Awesome Hacking

Awesome hacking is a curated list of hacking tools for hackers, pentesters and security researchers. Its goal is to collect, classify and make awesome tools easy to find by humans, creating a toolset you can checkout and update with one command.

You can checkout all the tools with the following command:

git clone --recursive https://github.com/jekil/awesome-hacking.git

Every kind of contribution is really appreciated! Follow the Contribution Guidelines.

If you enjoy this work, please keep it alive contributing or just sharing it! - @jekil

Code Auditing

Static Analysis

  • Brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications.
  • ShellCheck - A static analysis tool for shell scripts.

Cryptography

  • FeatherDuster - An automated, modular cryptanalysis tool.
  • RSATool - Generate private key with knowledge of p and q.
  • Xortool - A tool to analyze multi-byte xor cipher.

CTF Tools

  • CTFd - CTF in a can. Easily modifiable and has everything you need to run a jeopardy style CTF.
  • FBCTF - Platform to host Capture the Flag competitions.
  • Mellivora - A CTF engine written in PHP.
  • OneGadget - A tool for you easy to find the one gadget RCE in libc.so.6.
  • NightShade - A simple security CTF framework.
  • OpenCTF - CTF in a box. Minimal setup required.
  • Pwntools - CTF framework and exploit development library.
  • Scorebot - Platform for CTFs by Legitbs (Defcon).
  • V0lt - Security CTF Toolkit.

Docker

  • Docker Bench for Security - The Docker Bench for Security checks for all the automatable tests in the CIS Docker 1.6 Benchmark.

    docker pull diogomonica/docker-bench-security

  • DVWA - Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable.

    docker pull citizenstig/dvwa

  • Kali Linux - This Kali Linux Docker image provides a minimal base install of the latest version of the Kali Linux Rolling Distribution.

    docker pull kalilinux/kali-linux-docker

  • Metasploit - Metasploit Framework penetration testing software (unofficial docker).

    docker pull remnux/metasploit

  • OWASP Juice Shop - An intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws.

    docker pull bkimminich/juice-shop

  • OWASP Mutillidae II - OWASP Mutillidae II Web Pen-Test Practice Application.

    docker pull citizenstig/nowasp

  • OWASP NodeGoat - An environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

    git clone https://github.com/OWASP/NodeGoat.git docker-compose build && docker-compose up

  • OWASP Railsgoat - A vulnerable version of Rails that follows the OWASP Top 10.

    docker pull owasp/railsgoat

  • OWASP Security Shepherd - A web and mobile application security training platform.

    docker pull ismisepaul/securityshepherd

  • OWASP WebGoat - A deliberately insecure Web Application.

    docker pull danmx/docker-owasp-webgoat

  • OWASP ZAP - Current stable owasp zed attack proxy release in embedded docker container.

    docker pull owasp/zap2docker-stable

  • Security Ninjas - An Open Source Application Security Training Program.

    docker pull opendns/security-ninjas

  • SpamScope - SpamScope (Fast Advanced Spam Analysis Tool) Elasticsearch.

    docker pull fmantuano/spamscope-elasticsearch

  • Vulnerable WordPress Installation - Vulnerable WordPress Installation.

    docker pull wpscanteam/vulnerablewordpress

  • Vulnerability as a service: Heartbleed - Vulnerability as a Service: CVE 2014-0160.

    docker pull hmlio/vaas-cve-2014-0160

  • Vulnerability as a service: Shellshock - Vulnerability as a Service: CVE 2014-6271.

    docker pull hmlio/vaas-cve-2014-6271

  • WPScan - WPScan is a black box WordPress vulnerability scanner.

    docker pull wpscanteam/wpscan

Forensics

File Forensics

  • Autopsy - A digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools.
  • DFF - A Forensics Framework coming with command line and graphical interfaces. DFF can be used to investigate hard drives and volatile memory and create reports about user and system activities.
  • Hadoop_framework - A prototype system that uses Hadoop to process hard drive images.
  • OSXCollector - A forensic evidence collection & analysis toolkit for OS X.
  • Scalpel - An open source data carving tool.
  • Shellbags - Investigate NT_USER.dat files.
  • Sleuthkit - A library and collection of command line digital forensics tools.

Live Analysis

  • OS X Auditor - OS X Auditor is a free Mac OS X computer forensics tool.

