Awesome hacking is a curated list of hacking tools for hackers, pentesters and security researchers. Its goal is to collect, classify and make awesome tools easy to find by humans, creating a toolset you can checkout and update with one command.
This is not only a curated list, it is also a complete and updated toolset you can download with one-command!
You can download all the tools with the following command:
git clone --recursive https://github.com/jekil/awesome-hacking.git
To update it run the following command:
git pull
Every kind of contribution is really appreciated! Follow the :doc:`contribute`.
If you enjoy this work, please keep it alive contributing or just sharing it! - @jekil
Table of Contents
- Brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications.
- ShellCheck - A static analysis tool for shell scripts.
- FeatherDuster - An automated, modular cryptanalysis tool.
- RSATool - Generate private key with knowledge of p and q.
- Xortool - A tool to analyze multi-byte xor cipher.
- CTFd - CTF in a can. Easily modifiable and has everything you need to run a jeopardy style CTF.
- FBCTF - Platform to host Capture the Flag competitions.
- LibreCTF - CTF in a box. Minimal setup required.
- Mellivora - A CTF engine written in PHP.
- NightShade - A simple security CTF framework.
- OneGadget - A tool for you easy to find the one gadget RCE in libc.so.6.
- Pwntools - CTF framework and exploit development library.
- Scorebot - Platform for CTFs by Legitbs (Defcon).
- V0lt - Security CTF Toolkit.
Docker Bench for Security - The Docker Bench for Security checks for all the automatable tests in the CIS Docker 1.6 Benchmark.
docker pull diogomonica/docker-bench-security
DVWA - Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable.
docker pull citizenstig/dvwa
Kali Linux - This Kali Linux Docker image provides a minimal base install of the latest version of the Kali Linux Rolling Distribution.
docker pull kalilinux/kali-linux-docker
Metasploit - Metasploit Framework penetration testing software (unofficial docker).
docker pull remnux/metasploit
OWASP Juice Shop - An intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws.
docker pull bkimminich/juice-shop
OWASP Mutillidae II - OWASP Mutillidae II Web Pen-Test Practice Application.
docker pull citizenstig/nowasp
OWASP NodeGoat - An environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
git clone https://github.com/OWASP/NodeGoat.git docker-compose build && docker-compose up
OWASP Railsgoat - A vulnerable version of Rails that follows the OWASP Top 10.
docker pull owasp/railsgoat
OWASP Security Shepherd - A web and mobile application security training platform.
docker pull ismisepaul/securityshepherd
OWASP WebGoat - A deliberately insecure Web Application.
docker pull danmx/docker-owasp-webgoat
OWASP ZAP - Current stable owasp zed attack proxy release in embedded docker container.
docker pull owasp/zap2docker-stable
Security Ninjas - An Open Source Application Security Training Program.
docker pull opendns/security-ninjas
SpamScope - SpamScope (Fast Advanced Spam Analysis Tool) Elasticsearch.
docker pull fmantuano/spamscope-elasticsearch
Vulnerable WordPress Installation - Vulnerable WordPress Installation.
docker pull wpscanteam/vulnerablewordpress
Vulnerability as a service: Heartbleed - Vulnerability as a Service: CVE 2014-0160.
docker pull hmlio/vaas-cve-2014-0160
Vulnerability as a service: Shellshock - Vulnerability as a Service: CVE 2014-6271.
docker pull hmlio/vaas-cve-2014-6271
WPScan - WPScan is a black box WordPress vulnerability scanner.
docker pull wpscanteam/wpscan
- Autopsy - A digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools.
- DFF - A Forensics Framework coming with command line and graphical interfaces. DFF can be used to investigate hard drives and volatile memory and create reports about user and system activities.
- Docker Explorer - A tool to help forensicate offline docker acquisitions.
- Hadoop_framework - A prototype system that uses Hadoop to process hard drive images.
- OSXCollector - A forensic evidence collection & analysis toolkit for OS X.
- Scalpel - An open source data carving tool.
- Shellbags - Investigate NT_USER.dat files.
- SlackPirate - Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace.
- Sleuthkit - A library and collection of command line digital forensics tools.
- Telegram-extractor - Python3 scripts to analyse the data stored in Telegram.
- Truehunter - The goal of Truehunter is to detect encrypted containers using a fast and memory efficient approach without any external dependencies for ease of portability.
- Hunter - A threat hunting / data analysis environment based on Python, Pandas, PySpark and Jupyter Notebook.
