h4cker/new_tools.md

Latest Cool Tools

The following are a collection of recently-released pen test tools. I update this list every time that there is a new post and when I find a new one around the Internet. The rest of the repository has hundreds of additional cybersecurity and pen test tools.

---

• Got-Responded - A Simple Tool To Detect NBT-NS And LLMNR Spoofing
• WPScan v3.4.5 - Black Box WordPress Vulnerability Scanner
• Androwarn - Yet Another Static Code Analyzer For Malicious Android Applications
• FIR - Fast Incident Response
• Webtech - Identify Technologies Used On Websites
• Lynis 2.7.3 - Security Auditing Tool for Unix/Linux Systems
• SMS-Stack - Framework to provided TPC/IP based characteristics to the GSM Short Message Service
• Xerxes - DoS Tool Enhanced
• mXtract - Memory Extractor & Analyzer
• RapidRepoPull - Tool To Quickly Pull And Install Repos From A List
• Goscan - Interactive Network Scanner
• Remot3d v2.0 - Tool Created For Large Pentesters As Well As Just For The Pleasure Of Defacers To Control Server By Backdoors
• Dnsdmpstr - Unofficial API & Client For Dnsdumpster.Com And Hackertarget.Com
• Freevulnsearch - Free And Open NMAP NSE Script To Query Vulnerabilities Via The cve-search.org API
• Armory - A Tool Meant To Take In A Lot Of External And Discovery Data From A Lot Of Tools, Add It To A Database And Correlate All Of Related Information
• DOGE - Darknet Osint Graph Explorer
• Mad-Metasploit - Metasploit Custom Modules, Plugins & Resource Scripts
• Metaforge - An OSINT Metadata Analyzing Tool That Filters Through Tags And Creates Reports
• Hashboy-Tool - A Hash Query Tool
• CarbonCopy - A Tool Which Creates A Spoofed Certificate Of Any Online Website And Signs An Executable For AV Evasion
• Karma - Search of Emails and Passwords on Pwndb
• Arjun v1.3 - HTTP Parameter Discovery Suite
• SocialFish v2 - Educational Phishing Tool & Information Collector
• DNS-Shell - An Interactive Shell Over DNS Channel
• Decker - Declarative Penetration Testing Orchestration Framework
• PFQ - Functional Network Framework For Multi-Core Architectures
• Hostintel - A Modular Python Application To Collect Intelligence For Malicious Hosts
• IoT-Home-Guard - A Tool For Malicious Behavior Detection In IoT Devices
• Acunetix Web Application Vulnerability Report 2019
• Kage - Graphical User Interface For Metasploit Meterpreter And Session Handler
• rootOS - macOS Root Helper
• Vuls - Vulnerability Scanner For Linux/FreeBSD, Agentless, Written In Go
• Reverse Shell Cheat Sheet
• AutoRDPwn v4.8 - The Shadow Attack Framework
• Cat-Nip - Automated Basic Pentest Tool (Designed For Kali Linux)
• Goca Scanner - FOCA fork written in Go
• Chomp Scan - A Scripted Pipeline Of Tools To Streamline The Bug Bounty/Penetration Test Reconnaissance Phase
• Turbinia - Automation And Scaling Of Digital Forensics Tools
• Ghidra - Software Reverse Engineering Framework
• Legion - An Easy-To-Use, Super-Extensible And Semi-Automated Network Penetration Testing Tool That Aids In Discovery, Reconnaissance And Exploitation Of Information Systems
• Reload.sh - Reinstall, Restore And Wipe Your System Via SSH, Without Rebooting
• UserLAnd - The Easiest Way To Run A Linux Distribution or Application on Android
• Cuteit v0.2.1 - IP Obfuscator Made To Make A Malicious Ip A Bit Cuter
• Rpi-Hunter - Automate Discovering And Dropping Payloads On LAN Raspberry Pi's Via SSH
• CMSeeK v1.1.1 - CMS Detection And Exploitation Suite (Scan WordPress, Joomla, Drupal And 150 Other CMSs)
• Faraday v3.6 - Collaborative Penetration Test and Vulnerability Management Platform
• Phantom Evasion - Python AV Evasion Tool Capable To Generate FUD Executable Even With The Most Common 32 Bit Metasploit Payload (Exe/Elf/Dmg/Apk)
• Strelka - Scanning Files At Scale With Python And ZeroMQ