Memory Forensics

  • Rekall - Memory analysis framework developed by Google.
  • Volatility - Extract digital artifacts from volatile memory (RAM) samples.

Mobile

  • Android Forensic Toolkit - Allows you to extract SMS records, call history, photos, browsing history, and password from an Android phone.
  • Mem - Tool used for dumping memory from Android devices.

Network Forensics

  • Dshell - A network forensic analysis framework.
  • Passivedns - A network sniffer that logs all DNS server replies for use in a passive DNS setup.

Misc

  • HxD - A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size.
  • Libfvde <https://github.com/libyal/libfvde> - Library and tools to access FileVault Drive Encryption (FVDE) encrypted volumes.

Intelligence

  • VIA4CVE - An aggregator of the known vendor vulnerabilities database to support the expansion of information with CVEs.

Library

C

  • Libdnet - Provides a simplified, portable interface to several low-level networking routines, including network address manipulation, kernel arp cache and route table lookup and manipulation, network firewalling, network interface lookup and manipulation, IP tunnelling, and raw IP packet and Ethernet frame transmission.

Java

Python

  • Dpkt - Fast, simple packet creation / parsing, with definitions for the basic TCP/IP protocols.
  • Pcapy - A Python extension module that interfaces with the libpcap packet capture library. Pcapy enables python scripts to capture packets on the network. Pcapy is highly effective when used in conjunction with a packet-handling package such as Impacket, which is a collection of Python classes for constructing and dissecting network packets.
  • PyBFD - Python interface to the GNU Binary File Descriptor (BFD) library.
  • Pynids - A python wrapper for libnids, a Network Intrusion Detection System library offering sniffing, IP defragmentation, TCP stream reassembly and TCP port scan detection. Let your own python routines examine network conversations.
  • Pypcap - This is a simplified object-oriented Python wrapper for libpcap.
  • PyPDF2 - A utility to read and write PDFs with Python.
  • Python-ptrace - Python binding of ptrace library.
  • RDPY - RDPY is a pure Python implementation of the Microsoft RDP (Remote Desktop Protocol) protocol (client and server side).
  • Scapy - A python-based interactive packet manipulation program & library.

Ruby

Live CD - Distributions

  • Android Tamer - Virtual / Live Platform for Android Security professionals.
  • ArchStrike - An Arch Linux repository for security professionals and enthusiasts.
  • BackBox - Ubuntu-based distribution for penetration tests and security assessments.
  • BlackArch - Arch Linux-based distribution for penetration testers and security researchers.
  • BOSSLive - An Indian GNU/Linux distribution developed by CDAC and is customized to suit Indian’s digital environment. It supports most of the Indian languages.
  • DEFT Linux - Suite dedicated to incident response and digital forensics.
  • Fedora Security Lab - A safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies in universities and other organizations.
  • Kali - A Linux distribution designed for digital forensics and penetration testing.
  • NST - Network Security Toolkit distribution.
  • Ophcrack - A free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.
  • Parrot - Security GNU/Linux distribution designed with cloud pentesting and IoT security in mind.
  • Pentoo - Security-focused livecd based on Gentoo.
  • REMnux - Toolkit for assisting malware analysts with reverse-engineering malicious software.

Malware

Dynamic Analysis

  • Androguard - Reverse engineering, Malware and goodware analysis of Android applications.
  • Cuckoo Sandbox - An automated dynamic malware analysis system.
  • CuckooDroid - Automated Android Malware Analysis with Cuckoo Sandbox.
  • DECAF - Short for Dynamic Executable Code Analysis Framework, is a binary analysis platform based on QEMU.
  • DroidBox - Dynamic analysis of Android apps.
  • Hooker - An opensource project for dynamic analyses of Android applications.
  • Jsunpack-n - Emulates browser functionality when visiting a URL.
  • Magento-malware-scanner - A collection of rules and samples to detect Magento malware.
  • Malzilla - Web pages that contain exploits often use a series of redirects and obfuscated code to make it more difficult for somebody to follow. MalZilla is a useful program for use in exploring malicious pages. It allows you to choose your own user agent and referrer, and has the ability to use proxies. It shows you the full source of webpages and all the HTTP headers. It gives you various decoders to try and deobfuscate javascript aswell.
  • ProbeDroid - A dynamic binary instrumentation kit targeting on Android(Lollipop) 5.0 and above.
  • PyEMU - Fully scriptable IA-32 emulator, useful for malware analysis.
  • WScript Emulator - Emulator/tracer of the Windows Script Host functionality.

