Sunday, September 15, 2024

Reconnaissance Tools

The ZMap Project

The ZMap Project is an open-source initiative focused on developing high-speed network scanning tools for Internet-wide security research.

DNSDumpster

DNSDumpster is an online tool used for passive DNS reconnaissance, providing information on domain names, IP addresses, and related DNS records for security analysis.

Dnsmap

Dnsmap is a tool used for discovering subdomains of a domain through DNS enumeration.

PassiveDNS::Client

PassiveDNS::Client is a Perl module for querying historical DNS data, enabling programmatic access to past DNS records for cybersecurity investigations.

SMBMap

SMBMap is a tool for enumerating and auditing SMB shares to identify accessible files on a network.

ScanCannon v1.1

ScanCannon v1.1 automates network reconnaissance by combining Nmap and Masscan for efficient port scanning.

Nmap.org

Nmap.org is the official website for Nmap, a widely used open-source network scanning tool for security auditing and network discovery.

CloudFail

CloudFail is a tool that identifies misconfigurations to reveal the real IP behind Cloudflare protection.

DNSRecon

DNSRecon is a tool for DNS enumeration and reconnaissance, including DNS record collection and subdomain discovery.

passivedns

PassiveDNS collects and stores historical DNS records for cybersecurity analysis and tracking of domain activities.

XRAY

XRAY is a security assessment tool used for vulnerability scanning and detection across web applications and networks.

Fierce

Fierce is a DNS reconnaissance tool used to find non-contiguous IP spaces and discover subdomains.

Scanless

Scanless is a tool that allows users to perform port scans through third-party websites, helping to mask the origin of the scan.

dnsenum

Dnsenum is a tool for DNS enumeration, used to gather information about DNS records and subdomains.

dnstracer

Dnstracer traces the path of DNS queries to identify the DNS servers resolving a domain.

MASSCAN

Masscan is a fast port scanner capable of scanning the entire Internet in minutes for large-scale reconnaissance.

ACLight

ACLight is a tool for auditing and identifying excessive permissions and privilege escalation paths in Active Directory environments.

Vulnerability Scanners

Network Vulnerability Scanners

Intercepter-NG

Intercepter-NG is a network security tool for intercepting, analyzing, and manipulating network traffic.

dsniff

dsniff is a collection of tools for network auditing and penetration testing, specializing in sniffing and traffic interception.

RouterSploit

RouterSploit is an open-source exploitation framework, similar to Metasploit, but focused on vulnerabilities in embedded devices.

dnstwist

dnstwist is a domain name permutation engine used to detect typo squatting, phishing, and corporate espionage threats.

NetworkMiner

NetworkMiner is a Network Forensic Analysis Tool (NFAT) used for passive network traffic analysis and packet capture.

SPARTA

SPARTA is a network scanning and enumeration tool for automating service discovery and vulnerability analysis.

Scapy

Scapy is a Python-based interactive program and library for packet manipulation, allowing custom packet creation, sending, sniffing, and network analysis.

CrackMapExec

CrackMapExec is a versatile tool, often called the "Swiss army knife" for network penetration testing.

THC Hydra

THC Hydra is an online password cracking tool that supports numerous network protocols, including HTTP, SMB, FTP, telnet, MySQL, LDAP, and more.

Firesheep

Firesheep is a free program designed for HTTP session hijacking attacks, allowing interception of unencrypted cookies over a network.

Zarp

Zarp is a network attack tool focused on exploiting vulnerabilities in local networks.

PRET

Printer Exploitation Toolkit (PRET) is a printer security testing tool for exploiting PostScript, PJL, and PCL features over IP and USB.

Impacket

Impacket is a collection of Python classes for working with and implementing various network protocols.

hping3

hping3 is a network tool capable of crafting and sending custom TCP/IP packets for various network testing purposes.

Web Vulnerability Scanners

Netsparker Application Security Scanner

Netsparker Application Security Scanner is an automated tool for detecting security vulnerabilities in web applications.

w3af

w3af is a web application attack and audit framework used for identifying and exploiting vulnerabilities in web applications.

CMS-Explorer

CMS-Explorer is a tool that reveals the specific modules, plugins, components, and themes used by websites running content management systems.

SQLmate

SQLmate is a companion tool to sqlmap, designed to identify SQL injection vulnerabilities using a given dork and, optionally, a website.

