mirror of
https://github.com/The-Art-of-Hacking/h4cker
synced 2024-11-22 10:53:03 +00:00
41 KiB
41 KiB
Latest Cool Tools
The following are a collection of recently-released pen test tools. I update this list every time that there is a new post and when I find a new one around the Internet. The rest of the repository has hundreds of additional cybersecurity and pen test tools.
- Botb - A Container Analysis And Exploitation Tool For Pentesters And Engineers
- gitGraber - Tool To Monitor GitHub To Search And Find Sensitive Data For Different Online Services Such As: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
- fileGPS - A Tool That Help You To Guess How Your Shell Was Renamed After The Server-Side Script Of The File Uploader Saved It
- ActiveReign - A Network Enumeration And Attack Toolset
- Revshellgen - Reverse Shell Generator Written In Python.
- LetsMapYourNetwork - Tool To Visualise Your Physical Network In Form Of Graph With Zero Manual Error
- OpenCTI - Open Cyber Threat Intelligence Platform
- BlackArch Linux v2019.09.01 - Penetration Testing Distribution
- Phishing-Simulation - Aims To Increase Phishing Awareness By Providing An Intuitive Tutorial And Customized Assessment
- PingCastle - Get Active Directory Security At 80% In 20% Of The Time
- Mondoo - Cloud-Native Security And Vulnerability Risk Management
- BLUESPAWN - Windows Based Active Defense Tool To Empower Blue Teams
- EMAGNET - Tool For Find Leaked Databases With 97.1% Accurate To Grab Mail + Password Together From Pastebin Leaks
- PyFuscation - Obfuscate Powershell Scripts By Replacing Function Names, Variables And Parameters
- Btlejack - Bluetooth Low Energy Swiss-army Knife
- mpDNS - Multi-Purpose DNS Server
- Ehtools - Framework Of Serious Wi-Fi Penetration Tools
- Wordlister - A Simple Wordlist Generator And Mangler Written In Python
- Barq - The AWS Cloud Post Exploitation Framework!
- Telegram C# C2 - A Command and Control Tool for Telegram Bot Communication
- HTTP Request Smuggler - Extension For Burp Suite Designed To Help You Launch HTTP Request Smuggling Attacks
- B-XSSRF - Toolkit To Detect And Keep Track On Blind XSS, XXE And SSRF
- 0xsp Mongoose v1.7 - Linux/Windows Privilege Escalation intelligent Enumeration Toolkit
- Constellation - A Graph-Focused Data Visualisation And Interactive Analysis Application
- Hashcatch - Capture Handshakes Of Nearby WiFi Networks Automatically
- Nuages - A Modular C2 Framework
- RedHunt OS v2 - Virtual Machine For Adversary Emulation And Threat Hunting
- Sudomy - Subdomain Enumeration & Analysis
- NebulousAD - Automated Credential Auditing Tool
- PHPStan - PHP Static Analysis Tool (Discover Bugs In Your Code Without Running It!)
- EVABS - Extremely Vulnerable Android Labs
- 4CAN - Open Source Security Tool to Find Security Vulnerabilities in Modern Cars
- AIL Framework - Framework for Analysis of Information Leaks
- Airgeddon v9.21 - A Multi-use Bash Script for Linux Systems to Audit Wireless Networ
- Sublert - Security And Reconnaissance Tool Which Leverages Certificate Transparency To Automatically Monitor New Subdomains Deployed By Specific Organizations And Issued TLS/SSL Certificate
- IPRotate - Extension For Burp Suite Which Uses AWS API Gateway To Rotate Your IP On Every Request
- LDAPDomainDump - Active Directory Information Dumper Via LDAP
- Covenant - A .NET Command And Control Framework For Red Teamers
- AutoRDPwn v5.0 - The Shadow Attack Framework
- PoshC2 - C2 Server and Implants
- Hacktronian - All In One Hacking Tool For Linux & Android
- Pyshark - Python Wrapper For Tshark, Allowing Python Packet Parsing Using Wireshark Dissectors
- Applepie - A Hypervisor For Fuzzing Built With WHVP And Bochs
- PEpper - An Open Source Script To Perform Malware Static Analysis On Portable Executable
- goDoH - A DNS-over-HTTPS C2
- Truegaze - Static Analysis Tool For Android/iOS Apps Focusing On Security Issues Outside The Source Code
- pwnedOrNot v1.2.6 - OSINT Tool to Find Passwords for Compromised Email Addresses
- "Can I Take Over XYZ?" - A List Of Services And How To Claim (Sub)Domains With Dangling DNS Records
- Eyeballer - Convolutional Neural Network For Analyzing Pentest Screenshots
- "Can I Take Over XYZ?" - A List Of Services And How To Claim (Sub)Domains With Dangling DNS Records.