Honeypot

  • Basic-auth-pot - HTTP Basic Authentication honeyPot.
  • Conpot - ICS/SCADA honeypot.
  • Cowrie - SSH honeypot, based on Kippo.
  • Elastichoney - A Simple Elasticsearch Honeypot.
  • ESPot - An Elasticsearch honeypot written in NodeJS, to capture every attempts to exploit CVE-2014-3120.
  • Delilah - An Elasticsearch Honeypot written in Python.
  • Dionaea - Honeypot designed to trap malware.
  • Glastopf - Web Application Honeypot.
  • Glutton - All eating honeypot.
  • Honeyd - Create a virtual honeynet.
  • HoneyPress - python based WordPress honeypot in a docker container.
  • HonnyPotter - A WordPress login honeypot for collection and analysis of failed login attempts.
  • Maildb - Python Web App to Parse and Track Email and http Pcap Files.
  • MHN - Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management.
  • Mnemosyne - A normalizer for honeypot data; supports Dionaea.
  • MongoDB-HoneyProxy - A honeypot proxy for mongodb. When run, this will proxy and log all traffic to a dummy mongodb server.
  • MysqlPot - A mysql honeypot, still very very early stage.
  • Nodepot - A nodejs web application honeypot.
  • NoSQLPot - The NoSQL Honeypot Framework.
  • Phoneyc - Pure Python honeyclient implementation.
  • Phpmyadmin_honeypot - A simple and effective phpMyAdmin honeypot.
  • Servletpot - Web application Honeypot.
  • Shadow Daemon - A modular Web Application Firewall / High-Interaction Honeypot for PHP, Perl & Python apps.
  • Smart-honeypot - PHP Script demonstrating a smart honey pot.
  • SpamScope - Fast Advanced Spam Analysis Tool.
  • Thug - Low interaction honeyclient, for investigating malicious websites.
  • Wordpot - A WordPress Honeypot.
  • Wp-smart-honeypot - WordPress plugin to reduce comment spam with a smarter honeypot.

Intelligence

  • MISP Modules - Modules for expansion services, import and export in MISP.
  • Passivedns-client - Provides a library and a query tool for querying several passive DNS providers.
  • Rt2jira - Convert RT tickets to JIRA tickets.

Ops

  • CapTipper - A python tool to analyze, explore and revive HTTP malicious traffic.
  • Google-play-crawler - Google-play-crawler is simply Java tool for searching android applications on GooglePlay, and also downloading them.
  • Googleplay-api - An unofficial Python API that let you search, browse and download Android apps from Google Play (formerly Android Market).
  • FakeNet-NG - A next generation dynamic network analysis tool for malware analysts and penetration testers. It is open source and designed for the latest versions of Windows.
  • Malboxes - Builds malware analysis Windows VMs so that you don’t have to.
  • Node-appland - NodeJS tool to download APKs from appland.
  • Node-aptoide - NodeJS to download APKs from aptoide.
  • Node-google-play - Call Google Play APIs from Node.

Source Code

  • Android-malware - Collection of android malware samples.
  • Carberp - Carberp leaked source code.
  • Fancybear - Fancy Bear Source Code.
  • Mirai - Leaked Mirai Source Code for Research/IoC Development Purposes.
  • TinyNuke - Zeus-style banking trojan.
  • Zeus - Zeus version 2.0.8.9, leaked in 2011.

