Reconnaissance Tools
The ZMap Project
The ZMap Project is an open-source initiative focused on developing high-speed network scanning tools for Internet-wide security research.
DNSDumpster
DNSDumpster is an online tool used for passive DNS reconnaissance, providing information on domain names, IP addresses, and related DNS records for security analysis.
Dnsmap
Dnsmap is a tool used for discovering subdomains of a domain through DNS enumeration.
PassiveDNS::Client
PassiveDNS::Client is a Perl module for querying historical DNS data, enabling programmatic access to past DNS records for cybersecurity investigations.
SMBMap
SMBMap is a tool for enumerating and auditing SMB shares to identify accessible files on a network.
ScanCannon v1.1
ScanCannon v1.1 automates network reconnaissance by combining Nmap and Masscan for efficient port scanning.
Nmap.org
Nmap.org is the official website for Nmap, a widely used open-source network scanning tool for security auditing and network discovery.
CloudFail
CloudFail is a tool that identifies misconfigurations to reveal the real IP behind Cloudflare protection.
DNSRecon
DNSRecon is a tool for DNS enumeration and reconnaissance, including DNS record collection and subdomain discovery.
passivedns
PassiveDNS collects and stores historical DNS records for cybersecurity analysis and tracking of domain activities.
XRAY
XRAY is a security assessment tool used for vulnerability scanning and detection across web applications and networks.
Fierce
Fierce is a DNS reconnaissance tool used to find non-contiguous IP spaces and discover subdomains.
Scanless
Scanless is a tool that allows users to perform port scans through third-party websites, helping to mask the origin of the scan.
dnsenum
Dnsenum is a tool for DNS enumeration, used to gather information about DNS records and subdomains.
dnstracer
Dnstracer traces the path of DNS queries to identify the DNS servers resolving a domain.
MASSCAN
Masscan is a fast port scanner capable of scanning the entire Internet in minutes for large-scale reconnaissance.
ACLight
ACLight is a tool for auditing and identifying excessive permissions and privilege escalation paths in Active Directory environments.
Vulnerability Scanners
Network Vulnerability Scanners
Intercepter-NG
Intercepter-NG is a network security tool for intercepting, analyzing, and manipulating network traffic.
dsniff
dsniff is a collection of tools for network auditing and penetration testing, specializing in sniffing and traffic interception.
RouterSploit
RouterSploit is an open-source exploitation framework, similar to Metasploit, but focused on vulnerabilities in embedded devices.
dnstwist
dnstwist is a domain name permutation engine used to detect typo squatting, phishing, and corporate espionage threats.
NetworkMiner
NetworkMiner is a Network Forensic Analysis Tool (NFAT) used for passive network traffic analysis and packet capture.
SPARTA
SPARTA is a network scanning and enumeration tool for automating service discovery and vulnerability analysis.
Scapy
Scapy is a Python-based interactive program and library for packet manipulation, allowing custom packet creation, sending, sniffing, and network analysis.
CrackMapExec
CrackMapExec is a versatile tool, often called the "Swiss army knife" for network penetration testing.
THC Hydra
THC Hydra is an online password cracking tool that supports numerous network protocols, including HTTP, SMB, FTP, telnet, MySQL, LDAP, and more.
Firesheep
Firesheep is a free program designed for HTTP session hijacking attacks, allowing interception of unencrypted cookies over a network.
Zarp
Zarp is a network attack tool focused on exploiting vulnerabilities in local networks.
PRET
Printer Exploitation Toolkit (PRET) is a printer security testing tool for exploiting PostScript, PJL, and PCL features over IP and USB.
Impacket
Impacket is a collection of Python classes for working with and implementing various network protocols.
hping3
hping3 is a network tool capable of crafting and sending custom TCP/IP packets for various network testing purposes.
Web Vulnerability Scanners
Netsparker Application Security Scanner
Netsparker Application Security Scanner is an automated tool for detecting security vulnerabilities in web applications.
w3af
w3af is a web application attack and audit framework used for identifying and exploiting vulnerabilities in web applications.
CMS-Explorer
CMS-Explorer is a tool that reveals the specific modules, plugins, components, and themes used by websites running content management systems.
SQLmate
SQLmate is a companion tool to sqlmap, designed to identify SQL injection vulnerabilities using a given dork and, optionally, a website.