Nikto

Nikto is a fast, but noisy, black-box web server and web application vulnerability scanner.

Wapiti

Wapiti is a black-box web application vulnerability scanner with a built-in fuzzer for discovering security flaws.

JoomScan

JoomScan is a vulnerability scanner specifically designed for detecting security flaws in Joomla websites.

JCS

JCS is a Joomla Vulnerability Component Scanner that automatically updates its database with vulnerabilities from ExploitDB and Packetstorm.

Arachni

Arachni is a scriptable framework designed for evaluating the security of web applications.

SecApps

SecApps is an in-browser web application security testing suite for identifying vulnerabilities directly from the browser.

ACSTIS

ACSTIS is an automated tool for detecting client-side template injection vulnerabilities and sandbox bypasses in AngularJS applications.

DDoS Tools

LOIC

LOIC is an open-source network stress testing tool for Windows, commonly used for launching denial-of-service (DoS) attacks.

HOIC

HOIC (High Orbit Ion Cannon) is an updated version of LOIC, featuring "boosters" to bypass common countermeasures during DoS attacks.

JS LOIC

JS LOIC is a JavaScript-based, in-browser version of the LOIC network stress testing tool.

T50

T50 is a high-speed network stress testing tool designed for fast and efficient DoS attacks.

SlowLoris

SlowLoris is a DoS tool that consumes minimal bandwidth on the attacking side to slowly exhaust the target server's resources.

Memcrashed

Memcrashed is a DDoS attack tool that sends forged UDP packets to vulnerable Memcached servers, leveraging data from the Shodan API.

OSINT Tools

theHarvester

theHarvester is a tool for gathering email addresses, subdomains, and people’s names from various public sources.

metagoofil

Metagoofil is a metadata harvester that extracts metadata from publicly available documents to gather sensitive information.

Shodan

Shodan is the world’s first search engine for discovering and analyzing internet-connected devices.

Sn1per

Sn1per is an automated penetration testing reconnaissance scanner designed to identify vulnerabilities and gather intelligence on target systems.

PacketTotal

PacketTotal is a free tool for analyzing packet captures to quickly detect network malware using Bro and Suricata signatures.

SimplyEmail

SimplyEmail is a tool designed to simplify and speed up email reconnaissance during information gathering.

Google Hacking Database

Google Hacking Database is a collection of Google dorks used for reconnaissance by uncovering sensitive information through advanced search queries.

sn0int

sn0int is a semi-automatic OSINT framework and package manager designed for conducting structured information gathering.

fast-recon

fast-recon is a tool that performs Google dorks to quickly gather information about a domain.

Hunter.io

Hunter.io is a data broker that provides a web search interface for finding email addresses and organizational details of companies.

creepy

Creepy is a geolocation OSINT tool used to gather location-based information from social media and other online platforms.

Censys

Censys is a platform that collects data on hosts and websites through daily scans using ZMap and ZGrab, offering insights into internet infrastructure and security.

Github Dorks

github-dorks is a CLI tool used to scan GitHub repositories and organizations for potential sensitive information leaks.

DataSploit

DataSploit is an OSINT visualizer that uses tools like Shodan, Censys, and Zoomeye for data collection.

OSINT-SPY

OSINT-SPY is a tool that performs OSINT scans on email addresses, domain names, IP addresses, or organizations.

Social Engineering Tools

The Social-Engineer Toolkit (SET)

Social Engineer Toolkit (SET) is an open-source pentesting framework for creating realistic social engineering attacks quickly.

Evilginx2

Evilginx2 is a standalone man-in-the-middle attack framework used primarily for phishing credentials and session hijacking.

Beelogger

Beelogger is a tool used for generating keyloggers to capture keystrokes from target systems.

Gophish

Gophish is an open-source phishing framework designed for running and managing phishing campaigns.

Modlishka

Modlishka is a flexible and powerful reverse proxy designed for real-time phishing, including bypassing two-factor authentication (2FA).

King Phisher

King Phisher is a toolkit for creating and managing phishing campaigns with customizable emails and server content.

wifiphisher

Wifiphisher is a tool that automates phishing attacks against WiFi networks to steal credentials or capture traffic.

