mirror of
https://github.com/The-Art-of-Hacking/h4cker
synced 2024-11-25 12:20:18 +00:00
95 KiB
95 KiB
Latest Cool Tools
The following are a collection of recently-released pen test tools. I update this list every time that there is a new post and when I find a new one around the Internet. The rest of the repository has hundreds of additional cybersecurity and pen test tools.
- Nautilus - A Grammar Based Feedback Fuzzer
- SharpChromium - .NET 4.0 CLR Project To Retrieve Chromium Data, Such As Cookies, History And Saved Logins
- SkyArk - Helps To Discover, Assess And Secure The Most Privileged Entities In Azure And AWS
- PE Tree - Python Module For Viewing Portable Executable (PE) Files In A Tree-View
- Flask-Session-Cookie-Manager - Flask Session Cookie Decoder/Encoder
- Arcane - A Simple Script Designed To Backdoor iOS Packages (Iphone-Arm) And Create The Necessary Resources For APT Repositories
- IRFuzz - Simple Scanner with Yara Rule
- Evine - Interactive CLI Web Crawler
- SharpAppLocker - C# Port Of The Get-AppLockerPolicy PS Cmdlet
- PhishingKitTracker - Let's Track Phishing Kits To Give To Research Community Raw Material To Stud
- FestIn - S3 Bucket Weakness Discovery
- Chalumeau - Automated, Extendable And Customizable Credential Dumping Tool
- Gtunnel - A Robust Tunelling Solution Written In Golang
- Taowu - A CobaltStrike Toolkit
- UEFI_RETool - A Tool For UEFI Firmware Reverse Engineering
- Netenum - A Tool To Passively Discover Active Hosts On A Network
- DLInjector-GUI - DLL Injector Graphical User Interface
- Xeca - PowerShell Payload Generator
- Cnitch - Container Snitch Checks Running Processes Under The Docker Engine And Alerts If Any Are Found To Be Running As Root
- Mistica - An Open Source Swiss Army Knife For Arbitrary Communication Over Application Protocols
- DeimosC2 - A Golang Command And Control Framework For Post-Exploitation
- EternalBlueC - EternalBlue Suite Remade In C/C++ Which Includes: MS17-010 Exploit, EternalBlue Vulnerability Detector, DoublePulsar Detector And DoublePulsar Shellcode & DLL Uploader
- CWFF - Create Your Custom Wordlist For Fuzzing
- Cloudsplaining - An AWS IAM Security Assessment Tool That Identifies Violations Of Least Privilege And Generates A Risk-Prioritized Report
- Kubei - A Flexible Kubernetes Runtime Scanner
- dazzleUP - A Tool That Detects The Privilege Escalation Vulnerabilities Caused By Misconfigurations And Missing Updates In The Windows OS
- uDork - Tool That Uses Advanced Google Search Techniques To Obtain Sensitive Information In Files Or Directories, Find IoT Devices, Detect Versions Of Web Applications, And So On
- Oralyzer - Tool To Identify Open Redirection
- Kubebox - Terminal And Web Console For Kubernetes
- Commit Stream - OSINT Tool For Finding Github Repositories By Extracting Commit Logs In Real Time From The Github Event API
- Oralyzer - Open Redirection Analyzer
- SNOWCRASH - A Polyglot Payload Generator
- Intelspy - Perform Automated Network Reconnaissance Scans
- HawkScan - Security Tool For Reconnaissance And Information Gathering On A Website
- TrustJack - Yet Another PoC For Hijacking DLLs in Windows
- HawkScan - Security Tool For Reconnaissance And Information Gathering On A Website. (Python 2.X &Amp; 3.X)
- Sitedorks - Search Google/Bing/DuckDuckGo/Yandex/Yahoo For A Search Term With Different Websites
- reNgine - An Automated Reconnaissance Framework Meant For Gathering Information During Penetration Testing Of Web Applications
- Autoenum - Automatic Service Enumeration Script
- AuthMatrix - A Burp Suite Extension That Provides A Simple Way To Test Authorization
- Permission Manager - A Project That Brings Sanity To Kubernetes RBAC And Users Management, Web UI FTW
- Quiver - Tool To Manage All Of Your Tools For Bug Bounty Hunting And Penetration Testing
- Onex - A Library Of Hacking Tools For Termux And Other Linux Distributions
- Kali-Linux-Tools-Interface - Graphical Web Interface Developed To Facilitate The Use Of Security Information Tools
- Lazybee - Wordlist Generator Tool for Termux
- NTLMRecon - A Tool To Enumerate Information From NTLM Authentication Enabled Web Endpoints
- ADB-Toolkit - Tool for testing your Android device
- hackerEnv - An Automation Tool That Quickly And Easily Sweep IPs And Scan Ports, Vulnerabilities And Exploit Them
- PENIOT - Penetration Testing Tool for IoT
- Lazymux - A Huge List Of Many Hacking Tools And PEN-TESTING Tools
- Keylogger - Get Keyboard, Mouse, ScreenShot, Microphone Inputs From Target Computer And Send To Your Mail
- Bramble - A Hacking Open Source Suite
- Docker for Pentest - Image With The More Used Tools To Create A Pentest Environment Easily And Quickly
- T14M4T - Automated Brute-Forcing Attack Tool
- Steganographer - Hide Files Or Data In Image Files
- Tsunami - A General Purpose Network Security Scanner With An Extensible Plugin System For Detecting High Severity Vulnerabilities With High Confidence
- Saferwall - A Hackable Malware Sandbox For The 21St Century
- WiFi Passview v4.0 - An Open Source Batch Script Based WiFi Passview For Windows!