Nikto
Nikto is a fast, but noisy, black-box web server and web application vulnerability scanner.
Wapiti
Wapiti is a black-box web application vulnerability scanner with a built-in fuzzer for discovering security flaws.
JoomScan
JoomScan is a vulnerability scanner specifically designed for detecting security flaws in Joomla websites.
JCS
JCS is a Joomla Vulnerability Component Scanner that automatically updates its database with vulnerabilities from ExploitDB and Packetstorm.
Arachni
Arachni is a scriptable framework designed for evaluating the security of web applications.
SecApps
SecApps is an in-browser web application security testing suite for identifying vulnerabilities directly from the browser.
ACSTIS
ACSTIS is an automated tool for detecting client-side template injection vulnerabilities and sandbox bypasses in AngularJS applications.
DDoS Tools
LOIC
LOIC is an open-source network stress testing tool for Windows, commonly used for launching denial-of-service (DoS) attacks.
HOIC
HOIC (High Orbit Ion Cannon) is an updated version of LOIC, featuring "boosters" to bypass common countermeasures during DoS attacks.
JS LOIC
JS LOIC is a JavaScript-based, in-browser version of the LOIC network stress testing tool.
T50
T50 is a high-speed network stress testing tool designed for fast and efficient DoS attacks.
SlowLoris
SlowLoris is a DoS tool that consumes minimal bandwidth on the attacking side to slowly exhaust the target server's resources.
Memcrashed
Memcrashed is a DDoS attack tool that sends forged UDP packets to vulnerable Memcached servers, leveraging data from the Shodan API.
OSINT Tools
theHarvester
theHarvester is a tool for gathering email addresses, subdomains, and people’s names from various public sources.
metagoofil
Metagoofil is a metadata harvester that extracts metadata from publicly available documents to gather sensitive information.
Shodan
Shodan is the world’s first search engine for discovering and analyzing internet-connected devices.
Sn1per
Sn1per is an automated penetration testing reconnaissance scanner designed to identify vulnerabilities and gather intelligence on target systems.
PacketTotal
PacketTotal is a free tool for analyzing packet captures to quickly detect network malware using Bro and Suricata signatures.
SimplyEmail
SimplyEmail is a tool designed to simplify and speed up email reconnaissance during information gathering.
Google Hacking Database
Google Hacking Database is a collection of Google dorks used for reconnaissance by uncovering sensitive information through advanced search queries.
sn0int
sn0int is a semi-automatic OSINT framework and package manager designed for conducting structured information gathering.
fast-recon
fast-recon is a tool that performs Google dorks to quickly gather information about a domain.
Hunter.io
Hunter.io is a data broker that provides a web search interface for finding email addresses and organizational details of companies.
creepy
Creepy is a geolocation OSINT tool used to gather location-based information from social media and other online platforms.
Censys
Censys is a platform that collects data on hosts and websites through daily scans using ZMap and ZGrab, offering insights into internet infrastructure and security.
Github Dorks
github-dorks is a CLI tool used to scan GitHub repositories and organizations for potential sensitive information leaks.
DataSploit
DataSploit is an OSINT visualizer that uses tools like Shodan, Censys, and Zoomeye for data collection.
OSINT-SPY
OSINT-SPY is a tool that performs OSINT scans on email addresses, domain names, IP addresses, or organizations.
Social Engineering Tools
The Social-Engineer Toolkit (SET)
Social Engineer Toolkit (SET) is an open-source pentesting framework for creating realistic social engineering attacks quickly.
Evilginx2
Evilginx2 is a standalone man-in-the-middle attack framework used primarily for phishing credentials and session hijacking.
Beelogger
Beelogger is a tool used for generating keyloggers to capture keystrokes from target systems.
Gophish
Gophish is an open-source phishing framework designed for running and managing phishing campaigns.
Modlishka
Modlishka is a flexible and powerful reverse proxy designed for real-time phishing, including bypassing two-factor authentication (2FA).
King Phisher
King Phisher is a toolkit for creating and managing phishing campaigns with customizable emails and server content.
wifiphisher
Wifiphisher is a tool that automates phishing attacks against WiFi networks to steal credentials or capture traffic.
FiercePhish
FiercePhish is a full-fledged phishing framework for managing and automating all phases of phishing campaigns.