Static Analysis

  • Androwarn - Detect and warn the user about potential malicious behaviours developped by an Android application.
  • ApkAnalyser - A static, virtual analysis tool for examining and validating the development work of your Android app.
  • APKinspector A powerful GUI tool for analysts to analyze the Android applications.
  • Argus-SAF - Argus static analysis framework.
  • CFGScanDroid - Control Flow Graph Scanning for Android.
  • ConDroid - Symbolic/concolic execution of Android apps.
  • DroidLegacy - Static analysis scripts.
  • Floss - FireEye Labs Obfuscated String Solver. Automatically extract obfuscated strings from malware.
  • FSquaDRA - Fast detection of repackaged Android applications based on the comparison of resource files included into the package.
  • Inspeckage - Android Package Inspector - dynamic analysis with api hooks, start unexported activities and more.
  • Maldrolyzer - Simple framework to extract “actionable” data from Android malware (C&Cs, phone numbers, etc).
  • Peepdf - A Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks.
  • PEfile - Read and work with Portable Executable (aka PE) files.
  • PEview - A quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files.
  • Pdfminer - A tool for extracting information from PDF documents.
  • PScout - Analyzing the Android Permission Specification.
  • Smali-CFGs - Smali Control Flow Graph’s.
  • SmaliSCA - Smali Static Code Analysis.
  • Sysinternals Suite - The Sysinternals Troubleshooting Utilities.
  • Yara - Identify and classify malware samples.

Network

Analysis

  • Bro - A powerful network analysis framework that is much different from the typical IDS you may know.
  • Pytbull - A python based flexible IDS/IPS testing framework.
  • Sguil - Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil’s main component is an intuitive GUI that provides access to realtime events, session data, and raw packet captures.

Fake Services

  • DNSChef - DNS proxy for Penetration Testers and Malware Analysts.
  • DnsRedir - A small DNS server that will respond to certain queries with addresses provided on the command line.

Packet Manipulation

  • Pig - A Linux packet crafting tool.
  • Yersinia - A network tool designed to take advantage of some weakeness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems.

Sniffer

  • Cloud-pcap - Web PCAP storage and analytics.
  • Dnscap - Network capture utility designed specifically for DNS traffic.
  • Dripcap - Caffeinated Packet Analyzer.
  • Dsniff - A collection of tools for network auditing and pentesting.
  • Justniffer - Just A Network TCP Packet Sniffer. Justniffer is a network protocol analyzer that captures network traffic and produces logs in a customized way, can emulate Apache web server log files, track response times and extract all “intercepted” files from the HTTP traffic.
  • Moloch - Moloch is a open source large scale full PCAP capturing, indexing and database system.
  • Net-creds - Sniffs sensitive data from interface or pcap.
  • NetworkMiner - A Network Forensic Analysis Tool (NFAT).
  • Netsniff-ng - A Swiss army knife for your daily Linux network plumbing.
  • OpenFPC - OpenFPC is a set of scripts that combine to provide a lightweight full-packet network traffic recorder and buffering tool. Its design goal is to allow non-expert users to deploy a distributed network traffic recorder on COTS hardware while integrating into existing alert and log tools.
  • PF_RING - PF_RING™ is a Linux kernel module and user-space framework that allows you to process packets at high-rates while providing you a consistent API for packet processing applications.
  • WebPcap - A web-based packet analyzer (client/server architecture). Useful for analyzing distributed applications or embedded devices.
  • Wireshark - A free and open-source packet analyzer.

Penetration Testing

DoS

  • DHCPig - DHCP exhaustion script written in python using scapy network library.
  • LOIC - Low Orbit Ion Cannon - An open source network stress tool, written in C#. Based on Praetox’s LOIC project.
  • Sockstress - Sockstress (TCP DoS) implementation.
  • T50 - The more fast network stress tool.
  • Torshammer - Tor’s hammer. Slow post DDOS tool written in python.
  • UFONet - Abuses OSI Layer 7-HTTP to create/manage ‘zombies’ and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.

Exploiting

  • BeEF - The Browser Exploitation Framework Project.
  • Commix - Automated All-in-One OS Command Injection and Exploitation Tool.
  • DLLInjector - Inject dlls in processes.
  • ExploitPack - Graphical tool for penetration testing with a bunch of exploits.
  • Evilgrade - The update explotation framework.
  • Fathomless - A collection of different programs for network red teaming.
  • Linux Exploit Suggester - Linux Exploit Suggester; based on operating system release number.
  • Metasploit Framework - Exploitation framework.
  • Nessus - Vulnerability, configuration, and compliance assessment.
  • Nexpose - Vulnerability Management & Risk Management Software.
  • OpenVAS - Open Source vulnerability scanner and manager.
  • PowerSploit - A PowerShell Post-Exploitation Framework.
  • PSKernel-Primitives - Exploit primitives for PowerShell.
  • ROP Gadget - Framework for ROP exploitation.
  • Routersploit - Automated penetration testing software for router.
  • Rupture - A framework for BREACH and other compression-based crypto attacks.
  • Shellsploit - Let’s you generate customized shellcodes, backdoors, injectors for various operating system. And let’s you obfuscation every byte via encoders.
  • SPARTA - Network Infrastructure Penetration Testing Tool.
  • Spoodle - A mass subdomain + poodle vulnerability scanner.
  • Veil Framework - A tool designed to generate metasploit payloads that bypass common anti-virus solutions.
  • Vuls - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go.
  • Windows Exploit Suggester - Detects potential missing patches on the target.
  • Zarp - Network Attack Tool.

