of Common Windows Exploit Mitigations
• Diaphora - The Most Advanced Free And Open Source Program Diffing Tool
• Airflowscan - Checklist And Tools For Increasing Security Of Apache Airflow
• DockerSecurityPlayground - A Microservices-based Framework For The Study Of Network Security And Penetration Test Techniques
• DrMITM - Program Designed To Globally Log All Traffic Of A Website
• Sampler - A Tool For Shell Commands Execution, Visualization And Alerting (Configured With A Simple YAML File)
• Findomain v0.2.1 - The Fastest And Cross-Platform Subdomain Enumerator
• Goop - Google Search Scraper (Bypass CAPTCHA)
• ThreatHunting - A Splunk App Mapped To MITRE ATT&CK To Guide Your Threat Hunts
• HackerTarget ToolKit v2.0 - Tools And Network Intelligence To Help Organizations With Attack Surface Discovery
• Seccomp Tools - Provide Powerful Tools For Seccomp Analysis
• AbsoluteZero - Python APT Backdoor
• Osmedeus v1.5 - Fully Automated Offensive Security Framework For Reconnaissance And Vulnerability Scanning
• WAES - Auto Enums Websites And Dumps Files As Result
• BADministration - Tool Which Interfaces with Management or Administration Applications from an Offensive Standpoint
• SQLMap v1.3.8 - Automatic SQL Injection And Database Takeover Tool
• Commando VM v2.0 - The First Full Windows-based Penetration Testing Virtual Machine Distribution
• Skadi - Collect, Process, And Hunt With Host Based Data From MacOS, Windows, And Linux
• KRF - A Kernelspace Randomized Faulter
• SET v8.0.1 - The Social-Engineer Toolkit
• Project iKy v2.1.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
• Project iKy v2.1.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
• Theo - Ethereum Recon And Exploitation Tool
• Malcolm - A Powerful, Easily Deployable Network Traffic Analysis Tool Suite For Full Packet Capture Artifacts (PCAP Files) And Zeek Logs
• AutoRecon - Multi-Threaded Network Reconnaissance Tool Which Performs Automated Enumeration Of Services
• WiFiBroot - A WiFi Pentest Cracking Tool For WPA/WPA2 (Handshake, PMKID, Cracking, EAPOL, Deauthentication)
• HELK - The Hunting ELK
• MemGuard - Secure Software Enclave For Storage Of Sensitive Information In Memory
• Usbrip - Simple Command Line Forensics Tool For Tracking USB Device Artifacts (History Of USB Events) On GNU/Linux
• MSNM-S - Multivariate Statistical Network Monitoring-Sensor
• W13Scan - Passive Security Scanner
• XSpear - Powerfull XSS Scanning And Parameter Analysis Tool
• Slurp - S3 Bucket Enumerator
• Buster - Find Emails Of A Person And Return Info Associated With Them
• Xssizer - The Best Tool To Find And Prove XSS Flaws
• WDExtract - Extract Windows Defender Database From Vdm Files And Unpack It
• WeebDNS - DNS Enumeration With Asynchronicity
• RedGhost v3.0 - Linux Post Exploitation Framework Written In Bash Designed To Assist Red Teams In Persistence, Reconnaissance, Privilege Escalation And Leaving No Trace
• Recon-ng v5.0.0 - Open Source Intelligence Gathering Tool Aimed At Reducing The Time Spent Harvesting Information From Open Sources
• Uncompyle6 - A Cross-Version Python Bytecode Decompiler
• OSXCollector - A Forensic Evidence Collection & Analysis Toolkit For OS X
• Vulnado - Purposely Vulnerable Java Application To Help Lead Secure Coding Workshops
• Orbit v2.0 - Blockchain Transactions Investigation Tool
• Cloudcheck - Checks Using A Test String If A Cloudflare DNS Bypass Is Possible Using CloudFail
• grapheneX - Automated System Hardening Framework
• O365-Attack-Toolkit - A Toolkit To Attack Office365
• Pyattck - A Python Module To Interact With The Mitre ATT&CK Framework
• Evil-Winrm - The Ultimate WinRM Shell For Hacking/Pentesting
• Airopy - Get Clients And Access Points
• AMIRA - Automated Malware Incident Response & Analysis
• VulnWhisperer - Create Actionable Data From Your Vulnerability Scans
• Dockernymous - A Script Used To Create A Whonix Like Gateway/Workstation Environment With Docker Containers
• HiddenEye - Modern Phishing Tool With Advanced Functionality (Android-Support-Available)
• SUDO_KILLER - A Tool To Identify And Exploit Sudo Rules Misconfigurations And Vulnerabilities Within Sudo
• Hvazard - Remove Short Passwords & Duplicates, Change Lowercase To Uppercase & Reverse, Combine Wordlists!
