mirror of
https://github.com/The-Art-of-Hacking/h4cker
synced 2024-11-25 12:20:18 +00:00
52 KiB
52 KiB
Latest Cool Tools
The following are a collection of recently-released pen test tools. I update this list every time that there is a new post and when I find a new one around the Internet. The rest of the repository has hundreds of additional cybersecurity and pen test tools.
- GhostDelivery - This Tool Creates A Obfuscated .vbs Script To Download A Payload Hosted On A Server To %TEMP% Directory, Execute Payload And Gain Persistence
- ReverseTCPShell - PowerShell ReverseTCP Shell, Client & Server
- ripVT - Virus Total API Maltego Transform Set For Canari
- Vulners Scanner for Android - Passive Vulnerability Scanning Based On Software Version Fingerprint
- ANDRAX v3 - The First And Unique Penetration Testing Platform For Android Smartphones
- PcapXray v2.5 - A Network Forensics Tool To Visualize A Packet Capture Offline As A Network Diagram
- Python-Iocextract - Advanced Indicator Of Compromise (IOC) Extractor
- Vthunting - A Tiny Script Used To Generate Report About VirusTotal Hunting And Send It By Email, Slack Or Telegram
- Facebash - Facebook Brute Forcer In Shellscript Using TOR
- Finshir - A Coroutines-Driven Low And Slow Traffic Sender, Written In Rust
- autoPwn - Automate Repetitive Tasks For Fuzzing
- Metabigor - Command Line Search Engines Without Any API Key
- Userrecon-Py - Find Usernames In Social Networks
- Amass - In-depth DNS Enumeration And Network Mapping
- Wpbullet - A Static Code Analysis For WordPress (And PHP)
- PhoneSploit - Using Open Adb Ports We Can Exploit A Devive
- Kubolt - Utility For Scanning Public Kubernetes Clusters
- Brutality - A Fuzzer For Any GET Entries
- P4wnP1 A.L.O.A. - Framework Which Turns A Rapsberry Pi Zero W Into A Flexible, Low-Cost Platform For Pentesting, Red Teaming And Physical Engagements
- Sniffglue - Secure Multithreaded Packet Sniffer
- H2Buster - A Threaded, Recursive, Web Directory Brute-Force Scanner Over HTTP/2
- CMSeeK v1.1.2 - CMS Detection And Exploitation Suite - Scan WordPress, Joomla, Drupal And Over 170 Other CMSs
- SSHD-Poison - A Tool To Get Creds Of Pam Based SSHD Authentication
- HiddenWall - Linux Kernel Module Generator For Custom Rules With Netfilter (Block Ports, Hidden Mode, Rootkit Functions, Etc)
- IPFinder CLI - The Official Command Line Client For IPFinder
- VulnX - CMS And Vulnerabilites Detector And An Intelligent Auto Shell Injector
- TeleShadow v3 - Telegram Desktop Session Stealer (Windows)
- Crosslinked - LinkedIn Enumeration Tool To Extract Valid Employee Names From An Organization Through Search Engine Scraping
- Graffiti - A Tool To Generate Obfuscated One Liners To Aid In Penetration Testing
- Kali Linux 2019.2 Release - Penetration Testing and Ethical Hacking Linux Distribution
- Versionscan - A PHP Version Scanner For Reporting Possible Vulnerabilities
- XSSCon - Simple XSS Scanner Tool
- Hydra 9.0 - Fast and Flexible Network Login Hacker
- Flashsploit - Exploitation Framework For ATtiny85 Based HID Attacks
- Scavenger - Crawler Searching For Credential Leaks On Different Paste Sites
- OSIF - Open Source Information Facebook
- Bandit - Tool Designed To Find Common Security Issues In Python Code
- Brutemap - Tool That Automates Testing Accounts To The Site's Login Page
- Acunetix Vulnerability Scanner Now With Network Security Scans
- Project iKy - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
- Miteru - An Experimental Phishing Kit Detection Tool
- SecurityRAT - Tool For Handling Security Requirements In Development
- JWT Tool - A Toolkit For Testing, Tweaking And Cracking JSON Web Tokens
- Trigmap - A Wrapper For Nmap To Automate The Pentest
- Machinae v1.4.8 - Security Intelligence Collector
- WAFW00F v1.0.0 - Detect All The Web Application Firewall!