Exploits

Info Gathering

  • Bundler-audit - Patch-level verification for Bundler.
  • Dnsenum - A perl script that enumerates DNS information.
  • Dnsmap - Passive DNS network mapper.
  • Dnsrecon - DNS Enumeration Script.
  • Knock - A python tool designed to enumerate subdomains on a target domain through a wordlist.
  • IVRE - An open-source framework for network recon. It relies on open-source well-known tools to gather data (network intelligence), stores it in a database, and provides tools to analyze it.
  • Operative-framework - This is a framework based on fingerprint action, this tool is used for get information on a website or a enterprise target with multiple modules (Viadeo search,Linkedin search, Reverse email whois, Reverse ip whois, SQL file forensics ...).
  • Recon-ng - A full-featured Web Reconnaissance framework written in Python.
  • SMBMap - A handy SMB enumeration tool.
  • SSLMap - TLS/SSL cipher suite scanner.
  • Subbrute - A DNS meta-query spider that enumerates DNS records, and subdomains.
  • TruffleHog - Searches through git repositories for high entropy strings, digging deep into commit history.
  • URLextractor - Information gathering & website reconnaissance.
  • Wmap - Information gathering for web hacking.

Fuzzing

  • AndroFuzz - A fuzzing utility for Android that focuses on reporting and delivery portions of the fuzzing process.
  • Construct - Declarative data structures for python that allow symmetric parsing and building.
  • Fusil - A Python library used to write fuzzing programs. It helps to start process with a prepared environment (limit memory, environment variables, redirect stdout, etc.), start network client or server, and create mangled files.
  • Fuzzbox - A multi-codec media fuzzing tool.
  • Honggfuzz - Security oriented fuzzer with powerful analysis options. Supports evolutionary, feedback-driven fuzzing based on code coverage (sw and hw).
  • Melkor-android - An Android port of the melkor ELF fuzzer.
  • MFFA - Media Fuzzing Framework for Android.
  • Netzob - Netzob is an opensource tool for reverse engineering, traffic generation and fuzzing of communication protocols.
  • Python-AFL - American fuzzy lop fork server and instrumentation for pure-Python code.
  • Radamsa-android - An Android port of radamsa fuzzer.
  • SecLists - A collection of multiple types of lists used during security assessments.
  • Sulley - Fuzzer development and fuzz testing framework consisting of multiple extensible components.
  • TAOF - The Art of Fuzzing, including ProxyFuzz, a man-in-the-middle non-deterministic network fuzzer.
  • Windows IPC Fuzzing Tools - A collection of tools used to attack applications that use Windows Interprocess Communication mechanisms.
  • Zulu - A fuzzer designed for rapid prototyping that normally happens on a client engagement where something needs to be fuzzed within tight timescales.

Mobile

  • AFE - Android Framework for Exploitation, is a framework for exploiting android based devices.
  • AndroBugs - An efficient Android vulnerability scanner that helps developers or hackers find potential security vulnerabilities in Android applications.
  • Android-vts - Android Vulnerability Test Suite - In the spirit of open data collection, and with the help of the community, let’s take a pulse on the state of Android security.
  • Androl4b - A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis.
  • CobraDroid - A custom build of the Android operating system geared specifically for application security analysts and for individuals dealing with mobile malware.
  • Drozer - The Leading Security Assessment Framework for Android.
  • Idb - A tool to simplify some common tasks for iOS pentesting and research.
  • Introspy-iOS - Security profiling for blackbox iOS.
  • JAADAS - Joint Advanced Defect assEsment for android applications.
  • Mobile Security Framework - An intelligent, all-in-one open source mobile application (Android/iOS/Windows) automated pen-testing framework capable of performing static, dynamic analysis and web API testing.
  • QARK - QARK by LinkedIn is for app developers to scan app for security issues.