- Capsulecorp-Pentest - Vagrant VirtualBox Environment For Conducting An Internal Network Penetration Test
- Natlas - Scaling Network Scanning
- Maskprocessor - High-Performance Word Generator With A Per-Position Configureable Charset
- X64Dbg - An Open-Source X64/X32 Debugger For Windows
- DroneSploit - Drone Pentesting Framework Console
- Padding-Oracle-Attacker - CLI Tool And Library To Execute Padding Oracle Attacks Easily
- Debotnet - A Tiny Portable Tool For Controlling Windows 10's Many Privacy-Related Settings And Keep Your Personal Data Private
- Santa - A Binary Whitelisting/Blacklisting System For macOS
- FinDOM-XSS - A Fast DOM Based XSS Vulnerability Scanner With Simplicity
- ParamSpider - Mining Parameters From Dark Corners Of Web Archives
- OWASP Threat Dragon - Cross-Platform Threat Modeling Application
- GIVINGSTORM - Infection Vector That Bypasses AV, IDS, And IPS
- Converting MBOX to Outlook Easily
- WordListGen - Super Simple Python Word List Generator For Fuzzing And Brute Forcing In Python
- dorkScanner - A Typical Search Engine Dork Scanner Scrapes Search Engines With Dorks That You Provide In Order To Find Vulnerable URLs
- Harbian-Audit - Hardened Debian GNU/Linux Distro Auditing
- Shhgit - Find GitHub Secrets In Real Time
- Scant3R - Web Security Scanner
- Scant3R - ScanT3r - Web Security Scanner
- Airshare - Cross-platform Content Sharing In A Local Network
- Git All The Payloads! A Collection Of Web Attack Payloads
- Faxhell - A Bind Shell Using The Fax Service And A DLL Hijack
- Exe_To_Dll - Converts A EXE Into DLL
- HackingTool - ALL IN ONE Hacking Tool For Hackers
- FastNetMon Community - Very Fast DDoS Analyzer With Sflow/Netflow/Mirror Support
- GoGhost - High Performance, Lightweight, Portable Open Source Tool For Mass SMBGhost Scan
- How to Report IP Addresses
- Server Side Template Injection Payloads
- Behave - A Monitoring Browser Extension For Pages Acting As Bad Boys
- ShellGen - Reverse shell generator
- KITT-Lite - Python-Based Pentesting CLI Tool
- How AI and Voice Technology is Similar to a Service Dog
- IIS-Raid - A Native Backdoor Module For Microsoft IIS (Internet Information Services)
- UsoDllLoader - Windows - Weaponizing Privileged File Writes With The Update Session Orchestrator Service
- Basecrack - Best Decoder Tool For Base Encoding Schemes
- MSFPC - MSFvenom Payload Creator
- Kube-Bench - Checks Whether Kubernetes Is Deployed According To Security Best Practices As Defined In The CIS Kubernetes Benchmark
- EvilNet - Network Attack Wifi Attack Vlan Attack Arp Attack Mac Attack Attack Revealed Etc...
- Xeexe - Undetectable And XOR Encrypting With Custom KEY (FUD Metasploit RAT)
- BSF - Botnet Simulation Framework
- Espionage - A Network Packet And Traffic Interceptor For Linux. Spoof ARP & Wiretap A Network
- Screenspy - Capture user screenshots using shortcut file (Bypass SmartScreen/Defender)
- VBSmin - VBScript Minifier
- Cloudtopolis - Cracking Hashes In The Cloud For Free
- Spyse: All-In-One Cybersecurity Search Engine
- Colabcat - Running Hashcat On Google Colab With Session Backup And Restore
- CorsMe - Cross Origin Resource Sharing MisConfiguration Scanner
- How to Free Recover Deleted Files on Your Mac
- Sifter 7.4 - OSINT, Recon & Vulnerability Scanner
- Hmmcookies - Grab Cookies From Firefox, Chrome, Opera Using A Shortcut File (Bypass UAC)
- Business Secure: How AI is Sneaking into our Restaurants
- InQL - A Burp Extension For GraphQL Security Testing
- TokenBreaker - JSON RSA To HMAC And None Algorithm Vulnerability POC
- SAyHello - Capturing Audio (.Wav) From Target Using A Link
- Lynis 3.0.0 - Security Auditing Tool for Unix/Linux Systems
- O.G. AUTO-RECON - Enumerate A Target Based Off Of Nmap Results
- Zip Cracker - Python Script To Crack Zip Password With Dictionary Attack And Also Use Crunch As Pipeline
- DroidTracker - Script To Generate An Android App To Track Location In Real Time
- Iox - Tool For Port Forward &Amp; Intranet Proxy
- OSS-Fuzz - Continuous Fuzzing Of Open Source Software
- Vhosts-Sieve - Searching For Virtual Hosts Among Non-Resolvable Domains
- Formphish - Auto Phishing Form-Based Websites
- SGN - Encoder Ported Into Go With Several Improvements
- TeaBreak - A Productivity Burp Extension Which Reminds To Take Break While You Are At Work!
- Digital Signature Hijack - Binaries, PowerShell Scripts And Information About Digital Signature Hijacking
- SecretFinder - A Python Script For Find Sensitive Data (Apikeys, Accesstoken, JWT...) And Search Anything On Javascript Files
- Fsociety - A Modular Penetration Testing Framework
- EvilDLL - Malicious DLL (Reverse Shell) Generator For DLL Hijacking
- Axiom - A Dynamic Infrastructure Toolkit For Red Teamers And Bug Bounty Hunters!
- Fast-Google-Dorks-Scan - Fast Google Dorks Scan
- URLCADIZ - A Simple Script To Generate A Hidden Url For Social Engineering
- Shodanfy.py - Get Ports, Vulnerabilities, Informations, Banners, ..Etc For Any IP With Shodan (No Apikey! No Rate-Limit!)