- OS X Auditor - OS X Auditor is a free Mac OS X computer forensics tool.
- Windows-event-forwarding - A repository for using windows event forwarding for incident detection and response.
- Rekall - Memory analysis framework developed by Google.
- Volatility - Extract digital artifacts from volatile memory (RAM) samples.
- Android Forensic Toolkit - Allows you to extract SMS records, call history, photos, browsing history, and password from an Android phone.
- Mem - Tool used for dumping memory from Android devices.
- Snoopdroid - Extract packages from an Android device.
- WhatsApp Media Decrypt - Decrypt WhatsApp encrypted media files.
- Dshell - A network forensic analysis framework.
- Dnslog - Minimalistic DNS logging tool.
- Passivedns - A network sniffer that logs all DNS server replies for use in a passive DNS setup.
- Website Evidence Collector - The tool Website Evidence Collector (WEC) automates the website evidence collection of storage and transfer of personal data.
- Diffy - A digital forensics and incident response (DFIR) tool developed by Netflix's Security Intelligence and Response Team (SIRT). Allows a forensic investigator to quickly scope a compromise across cloud instances during an incident, and triage those instances for followup actions.
- HxD - A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size.
- Libfvde <https://github.com/libyal/libfvde> - Library and tools to access FileVault Drive Encryption (FVDE) encrypted volumes.
- Kbd-audio - Tools for capturing and analysing keyboard input paired with microphone capture.
- LimeSDR-Mini - The LimeSDR-Mini board provides a hardware platform for developing and prototyping high-performance and logic-intensive digital and RF designs using Altera’s MAX10 FPGA and Lime Microsystems transceiver.
- NSA-B-GONE - Thinkpad X220 board that disconnects the webcam and microphone data lines.
- Attackintel - A python script to query the MITRE ATT&CK API for tactics, techniques, mitigations, & detection methods for specific threat groups.
- IntelOwl - Analyze files, domains, IPs in multiple ways from a single API at scale.
- Shodan-seeker - Command-line tool using Shodan API. Generates and downloads CSV results, diffing of historic scanning results, alerts and monitoring of specific ports/IPs, etc.
- VIA4CVE - An aggregator of the known vendor vulnerabilities database to support the expansion of information with CVEs.
- Yeti - Your Everyday Threat Intelligence.
- Libdnet - Provides a simplified, portable interface to several low-level networking routines, including network address manipulation, kernel arp cache and route table lookup and manipulation, network firewalling, network interface lookup and manipulation, IP tunnelling, and raw IP packet and Ethernet frame transmission.
- Libsignal-service-java - A Java/Android library for communicating with the Signal messaging service.
- Amodem - Audio MODEM Communication Library in Python.
- Dpkt - Fast, simple packet creation / parsing, with definitions for the basic TCP/IP protocols.
- Pcapy - A Python extension module that interfaces with the libpcap packet capture library. Pcapy enables python scripts to capture packets on the network. Pcapy is highly effective when used in conjunction with a packet-handling package such as Impacket, which is a collection of Python classes for constructing and dissecting network packets.
- PyBFD - Python interface to the GNU Binary File Descriptor (BFD) library.
- Pynids - A python wrapper for libnids, a Network Intrusion Detection System library offering sniffing, IP defragmentation, TCP stream reassembly and TCP port scan detection. Let your own python routines examine network conversations.
- Pypcap - This is a simplified object-oriented Python wrapper for libpcap.
- PyPDF2 - A utility to read and write PDFs with Python.
- Python-ptrace - Python binding of ptrace library.
- RDPY - RDPY is a pure Python implementation of the Microsoft RDP (Remote Desktop Protocol) protocol (client and server side).
- Scapy - A python-based interactive packet manipulation program & library.
- Secureheaders - Security related headers all in one gem.
- Android Tamer - Virtual / Live Platform for Android Security professionals.
- ArchStrike - An Arch Linux repository for security professionals and enthusiasts.
- BackBox - Ubuntu-based distribution for penetration tests and security assessments.
- BlackArch - Arch Linux-based distribution for penetration testers and security researchers.
- BOSSLive - An Indian GNU/Linux distribution developed by CDAC and is customized to suit Indian's digital environment. It supports most of the Indian languages.
- DEFT Linux - Suite dedicated to incident response and digital forensics.
- Fedora Security Lab - A safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies in universities and other organizations.