- Horn3t - Powerful Visual Subdomain Enumeration At The Click Of A Mouse
- Pacbot - Platform For Continuous Compliance Monitoring, Compliance Reporting And Security Automation For The Cloud
- Findomain - A Cross-Platform Tool That Use Certificate Transparency Logs To Find Subdomains
- Sn1per v7.0 - Automated Pentest Framework For Offensive Security Experts
- PAnalizer - Pornography Analizer And Face Searching
- FinalRecon - OSINT Tool For All-In-One Web Reconnaissance
- iCULeak - Tool To Find And Extract Credentials From Phone Configuration Files Hosted On Cisco CUCM
- DumpTheGit - Searches Through Public Repositories To Find Sensitive Information Uploaded To The Github Repositories
- Vulmap - Online Local Vulnerability Scanners Project
- AutoSource - Automated Source Code Review Framework Integrated With SonarQube
- Kerbrute - A Tool To Perform Kerberos Pre-Auth Bruteforcing
- Hackuna - The First Mobile App to Track Hackers
- Joy - A Package For Capturing And Analyzing Network Flow Data And Intraflow Data, For Network Research, Forensics, And Security Monitoring
- Kostebek - Reconnaissance Tool Which Uses Firms Trademark Information To Discover Their Domains
- Termshark - A Terminal UI For Tshark, Inspired By Wireshark
- PeekABoo - Tool To Enable Remote Desktop On The Targeted Machine
- 10Minutemail - Python Temporary Email
- BruteDum - Brute Force Attacks SSH, FTP, Telnet, PostgreSQL, RDP, VNC With Hydra, Medusa And Ncrack
- Cynet Free IR Tool Offering Empowers Responders to Know and Act Against Active Attacks
- CQTools - The New Ultimate Windows Hacking Toolkit
- ExtAnalysis - Browser Extension Analysis Framework
- QRGen - Simple Script For Generating Malformed QRCodes
- ReconT - Reconnaisance / Footprinting / Information Disclosure
- Bashter - Web Crawler, Scanner, And Analyzer Framework
- Adidnsdump - Active Directory Integrated DNS Dumping By Any Authenticated User
- Twint - An Advanced Twitter Scraping And OSINT Tool
- HostHunter - A Recon Tool For Discovering Hostnames Using OSINT Techniques
- Flerken - Obfuscated Command Detection Tool
- ScanQLi - Scanner To Detect SQL Injection Vulnerabilities
- OSINT-Search - Useful For Digital Forensics Investigations Or Initial Black-Box Pentest Footprinting
- Parrot Security 4.6 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind
- Evil Clippy - A Cross-Platform Assistant For Creating Malicious MS Office Documents
- ParamPamPam - Brute Force Discover GET And POST Parameters
- Osmedeus - Fully Automated Offensive Security Tool For Reconnaissance And Vulnerability Scanning
- Okadminfinder3 - Admin Panel Finder / Admin Login Page Finder
- Cutter - Free And Open-Source GUI For Radare2 Reverse Engineering Framework
- NAXSI - An Open-Source, High Performance, Low Rules Maintenance WAF For NGINX
- Raptor WAF v0.6 - Web Application Firewall using DFA
- FTPBruter - A FTP Server Brute Forcing Tool
- Freddy - Automatically Identify Deserialisation Issues In Java And .NET Applications By Using Active And Passive Scans
- Findomain - A Tool That Use Certificate Transparency Logs To Find Subdomains
- Anevicon - A High-Performant UDP-based Load Generator
- Reverie - Automated Pentest Tools Designed For Parrot Linux
- EasySploit - Metasploit Automation (EASIER And FASTER Than EVER)
- PyWhatCMS - Unofficial WhatCMS API Package
- Kubebot - A Security Testing Slackbot Built With A Kubernetes Backend On The Google Cloud Platform
- drAFL - AFL + DynamoRIO = Fuzzing Binaries With No Source Code On Linux
- Ttyd - Share Your Terminal Over The Web
- mongoBuster - Hunt Open MongoDB Instances