- KatroLogger - KeyLogger For Linux Systems
- Attacker-Group-Predictor - Tool To Predict Attacker Groups From The Techniques And Software Used
- EvilPDF - Embedding Executable Files In PDF Documents
- Needle - Instant Access To You Bug Bounty Submission Dashboard On Various Platforms + Publicly Disclosed Reports + #Bugbountytip
- RMIScout - Wordlist And Bruteforce Strategies To Enumerate Java RMI Functions And Exploit RMI Parameter Unmarshalling Vulnerabilities
- Atlas - Quick SQLMap Tamper Suggester
- Stegcloak - Hide Secrets With Invisible Characters In Plain Text Securely Using Passwords
- BabyShark - Basic C2 Server
- URLCrazy - Generate And Test Domain Typos And Variations To Detect And Perform Typo Squatting, URL Hijacking, Phishing, And Corporate Espionage
- Impost3r - A Linux Password Thief
- Tangalanga - The Zoom Conference Scanner Hacking Tool
- Spyeye - Script To Generate Win32 .Exe File To Take Screenshots
- Words Scraper - Selenium Based Web Scraper To Generate Passwords List
- JSshell - A JavaScript Reverse Shell For Exploiting XSS Remotely Or Finding Blind XSS, Working With Both Unix And Windows OS
- Astsu - A Network Scanner Tool
- Git-Scanner - A Tool For Bug Hunting Or Pentesting For Targeting Websites That Have Open .git Repositories Available In Public
- Recox - Master Script For Web Reconnaissance
- Jshole - A JavaScript Components Vulnrability Scanner, Based On RetireJS
- GitMonitor - A Github Scanning System To Look For Leaked Sensitive Information Based On Rules
- Eviloffice - Inject Macro And DDE Code Into Excel And Word Documents (Reverse Shell)
- Ligolo - Reverse Tunneling Made Easy For Pentesters, By Pentesters
- Inshackle - Instagram Hacks: Track Unfollowers, Increase Your Followers, Download Stories, Etc
- GhostShell - Malware Indetectable, With AV Bypass Techniques, Anti-Disassembly, And More
- Forerunner - Fast And Extensible Network Scanning Library Featuring Multithreading, Ping Probing, And Scan Fetchers
- Enumy - Linux Post Exploitation Privilege Escalation Enumeration
- Bing-Ip2Hosts - Bingip2Hosts Is A Bing.com Web Scraper That Discovers Websites By IP Address
- Vault - A Tool For Secrets Management, Encryption As A Service, And Privileged Access Management
- ADCollector - A Lightweight Tool To Quickly Extract Valuable Information From The Active Directory Environment For Both Attacking And Defending
- ANDRAX v5R NH-Killer - Penetration Testing on Android
- DroidFiles - Get Files From Android Directories
- Purify - All-in-one Tool For Managing Vulnerability Reports From AppSec Pipelines
- MemoryMapper - Lightweight Library Which Allows The Ability To Map Both Native And Managed Assemblies Into Memory
- Project iKy v2.6.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
- RepoPeek - A Python Script To Get Details About A Repository Without Cloning It
- Pivotnacci - A Tool To Make Socks Connections Through HTTP Agents
- OhMyQR - Hijack Services That Relies On QR Code Authentication
- FinalRecon - The Last Web Recon Tool You'll Need
- Jaeles v0.9 - The Swiss Army Knife For Automated Web Application Testing
- Game-based learning platform provides full immersion into cybersecurity
- AutoRDPwn v5.1 - The Shadow Attack Framework
- EvilApp - Phishing Attack Using An Android App To Grab Session Cookies For Any Website (ByPass 2FA)
- S3BucketList - Firefox Plugin The Lists Amazon S3 Buckets Found In Requests
- Locator - Geolocator, Ip Tracker, Device Info By URL (Serveo And Ngrok)
- Guardedbox - Online Client-Side Manager For Secure Storage And Secrets Sharing
- Faraday v3.11 - Collaborative Penetration Test and Vulnerability Management Platform
- Minimalistic-offensive-security-tools - A Repository Of Tools For Pentesting Of Restricted And Isolated Environments
- Carina - Webshell, Virtual Private Server (VPS) And cPanel Database
- Nishang - Offensive PowerShell For Red Team, Penetration Testing And Offensive Security
- Web Hacker's Weapons - A Collection Of Cool Tools Used By Web Hackers
- Spray - A Password Spraying Tool For Active Directory Credentials By Jacob Wilkin(Greenwolf)
- Self-XSS - Self-XSS Attack Using Bit.Ly To Grab Cookies Tricking Users Into Running Malicious Code
- Open Sesame - A Tool Which Runs To Display Random Publicly Disclosed Hackerone Reports When Bored
- BlackDir-Framework - Web Application Vulnerability Scanner
- Sharingan - Offensive Security Recon Tool
- BADlnk - Reverse Shell In Shortcut File (.lnk)
- ParamKit - A Small Library Helping To Parse Commandline Parameters
- Hidden-Cry - Windows Crypter/Decrypter Generator With AES 256 Bits Key
- Open-Sesame - A Python Tool Which Runs To Display Random Publicly Disclosed Hackerone Reports When Bored
- Evilreg - Reverse Shell Using Windows Registry Files (.Reg)
- URLBrute - Tool To Brute Website Sub-Domains And Dirs
- Getdroid - FUD Android Payload And Listener
- DiscordRAT - Discord Remote Administration Tool Fully Written In Python
- Lockphish - A Tool For Phishing Attacks On The Lock Screen, Designed To Grab Windows Credentials, Android PIN And iPhone Passcode
- DalFox (Finder Of XSS) - Parameter Analysis And XSS Scanning Tool Based On Golang
- Saycheese - Grab Target'S Webcam Shots By Link
- Kaiten - A Undetectable Payload Generation
- Kali Linux 2020.2 Release - Penetration Testing and Ethical Hacking Linux Distribution
- Clipboardme - Grab And Inject Clipboard Content By Link
- Threadtear - Multifunctional Java Deobfuscation Tool Suite
- Wifipumpkin3 - Powerful Framework For Rogue Access Point Attack
- Catchyou - FUD Win32 Msfvenom Payload Generator
- PayloadsAllTheThings - A List Of Useful Payloads And Bypass For Web Application Security And Pentest/CTF
- Exegol - Exegol Is A Kali Light Base With A Few Useful Additional Tools And Some Basic Configuration
- GDBFrontend - An Easy, Flexible And Extensionable GUI Debugger
- Shellerator - Simple CLI Tool For The Generation Of Bind And Reverse Shells In Multiple Languages
- Powerob - An On-The-Fly Powershell Script Obfuscator Meant For Red Team Engagements
- How to Set Up a VPN on Kodi in 2 Minutes or Less
- PowerSploit - A PowerShell Post-Exploitation Framework
- HiveJack - This Tool Can Be Used During Internal Penetration Testing To Dump Windows Credentials From An Already-Compromised Host
- Nexphisher - Advanced Phishing Tool For Linux & Termux
- TorghostNG - Make All Your Internet Traffic Anonymized Through Tor Network
- Sshprank - A Fast SSH Mass-Scanner, Login Cracker And Banner Grabber Tool Using The Python-Masscan Module
- Generator-Burp-Extension - Everything You Need About Burp Extension Generation
- Parsec - Secure Cloud Framework
- Invoker - Penetration Testing Utility
- Authelia - The Single Sign-On Multi-Factor Portal For Web Apps
- OSSEM - A Tool To Assess Data Quality
- Klar - Integration Of Clair And Docker Registry
- Powershell-Reverse-Tcp - PowerShell Script For Connecting To A Remote Host.