- Kali - A Linux distribution designed for digital forensics and penetration testing.
- NST - Network Security Toolkit distribution.
- Ophcrack - A free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.
- Parrot - Security GNU/Linux distribution designed with cloud pentesting and IoT security in mind.
- Pentoo - Security-focused livecd based on Gentoo.
- REMnux - Toolkit for assisting malware analysts with reverse-engineering malicious software.
- Androguard - Reverse engineering, Malware and goodware analysis of Android applications.
- Cuckoo Sandbox - An automated dynamic malware analysis system.
- CuckooDroid - Automated Android Malware Analysis with Cuckoo Sandbox.
- DECAF - Short for Dynamic Executable Code Analysis Framework, is a binary analysis platform based on QEMU.
- DroidBox - Dynamic analysis of Android apps.
- Hooker - An opensource project for dynamic analyses of Android applications.
- Jsunpack-n - Emulates browser functionality when visiting a URL.
- LiSa - Sandbox for automated Linux malware analysis.
- Magento-malware-scanner - A collection of rules and samples to detect Magento malware.
- Malzilla - Web pages that contain exploits often use a series of redirects and obfuscated code to make it more difficult for somebody to follow. MalZilla is a useful program for use in exploring malicious pages. It allows you to choose your own user agent and referrer, and has the ability to use proxies. It shows you the full source of webpages and all the HTTP headers. It gives you various decoders to try and deobfuscate javascript aswell.
- Panda - Platform for Architecture-Neutral Dynamic Analysis.
- ProbeDroid - A dynamic binary instrumentation kit targeting on Android(Lollipop) 5.0 and above.
- PyEMU - Fully scriptable IA-32 emulator, useful for malware analysis.
- Pyrebox <https://github.com/Cisco-Talos/pyrebox> _ - Python scriptable Reverse Engineering Sandbox, a Virtual Machine instrumentation and inspection framework based on QEMU.
- Qiling - Advanced Binary Emulation framework.
- Uitkyk - Runtime memory analysis framework to identify Android malware.
- WScript Emulator - Emulator/tracer of the Windows Script Host functionality.
- Basic-auth-pot - HTTP Basic Authentication honeyPot.
- Conpot - ICS/SCADA honeypot.
- Cowrie - SSH honeypot, based on Kippo.
- Elastichoney - A Simple Elasticsearch Honeypot.
- ESPot - An Elasticsearch honeypot written in NodeJS, to capture every attempts to exploit CVE-2014-3120.
- Delilah - An Elasticsearch Honeypot written in Python.
- Dionaea - Honeypot designed to trap malware.
- Glastopf - Web Application Honeypot.
- Glutton - All eating honeypot.
- Honeyd - Create a virtual honeynet.
- HoneyPress - python based WordPress honeypot in a docker container.
- HonnyPotter - A WordPress login honeypot for collection and analysis of failed login attempts.
- HoneyTrap - Advanced Honeypot framework.
- Maildb - Python Web App to Parse and Track Email and http Pcap Files.
- MHN - Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management.
- Mnemosyne - A normalizer for honeypot data; supports Dionaea.
- MongoDB-HoneyProxy - A honeypot proxy for mongodb. When run, this will proxy and log all traffic to a dummy mongodb server.
- MysqlPot - A mysql honeypot, still very very early stage.
- Nodepot - A nodejs web application honeypot.
- NoSQLPot - The NoSQL Honeypot Framework.
- Phoneyc - Pure Python honeyclient implementation.
- Phpmyadmin_honeypot - A simple and effective phpMyAdmin honeypot.
- Servletpot - Web application Honeypot.
- Shadow Daemon - A modular Web Application Firewall / High-Interaction Honeypot for PHP, Perl & Python apps.
- Smart-honeypot - PHP Script demonstrating a smart honey pot.
- SpamScope - Fast Advanced Spam Analysis Tool.
- Thug - Low interaction honeyclient, for investigating malicious websites.
- Wordpot - A WordPress Honeypot.
- Wp-smart-honeypot - WordPress plugin to reduce comment spam with a smarter honeypot.
- MISP Modules - Modules for expansion services, import and export in MISP.
- Passivedns-client - Provides a library and a query tool for querying several passive DNS providers.
- Rt2jira - Convert RT tickets to JIRA tickets.
- Al-khaser - Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
- BASS - BASS Automated Signature Synthesizer.
- CapTipper - A python tool to analyze, explore and revive HTTP malicious traffic.