FiercePhish

FiercePhish is a full-fledged phishing framework for managing and automating all phases of phishing campaigns.

Phishery

Phishery is a TLS/SSL-enabled Basic Auth credential harvester used for phishing attacks.

Evilginx

Evilginx is a MITM attack framework designed for phishing credentials and session cookies from web services.

Catphish

Catphish is a Ruby-based tool designed for phishing and corporate espionage.

SocialFish

SocialFish is a social media phishing framework that can be run on an Android phone or within a Docker container.

ReelPhish

ReelPhish is a real-time phishing tool designed to bypass two-factor authentication (2FA).

Web Exploitation

Fiddler

Fiddler is a free, cross-platform web debugging proxy with user-friendly tools for inspecting and modifying network traffic.

Offensive Web Testing Framework (OWTF)

Offensive Web Testing Framework (OWTF) is a Python-based penetration testing framework for web applications, built around the OWASP Testing Guide.

SQLmap

SQLmap is an automated tool for detecting and exploiting SQL injection vulnerabilities and taking over databases.

Wappalyzer

Wappalyzer is a tool that uncovers the technologies and software used on websites.

wafw00f

wafw00f is a tool used to identify and fingerprint Web Application Firewall (WAF) products on web applications.

liffy

Liffy is a tool designed specifically for exploiting Local File Inclusion (LFI) vulnerabilities.

GitTools

GitTools is a set of tools designed to automatically find and download web-accessible .git repositories.

FuzzDB

FuzzDB is a dictionary of attack patterns and primitives for black-box fault injection and resource discovery.

Raccoon

Raccoon is a high-performance offensive security tool designed for reconnaissance and vulnerability scanning.

Burp Suite

Burp Suite is an integrated platform used for performing security testing of web applications.

Wordpress Exploit Framework

WordPress Exploit Framework is a Ruby framework for creating and using modules to pentest WordPress sites.

tplmap

Tplmap is an automated tool for exploiting server-side template injection vulnerabilities and taking over web servers.

WhatWeb

WhatWeb is a website fingerprinting tool used to identify technologies and software running on websites.

fimap

fimap is a tool designed to find, audit, exploit, and automate the search for Local File Inclusion (LFI) and Remote File Inclusion (RFI) vulnerabilities.

Commix

Commix is an automated all-in-one tool for detecting and exploiting operating system command injection vulnerabilities.

NoSQLmap

NoSQLmap is an automated tool for detecting NoSQL injection vulnerabilities and taking over NoSQL databases.

webscreenshot

webscreenshot is a simple script that captures screenshots of a list of websites.

WhatWaf

WhatWaf is a tool used to detect and bypass web application firewalls and protection systems.

Browser Exploitation Framework (BeEF)

Browser Exploitation Framework (BeEF) is a command and control server used to deliver exploits and payloads to compromised web browsers.

WPSploit

WPSploit is a tool that integrates with Metasploit to exploit vulnerabilities in WordPress-powered websites.

weevely3

Weevely3 is a weaponized web shell used for remote access and post-exploitation in compromised web environments.

BlindElephant

BlindElephant is a web application fingerprinting tool that identifies versions of web applications by analyzing static files.

Kadabra

Kadabra is an automatic tool for scanning and exploiting Local File Inclusion (LFI) vulnerabilities.

DVCS Ripper

DVCS Ripper is a tool used to rip and retrieve web-accessible distributed version control systems like SVN, GIT, HG, and BZR.

VHostScan

VHostScan is a virtual host scanner that detects catch-all scenarios, aliases, and dynamic default pages, with reverse lookup capabilities.

recursebuster

recursebuster is a content discovery tool used for directory and file brute-forcing on web servers.

badtouch

badtouch is a scriptable network authentication cracker designed for testing and cracking network authentication protocols.

Anti-virus Evasion Tools

Hyperion

Hyperion is a runtime encryptor for 32-bit portable executables (PE files), used to obfuscate malware and bypass antivirus detection.

peCloakCapstone

peCloakCapstone is a multi-platform fork of peCloak.py, designed for automating malware antivirus evasion.

AntiVirus Evasion Tool (AVET)

AntiVirus Evasion Tool (AVET) is a tool for modifying Windows exploits to avoid antivirus detection.