MITM

  • Dnsspoof - DNS spoofer. Drops DNS responses from the router and replaces it with the spoofed DNS response.
  • Ettercap - A comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.
  • Bettercap - A powerful, flexible and portable tool created to perform various types of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sniff for credentials and much more.
  • Mallory - An extensible TCP/UDP man in the middle proxy that is designed to be run as a gateway. Unlike other tools of its kind, Mallory supports modifying non-standard protocols on the fly.
  • MITMf - Framework for Man-In-The-Middle attacks.
  • Mitmproxy - An interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface.
  • Mitmsocks4j - Man in the Middle SOCKS Proxy for JAVA.
  • Nogotofail - An on-path blackbox network traffic security testing tool.
  • Responder - A LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

Password Cracking

  • BozoCrack - A silly & effective MD5 cracker in Ruby.
  • HashCat - World’s fastest and most advanced password recovery utility.
  • Hob0Rules - Password cracking rules for Hashcat based on statistics and industry patterns.
  • John the Ripper - A fast password cracker.
  • THC-Hydra - A very fast network logon cracker which support many different services.

Port Scanning

  • Angry IP Scanner - Fast and friendly network scanner.
  • Masscan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
  • Nmap - Free Security Scanner For Network Exploration & Security Audits.
  • Zmap - An open-source network scanner that enables researchers to easily perform Internet-wide network studies.

Post Exploitation

  • Creddump - Dump windows credentials.
  • DET - (extensible) Data Exfiltration Toolkit (DET).
  • Dnsteal - DNS Exfiltration tool for stealthily sending files over DNS requests.
  • Empire - Empire is a pure PowerShell post-exploitation agent.
  • Fireaway - Next Generation Firewall Audit and Bypass Tool.
  • Iodine - Lets you tunnel IPv4 data through a DNS server.
  • Mallory - HTTP/HTTPS proxy over SSH.
  • Mimikatz - A little tool to play with Windows security.
  • P0wnedShell - PowerShell Runspace Post Exploitation Toolkit.
  • Pwnat - Punches holes in firewalls and NATs allowing any numbers of clients behind NATs to directly connect to a server behind a different NAT.
  • Tgcd - A simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.
  • WCE - Windows Credentials Editor (WCE) is a security tool to list logon sessions and add, change, list and delete associated credentials.

Reporting

  • Dradis - Colllaboration and reporting for IT Security teams.
  • Faraday - Collaborative Penetration Test and Vulnerability Management Platform.

Services

  • Sslstrip - A demonstration of the HTTPS stripping attacks.
  • Sslstrip2 - SSLStrip version to defeat HSTS.
  • SSLyze - SSL configuration scanner.
  • Tls_prober - Fingerprint a server’s SSL/TLS implementation.

Training

  • Don’t Panic - Training linux bind shell with anti-reverse engineering techniques.
  • DVWA - Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable.
  • DVWS - Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication.
  • OWASP Juice Shop - An intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws.
  • OWASP NodeGoat - An environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
  • OWASP Railsgoat - A vulnerable version of Rails that follows the OWASP Top 10.
  • OWASP Security Shepherd - A web and mobile application security training platform.
  • OWASP WebGoat - A deliberately insecure Web Application.
  • RopeyTasks - Deliberately vulnerable web application.

Web

  • Arachni - Web Application Security Scanner Framework.
  • BlindElephant - Web Application Fingerprinter.
  • Burp Suite - An integrated platform for performing security testing of web applications.
  • Cms-explorer - CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.
  • Dvcs-ripper - Rip web accessible (distributed) version control systems.
  • Fimap - Find, prepare, audit, exploit and even google automatically for LFI/RFI bugs.
  • Joomscan - Joomla CMS scanner.
  • Kadabra - Automatic LFI Exploiter and Scanner, written in C++ and a couple extern module in Python.
  • Kadimus - LFI scan and exploit tool.
  • Liffy - LFI exploitation tool.
  • Netsparker - Web Application Security Scanner.
  • Nikto2 - Web application vulnerability scanner.
  • NoSQLMap - Automated Mongo database and NoSQL web application exploitation tool.
  • OWASP Xenotix - XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework.
  • Paros - A Java based HTTP/HTTPS proxy for assessing web application vulnerability.
  • Ratproxy - A semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems.
  • Scout2 - Security auditing tool for AWS environments.
  • Skipfish - An active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes.
  • SQLMap - Automatic SQL injection and database takeover tool.
  • SQLNinja - SQL Server injection & takeover tool.
  • TPLMap - Automatic Server-Side Template Injection Detection and Exploitation Tool.
  • Yasuo - A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network.
  • W3af - Web application attack and audit framework.
  • Wapiti - Web application vulnerability scanner.
  • Weevely3 - Weaponized web shell.
  • WhatWeb - Website Fingerprinter.
  • Wordpress Exploit Framework - A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
  • WPScan - WPScan is a black box WordPress vulnerability scanner.
  • WPSploit - Exploiting Wordpress With Metasploit.
  • WS-Attacker - A modular framework for web services penetration testing.
  • Zed Attack Proxy (ZAP) - The OWASP ZAP core project.