- CSCGuard - Protects and logs suspicious and malicious usage of .NET CSC.exe and Runtime C# Compilation.
- FakeNet-NG - A next generation dynamic network analysis tool for malware analysts and penetration testers. It is open source and designed for the latest versions of Windows.
- FLARE - A fully customizable, Windows-based security distribution for malware analysis, incident response, penetration testing, etc.
- Grimd - Fast dns proxy that can run anywhere, built to black-hole internet advertisements and malware servers.
- Google-play-crawler - Google-play-crawler is simply Java tool for searching android applications on GooglePlay, and also downloading them.
- Googleplay-api - An unofficial Python API that let you search, browse and download Android apps from Google Play (formerly Android Market).
- Hidden - Windows driver with usermode interface which can hide objects of file-system and registry, protect processes and etc.
- Kraken - Cross-platform Yara scanner written in Go.
- ImaginaryC2 - A python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP server which captures HTTP requests towards selectively chosen domains/IPs. Additionally, the tool aims to make it easy to replay captured Command-and-Control responses/served payloads.
- Irma - IRMA is an asynchronous & customizable analysis system for suspicious files.
- KLara - A project is aimed at helping Threat Intelligence researchers hunt for new malware using Yara.
- Malboxes - Builds malware analysis Windows VMs so that you don't have to.
- Mquery - YARA malware query accelerator (web frontend).
- Node-appland - NodeJS tool to download APKs from appland.
- Node-aptoide - NodeJS to download APKs from aptoide.
- Node-google-play - Call Google Play APIs from Node.
- Pafish - A demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do.
- Android-malware - Collection of android malware samples.
- BlackHole - C# RAT (Remote Administration Tool).
- Carberp - Carberp leaked source code.
- Fancybear - Fancy Bear Source Code.
- LOLBAS - Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts).
- Mirai - Leaked Mirai Source Code for Research/IoC Development Purposes.
- Morris Worm - The original Morris Worm source code.
- TinyNuke - Zeus-style banking trojan.
- Zerokit - Zerokit/GAPZ rootkit (non buildable and only for researching).
- Zeus - Zeus version 2.0.8.9, leaked in 2011.
- Androwarn - Detect and warn the user about potential malicious behaviours developped by an Android application.
- ApkAnalyser - A static, virtual analysis tool for examining and validating the development work of your Android app.
- APKinspector A powerful GUI tool for analysts to analyze the Android applications.
- Argus-SAF - Argus static analysis framework.
- CFGScanDroid - Control Flow Graph Scanning for Android.
- ConDroid - Symbolic/concolic execution of Android apps.
- DroidLegacy - Static analysis scripts.
- Floss - FireEye Labs Obfuscated String Solver. Automatically extract obfuscated strings from malware.
- FSquaDRA - Fast detection of repackaged Android applications based on the comparison of resource files included into the package.
- Inspeckage - Android Package Inspector - dynamic analysis with api hooks, start unexported activities and more.
- Maldrolyzer - Simple framework to extract "actionable" data from Android malware (C&Cs, phone numbers, etc).
- Peepdf - A Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks.
- PEfile - Read and work with Portable Executable (aka PE) files.
- PEview - A quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files.
- Pdfminer - A tool for extracting information from PDF documents.
- PScout - Analyzing the Android Permission Specification.
- Smali-CFGs - Smali Control Flow Graph's.
- SmaliSCA - Smali Static Code Analysis.
- Sysinternals Suite - The Sysinternals Troubleshooting Utilities.
- Yara - Identify and classify malware samples.
- Bro - A powerful network analysis framework that is much different from the typical IDS you may know.
- Fatt - A pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic.
- Nidan - An active network monitor tool.
- Pytbull - A python based flexible IDS/IPS testing framework.
- Sguil - Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil's main component is an intuitive GUI that provides access to realtime events, session data, and raw packet captures.
- DNSChef - DNS proxy for Penetration Testers and Malware Analysts.
- DnsRedir - A small DNS server that will respond to certain queries with addresses provided on the command line.
- Pig - A Linux packet crafting tool.
- Yersinia - A network tool designed to take advantage of some weakeness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems.
- Cloud-pcap - Web PCAP storage and analytics.
- Dnscap - Network capture utility designed specifically for DNS traffic.
- Dripcap - Caffeinated Packet Analyzer.
- Dsniff - A collection of tools for network auditing and pentesting.