Shellter

Shellter is a dynamic shellcode injection tool and the first truly dynamic PE infector ever created, used for obfuscating executables.

peCloak.py

peCloak.py automates the process of concealing malicious Windows executables to evade antivirus detection.

Hash Cracking Tools

John the Ripper

John the Ripper is a fast password cracking tool used for recovering weak passwords.

JWT Cracker

JWT Cracker is a simple brute force tool for cracking HS256 JWT tokens.

Hashcat

Hashcat is a highly efficient and fast hash cracking tool used for password recovery and cryptographic hash cracking.

BruteForce Wallet

BruteForce Wallet is a tool used to find the password of an encrypted wallet file, such as wallet.dat.

CeWL

CeWL is a tool that generates custom wordlists by spidering a target's website and extracting unique words.

StegCracker

StegCracker is a steganography brute-force tool used to uncover hidden data within files.

Proxies and MITM Tools

dnschef

Dnschef is a highly configurable DNS proxy designed for penetration testers to spoof and monitor DNS traffic.

Mallory

Mallory is an HTTP/HTTPS proxy that operates over SSH for secure interception and manipulation of web traffic.

Ettercap

Ettercap is a comprehensive and mature suite designed for conducting machine-in-the-middle (MITM) attacks on networks.

Lambda-Proxy

Lambda-Proxy is a utility used for testing SQL injection vulnerabilities in AWS Lambda serverless functions.

mitmproxy

mitmproxy is an interactive TLS-capable HTTP proxy for intercepting and analyzing web traffic.

SSH MITM

SSH MITM is a tool that intercepts SSH connections via a proxy, logging all plaintext passwords and session data to disk.

BetterCAP

BetterCAP is a modular, portable, and easily extensible man-in-the-middle (MITM) attack framework.

Morpheus

Morpheus is an automated TCP/IP hijacking tool that uses Ettercap for network attacks.

evilgrade

Evilgrade is a modular framework that exploits weak software update mechanisms by injecting malicious fake updates.

MITMf

MITMf is a framework specifically designed for performing man-in-the-middle (MITM) attacks.

Wireless Network Tools

Aircrack-ng

Aircrack-ng is a suite of tools designed for auditing and securing wireless networks.

Wifite

Wifite is an automated tool for launching wireless network attacks, including WEP, WPA, and WPS.

Cowpatty

Cowpatty is a tool used to perform brute-force dictionary attacks against WPA-PSK (Pre-Shared Key) networks.

KRACK Detector

KRACK Detector is a tool used to detect and prevent KRACK attacks on WPA2 networks.

Kismet

Kismet is a wireless network detector, sniffer, and intrusion detection system (IDS).

Fluxion

Fluxion is a suite of automated social engineering-based WPA attacks designed to capture WPA/WPA2 credentials.

Infernal-Twin

Infernal-Twin is an automated wireless hacking tool designed for launching various WiFi attacks, including rogue access points.

Wifi-arsenal

wifi-arsenal is a collection of tools and resources specifically curated for Wi-Fi penetration testing.

Reaver

Reaver is a tool used to perform brute-force attacks against WiFi Protected Setup (WPS) to recover WPA/WPA2 passphrases.

Airgeddon

Airgeddon is a multi-use bash script for Linux systems designed to audit and attack wireless networks.

krackattacks-scripts

Airgeddon is a multi-use bash script for Linux systems designed to audit and attack wireless networks.

WiFi-Pumpkin

WiFi-Pumpkin is a framework designed to create rogue Wi-Fi access points for conducting man-in-the-middle and other wireless attacks.

Anonymity Tools

Tor

Tor is free software and an onion-routed overlay network that helps protect users from traffic analysis and enhance privacy online.

Nipe

Nipe is a script that redirects all network traffic from a machine through the Tor network for anonymity.

OnionScan

OnionScan is a tool used to investigate the Dark Web by identifying operational security issues in Tor hidden services.

Oregano

Oregano is a Python module that acts as a machine-in-the-middle (MITM) to intercept and handle Tor client requests.

I2P

I2P is an anonymous overlay network for secure and private communication through encrypted routing.

Kalitorify

kalitorify is a transparent proxy tool for Kali Linux that routes all network traffic through the Tor network.