- INTERCEPT - Policy As Code Static Analysis Auditing
- Thoron Framework - Tool To Generate Simple Payloads To Provide Linux TCP Attack
- SkyWrapper - Tool That Helps To Discover Suspicious Creation Forms And Uses Of Temporary Tokens In AWS
- Runtime Mobile Security (RMS) - A Powerful Web Interface That Helps You To Manipulate Android Java Classes And Methods At Runtime
- Elemental - An MITRE ATTACK Threat Library
- ROADtools - The Azure AD Exploration Framework
- Terrier - A Image And Container Analysis Tool To Identify And Verify The Presence Of Specific Files According To Their Hashes
- wxHexEditor - Hex Editor / Disk Editor for Huge Files or Devices on Linux, Windows and MacOSX
- DeathRansom - A Ransomware Developed In Python, With Bypass Technics, For Educational Purposes
- Nuclei - Nuclei Is A Fast Tool For Configurable Targeted Scanning Based On Templates Offering Massive Extensibility And Ease Of Use
- Print-My-Shell - Tool To Automate The Process Of Generating Various Reverse Shells
- S3Reverse - The Format Of Various S3 Buckets Is Convert In One Format
- Pwned - Simple CLI Script To Check If You Have A Password That Has Been Compromised In A Data Breach
- Project iKy v2.5.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
- Should-I-Trust - OSINT Tool To Evaluate The Trustworthiness Of A Company
- Wotop - Web On Top Of Any Protocol
- Firebase-Extractor - A Tool Written In Python For Scraping Firebase Data
- Lulzbuster - A Very Fast And Smart Web Directory And File Enumeration Tool Written In C
- Impulse - Impulse Denial-of-service ToolKit
- Nullscan - A Modular Framework Designed To Chain And Automate Security Tests
- githubFind3r - Fast Command Line Repo/User/Commit Search Tool
- Httpgrep - Scans HTTP Servers To Find Given Strings In URIs
- Adamantium-Thief - Decrypt Chromium Based Browsers Passwords, Cookies, Credit Cards, History, Bookmarks
- Lk Scraper - An Fully Configurable Linkedin Scrape (Scrape Anything Within Linkedin)
- Flux-Keylogger - Modern Javascript Keylogger With Web Panel
- Vulnx v2.0 - An Intelligent Bot Auto Shell Injector That Detect Vulnerabilities In Multiple Types Of CMS (Wordpress , Joomla , Drupal , Prestashop ...)
- Vulnx v2.0 - An Intelligent Bot Auto Shell Injector That Detect Vulnerabilities In Multiple Types Of CMS {(Wordpress , Joomla , Drupal , Prestashop ...)
- goBox - GO Sandbox To Run Untrusted Code
- RS256-2-HS256 - JWT Attack To Change The Algorithm RS256 To HS256
- PEASS - Privilege Escalation Awesome Scripts SUITE
- Pwndrop - Self-Deployable File Hosting Service For Red Teamers, Allowing To Easily Upload And Share Payloads Over HTTP And WebDAV
- DNSProbe - A Tool Built On Top Of Retryabledns That Allows You To Perform Multiple DNS Queries Of Your Choice With A List Of User Supplied Resolvers
- Crescendo - A Swift Based, Real Time Event Viewer For macOS - It Utilizes Apple's Endpoint Security Framework
- Burp Exporter - A Burp Suite Extension To Copy A Request To The Clipboard As Multiple Programming Languages Functions
- crauEmu - An uEmu Extension For Developing And Analyzing Payloads For Code-Reuse Attacks
- Htbenum - A Linux Enumeration Script For Hack The Box
- Domained - Multi Tool Subdomain Enumeration
- Lollipopz - Data Exfiltration Utility For Testing Detection Capabilities
- Sherloq - An Open-Source Digital Image Forensic Toolset
- Inhale - A Malware Analysis And Classification Tool
- Privacy Badger - A Browser Extension That Automatically Learns To Block Invisible Trackers
- Audix - A PowerShell Tool To Quickly Configure The Windows Event Audit Policies For Security Monitoring
- Serverless Prey - Serverless Functions For Establishing Reverse Shells To Lambda, Azure Functions, And Google Cloud Functions
- Lunar - A Lightweight Native DLL Mapping Library That Supports Mapping Directly From Memory
- Ps-Tools - An Advanced Process Monitoring Toolkit For Offensive Operations
- Eavesarp - Analyze ARP Requests To Identify Intercommunicating Hosts And Stale Network Address Configurations (SNACs)
- Richkit - Domain Enrichment Toolkit
- Chromepass - Hacking Chrome Saved Passwords
- Tentacle - A POC Vulnerability Verification And Exploit Framework
- Tails 4.5 - Live System to Preserve Your Privacy and Anonymity
- MSOLSpray - A Password Spraying Tool For Microsoft Online Accounts (Azure/O365)
- Git-Hound v1.1 - GitHound Pinpoints Exposed API Keys On GitHub Using Pattern Matching, Commit History Searching, And A Unique Result Scoring System
- DNSteal v2.0 - DNS Exfiltration Tool For Stealthily Sending Files Over DNS Requests
- OSSEM - Open Source Security Events Metadata
- Angrgdb - Use Angr Inside GDB - Create An Angr State From The Current Debugger State
- SSHPry v2.0 - Spy and Control os SSH Connected client's TTY
- HikPwn - A Simple Scanner For Hikvision Devices
- Sandcastle - A Python Script For AWS S3 Bucket Enumeration
- Tweetshell - Multi-thread Twitter BruteForcer In Shell Script
- Jackdaw - Tool To Collect All Information In Your Domain And Show You Nice Graphs