• Imago Forensics - Imago Is A Python Tool That Extract Digital Evidences From Images
• VSHG - Hardware resistance & enhanced security for GnuPG
• Angr - A Powerful And User-Friendly Binary Analysis Platform
• Ntopng - Web-based Traffic And Security Network Traffic Monitoring
• HT-WPS Breaker - High Touch WPS Breaker
• Ophcrack - A Windows Password Cracker Based On Rainbow Tables
• Metasploit Cheat Sheet
• SALT - SLUB ALlocator Tracer For The Linux Kernel
• Command Injection Payload List
• Reko - A General Purpose Binary Decompiler
• Iptables Essentials - Common Firewall Rules And Commands
• HexRaysCodeXplorer - Hex-Rays Decompiler Plugin For Better Code Navigation
• PHP Security Check List
• OSFClone - Open Source Utility To Create And Clone Forensic Disk Images
• Cheat Engine - A Development Environment Focused On Modding
• BeEF - The Browser Exploitation Framework Project
• Eraser - Secure Erase Files from Hard Drives on Windows
• SecLists - A Collection Of Multiple Types Of Lists Used During Security Assessments, Collected In One Place (Usernames, Passwords, URLs, Sensitive Data Patterns, Fuzzing Payloads, Web Shells, And Many More)
• GameGuardian - Android Game Hack/Alteration Tool
• OSINT-SPY - Search using OSINT (Open Source Intelligence)
• Maltego CE - An Interactive Data Mining Tool That Renders Directed Graphs For Link Analysis
• BoNeSi - The DDoS Botnet Simulator
• HoneyPy - A Low To Medium Interaction Honeypot
• Egress-Assess - Tool Used To Test Egress Data Detection Capabilities
• Fibratus - Tool For Exploration And Tracing Of The Windows Kernel
• TROMMEL - Sift Through Embedded Device Files To Identify Potential Vulnerable Indicators
• DCOMrade - Powershell Script For Enumerating Vulnerable DCOM Applications
• Ponce - IDA Plugin For Symbolic Execution Just One-Click Away!
• Kaboom - Automatic Pentest
• SSRFmap - Automatic SSRF Fuzzer And Exploitation Tool
• Pompem - Exploit and Vulnerability Finder
• Lazygit - Simple Terminal UI For Git Commands
• Up (Ultimate Plumber) - Tool For Writing Linux Pipes With Instant Live Preview
• CDF - Crypto Differential Fuzzing
• Justniffer - Network TCP Packet Sniffer
• UEFI Firmware Parser - Parse BIOS/Intel ME/UEFI Firmware Related Structures: Volumes, FileSystems, Files, Etc
• PF_RING - High-Speed Packet Capture, Filtering And Analysis
• Pftriage - Python Tool And Library To Help Analyze Files During Malware Triage And Analysis
• nDPI - Open Source Deep Packet Inspection Software Toolkit
• Hontel - Telnet Honeypot
• Volatility Workbench - A GUI For Volatility Memory Forensics
• HTTrack Website Copier - Web Crawler And Offline Browser
• OSFMount - Mount Disk Images & Create RAM Drives
• Process Hacker - A Free, Powerful, Multi-Purpose Tool That Helps You Monitor System Resources, Debug Software And Detect Malware
• CANalyzat0r - Security Analysis Toolkit For Proprietary Car Protocols
• DFIRTrack - The Incident Response Tracking Application
• Goscan - Interactive Network Scanner
• RedELK - Easy Deployable Tool For Red Teams Used For Tracking And Alarming About Blue Team Activities As Well As Better Usability In Long Term Operations
• Fnord - Pattern Extractor For Obfuscated Code
• Bincat - Binary Code Static Analyser, With IDA Integration
• Bscan - An Asynchronous Target Enumeration Tool
• Modlishka - An Open Source Phishing Tool With 2FA Authentication
• Fwknop - Single Packet Authorization & Port Knocking
• Netsniff-Ng - A Swiss Army Knife For Your Daily Linux Network Plumbing
• Electronegativity - Tool To Identify Misconfigurations And Security Anti-Patterns In Electron Applications
• LOLBAS - Living Off The Land Binaries And Scripts (LOLBins And LOLScripts)
• XIP - Tool To Generate A List Of IP Addresses By Applying A Set Of Transformations Used To Bypass Security Measures E.G. Blacklist Filtering, WAF, Etc.