- Parameth - This Tool Can Be Used To Brute Discover GET And POST Parameters
- EfiGuard - Disable PatchGuard And DSE At Boot Time
- fireELF - Fileless Linux Malware Framework
- FLASHMINGO - Automatic Analysis Of SWF Files Based On Some Heuristics
- Platypus - A Modern Multiple Reverse Shell Sessions Manager Written In Go
- SilkETW - Flexible C# Wrapper For ETW (Event Tracing for Windows)
- Instantbox - Get A Clean, Ready-To-Go Linux Box In Seconds
- Pepe - Collect Information About Email Addresses From Pastebin
- W12Scan - A Simple Asset Discovery Engine For Cybersecurity
- Instainsane - Multi-threaded Instagram Brute Forcer
- Zeebsploit - Web Scanner / Exploitation / Information Gathering
- TeleKiller - A Tool Session Hijacking And Stealer Local Passcode Telegram Windows
- pwnedOrNot v1.1.7 - OSINT Tool To Find Passwords For Compromised Email Addresses
- 0D1N v2.6 - Web Security Tool To Make Fuzzing At HTTP/S
- CredsLeaker v3 - Tool to Display A Powershell Credentials Box
- GodOfWar - Malicious Java WAR Builder With Built-In Payloads
- XSStrike v3.1.4 - Most Advanced XSS Detection Suite
- Chkdfront - Check Domain Fronting
- QRLJacker v2.0 - QRLJacking Exploitation Framework
- Zeebsploit - Web Scanner / Exploitation / Information Gathering
- Mysql-Magic - Dump Mysql Client Password From Memory
- mXtract v1.2 - Memory Extractor & Analyzer
- DefectDojo v1.5.4 - Application Vulnerability Correlation And Security Orchestration Application
- Free Cynet Threat Assessment for Mid-sized and Large Organizations
- Beagle - An Incident Response And Digital Forensics Tool Which Transforms Security Logs And Data Into Graphs
- ISF - Industrial Control System Exploitation Framework
- Pocsuite3 - An Open-Sourced Remote Vulnerability Testing Framework
- XanXSS - A Simple XSS Finding Tool
- Pyrit - The Famous WPA Precomputed Cracker
- Faraday v3.7 - Collaborative Penetration Test and Vulnerability Management Platform
- PowerShellArsenal - A PowerShell Module Dedicated To Reverse Engineering
- Darksplitz - Exploit Framework
- CHAOS Framework v3.0 - Generate Payloads And Control Remote Windows Systems
- CHAOS Framework v2.0 - Generate Payloads And Control Remote Windows Systems
- ISeeYou - Bash And Javascript Tool To Find The Exact Location Of The Users During Social Engineering Or Phishing Engagements
- Instainsane - Multi-threaded Instagram Brute Forcer
- Evillimiter - Limits Bandwidth Of Devices On The Same Network
- Osmedeus - Fully Automated Offensive Security Tool For Reconnaissance And Vulnerability Scanning
- Mimikatz v2.2.0 - A Post-Exploitation Tool to Extract Plaintexts Passwords, Hash, PIN Code from Memory
- Commando VM - The First of Its Kind Windows Offensive Distribution
- IDArling - Collaborative Reverse Engineering Plugin For IDA Pro & Hex-Rays
- Wireshark Cheatsheet
- FFM (Freedom Fighting Mode) - Open Source Hacking Harness
- Just-Metadata - Tool That Gathers And Analyzes Metadata About IP Addresses
- phpMussel - PHP-based Anti-Virus Anti-Trojan Anti-Malware Solution
- WinPwn - Automation For Internal Windows Penetrationtest
- Reconerator - C# Targeted Attack Reconnaissance Tools
- Mutiny Fuzzing Framework - Network Fuzzer That Operates By Replaying PCAPs Through A Mutational Fuzzer
- Flightsim - A Utility To Generate Malicious Network Traffic And Evaluate Controls
- LAPSToolkit - Tool To Audit And Attack LAPS Environments
- Xori - An Automation-Ready Disassembly And Static Analysis Library For PE32, 32+ And Shellcode
- H2T - Scans A Website And Suggests Security Headers To Apply
- Got-Responded - A Simple Tool To Detect NBT-NS And LLMNR Spoofing
- WPScan v3.4.5 - Black Box WordPress Vulnerability Scanner