- Frida API Fuzzer - This Experimetal Fuzzer Is Meant To Be Used For API In-Memory Fuzzing
- DigiTrack - Attacks For $5 Or Less Using Arduino
- FProbe - Take A List Of Domains/Subdomains And Probe For Working HTTP/HTTPS Server
- MSSQLi-DUET - SQL Injection Script For MSSQL That Extracts Domain Users From An Active Directory Environment Based On RID Bruteforcing
- Awspx - A Graph-Based Tool For Visualizing Effective Access And Resource Relationships In AWS Environments
- Pulsar - Network Footprint Scanner Platform - Discover Domains And Run Your Custom Checks Periodically
- CVE-2020-0796 - CVE-2020-0796 Pre-Auth POC
- CVE-2020-0796 - Windows SMBv3 LPE Exploit #SMBGhost
- R00Kie-Kr00Kie - PoC Exploit For The CVE-2019-15126 Kr00K Vulnerability
- One-Lin3r v2.1 - Gives You One-Liners That Aids In Penetration Testing Operations, Privilege Escalation And More
- Project iKy v2.4.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
- Project iKy v2.4.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
- SauronEye - Search Tool To Find Specific Files Containing Specific Words, I.E. Files Containing Passwords
- Webkiller v2.0 - Tool Information Gathering
- InQL Scanner - A Burp Extension For GraphQL Security Testing
- Mssqlproxy - A Toolkit Aimed To Perform Lateral Movement In Restricted Environments Through A Compromised Microsoft SQL Server Via Socket Reuse
- ProjectOpal - Stealth Post-Exploitation Framework For Wordpress
- ConEmu - Customizable Windows Terminal With Tabs, Splits, Quake-Style, Hotkeys And More
- Tinfoil Chat - Onion-routed, Endpoint Secure Messaging System
- Tinfoil Chat - Onion-routed, Endpoint Secure Messaging System
- Ninja - Open Source C2 Server Created For Stealth Red Team Operations
- RapidPayload - Metasploit Payload Generator
- Katana - A Python Tool For Google Hacking
- Envizon v3.0 - Network Visualization And Vulnerability Management/Reporting
- Zphisher - Automated Phishing Tool
- XSS-LOADER - XSS Payload Generator / XSS Scanner / XSS Dork Finder
- Starkiller - A Frontend For PowerShell Empire
- FinalRecon v1.0.2 - OSINT Tool For All-In-One Web Reconnaissance
- ScoringEngine - Scoring Engine For Red/White/Blue Team Competitions
- Astra - Automated Security Testing For REST API's
- HTTPS Everywhere - A Browser Extension That Encrypts Your Communications With Many Websites That Offer HTTPS But Still Allow Unencrypted Connections
- uDork - Google Hacking Tool
- XXExploiter - Tool To Help Exploit XXE Vulnerabilities
- Maryam v1.4.0 - Open-source Intelligence(OSINT) Framework
- InstaSave - Python Script To Download Images, Videos & Profile Pictures From Instagram
- xShock - Shellshock Exploit
- Chepy - A Python Lib/Cli Equivalent Of The Awesome CyberChef Tool.
- Sshuttle - Transparent Proxy Server That Works As A Poor Man'S VPN. Forwards Over SSH
- Lazydocker - The Lazier Way To Manage Everything Docker
- Pypykatz - Mimikatz Implementation In Pure Python
- Token-Reverser - Word List Generator To Crack Security Tokens
- shuffleDNS - Wrapper Around Massdns Written In Go That Allows You To Enumerate Valid Subdomains
- AWSGen.py - Generates Permutations, Alterations And Mutations Of AWS S3 Buckets Names
- Jeopardize - A Low(Zero) Cost Threat Intelligence & Response Tool Against Phishing Domains
- TEA - Ssh-Client Worm
- Zelos - A Comprehensive Binary Emulation Platform
- Pickl3 - Windows Active User Credential Phishing Tool
- Betwixt - Web Debugging Proxy Based On Chrome DevTools Network Panel
- Dirble - Fast Directory Scanning And Scraping Tool
- Pentest Tools Framework - A Database Of Exploits, Scanners And Tools For Penetration Testing
- RedRabbit - Red Team PowerShell Script
- Sifter - A OSINT, Recon And Vulnerability Scanner
- FuzzBench - Fuzzer Benchmarking As A Service
- SSRF Sheriff - A Simple SSRF-testing Sheriff Written In Go
- Evil SSDP - Spoof SSDP Replies And Create Fake UPnP Devices To Phish For Credentials And NetNTLM Challenge/Response
- Proton Framework - A Windows Post Exploitation Framework Similar To Other Penetration Testing Tools Such As Meterpreter And Powershell Invader Framework
- NTLMRecon - A Tool To Enumerate Information From NTLM Authentication Enabled Web Endpoints
- HoneyBot - Capture, Upload And Analyze Network Traffic
- HTTP Asynchronous Reverse Shell - Asynchronous Reverse Shell Using The HTTP Protocol
- Entropy Toolkit - A Set Of Tools To Exploit Netwave And GoAhead IP Webcams
- SharpRDP - Remote Desktop Protocol .NET Console Application For Authenticated Command Execution
- Ghost Framework - An Android Post Exploitation Framework That Uses An Android Debug Bridge To Remotely Access A n Android Device
- Extended-XSS-Search - Scans For Different Types Of XSS On A List Of URLs
- Phonia Toolkit - One Of The Most Advanced Toolkits To Scan Phone Numbers Using Only Free Resources
- PrivescCheck - Privilege Escalation Enumeration Script For Windows
- TwitWork - Monitor Twitter Stream
- XCTR Hacking Tools - All in one tools for Information Gathering
- WiFi Passview v2.0 - An Open Source Batch Script Based WiFi Passview For Windows!