• GitGot - Semi-automated, Feedback-Driven Tool To Rapidly Search Through Troves Of Public Data On GitHub For Sensitive Secrets
• Git-Hound - Find Exposed Keys Across GitHub Using Code Search Keywords
• Parrot Security 4.7 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind
• Kali NetHunter App Store - The New Android Store Dedicated to Free Security Apps
• Userrecon v1.1.0 - Recognition Usernames In 187 Social Networks
• Brute_Force - BruteForce Gmail, Hotmail, Twitter, Facebook & Netflix
• Detect It Easy - Program For Determining Types Of Files For Windows, Linux And MacOS
• Shellsum - A Defense Tool - Detect Web Shells In Local Directories Via Md5Sum
• RedGhost v2.0 - Linux Post Exploitation Framework Designed To Assist Red Teams In Gaining Persistence, Reconnaissance And Leaving No Trace
• UACME - Defeating Windows User Account Control
• JShielder v2.4 - Hardening Script For Linux Servers/ Secure LAMP-LEMP Deployer/ CIS Benchmark G
• Project iKy v2.0.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
• Passpie - Multiplatform Command-Line Password Manager
• PasteHunter - Scanning Pastebin With Yara Rules
• Pown-Duct - Essential Tool For Finding Blind Injection Attacks
• Dwarf - Full Featured Multi Arch/Os Debugger Built On Top Of PyQt5 And Frida
• Ghostfuscator - The Python Password-Protected Obfuscator Using AES Encryption
• Objection v1.6.6 - Runtime Mobile Exploration
• Commando VM v1.3 - The First Full Windows-based Penetration Testing Virtual Machine Distribution
• Findomain - A Cross-Platform Tool That Use Certificate Transparency Logs To Find Subdomains
• Echidna - Ethereum Fuzz Testing Framework
• Cloud Security Audit - A Command Line Security Audit Tool For Amazon Web Services
• WinObjEx64 - Windows Object Explorer 64-Bit
• Regipy - An OS Independent Python Library For Parsing Offline Registry Hives
• Rifiuti2 - Windows Recycle Bin Analyser
• Linux-Smart-Enumeration - Linux Enumeration Tool For Pentesting And CTFs With Verbosity Levels
• Whonix v15 - Anonymous Operating System
• SneakyEXE - Embedding "UAC-Bypassing" Function Into Your Custom Payload
• NetSet - Operational Security Utility And Automator
• DarkScrape - OSINT Tool For Scraping Dark Websites
• Youzer - Fake User Generator For Active Directory Environments
• Rock-ON - An All In One Recon Tool That Will Just Get A Single Entry Of The Domain Name And Do All Of The Work Alone
• Wesng - Windows Exploit Suggester
• Fbchecker - Facebook Mass Account Checker
• Slackor - A Golang Implant That Uses Slack As A Command And Control Server
• Hash-Identifier - Software To Identify The Different Types Of Hashes Used To Encrypt Data And Especially Passwords
• MIG - Distributed And Real Time Digital Forensics At The Speed Of The Cloud
• Icebox - Virtual Machine Introspection, Tracing & Debugging
• SQLMap v1.3.7 - Automatic SQL Injection And Database Takeover Tool
• Sherlock - Find Usernames Across Social Networks
• 0xsp-Mongoose - Privilege Escalation Enumeration Toolkit (ELF 64/32), Fast, Intelligent Enumeration With Web API Integration
• Lst2X64Dbg - Extract labels from IDA .lst or Ghidra .csv file and export x64dbg database
• Spyse.Py - Python API Wrapper And Command-Line Client For The Tools Hosted On Spyse.Com
• PTF v2.3 - The Penetration Testers Framework Is A Way For Modular Support For Up-To-Date Tools
• Scapy - The Python-based Interactive Packet Manipulation Program & Library
• TwitterShadowBan - Twitter Shadowban Tests
• PivotSuite - A Network Pivoting Toolkit
• Lynis 2.7.5 - Security Auditing Tool for Unix/Linux Systems
• Project iKy - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
• Getwin - FUD Win32 Payload Generator And Listener
• Seccubus - Easy Automated Vulnerability Scanning, Reporting And Analysis
• Terminus - A Terminal For A More Modern Age
• Quarantyne - Modern Web Firewall: Stop Account Takeovers, Weak Passwords, Cloud IPs, DoS Attacks, Disposable Emails
• Prithvi - Report Generation Tool
• Kippo - SSH Honeypot
• Konan - Advanced Web Application Dir Scanner
• Seth - Perform A MitM Attack And Extract Clear Text Credentials From RDP Connections
• Rdpscan - A Quick Scanner For The CVE-2019-0708 "BlueKeep" Vulnerability
• DNSlivery - Easy Files And Payloads Delivery Over DNS
• GhostSquadHackers - Encrypt/Encode Your Javascript Code
• BackBox Linux 6.0 - Ubuntu-based Linux Distribution Penetration Test and Security Assessment
• URLextractor - Information Gathering and Website Reconnaissance
• MozDef - Mozilla Enterprise Defense Platform