- Dow Jones Hammer - Protect The Cloud With The Power Of The cloud(AWS)
- Firmware Slap - Discovering Vulnerabilities In Firmware Through Concolic Analysis And Function Clustering
- Iris - WinDbg Extension To Perform Basic Detection Of Common Windows Exploit Mitigations
- Diaphora - The Most Advanced Free And Open Source Program Diffing Tool
- Airflowscan - Checklist And Tools For Increasing Security Of Apache Airflow
- DockerSecurityPlayground - A Microservices-based Framework For The Study Of Network Security And Penetration Test Techniques
- DrMITM - Program Designed To Globally Log All Traffic Of A Website
- Sampler - A Tool For Shell Commands Execution, Visualization And Alerting (Configured With A Simple YAML File)
- Findomain v0.2.1 - The Fastest And Cross-Platform Subdomain Enumerator
- Goop - Google Search Scraper (Bypass CAPTCHA)
- ThreatHunting - A Splunk App Mapped To MITRE ATT&CK To Guide Your Threat Hunts
- HackerTarget ToolKit v2.0 - Tools And Network Intelligence To Help Organizations With Attack Surface Discovery
- Seccomp Tools - Provide Powerful Tools For Seccomp Analysis
- AbsoluteZero - Python APT Backdoor
- Osmedeus v1.5 - Fully Automated Offensive Security Framework For Reconnaissance And Vulnerability Scanning
- WAES - Auto Enums Websites And Dumps Files As Result
- BADministration - Tool Which Interfaces with Management or Administration Applications from an Offensive Standpoint
- SQLMap v1.3.8 - Automatic SQL Injection And Database Takeover Tool
- Commando VM v2.0 - The First Full Windows-based Penetration Testing Virtual Machine Distribution
- Skadi - Collect, Process, And Hunt With Host Based Data From MacOS, Windows, And Linux
- KRF - A Kernelspace Randomized Faulter
- SET v8.0.1 - The Social-Engineer Toolkit
- Project iKy v2.1.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
- Project iKy v2.1.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
- Theo - Ethereum Recon And Exploitation Tool
- Malcolm - A Powerful, Easily Deployable Network Traffic Analysis Tool Suite For Full Packet Capture Artifacts (PCAP Files) And Zeek Logs
- AutoRecon - Multi-Threaded Network Reconnaissance Tool Which Performs Automated Enumeration Of Services
- WiFiBroot - A WiFi Pentest Cracking Tool For WPA/WPA2 (Handshake, PMKID, Cracking, EAPOL, Deauthentication)
- HELK - The Hunting ELK
- MemGuard - Secure Software Enclave For Storage Of Sensitive Information In Memory
- Usbrip - Simple Command Line Forensics Tool For Tracking USB Device Artifacts (History Of USB Events) On GNU/Linux
- MSNM-S - Multivariate Statistical Network Monitoring-Sensor
- W13Scan - Passive Security Scanner
- XSpear - Powerfull XSS Scanning And Parameter Analysis Tool
- Slurp - S3 Bucket Enumerator
- Buster - Find Emails Of A Person And Return Info Associated With Them
- Xssizer - The Best Tool To Find And Prove XSS Flaws
- WDExtract - Extract Windows Defender Database From Vdm Files And Unpack It
- WeebDNS - DNS Enumeration With Asynchronicity
- RedGhost v3.0 - Linux Post Exploitation Framework Written In Bash Designed To Assist Red Teams In Persistence, Reconnaissance, Privilege Escalation And Leaving No Trace
- Recon-ng v5.0.0 - Open Source Intelligence Gathering Tool Aimed At Reducing The Time Spent Harvesting Information From Open Sources
- Uncompyle6 - A Cross-Version Python Bytecode Decompiler