- dnsFookup - DNS Rebinding Toolkit
- BadBlood - Fills A Microsoft Active Directory Domain With A Structure And Thousands Of Objects
- Xencrypt - A PowerShell Script Anti-Virus Evasion Tool
- Subfinder - A Subdomain Discovery Tool That Discovers Valid Subdomains For Websites
- Extended-SSRF-Search - Smart SSRF Scanner Using Different Methods Like Parameter Brute Forcing In Post And Get...
- IoTGoat - A Deliberately Insecure Firmware Based On OpenWrt
- Polyshell - A Bash/Batch/PowerShell Polyglot!
- Mouse Framework - An iOS And macOS Post Exploitation Surveillance Framework That Gives You A Command Line Session With Extra Functionality Between You And A Target Machine Using Only A Simple Mouse Payload
- Multi-Juicer - Run Capture The Flags And Security Trainings With OWASP Juice Shop
- Progress-Burp - Burp Suite Extension To Track Vulnerability Assessment Progress
- Faraday presents the latest version of their Security Platform for Vulnerability Management Automation
- ABD - Course Materials For Advanced Binary Deobfuscation
- Wifi-Hacker - Shell Script For Attacking Wireless Connections Using Built-In Kali Tools
- get_Team_Pass - Get Teamviewer's ID And Password From A Remote Computer In The LAN
- Faraday presents the latest version of their Security Platform for Vulnerability Management Automation
- Dnssearch - A Subdomain Enumeration Tool
- Liffy - Local File Inclusion Exploitation Tool
- DLLPasswordFilterImplant - DLL Password Filter Implant With Exfiltration Capabilities
- Ohmybackup - Scan Victim Backup Directories & Backup Files
- Gadgetinspector - A Byte Code Analyzer For Finding Deserialization Gadget Chains In Java Applications
- OWASP D4N155 - Intelligent And Dynamic Wordlist Using OSINT
- TaskManager-Button-Disabler - Simple Way To Disable/Rename Buttons From A Task Manager
- SUDO_KILLER - A Tool To Identify And Exploit Sudo Rules' Misconfigurations And Vulnerabilities Within Sudo
- Adama - Searches For Threat Hunting And Security Analytics
- Metabigor - Intelligence Tool But Without API Key
- Rabid - A CLI Tool And Library Allowing To Simply Decode All Kind Of BigIP Cookies
- 0L4Bs - Cross-site Scripting Labs For Web Application Security Enthusiasts
- CVE Api - Parse & filter the latest CVEs from cve.mitre.org
- NekoBot - Auto Exploiter With 500+ Exploit 2000+ Shell
- Gospider - Fast Web Spider Written In Go
- DecryptTeamViewer - Enumerate And Decrypt TeamViewer Credentials From Windows Registry
- DrSemu - Malware Detection And Classification Tool Based On Dynamic Behavior
- Syborg - Recursive DNS Subdomain Enumerator With Dead-End Avoidance System
- Manul - A Coverage-Guided Parallel Fuzzer For Open-Source And Blackbox Binaries On Windows, Linux And MacOS
- Fuzzowski - The Network Protocol Fuzzer That We Will Want To Use
- Nray - Distributed Port Scanner
- BurpSuite Random User-Agents - Burp Suite Extension For Generate A Random User-Agents
- CTFTOOL - Interactive CTF Exploration Tool
- Aduket - Straight-forward HTTP Client Testing, Assertions Included
- OpenRelayMagic - Tool To Find SMTP Servers Vulnerable To Open Relay
- Hashcracker - Python Hash Cracker
- KawaiiDeauther - Jam All Wifi Clients/Routers
- Agente - Distributed Simple And Robust Release Management And Monitoring System
- XSS-Freak - An XSS Scanner Fully Written In Python3 From Scratch
- IPv6Tools - A Robust Modular Framework That Enables The Ability To Visually Audit An IPv6 Enabled Network
- Pytm - A Pythonic Framework For Threat Modeling
- Netdata - Real-time Performance Monitoring
- InjuredAndroid - A Vulnerable Android Application That Shows Simple Examples Of Vulnerabilities In A CTF Style
- FockCache - Minimalized Test Cache Poisoning
- Acunetix v13 - Web Application Security Scanner
- SEcraper - Search Engine Scraper Tool With BASH Script.