Wireless

  • Aircrack-ng - An 802.11 WEP and WPA-PSK keys cracking program.
  • Kismet - Wireless network detector, sniffer, and IDS.
  • LANs.py - Inject code, jam wifi, and spy on wifi users.
  • Mass-deauth - A script for 802.11 mass-deauthentication.
  • Reaver - Brute force attack against Wifi Protected Setup.
  • Wifikill - A python program to kick people off of wifi.
  • Wifijammer - Continuously jam all wifi clients/routers.
  • Wifite - Automated wireless attack tool.
  • Wifiphisher - Automated phishing attacks against Wi-Fi networks.

Security

Endpoint Security

  • AIDE - Advanced Intrusion Detection Environment is a file and directory integrity checker.
  • Duckhunt - Prevent RubberDucky (or other keystroke injection) attacks.

Privacy

  • I2P - The Invisible Internet Project.
  • Nipe - A script to make Tor Network your default gateway.
  • SecureDrop - Open-source whistleblower submission system that media organizations can use to securely accept documents from and communicate with anonymous sources.
  • Tor - The free software for enabling onion routing online anonymity.

Reverse Engineering

  • AndBug - A debugger targeting the Android platform’s Dalvik virtual machine intended for reverse engineers and developers.
  • Angr - A platform-agnostic binary analysis framework developed by the Computer Security Lab at UC Santa Barbara and their associated CTF team, Shellphish.
  • Apk2Gold - Yet another Android decompiler.
  • ApkTool - A tool for reverse engineering Android apk files.
  • Barf - Binary Analysis and Reverse engineering Framework.
  • BinText - A small, very fast and powerful text extractor.
  • BinWalk - Analyze, reverse engineer, and extract firmware images.
  • Boomerang - Decompile x86 binaries to C.
  • Bytecode-viewer - A Java 8 Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More).
  • Bytecode_graph - Module designed to modify Python bytecode. Allows instructions to be added or removed from a Python bytecode string.
  • Capstone - Lightweight multi-platform, multi-architecture disassembly framework with Python bindings.
  • CHIPSEC - Platform Security Assessment Framework.
  • Coda - Coredump analyzer.
  • Ctf_import – Run basic functions from stripped binaries cross platform.
  • Edb - A cross platform x86/x86-64 debugger.
  • Dex2jar - Tools to work with android .dex and java .class files.
  • Distorm - Powerful Disassembler Library For x86/AMD64.
  • DotPeek - A free-of-charge .NET decompiler from JetBrains.
  • Enjarify - A tool for translating Dalvik bytecode to equivalent Java bytecode. This allows Java analysis tools to analyze Android applications.
  • Fibratus - Tool for exploration and tracing of the Windows kernel.
  • Fino - An Android Dynamic Analysis Tool.
  • Flare-ida - IDA Pro utilities from FLARE team.
  • Frida - Inject JavaScript to explore native apps on Windows, macOS, Linux, iOS, Android, and QNX.
  • Gdb-dashboard - Modular visual interface for GDB in Python.
  • GEF - Multi-Architecture GDB Enhanced Features for Exploiters & Reverse-Engineers.
  • Hopper - A OS X and Linux Disassembler/Decompiler for 32/64 bit Windows/Mac/Linux/iOS executables.
  • Idaemu - Is an IDA Pro Plugin, use for emulating code in IDA Pro.
  • IDA Free - The freeware version of IDA.
  • IDA Patcher - IDA Patcher is a plugin for Hex-Ray’s IDA Pro disassembler designed to enhance IDA’s ability to patch binary files and memory.
  • IDA Pomidor - IDA Pomidor is a plugin for Hex-Ray’s IDA Pro disassembler that will help you retain concentration and productivity during long reversing sessions.
  • IDA Pro - A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger.
  • IDA Sploiter - IDA Sploiter is a plugin for Hex-Ray’s IDA Pro disassembler designed to enhance IDA’s capabilities as an exploit development and vulnerability research tool.