- OSXCollector - A Forensic Evidence Collection & Analysis Toolkit For OS X
- Vulnado - Purposely Vulnerable Java Application To Help Lead Secure Coding Workshops
- Orbit v2.0 - Blockchain Transactions Investigation Tool
- Cloudcheck - Checks Using A Test String If A Cloudflare DNS Bypass Is Possible Using CloudFail
- grapheneX - Automated System Hardening Framework
- O365-Attack-Toolkit - A Toolkit To Attack Office365
- Pyattck - A Python Module To Interact With The Mitre ATT&CK Framework
- Evil-Winrm - The Ultimate WinRM Shell For Hacking/Pentesting
- Airopy - Get Clients And Access Points
- AMIRA - Automated Malware Incident Response & Analysis
- VulnWhisperer - Create Actionable Data From Your Vulnerability Scans
- Dockernymous - A Script Used To Create A Whonix Like Gateway/Workstation Environment With Docker Containers
- HiddenEye - Modern Phishing Tool With Advanced Functionality (Android-Support-Available)
- SUDO_KILLER - A Tool To Identify And Exploit Sudo Rules Misconfigurations And Vulnerabilities Within Sudo
- Hvazard - Remove Short Passwords & Duplicates, Change Lowercase To Uppercase & Reverse, Combine Wordlists!
- GitGot - Semi-automated, Feedback-Driven Tool To Rapidly Search Through Troves Of Public Data On GitHub For Sensitive Secrets
- Git-Hound - Find Exposed Keys Across GitHub Using Code Search Keywords
- Parrot Security 4.7 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind
- Kali NetHunter App Store - The New Android Store Dedicated to Free Security Apps
- Userrecon v1.1.0 - Recognition Usernames In 187 Social Networks
- Brute_Force - BruteForce Gmail, Hotmail, Twitter, Facebook & Netflix
- Detect It Easy - Program For Determining Types Of Files For Windows, Linux And MacOS
- Shellsum - A Defense Tool - Detect Web Shells In Local Directories Via Md5Sum
- RedGhost v2.0 - Linux Post Exploitation Framework Designed To Assist Red Teams In Gaining Persistence, Reconnaissance And Leaving No Trace
- UACME - Defeating Windows User Account Control
- JShielder v2.4 - Hardening Script For Linux Servers/ Secure LAMP-LEMP Deployer/ CIS Benchmark G
- Project iKy v2.0.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
- Passpie - Multiplatform Command-Line Password Manager
- PasteHunter - Scanning Pastebin With Yara Rules
- Pown-Duct - Essential Tool For Finding Blind Injection Attacks
- Dwarf - Full Featured Multi Arch/Os Debugger Built On Top Of PyQt5 And Frida
- Ghostfuscator - The Python Password-Protected Obfuscator Using AES Encryption
- Objection v1.6.6 - Runtime Mobile Exploration
- Commando VM v1.3 - The First Full Windows-based Penetration Testing Virtual Machine Distribution
- Findomain - A Cross-Platform Tool That Use Certificate Transparency Logs To Find Subdomains
- Echidna - Ethereum Fuzz Testing Framework
- Cloud Security Audit - A Command Line Security Audit Tool For Amazon Web Services
- WinObjEx64 - Windows Object Explorer 64-Bit
- Regipy - An OS Independent Python Library For Parsing Offline Registry Hives
- Rifiuti2 - Windows Recycle Bin Analyser
- Linux-Smart-Enumeration - Linux Enumeration Tool For Pentesting And CTFs With Verbosity Levels
- Whonix v15 - Anonymous Operating System
- SneakyEXE - Embedding "UAC-Bypassing" Function Into Your Custom Payload
- NetSet - Operational Security Utility And Automator
- DarkScrape - OSINT Tool For Scraping Dark Websites
- Youzer - Fake User Generator For Active Directory Environments