Phishery
Phishery is a TLS/SSL-enabled Basic Auth credential harvester used for phishing attacks.
Evilginx
Evilginx is a MITM attack framework designed for phishing credentials and session cookies from web services.
Catphish
Catphish is a Ruby-based tool designed for phishing and corporate espionage.
SocialFish
SocialFish is a social media phishing framework that can be run on an Android phone or within a Docker container.
ReelPhish
ReelPhish is a real-time phishing tool designed to bypass two-factor authentication (2FA).
Web Exploitation
Fiddler
Fiddler is a free, cross-platform web debugging proxy with user-friendly tools for inspecting and modifying network traffic.
Offensive Web Testing Framework (OWTF)
Offensive Web Testing Framework (OWTF) is a Python-based penetration testing framework for web applications, built around the OWASP Testing Guide.
SQLmap
SQLmap is an automated tool for detecting and exploiting SQL injection vulnerabilities and taking over databases.
Wappalyzer
Wappalyzer is a tool that uncovers the technologies and software used on websites.
wafw00f
wafw00f is a tool used to identify and fingerprint Web Application Firewall (WAF) products on web applications.
liffy
Liffy is a tool designed specifically for exploiting Local File Inclusion (LFI) vulnerabilities.
GitTools
GitTools is a set of tools designed to automatically find and download web-accessible .git repositories.
FuzzDB
FuzzDB is a dictionary of attack patterns and primitives for black-box fault injection and resource discovery.
Raccoon
Raccoon is a high-performance offensive security tool designed for reconnaissance and vulnerability scanning.
Burp Suite
Burp Suite is an integrated platform used for performing security testing of web applications.
Wordpress Exploit Framework
WordPress Exploit Framework is a Ruby framework for creating and using modules to pentest WordPress sites.
tplmap
Tplmap is an automated tool for exploiting server-side template injection vulnerabilities and taking over web servers.
WhatWeb
WhatWeb is a website fingerprinting tool used to identify technologies and software running on websites.
fimap
fimap is a tool designed to find, audit, exploit, and automate the search for Local File Inclusion (LFI) and Remote File Inclusion (RFI) vulnerabilities.
Commix
Commix is an automated all-in-one tool for detecting and exploiting operating system command injection vulnerabilities.
NoSQLmap
NoSQLmap is an automated tool for detecting NoSQL injection vulnerabilities and taking over NoSQL databases.
webscreenshot
webscreenshot is a simple script that captures screenshots of a list of websites.
WhatWaf
WhatWaf is a tool used to detect and bypass web application firewalls and protection systems.
Browser Exploitation Framework (BeEF)
Browser Exploitation Framework (BeEF) is a command and control server used to deliver exploits and payloads to compromised web browsers.
WPSploit
WPSploit is a tool that integrates with Metasploit to exploit vulnerabilities in WordPress-powered websites.
weevely3
Weevely3 is a weaponized web shell used for remote access and post-exploitation in compromised web environments.
BlindElephant
BlindElephant is a web application fingerprinting tool that identifies versions of web applications by analyzing static files.
Kadabra
Kadabra is an automatic tool for scanning and exploiting Local File Inclusion (LFI) vulnerabilities.
DVCS Ripper
DVCS Ripper is a tool used to rip and retrieve web-accessible distributed version control systems like SVN, GIT, HG, and BZR.
VHostScan
VHostScan is a virtual host scanner that detects catch-all scenarios, aliases, and dynamic default pages, with reverse lookup capabilities.
recursebuster
recursebuster is a content discovery tool used for directory and file brute-forcing on web servers.
badtouch
badtouch is a scriptable network authentication cracker designed for testing and cracking network authentication protocols.
Anti-virus Evasion Tools
Hyperion
Hyperion is a runtime encryptor for 32-bit portable executables (PE files), used to obfuscate malware and bypass antivirus detection.
peCloakCapstone
peCloakCapstone is a multi-platform fork of peCloak.py, designed for automating malware antivirus evasion.
AntiVirus Evasion Tool (AVET)
AntiVirus Evasion Tool (AVET) is a tool for modifying Windows exploits to avoid antivirus detection.