- Androwarn - Yet Another Static Code Analyzer For Malicious Android Applications
- FIR - Fast Incident Response
- Webtech - Identify Technologies Used On Websites
- Lynis 2.7.3 - Security Auditing Tool for Unix/Linux Systems
- SMS-Stack - Framework to provided TPC/IP based characteristics to the GSM Short Message Service
- Xerxes - DoS Tool Enhanced
- mXtract - Memory Extractor & Analyzer
- RapidRepoPull - Tool To Quickly Pull And Install Repos From A List
- Goscan - Interactive Network Scanner
- Remot3d v2.0 - Tool Created For Large Pentesters As Well As Just For The Pleasure Of Defacers To Control Server By Backdoors
- Dnsdmpstr - Unofficial API & Client For Dnsdumpster.Com And Hackertarget.Com
- Freevulnsearch - Free And Open NMAP NSE Script To Query Vulnerabilities Via The cve-search.org API
- Armory - A Tool Meant To Take In A Lot Of External And Discovery Data From A Lot Of Tools, Add It To A Database And Correlate All Of Related Information
- DOGE - Darknet Osint Graph Explorer
- Mad-Metasploit - Metasploit Custom Modules, Plugins & Resource Scripts
- Metaforge - An OSINT Metadata Analyzing Tool That Filters Through Tags And Creates Reports
- Hashboy-Tool - A Hash Query Tool
- CarbonCopy - A Tool Which Creates A Spoofed Certificate Of Any Online Website And Signs An Executable For AV Evasion
- Karma - Search of Emails and Passwords on Pwndb
- Arjun v1.3 - HTTP Parameter Discovery Suite
- SocialFish v2 - Educational Phishing Tool & Information Collector
- DNS-Shell - An Interactive Shell Over DNS Channel
- Decker - Declarative Penetration Testing Orchestration Framework
- PFQ - Functional Network Framework For Multi-Core Architectures
- Hostintel - A Modular Python Application To Collect Intelligence For Malicious Hosts
- IoT-Home-Guard - A Tool For Malicious Behavior Detection In IoT Devices
- Acunetix Web Application Vulnerability Report 2019
- Kage - Graphical User Interface For Metasploit Meterpreter And Session Handler
- rootOS - macOS Root Helper
- Vuls - Vulnerability Scanner For Linux/FreeBSD, Agentless, Written In Go
- Reverse Shell Cheat Sheet
- AutoRDPwn v4.8 - The Shadow Attack Framework
- Cat-Nip - Automated Basic Pentest Tool (Designed For Kali Linux)
- Goca Scanner - FOCA fork written in Go
- Chomp Scan - A Scripted Pipeline Of Tools To Streamline The Bug Bounty/Penetration Test Reconnaissance Phase
- Turbinia - Automation And Scaling Of Digital Forensics Tools
- Ghidra - Software Reverse Engineering Framework
- Legion - An Easy-To-Use, Super-Extensible And Semi-Automated Network Penetration Testing Tool That Aids In Discovery, Reconnaissance And Exploitation Of Information Systems
- Reload.sh - Reinstall, Restore And Wipe Your System Via SSH, Without Rebooting
- UserLAnd - The Easiest Way To Run A Linux Distribution or Application on Android
- Cuteit v0.2.1 - IP Obfuscator Made To Make A Malicious Ip A Bit Cuter
- Rpi-Hunter - Automate Discovering And Dropping Payloads On LAN Raspberry Pi's Via SSH
- CMSeeK v1.1.1 - CMS Detection And Exploitation Suite (Scan WordPress, Joomla, Drupal And 150 Other CMSs)
- Faraday v3.6 - Collaborative Penetration Test and Vulnerability Management Platform
- Phantom Evasion - Python AV Evasion Tool Capable To Generate FUD Executable Even With The Most Common 32 Bit Metasploit Payload (Exe/Elf/Dmg/Apk)
- Strelka - Scanning Files At Scale With Python And ZeroMQ
- Imago Forensics - Imago Is A Python Tool That Extract Digital Evidences From Images
- VSHG - Hardware resistance & enhanced security for GnuPG
- Angr - A Powerful And User-Friendly Binary Analysis Platform