• Sliver - Implant Framework
• Simplify - Generic Android Deobfuscator
• BoomER - Framework For Exploiting Local Vulnerabilities
• WhatBreach - OSINT Tool To Find Breached Emails And Databases
• BlueGhost - A Network Tool Designed To Assist Blue Teams In Banning Attackers From Linux Servers
• Vxscan - Comprehensive Scanning Tool
• RedGhost - Linux Post Exploitation Framework Designed To Gain Persistence And Reconnaissance And Leave No Trace
• One-Lin3r v2.0 - Gives You One-Liners That Aids In Penetration Testing Operations, Privilege Escalation And More
• Tourmaline - Telegram Bot Framework For Crystal
• VulnX v1.7 - An Intelligent Bot Auto Shell Injector That Detect Vulnerabilities In Multiple Types Of CMS
• Cryptr - A Simple Shell Utility For Encrypting And Decrypting Files Using OpenSSL
• Amass - In-depth DNS Enumeration And Network Mapping
• Userrecon-Py - Find Usernames In Social Networks
• Metabigor - Command Line Search Engines Without Any API Key
• autoPwn - Automate Repetitive Tasks For Fuzzing
• Finshir - A Coroutines-Driven Low And Slow Traffic Sender, Written In Rust
• Facebash - Facebook Brute Forcer In Shellscript Using TOR
• Vthunting - A Tiny Script Used To Generate Report About VirusTotal Hunting And Send It By Email, Slack Or Telegram
• Python-Iocextract - Advanced Indicator Of Compromise (IOC) Extractor
• PcapXray v2.5 - A Network Forensics Tool To Visualize A Packet Capture Offline As A Network Diagram
• ANDRAX v3 - The First And Unique Penetration Testing Platform For Android Smartphones
• Vulners Scanner for Android - Passive Vulnerability Scanning Based On Software Version Fingerprint
• ripVT - Virus Total API Maltego Transform Set For Canari
• ReverseTCPShell - PowerShell ReverseTCP Shell, Client & Server
• GhostDelivery - This Tool Creates A Obfuscated .vbs Script To Download A Payload Hosted On A Server To %TEMP% Directory, Execute Payload And Gain Persistence
• H8Mail v2.0 - Email OSINT And Password Breach Hunting
• PhoneSploit v1.2 - Using Open Adb Ports We Can Exploit A Andriod Device
• Zydra - File Password Recovery Tool And Linux Shadow File Cracker
• Recsech - Tool For Doing Footprinting And Reconnaissance On The Target Web
• LiveHiddenCamera - Library Which Record Live Video And Audio From Android Device Without Displaying A Preview
• Shellphish - Phishing Tool For 18 Social Media (Instagram, Facebook, Snapchat, Github, Twitter...)
• TOR Router - A Tool That Allow You To Make TOR Your Default Gateway And Send All Internet Connections Under TOR
• Userrecon - Find Usernames Across Over 75 Social Networks
• WhatWeb v0.5.0 - Next Generation Web Scanner
• Faraday v3.8 - Collaborative Penetration Test and Vulnerability Management Platform
• RecScanSec - Reconnaisance Scanner Security
• Crashcast-Exploit - This Tool Allows You Mass Play Any YouTube Video With Chromecasts Obtained From Shodan.io
• Tool-X - A Kali Linux Hacking Tool Installer
• SQLMap v1.3 - Automatic SQL Injection And Database Takeover Tool
• Stretcher - Tool Designed To Help Identify Open Elasticsearch Servers That Are Exposing Sensitive Information
• Aztarna - A Footprinting Tool For Robots
• Hediye - Hash Generator & Cracker Online Offline
• Killcast - Manipulate Chromecast Devices In Your Network
• bypass-firewalls-by-DNS-history - Firewall Bypass Script Based On DNS History Records
• WiFi-Pumpkin v0.8.7 - Framework for Rogue Wi-Fi Access Point Attack
• H8Mail - Email OSINT And Password Breach Hunting
• Kube-Hunter - Hunt For Security Weaknesses In Kubernetes Clusters
• Metasploit 5.0 - The World’s Most Used Penetration Testing Framework
• Interlace - Easily Turn Single Threaded Command Line Applications Into Fast, Multi Threaded Ones With CIDR And Glob Support
• Twifo-Cli - Get User Information Of A Twitter User
• Sitadel - Web Application Security Scanner
• Pe-Sieve - Recognizes And Dumps A Variety Of Potentially Malicious Implants (Replaced/Injected PEs, Shellcodes, Hooks, In-Memory Patches)
• Malboxes - Builds Malware Analysis Windows VMs So That You Don'T Have To
• Snyk - CLI And Build-Time Tool To Find & Fix Known Vulnerabilities In Open-Source Dependencies
• Shed - .NET Runtime Inspector
• Stardox - Github Stargazers Information Gathering Tool
• Commix v2.7 - Automated All-in-One OS Command Injection And Exploitation Tool
• AutoSploit v3.0 - Automated Mass Exploiter
• Faraday v3.5 - Collaborative Penetration Test and Vulnerability Management Platform
• Recaf - A Modern Java Bytecode Editor
• dnSpy - .NET Debugger And Assembly Editor