Shellter
Shellter is a dynamic shellcode injection tool and the first truly dynamic PE infector ever created, used for obfuscating executables.
peCloak.py
peCloak.py automates the process of concealing malicious Windows executables to evade antivirus detection.
Hash Cracking Tools
John the Ripper
John the Ripper is a fast password cracking tool used for recovering weak passwords.
JWT Cracker
JWT Cracker is a simple brute force tool for cracking HS256 JWT tokens.
Hashcat
Hashcat is a highly efficient and fast hash cracking tool used for password recovery and cryptographic hash cracking.
BruteForce Wallet
BruteForce Wallet is a tool used to find the password of an encrypted wallet file, such as wallet.dat.
CeWL
CeWL is a tool that generates custom wordlists by spidering a target's website and extracting unique words.
StegCracker
StegCracker is a steganography brute-force tool used to uncover hidden data within files.
Proxies and MITM Tools
dnschef
Dnschef is a highly configurable DNS proxy designed for penetration testers to spoof and monitor DNS traffic.
Mallory
Mallory is an HTTP/HTTPS proxy that operates over SSH for secure interception and manipulation of web traffic.
Ettercap
Ettercap is a comprehensive and mature suite designed for conducting machine-in-the-middle (MITM) attacks on networks.
Lambda-Proxy
Lambda-Proxy is a utility used for testing SQL injection vulnerabilities in AWS Lambda serverless functions.
mitmproxy
mitmproxy is an interactive TLS-capable HTTP proxy for intercepting and analyzing web traffic.
SSH MITM
SSH MITM is a tool that intercepts SSH connections via a proxy, logging all plaintext passwords and session data to disk.
BetterCAP
BetterCAP is a modular, portable, and easily extensible man-in-the-middle (MITM) attack framework.
Morpheus
Morpheus is an automated TCP/IP hijacking tool that uses Ettercap for network attacks.
evilgrade
Evilgrade is a modular framework that exploits weak software update mechanisms by injecting malicious fake updates.
MITMf
MITMf is a framework specifically designed for performing man-in-the-middle (MITM) attacks.
Wireless Network Tools
Aircrack-ng
Aircrack-ng is a suite of tools designed for auditing and securing wireless networks.
Wifite
Wifite is an automated tool for launching wireless network attacks, including WEP, WPA, and WPS.
Cowpatty
Cowpatty is a tool used to perform brute-force dictionary attacks against WPA-PSK (Pre-Shared Key) networks.
KRACK Detector
KRACK Detector is a tool used to detect and prevent KRACK attacks on WPA2 networks.
Kismet
Kismet is a wireless network detector, sniffer, and intrusion detection system (IDS).
Fluxion
Fluxion is a suite of automated social engineering-based WPA attacks designed to capture WPA/WPA2 credentials.
Infernal-Twin
Infernal-Twin is an automated wireless hacking tool designed for launching various WiFi attacks, including rogue access points.
Wifi-arsenal
wifi-arsenal is a collection of tools and resources specifically curated for Wi-Fi penetration testing.
Reaver
Reaver is a tool used to perform brute-force attacks against WiFi Protected Setup (WPS) to recover WPA/WPA2 passphrases.
Airgeddon
Airgeddon is a multi-use bash script for Linux systems designed to audit and attack wireless networks.
krackattacks-scripts
Airgeddon is a multi-use bash script for Linux systems designed to audit and attack wireless networks.
WiFi-Pumpkin
WiFi-Pumpkin is a framework designed to create rogue Wi-Fi access points for conducting man-in-the-middle and other wireless attacks.
Anonymity Tools
Tor
Tor is free software and an onion-routed overlay network that helps protect users from traffic analysis and enhance privacy online.
Nipe
Nipe is a script that redirects all network traffic from a machine through the Tor network for anonymity.
OnionScan
OnionScan is a tool used to investigate the Dark Web by identifying operational security issues in Tor hidden services.
Oregano
Oregano is a Python module that acts as a machine-in-the-middle (MITM) to intercept and handle Tor client requests.
I2P
I2P is an anonymous overlay network for secure and private communication through encrypted routing.
Kalitorify
kalitorify is a transparent proxy tool for Kali Linux that routes all network traffic through the Tor network.