- Ntopng - Web-based Traffic And Security Network Traffic Monitoring
- HT-WPS Breaker - High Touch WPS Breaker
- Ophcrack - A Windows Password Cracker Based On Rainbow Tables
- Metasploit Cheat Sheet
- SALT - SLUB ALlocator Tracer For The Linux Kernel
- Command Injection Payload List
- Reko - A General Purpose Binary Decompiler
- Iptables Essentials - Common Firewall Rules And Commands
- HexRaysCodeXplorer - Hex-Rays Decompiler Plugin For Better Code Navigation
- PHP Security Check List
- OSFClone - Open Source Utility To Create And Clone Forensic Disk Images
- Cheat Engine - A Development Environment Focused On Modding
- BeEF - The Browser Exploitation Framework Project
- Eraser - Secure Erase Files from Hard Drives on Windows
- SecLists - A Collection Of Multiple Types Of Lists Used During Security Assessments, Collected In One Place (Usernames, Passwords, URLs, Sensitive Data Patterns, Fuzzing Payloads, Web Shells, And Many More)
- GameGuardian - Android Game Hack/Alteration Tool
- OSINT-SPY - Search using OSINT (Open Source Intelligence)
- Maltego CE - An Interactive Data Mining Tool That Renders Directed Graphs For Link Analysis
- BoNeSi - The DDoS Botnet Simulator
- HoneyPy - A Low To Medium Interaction Honeypot
- Egress-Assess - Tool Used To Test Egress Data Detection Capabilities
- Fibratus - Tool For Exploration And Tracing Of The Windows Kernel
- TROMMEL - Sift Through Embedded Device Files To Identify Potential Vulnerable Indicators
- DCOMrade - Powershell Script For Enumerating Vulnerable DCOM Applications
- Ponce - IDA Plugin For Symbolic Execution Just One-Click Away!
- Kaboom - Automatic Pentest
- SSRFmap - Automatic SSRF Fuzzer And Exploitation Tool
- Pompem - Exploit and Vulnerability Finder
- Lazygit - Simple Terminal UI For Git Commands
- Up (Ultimate Plumber) - Tool For Writing Linux Pipes With Instant Live Preview
- CDF - Crypto Differential Fuzzing
- Justniffer - Network TCP Packet Sniffer
- UEFI Firmware Parser - Parse BIOS/Intel ME/UEFI Firmware Related Structures: Volumes, FileSystems, Files, Etc
- PF_RING - High-Speed Packet Capture, Filtering And Analysis
- Pftriage - Python Tool And Library To Help Analyze Files During Malware Triage And Analysis
- nDPI - Open Source Deep Packet Inspection Software Toolkit
- Hontel - Telnet Honeypot
- Volatility Workbench - A GUI For Volatility Memory Forensics
- HTTrack Website Copier - Web Crawler And Offline Browser
- OSFMount - Mount Disk Images & Create RAM Drives
- Process Hacker - A Free, Powerful, Multi-Purpose Tool That Helps You Monitor System Resources, Debug Software And Detect Malware
- CANalyzat0r - Security Analysis Toolkit For Proprietary Car Protocols
- DFIRTrack - The Incident Response Tracking Application
- Goscan - Interactive Network Scanner
- RedELK - Easy Deployable Tool For Red Teams Used For Tracking And Alarming About Blue Team Activities As Well As Better Usability In Long Term Operations
- Fnord - Pattern Extractor For Obfuscated Code
- Bincat - Binary Code Static Analyser, With IDA Integration
- Bscan - An Asynchronous Target Enumeration Tool
- Modlishka - An Open Source Phishing Tool With 2FA Authentication
- Fwknop - Single Packet Authorization & Port Knocking
- Netsniff-Ng - A Swiss Army Knife For Your Daily Linux Network Plumbing
- Electronegativity - Tool To Identify Misconfigurations And Security Anti-Patterns In Electron Applications
- LOLBAS - Living Off The Land Binaries And Scripts (LOLBins And LOLScripts)
- XIP - Tool To Generate A List Of IP Addresses By Applying A Set Of Transformations Used To Bypass Security Measures E.G. Blacklist Filtering, WAF, Etc.