  • IDAPython - An IDA plugin which makes it possible to write scripts for IDA in the Python programming language.
  • Immunity Debugger - A powerful new way to write exploits and analyze malware.
  • JAD - JAD Java Decompiler.
  • Jadx - Decompile Android files.
  • JD-GUI - Aims to develop tools in order to decompile and analyze Java 5 “byte code” and the later versions.
  • Keystone Engine - A lightweight multi-platform, multi-architecture assembler framework.
  • Krakatau - Java decompiler, assembler, and disassembler.
  • Manticore - Prototyping tool for dynamic binary analysis, with support for symbolic execution, taint analysis, and binary instrumentation.
  • MARA Framework - A Mobile Application Reverse engineering and Analysis Framework.
  • Medusa - A disassembler designed to be both modular and interactive.
  • Mona.py - PyCommand for Immunity Debugger that replaces and improves on pvefindaddr.
  • OllyDbg - An x86 debugger that emphasizes binary code analysis.
  • Paimei - Reverse engineering framework, includes PyDBG, PIDA, pGRAPH.
  • PEDA - Python Exploit Development Assistance for GDB.
  • Plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
  • Procyon - A modern open-source Java decompiler.
  • Pyew - Command line hexadecimal editor and disassembler, mainly to analyze malware.
  • Qira - QEMU Interactive Runtime Analyser.
  • R2MSDN - R2 plugin to add MSDN documentation URLs and parameter names to imported function calls.
  • RABCDAsm - Robust ABC (ActionScript Bytecode) [Dis-]Assembler.
  • Radare2 - Opensource, crossplatform reverse engineering framework.
  • Redexer - A reengineering tool that manipulates Android app binaries.
  • ScratchABit - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API.
  • Simplify - Generic Android Deobfuscator.
  • Smali - Smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android’s Java VM implementation.
  • Toolbag - The IDA Toolbag is a plugin providing supplemental functionality to Hex-Rays IDA Pro disassembler.
  • Ufgraph - A simple script which parses the output of the uf (un-assemble function) command in windbg and uses graphviz to generate a control flow graph as a PNG/SVG/PDF/GIF (see -of option) and displays it.
  • Uncompyle - Decompile Python 2.7 binaries (.pyc).
  • Unicorn Engine - A lightweight, multi-platform, multi-architecture CPU emulator framework based on QEMU.
  • Voltron - An extensible debugger UI toolkit written in Python. It aims to improve the user experience of various debuggers (LLDB, GDB, VDB and WinDbg) by enabling the attachment of utility views that can retrieve and display data from the debugger host.
  • WinDbg - Windows Driver Kit and WinDbg.
  • WinHex - A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security.
  • Unlinker - Unlinker is a tool that can rip functions out of Visual C++ compiled binaries and produce Visual C++ COFF object files.
  • UPX - The Ultimate Packer for eXecutables.
  • X64_dbg - An open-source x64/x32 debugger for windows.
  • Xxxswf - A Python script for analyzing Flash files.
  • YaCo - An Hex-Rays IDA plugin. When enabled, multiple users can work simultaneously on the same binary. Any modification done by any user is synchronized through git version control.

Social Engineering

Framework

  • SET - The Social-Engineer Toolkit from TrustedSec.

Harvester

  • Creepy - A geolocation OSINT tool.
  • Github-dorks - CLI tool to scan github repos/organizations for potential sensitive information leak.
  • Maltego - Proprietary software for open source intelligence and forensics, from Paterva.
  • Metagoofil - Metadata harvester.
  • TheHarvester - E-mail, subdomain and people names harvester.
  • TTSL - Tool to scrape LinkedIn.

Phishing

  • Whatsapp-phishing - Proof of principle code for running a phishing attack against the official Whatsapp Web client.