Reverse Engineering Tools

Interactive Disassembler (IDA Pro)

Interactive Disassembler (IDA Pro) is a proprietary multi-processor disassembler and debugger, with a free version called IDA Free.

x64dbg

x64dbg is an open-source x64/x32 debugger for Windows.

plasma

Plasma is an interactive disassembler for x86, ARM, and MIPS architectures, generating indented pseudo-code with colored syntax.

Binwalk

Binwalk is a fast, easy-to-use tool for analyzing, reverse engineering, and extracting firmware images.

Capstone

Capstone is a lightweight, multi-platform, and multi-architecture disassembly framework.

Boxxy

Boxxy is a linkable sandbox exploration tool used to analyze and inspect sandboxed environments.

WDK/WinDbg

WDK/WinDbg is the Windows Driver Kit and a powerful Windows debugger tool.

Evan's Debugger

Evan's Debugger is an OllyDbg-like debugger designed for GNU/Linux systems.

PEDA

PEDA (Python Exploit Development Assistance for GDB) is a Python-based tool that enhances GDB with exploit development features.

PyREBox

PyREBox is a Python-scriptable reverse engineering sandbox developed by Cisco-Talos for dynamic malware analysis and system inspection.

rVMI

rVMI is a robust debugger for inspecting userspace processes, kernel drivers, and preboot environments in one tool.

pwndbg

pwndbg is a GDB plugin that simplifies debugging for low-level developers, hardware hackers, and exploit developers.

Radare2

Radare2 is an open-source, cross-platform reverse engineering framework.

Medusa

Medusa is an open-source, cross-platform interactive disassembler used for reverse engineering.

dnSpy

dnSpy is a tool used to reverse engineer and debug .NET assemblies.

Voltron

Voltron is an extensible debugger user interface (UI) toolkit written in Python, designed to enhance various debuggers.

Frida

Frida is a dynamic instrumentation toolkit for developers, reverse engineers, and security researchers.

Exfiltration Tools

DET

DET is a proof-of-concept tool for performing data exfiltration using single or multiple channels simultaneously.

Iodine

Iodine tunnels IPv4 data through DNS, useful for exfiltration in firewalled networks that allow DNS queries.

pwnat

pwnat is a tool that punches holes in firewalls and NATs, enabling unsolicited inbound connections.

tgcd

tgcd is a simple Unix network utility that extends the accessibility of TCP/IP-based network services through firewalls.

Protocol Analyzers and Sniffers

tcpdump/libpcap

tcpdump/libpcap is a commonly used command-line packet analyzer for capturing and analyzing network traffic.

Dshell

Dshell is a network forensic analysis framework used to investigate and analyze network traffic.

sniffglue

sniffglue is a secure, multithreaded packet sniffer designed for efficient network traffic analysis.

Wireshark

Wireshark is a widely-used, graphical, cross-platform network protocol analyzer for capturing and analyzing network traffic.

Debookee

Debookee is a simple yet powerful network traffic analyzer designed for macOS.

netsniff-ng

netsniff-ng is a versatile tool, often called the Swiss army knife, for network sniffing and traffic analysis.

Netzob

Netzob is a tool for reverse engineering, traffic generation, and fuzzing of communication protocols.

Transport Layer Security Tools

SSLyze

SSLyze is a fast and comprehensive TLS/SSL configuration analyzer used to identify security misconfigurations.

crackpkcs12

Crackpkcs12 is a multithreaded tool used to crack PKCS#12 files (with .p12 and .pfx extensions), like TLS/SSL certificates.

TLS Prober

tls_prober is a tool used to fingerprint a server's SSL/TLS implementation for security analysis.

Testssl.sh

testssl.sh is a command-line tool that checks a server's TLS/SSL ciphers, protocols, and cryptographic flaws.

Side-channel Tools

ChipWhisperer

ChipWhisperer is a complete open-source toolchain for conducting side-channel power analysis and glitching attacks.

CTF Tools

ctf-tools

ctf-tools is a collection of scripts for quickly installing security research tools on new machines.

Shellpop

shellpop is a tool that quickly generates sophisticated reverse or bind shell commands to streamline penetration testing.

Pwntools

Pwntools is a rapid exploit development framework designed for use in Capture The Flag (CTF) competitions.

RsaCtfTool

RsaCtfTool is a tool used to decrypt data encrypted with weak RSA keys and recover private keys from public keys using automated attacks.