• Stenographer - A Packet Capture Solution Which Aims To Quickly Spool All Packets To Disk, Then Provide Simple, Fast Access To Subsets Of Those Packets
• Fierce - Semi-Lightweight Scanner That Helps Locate Non-Contiguous IP Space And Hostnames Against Specified Domains
• Bolt - CSRF Scanning Suite
• Pwndb - Search For Creadentials Leaked On Pwndb
• Pown Recon - A Powerful Target Reconnaissance Framework Powered By Graph Theory
• Uncle Spufus - A Tool That Automates Mac Address Spoofing
• CIRTKit - Tools For The Computer Incident Response Team
• ADAPT - Tool That Performs Automated Penetration Testing For WebApps
• Scanner-Cli - A Project Security/Vulnerability/Risk Scanning Tool
• Sn0Int - Semi-automatic OSINT Framework And Package Manager
• FTW - Framework For Testing WAFs
• identYwaf - Blind WAF Identification Tool
• Sh00T - A Testing Environment for Manual Security Testers
• WiGLE - Wifi Wardriving (Nethugging Client For Android)
• LeakLooker - Find Open Databases With Shodan
• SecureTea Project - The Purpose Of This Application Is To Warn The User (Via Various Communication Mechanisms) Whenever Their Laptop Accessed
• ProcDump - A Linux Version Of The ProcDump Sysinternals Tool
• Parrot Security 4.5 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind
• Jok3R - Network And Web Pentest Framework
• Beebug - A Tool For Checking Exploitability
• Conpot - An Open Industrial Control Honeypot
• WPintel - Chrome Extension Designed For WordPress Vulnerability Scanning And Information Gathering
• Malice - VirusTotal Wanna Be (Now With 100% More Hipster)
• Htcap - A Web Application Scanner Able To Crawl Single Page Application (SPA) In A Recursive Manner By Intercepting Ajax Calls And DOM Changes
• Remot3d - An Simple Exploit for PHP Language
• Tyton - Linux Kernel-Mode Rootkit Hunter for 4.4.0-31+
• Crashcast-Exploit - This Tool Allows You Mass Play Any YouTube Video With Chromecasts Obtained From Shodan.io
• Tool-X - A Kali Linux Hacking Tool Installer
• SQLMap v1.3 - Automatic SQL Injection And Database Takeover Tool
• Stretcher - Tool Designed To Help Identify Open Elasticsearch Servers That Are Exposing Sensitive Information
• Aztarna - A Footprinting Tool For Robots
• Hediye - Hash Generator & Cracker Online Offline
• Killcast - Manipulate Chromecast Devices In Your Network
• bypass-firewalls-by-DNS-history - Firewall Bypass Script Based On DNS History Records
• WiFi-Pumpkin v0.8.7 - Framework for Rogue Wi-Fi Access Point Attack
• H8Mail - Email OSINT And Password Breach Hunting
• Kube-Hunter - Hunt For Security Weaknesses In Kubernetes Clusters
• Metasploit 5.0 - The World’s Most Used Penetration Testing Framework
• Interlace - Easily Turn Single Threaded Command Line Applications Into Fast, Multi Threaded Ones With CIDR And Glob Support
• Twifo-Cli - Get User Information Of A Twitter User
• Sitadel - Web Application Security Scanner
• Pe-Sieve - Recognizes And Dumps A Variety Of Potentially Malicious Implants (Replaced/Injected PEs, Shellcodes, Hooks, In-Memory Patches)
• Malboxes - Builds Malware Analysis Windows VMs So That You Don'T Have To
• Snyk - CLI And Build-Time Tool To Find & Fix Known Vulnerabilities In Open-Source Dependencies
• Shed - .NET Runtime Inspector
• Stardox - Github Stargazers Information Gathering Tool
• Commix v2.7 - Automated All-in-One OS Command Injection And Exploitation Tool
• AutoSploit v3.0 - Automated Mass Exploiter
• Faraday v3.5 - Collaborative Penetration Test and Vulnerability Management Platform
• Recaf - A Modern Java Bytecode Editor
• dnSpy - .NET Debugger And Assembly Editor