- Re2Pcap - Create PCAP file from raw HTTP request or response in seconds
- Takeover v0.2 - Sub-Domain TakeOver Vulnerability Scanner
- Misp-Dashboard - A Dashboard For A Real-Time Overview Of Threat Intelligence From MISP Instances
- Jaeles v0.4 - The Swiss Army Knife For Automated Web Application Testing
- Dufflebag - Search Exposed EBS Volumes For Secrets
- Qiling - Advanced Binary Emulation Framework
- Nfstream - A Flexible Network Data Analysis Framework
- WhatTheHack - A Collection Of Challenge Based Hack-A-Thons Including Student Guide, Proctor Guide, Lecture Presentations, Sample/Instructional Code And Templates
- Injectus - CRLF And Open Redirect Fuzzer
- PCFG Cracker - Probabilistic Context Free Grammar (PCFG) Password Guess Generator
- DVNA - Damn Vulnerable NodeJS Application
- GDA Android Reversing Tool - A New Decompiler Written Entirely In C++, So It Does Not Rely On The Java Platform, Which Is Succinct, Portable And Fast, And Supports APK, DEX, ODEX, Oat
- Project-Black - Pentest/BugBounty Progress Control With Scanning Modules
- RiskAssessmentFramework - Static Application Security Testing
- MassDNS - A High-Performance DNS Stub Resolver For Bulk Lookups And Reconnaissance (Subdomain Enumeration)
- S3Enum - Fast Amazon S3 Bucket Enumeration Tool For Pentesters
- See-SURF - Python Based Scanner To Find Potential SSRF Parameters
- Blinder - A Python Library To Automate Time-Based Blind SQL Injection
- Obfuscapk - A Black-Box Obfuscation Tool For Android Apps
- Kali Linux 2020.1 Release - Penetration Testing and Ethical Hacking Linux Distribution
- PythonAESObfuscate - Obfuscates A Python Script And The Accompanying Shellcode
- ApplicationInspector - A Source Code Analyzer Built For Surfacing Features Of Interest And Other Characteristics To Answer The Question 'What'S In It' Using Static Analysis With A Json Based Rules Engine
- CredNinja - A Multithreaded Tool Designed To Identify If Credentials Are Valid, Invalid, Or Local Admin Valid Credentials Within A Network At-Scale Via SMB, Plus Now With A User Hunter
- Mimir - Smart OSINT Collection Of Common IOC Types
- Socialscan - Check Email Address And Username Availability On Online Platforms With 100% Accuracy
- Aircrack-ng 1.6 - Complete Suite Of Tools To Assess WiFi Network Security
- Memhunter - Live Hunting Of Code Injection Techniques
- AgentSmith-HIDS - Open Source Host-based Intrusion Detection System (HIDS)
- Hershell - Multiplatform Reverse Shell Generator
- Check-LocalAdminHash - A PowerShell Tool That Attempts To Authenticate To Multiple Hosts Over Either WMI Or SMB Using A Password Hash To Determine If The Provided Credential Is A Local Administrator
- SharpStat - C# Utility That Uses WMI To Run "cmd.exe /c netstat -n", Save The Output To A File, Then Use SMB To Read And Delete The File Remotely
- KsDumper - Dumping Processes Using The Power Of Kernel Space
- YARASAFE - Automatic Binary Function Similarity Checks with Yara
- AlertResponder - Automatic Security Alert Response Framework By AWS Serverless Application Model
- TAS - A Tiny Framework For Easily Manipulate The Tty And Create Fake Binaries
- Corsy v1.0 - CORS Misconfiguration Scanner
- TeleGram-Scraper - Telegram Group Scraper Tool (Fetch All Information About Group Members)
- Grouper2 - Find Vulnerabilities In AD Group Policy
- Gophish - Open-Source Phishing Toolkit
- Aaia - AWS Identity And Access Management Visualizer And Anomaly Finder
- Scallion - GPU-based Onion Addresses Hash Generator
- Bluewall - A Firewall Framework Designed For Offensive And Defensive Cyber Professionals
- AntiCheat-Testing-Framework - Framework To Test Any Anti-Cheat
- Gowitness - A Golang, Web Screenshot Utility Using Chrome Headless
- Lsassy - Extract Credentials From Lsass Remotely
- LOLBITS - C# Reverse Shell Using Background Intelligent Transfer Service (BITS) As Communication Protocol
- Shell Backdoor List - PHP / ASP Shell Backdoor List
- Hakrawler - Simple, Fast Web Crawler Designed For Easy, Quick Discovery Of Endpoints And Assets Within A Web Application
- Gtfo - Search For Unix Binaries That Can Be Exploited To Bypass System Security Restrictions
- SWFPFinder - SWF Potential Parameters Finder
- laravelN00b - Automated Scan .env Files And Checking Debug Mode In Victim Host
- Andriller - Software Utility With A Collection Of Forensic Tools For Smartphones
- LAVA - Large-scale Automated Vulnerability Addition
- Heapinspect - Inspect Heap In Python
- CHAPS - Configuration Hardening Assessment PowerShell Script
- Karonte - A Static Analysis Tool To Detect Multi-Binary Vulnerabilities In Embedded Firmware
- IotShark - Monitoring And Analyzing IoT Traffic
- LNAV - Log File Navigator
- TuxResponse - Linux Incident Response
- Stowaway - Multi-hop Proxy Tool For Pentesters
- Git-Vuln-Finder - Finding Potential Software Vulnerabilities From Git Commit Messages
- WAFW00F v2.0 - Allows One To Identify And Fingerprint Web Application Firewall (WAF) Products Protecting A Website
- XposedOrNot - Tool To Search An Aggregated Repository Of Xposed Passwords Comprising Of ~850 Million Real Time Passwords
- Dsync - IDAPython Plugin That Synchronizes Disassembler And Decompiler Views
- RFCpwn - An Enumeration And Exploitation Toolkit Using RFC Calls To SAP
- LKWA - Lesser Known Web Attack Lab
- Multiscanner - Modular File Scanning/Analysis Framework
- Findomain v0.9.3 - The Fastest And Cross-Platform Subdomain Enumerator
- OKadminFinder - Admin Panel Finder / Admin Login Page Finder
- BetterBackdoor - A Backdoor With A Multitude Of Features