- Rock-ON - An All In One Recon Tool That Will Just Get A Single Entry Of The Domain Name And Do All Of The Work Alone
- Wesng - Windows Exploit Suggester
- Fbchecker - Facebook Mass Account Checker
- Slackor - A Golang Implant That Uses Slack As A Command And Control Server
- Hash-Identifier - Software To Identify The Different Types Of Hashes Used To Encrypt Data And Especially Passwords
- MIG - Distributed And Real Time Digital Forensics At The Speed Of The Cloud
- Icebox - Virtual Machine Introspection, Tracing & Debugging
- SQLMap v1.3.7 - Automatic SQL Injection And Database Takeover Tool
- Sherlock - Find Usernames Across Social Networks
- 0xsp-Mongoose - Privilege Escalation Enumeration Toolkit (ELF 64/32), Fast, Intelligent Enumeration With Web API Integration
- Lst2X64Dbg - Extract labels from IDA .lst or Ghidra .csv file and export x64dbg database
- Spyse.Py - Python API Wrapper And Command-Line Client For The Tools Hosted On Spyse.Com
- PTF v2.3 - The Penetration Testers Framework Is A Way For Modular Support For Up-To-Date Tools
- Scapy - The Python-based Interactive Packet Manipulation Program & Library
- TwitterShadowBan - Twitter Shadowban Tests
- PivotSuite - A Network Pivoting Toolkit
- Lynis 2.7.5 - Security Auditing Tool for Unix/Linux Systems
- Project iKy - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
- Getwin - FUD Win32 Payload Generator And Listener
- Seccubus - Easy Automated Vulnerability Scanning, Reporting And Analysis
- Terminus - A Terminal For A More Modern Age
- Quarantyne - Modern Web Firewall: Stop Account Takeovers, Weak Passwords, Cloud IPs, DoS Attacks, Disposable Emails
- Prithvi - Report Generation Tool
- Kippo - SSH Honeypot
- Konan - Advanced Web Application Dir Scanner
- Seth - Perform A MitM Attack And Extract Clear Text Credentials From RDP Connections
- Rdpscan - A Quick Scanner For The CVE-2019-0708 "BlueKeep" Vulnerability
- DNSlivery - Easy Files And Payloads Delivery Over DNS
- GhostSquadHackers - Encrypt/Encode Your Javascript Code
- BackBox Linux 6.0 - Ubuntu-based Linux Distribution Penetration Test and Security Assessment
- URLextractor - Information Gathering and Website Reconnaissance
- MozDef - Mozilla Enterprise Defense Platform
- Sliver - Implant Framework
- Simplify - Generic Android Deobfuscator
- BoomER - Framework For Exploiting Local Vulnerabilities
- WhatBreach - OSINT Tool To Find Breached Emails And Databases
- BlueGhost - A Network Tool Designed To Assist Blue Teams In Banning Attackers From Linux Servers
- Vxscan - Comprehensive Scanning Tool
- RedGhost - Linux Post Exploitation Framework Designed To Gain Persistence And Reconnaissance And Leave No Trace
- One-Lin3r v2.0 - Gives You One-Liners That Aids In Penetration Testing Operations, Privilege Escalation And More
- Tourmaline - Telegram Bot Framework For Crystal
- VulnX v1.7 - An Intelligent Bot Auto Shell Injector That Detect Vulnerabilities In Multiple Types Of CMS
- Cryptr - A Simple Shell Utility For Encrypting And Decrypting Files Using OpenSSL
- Amass - In-depth DNS Enumeration And Network Mapping
- Userrecon-Py - Find Usernames In Social Networks
- Metabigor - Command Line Search Engines Without Any API Key
- autoPwn - Automate Repetitive Tasks For Fuzzing
- Finshir - A Coroutines-Driven Low And Slow Traffic Sender, Written In Rust
- Facebash - Facebook Brute Forcer In Shellscript Using TOR