- Stenographer - A Packet Capture Solution Which Aims To Quickly Spool All Packets To Disk, Then Provide Simple, Fast Access To Subsets Of Those Packets
- Fierce - Semi-Lightweight Scanner That Helps Locate Non-Contiguous IP Space And Hostnames Against Specified Domains
- Bolt - CSRF Scanning Suite
- Pwndb - Search For Creadentials Leaked On Pwndb
- Pown Recon - A Powerful Target Reconnaissance Framework Powered By Graph Theory
- Uncle Spufus - A Tool That Automates Mac Address Spoofing
- CIRTKit - Tools For The Computer Incident Response Team
- ADAPT - Tool That Performs Automated Penetration Testing For WebApps
- Scanner-Cli - A Project Security/Vulnerability/Risk Scanning Tool
- Sn0Int - Semi-automatic OSINT Framework And Package Manager
- FTW - Framework For Testing WAFs
- identYwaf - Blind WAF Identification Tool
- Sh00T - A Testing Environment for Manual Security Testers
- WiGLE - Wifi Wardriving (Nethugging Client For Android)
- LeakLooker - Find Open Databases With Shodan
- SecureTea Project - The Purpose Of This Application Is To Warn The User (Via Various Communication Mechanisms) Whenever Their Laptop Accessed
- ProcDump - A Linux Version Of The ProcDump Sysinternals Tool
- Parrot Security 4.5 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind
- Jok3R - Network And Web Pentest Framework
- Beebug - A Tool For Checking Exploitability
- Conpot - An Open Industrial Control Honeypot
- WPintel - Chrome Extension Designed For WordPress Vulnerability Scanning And Information Gathering
- Malice - VirusTotal Wanna Be (Now With 100% More Hipster)
- Htcap - A Web Application Scanner Able To Crawl Single Page Application (SPA) In A Recursive Manner By Intercepting Ajax Calls And DOM Changes
- Remot3d - An Simple Exploit for PHP Language
- Tyton - Linux Kernel-Mode Rootkit Hunter for 4.4.0-31+
- Crashcast-Exploit - This Tool Allows You Mass Play Any YouTube Video With Chromecasts Obtained From Shodan.io
- Tool-X - A Kali Linux Hacking Tool Installer
- SQLMap v1.3 - Automatic SQL Injection And Database Takeover Tool
- Stretcher - Tool Designed To Help Identify Open Elasticsearch Servers That Are Exposing Sensitive Information
- Aztarna - A Footprinting Tool For Robots
- Hediye - Hash Generator & Cracker Online Offline
- Killcast - Manipulate Chromecast Devices In Your Network
- bypass-firewalls-by-DNS-history - Firewall Bypass Script Based On DNS History Records
- WiFi-Pumpkin v0.8.7 - Framework for Rogue Wi-Fi Access Point Attack
- H8Mail - Email OSINT And Password Breach Hunting
- Kube-Hunter - Hunt For Security Weaknesses In Kubernetes Clusters
- Metasploit 5.0 - The World’s Most Used Penetration Testing Framework
- Interlace - Easily Turn Single Threaded Command Line Applications Into Fast, Multi Threaded Ones With CIDR And Glob Support
- Twifo-Cli - Get User Information Of A Twitter User
- Sitadel - Web Application Security Scanner
- Pe-Sieve - Recognizes And Dumps A Variety Of Potentially Malicious Implants (Replaced/Injected PEs, Shellcodes, Hooks, In-Memory Patches)
- Malboxes - Builds Malware Analysis Windows VMs So That You Don'T Have To
- Snyk - CLI And Build-Time Tool To Find & Fix Known Vulnerabilities In Open-Source Dependencies
- Shed - .NET Runtime Inspector
- Stardox - Github Stargazers Information Gathering Tool
- Commix v2.7 - Automated All-in-One OS Command Injection And Exploitation Tool
- AutoSploit v3.0 - Automated Mass Exploiter
- Faraday v3.5 - Collaborative Penetration Test and Vulnerability Management Platform
- Recaf - A Modern Java Bytecode Editor
- dnSpy - .NET Debugger And Assembly Editor