- Spraykatz - A Tool Able To Retrieve Credentials On Windows Machines And Large Active Directory Environments
- Shelly - Simple Backdoor Manager With Python (Based On Weevely)
- huskyCI - Performing Security Tests Inside Your CI
- AttackSurfaceMapper - A Tool That Aims To Automate The Reconnaissance Process
- Pylane - An Python VM Injector With Debug Tools, Based On GDB
- PAKURI - Penetration Test Achieve Knowledge Unite Rapid Interface
- Malwinx - Just A Normal Flask Web App To Understand Win32Api With Code Snippets And References
- Quark-Engine - An Obfuscation-Neglect Android Malware Scoring System
- nmapAutomator - Tool To Automate All Of The Process Of Recon/Enumeration
- RansomCoin - A DFIR Tool To Extract Cryptocoin Addresses And Other Indicators Of Compromise From Binaries
- Pown.js - A Security Testing An Exploitation Toolkit Built On Top Of Node.js And NPM
- Top 20 Most Popular Hacking Tools in 2019
- Turbolist3r - Subdomain Enumeration Tool With Analysis Features For Discovered Domains
- SQLMap v1.4 - Automatic SQL Injection And Database Takeover Tool
- AVCLASS++ - Yet Another Massive Malware Labeling Tool
- XSpear v1.3 - Powerfull XSS Scanning And Parameter Analysis Tool
- Kamerka GUI - Ultimate Internet Of Things/Industrial Control Systems Reconnaissance Tool
- SysWhispers - AV/EDR Evasion Via Direct System Calls
- S3Tk - A Security Toolkit For Amazon S3
- WindowsFirewallRuleset - Windows Firewall Ruleset Powershell Scripts
- AWS Report - Tool For Analyzing Amazon Resources
- Tishna - Complete Automated Pentest Framework For Servers, Application Layer To Web Security
- RedPeanut - A Small RAT Developed In .Net Core 2 And Its Agent In .Net 3.5/4.0
- DetectionLab - Vagrant And Packer Scripts To Build A Lab Environment Complete With Security Tooling And Logging Best Practices
- Andor - Blind SQL Injection Tool With Golang
- SQL Injection Payload List
- WinPwn - Automation For Internal Windows Penetrationtest / AD-Security
- Ddoor - Cross Platform Backdoor Using Dns Txt Records
- Custom Header - Automatic Add New Header To Entire BurpSuite HTTP Requests
- SCShell - Fileless Lateral Movement Tool That Relies On ChangeServiceConfigA To Run Command
- Ultimate Facebook Scraper - A Bot Which Scrapes Almost Everything About A Facebook User'S Profile Including All Public Posts/Statuses Available On The User'S Timeline, Uploaded Photos, Tagged Photos, Videos, Friends List And Their Profile Photos
- FireProx - AWS API Gateway Management Tool For Creating On The Fly HTTP Pass-Through Proxies For Unique IP Rotation
- DNCI - Dot Net Code Injector
- RdpThief - Extracting Clear Text Passwords From Mstsc.Exe Using API Hooking
- Leprechaun - Tool Used To Map Out The Network Data Flow To Help Penetration Testers Identify Potentially Valuable Targets
- Glances - An Eye On Your System. A Top/Htop Alternative For GNU/Linux, BSD, Mac OS And Windows Operating Systems
- Sshtunnel - SSH Tunnels To Remote Server
- RE:TERNAL - Repo Containing Docker-Compose Files And Setup Scripts Without Having To Clone The Individual Reternal Components
- Antispy - A Free But Powerful Anti Virus And Rootkits Toolkit
- Flan - A Pretty Sweet Vulnerability Scanner By CloudFlare
- Corsy - CORS Misconfiguration Scanner
- Kali Linux 2019.4 Release - Penetration Testing and Ethical Hacking Linux Distribution
- XML External Entity (XXE) Injection Payload List
- ATFuzzer - Dynamic Analysis Of AT Interface For Android Smartphones
- Netstat2Neo4J - Create Cypher Create Statements For Neo4J Out Of Netstat Files From Multiple Machines
- BaseQuery - A Way To Organize Public Combo-Lists And Leaks In A Way That You Can Easily Search Through Everything
- Attack Monitor - Endpoint Detection And Malware Analysis Software
- Crashcast-Exploit - This Tool Allows You Mass Play Any YouTube Video With Chromecasts Obtained From Shodan.io
- Tool-X - A Kali Linux Hacking Tool Installer
- SQLMap v1.3 - Automatic SQL Injection And Database Takeover Tool
- Stretcher - Tool Designed To Help Identify Open Elasticsearch Servers That Are Exposing Sensitive Information
- Aztarna - A Footprinting Tool For Robots
- Hediye - Hash Generator & Cracker Online Offline
- Killcast - Manipulate Chromecast Devices In Your Network
- bypass-firewalls-by-DNS-history - Firewall Bypass Script Based On DNS History Records
- WiFi-Pumpkin v0.8.7 - Framework for Rogue Wi-Fi Access Point Attack
- H8Mail - Email OSINT And Password Breach Hunting
- Kube-Hunter - Hunt For Security Weaknesses In Kubernetes Clusters
- Metasploit 5.0 - The World’s Most Used Penetration Testing Framework
- Interlace - Easily Turn Single Threaded Command Line Applications Into Fast, Multi Threaded Ones With CIDR And Glob Support
- Twifo-Cli - Get User Information Of A Twitter User
- Sitadel - Web Application Security Scanner
- Pe-Sieve - Recognizes And Dumps A Variety Of Potentially Malicious Implants (Replaced/Injected PEs, Shellcodes, Hooks, In-Memory Patches)
- Malboxes - Builds Malware Analysis Windows VMs So That You Don'T Have To
- Snyk - CLI And Build-Time Tool To Find & Fix Known Vulnerabilities In Open-Source Dependencies
- Shed - .NET Runtime Inspector
- Stardox - Github Stargazers Information Gathering Tool
- Commix v2.7 - Automated All-in-One OS Command Injection And Exploitation Tool
- AutoSploit v3.0 - Automated Mass Exploiter
- Faraday v3.5 - Collaborative Penetration Test and Vulnerability Management Platform
- Recaf - A Modern Java Bytecode Editor
- dnSpy - .NET Debugger And Assembly Editor