- Vthunting - A Tiny Script Used To Generate Report About VirusTotal Hunting And Send It By Email, Slack Or Telegram
- Python-Iocextract - Advanced Indicator Of Compromise (IOC) Extractor
- PcapXray v2.5 - A Network Forensics Tool To Visualize A Packet Capture Offline As A Network Diagram
- ANDRAX v3 - The First And Unique Penetration Testing Platform For Android Smartphones
- Vulners Scanner for Android - Passive Vulnerability Scanning Based On Software Version Fingerprint
- ripVT - Virus Total API Maltego Transform Set For Canari
- ReverseTCPShell - PowerShell ReverseTCP Shell, Client & Server
- GhostDelivery - This Tool Creates A Obfuscated .vbs Script To Download A Payload Hosted On A Server To %TEMP% Directory, Execute Payload And Gain Persistence
- H8Mail v2.0 - Email OSINT And Password Breach Hunting
- PhoneSploit v1.2 - Using Open Adb Ports We Can Exploit A Andriod Device
- Zydra - File Password Recovery Tool And Linux Shadow File Cracker
- Recsech - Tool For Doing Footprinting And Reconnaissance On The Target Web
- LiveHiddenCamera - Library Which Record Live Video And Audio From Android Device Without Displaying A Preview
- Shellphish - Phishing Tool For 18 Social Media (Instagram, Facebook, Snapchat, Github, Twitter...)
- TOR Router - A Tool That Allow You To Make TOR Your Default Gateway And Send All Internet Connections Under TOR
- Userrecon - Find Usernames Across Over 75 Social Networks
- WhatWeb v0.5.0 - Next Generation Web Scanner
- Faraday v3.8 - Collaborative Penetration Test and Vulnerability Management Platform
- RecScanSec - Reconnaisance Scanner Security
- Crashcast-Exploit - This Tool Allows You Mass Play Any YouTube Video With Chromecasts Obtained From Shodan.io
- Tool-X - A Kali Linux Hacking Tool Installer
- SQLMap v1.3 - Automatic SQL Injection And Database Takeover Tool
- Stretcher - Tool Designed To Help Identify Open Elasticsearch Servers That Are Exposing Sensitive Information
- Aztarna - A Footprinting Tool For Robots
- Hediye - Hash Generator & Cracker Online Offline
- Killcast - Manipulate Chromecast Devices In Your Network
- bypass-firewalls-by-DNS-history - Firewall Bypass Script Based On DNS History Records
- WiFi-Pumpkin v0.8.7 - Framework for Rogue Wi-Fi Access Point Attack
- H8Mail - Email OSINT And Password Breach Hunting
- Kube-Hunter - Hunt For Security Weaknesses In Kubernetes Clusters
- Metasploit 5.0 - The World’s Most Used Penetration Testing Framework
- Interlace - Easily Turn Single Threaded Command Line Applications Into Fast, Multi Threaded Ones With CIDR And Glob Support
- Twifo-Cli - Get User Information Of A Twitter User
- Sitadel - Web Application Security Scanner
- Pe-Sieve - Recognizes And Dumps A Variety Of Potentially Malicious Implants (Replaced/Injected PEs, Shellcodes, Hooks, In-Memory Patches)
- Malboxes - Builds Malware Analysis Windows VMs So That You Don'T Have To
- Snyk - CLI And Build-Time Tool To Find & Fix Known Vulnerabilities In Open-Source Dependencies
- Shed - .NET Runtime Inspector
- Stardox - Github Stargazers Information Gathering Tool
- Commix v2.7 - Automated All-in-One OS Command Injection And Exploitation Tool
- AutoSploit v3.0 - Automated Mass Exploiter
- Faraday v3.5 - Collaborative Penetration Test and Vulnerability Management Platform
- Recaf - A Modern Java Bytecode Editor
- dnSpy - .NET Debugger And Assembly Editor