Reverse Engineering Tools
Interactive Disassembler (IDA Pro)
Interactive Disassembler (IDA Pro) is a proprietary multi-processor disassembler and debugger, with a free version called IDA Free.
x64dbg
x64dbg is an open-source x64/x32 debugger for Windows.
plasma
Plasma is an interactive disassembler for x86, ARM, and MIPS architectures, generating indented pseudo-code with colored syntax.
Binwalk
Binwalk is a fast, easy-to-use tool for analyzing, reverse engineering, and extracting firmware images.
Capstone
Capstone is a lightweight, multi-platform, and multi-architecture disassembly framework.
Boxxy
Boxxy is a linkable sandbox exploration tool used to analyze and inspect sandboxed environments.
WDK/WinDbg
WDK/WinDbg is the Windows Driver Kit and a powerful Windows debugger tool.
Evan's Debugger
Evan's Debugger is an OllyDbg-like debugger designed for GNU/Linux systems.
PEDA
PEDA (Python Exploit Development Assistance for GDB) is a Python-based tool that enhances GDB with exploit development features.
PyREBox
PyREBox is a Python-scriptable reverse engineering sandbox developed by Cisco-Talos for dynamic malware analysis and system inspection.
rVMI
rVMI is a robust debugger for inspecting userspace processes, kernel drivers, and preboot environments in one tool.
pwndbg
pwndbg is a GDB plugin that simplifies debugging for low-level developers, hardware hackers, and exploit developers.
Radare2
Radare2 is an open-source, cross-platform reverse engineering framework.
Medusa
Medusa is an open-source, cross-platform interactive disassembler used for reverse engineering.
dnSpy
dnSpy is a tool used to reverse engineer and debug .NET assemblies.
Voltron
Voltron is an extensible debugger user interface (UI) toolkit written in Python, designed to enhance various debuggers.
Frida
Frida is a dynamic instrumentation toolkit for developers, reverse engineers, and security researchers.
Exfiltration Tools
DET
DET is a proof-of-concept tool for performing data exfiltration using single or multiple channels simultaneously.
Iodine
Iodine tunnels IPv4 data through DNS, useful for exfiltration in firewalled networks that allow DNS queries.
pwnat
pwnat is a tool that punches holes in firewalls and NATs, enabling unsolicited inbound connections.
tgcd
tgcd is a simple Unix network utility that extends the accessibility of TCP/IP-based network services through firewalls.
Protocol Analyzers and Sniffers
tcpdump/libpcap
tcpdump/libpcap is a commonly used command-line packet analyzer for capturing and analyzing network traffic.
Dshell
Dshell is a network forensic analysis framework used to investigate and analyze network traffic.
sniffglue
sniffglue is a secure, multithreaded packet sniffer designed for efficient network traffic analysis.
Wireshark
Wireshark is a widely-used, graphical, cross-platform network protocol analyzer for capturing and analyzing network traffic.
Debookee
Debookee is a simple yet powerful network traffic analyzer designed for macOS.
netsniff-ng
netsniff-ng is a versatile tool, often called the Swiss army knife, for network sniffing and traffic analysis.
Netzob
Netzob is a tool for reverse engineering, traffic generation, and fuzzing of communication protocols.
Transport Layer Security Tools
SSLyze
SSLyze is a fast and comprehensive TLS/SSL configuration analyzer used to identify security misconfigurations.
crackpkcs12
Crackpkcs12 is a multithreaded tool used to crack PKCS#12 files (with .p12 and .pfx extensions), like TLS/SSL certificates.
TLS Prober
tls_prober is a tool used to fingerprint a server's SSL/TLS implementation for security analysis.
Testssl.sh
testssl.sh is a command-line tool that checks a server's TLS/SSL ciphers, protocols, and cryptographic flaws.
Side-channel Tools
ChipWhisperer
ChipWhisperer is a complete open-source toolchain for conducting side-channel power analysis and glitching attacks.
CTF Tools
ctf-tools
ctf-tools is a collection of scripts for quickly installing security research tools on new machines.
Shellpop
shellpop is a tool that quickly generates sophisticated reverse or bind shell commands to streamline penetration testing.
Pwntools
Pwntools is a rapid exploit development framework designed for use in Capture The Flag (CTF) competitions.
RsaCtfTool
RsaCtfTool is a tool used to decrypt data encrypted with weak RSA keys and recover private keys from public keys using automated attacks.