- Justniffer - Just A Network TCP Packet Sniffer. Justniffer is a network protocol analyzer that captures network traffic and produces logs in a customized way, can emulate Apache web server log files, track response times and extract all "intercepted" files from the HTTP traffic.
- Moloch - Moloch is a open source large scale full PCAP capturing, indexing and database system.
- Net-creds - Sniffs sensitive data from interface or pcap.
- NetworkMiner - A Network Forensic Analysis Tool (NFAT).
- Netsniff-ng - A Swiss army knife for your daily Linux network plumbing.
- OpenFPC - OpenFPC is a set of scripts that combine to provide a lightweight full-packet network traffic recorder and buffering tool. Its design goal is to allow non-expert users to deploy a distributed network traffic recorder on COTS hardware while integrating into existing alert and log tools.
- Openli - Open Source ETSI compliant Lawful Intercept software.
- PF_RING - PF_RING™ is a Linux kernel module and user-space framework that allows you to process packets at high-rates while providing you a consistent API for packet processing applications.
- Termshark - A terminal UI for tshark, inspired by Wireshark.
- WebPcap - A web-based packet analyzer (client/server architecture). Useful for analyzing distributed applications or embedded devices.
- Wireshark - A free and open-source packet analyzer.
- DHCPig - DHCP exhaustion script written in python using scapy network library.
- LOIC - Low Orbit Ion Cannon - An open source network stress tool, written in C#. Based on Praetox's LOIC project.
- Sockstress - Sockstress (TCP DoS) implementation.
- T50 - The more fast network stress tool.
- Torshammer - Tor's hammer. Slow post DDOS tool written in python.
- UFONet - Abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
- Memcrashed - DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API.
- BeEF - The Browser Exploitation Framework Project.
- Commix - Automated All-in-One OS Command Injection and Exploitation Tool.
- DLLInjector - Inject dlls in processes.
- Drupwn - Drupal enumeration & exploitation tool.
- EfiGuard - Disable PatchGuard and DSE at boot time.
- ExploitPack - Graphical tool for penetration testing with a bunch of exploits.
- Evilgrade - The update explotation framework.
- Fathomless - A collection of different programs for network red teaming.
- Gorsair - Gorsair hacks its way into remote docker containers that expose their APIs.
- Linux Exploit Suggester - Linux Exploit Suggester; based on operating system release number.
- Linux-exploit-suggester - Linux privilege escalation auditing tool.
- Metasploit Framework - Exploitation framework.
- Nessus - Vulnerability, configuration, and compliance assessment.
- Nexpose - Vulnerability Management & Risk Management Software.
- OpenVAS - Open Source vulnerability scanner and manager.
- PowerSploit - A PowerShell Post-Exploitation Framework.
- PSKernel-Primitives - Exploit primitives for PowerShell.
- ROP Gadget - Framework for ROP exploitation.
- Routersploit - Automated penetration testing software for router.
- Rupture - A framework for BREACH and other compression-based crypto attacks.
- SharpShooter - Payload Generation Framework.
- Shellen - Interactive shellcoding environment to easily craft shellcodes.
- Shellsploit - Let's you generate customized shellcodes, backdoors, injectors for various operating system. And let's you obfuscation every byte via encoders.
- SPARTA - Network Infrastructure Penetration Testing Tool.
- Spoodle - A mass subdomain + poodle vulnerability scanner.
- SysWhispers - AV/EDR evasion via direct system calls.
- Unicorn - Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.
- Veil Framework - A tool designed to generate metasploit payloads that bypass common anti-virus solutions.
- Vuls - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go.
- Windows Exploit Suggester - Detects potential missing patches on the target.
- Ysoserial.net - Deserialization payload generator for a variety of .NET formatters.
- Zarp - Network Attack Tool.
- Apache-uaf - Apache use after free bug infos / ASAN stack traces.
- Bluedroid - PoCs of Vulnerabilities on Bluedroid.
- BlueGate - PoC (DoS + scanner) for CVE-2020-0609 & CVE-2020-0610 - RD Gateway RCE.
- Broadpwn - Broadpwn bug (CVE-2017-9417).
- Chakra-2016-11 - Proof-of-Concept exploit for Edge bugs (CVE-2016-7200 & CVE-2016-7201).
- CVE-2018-8120 - CVE-2018-8120.
- CVE-2018-8897 - Implements the POP/MOV SS (CVE-2018-8897) vulnerability by bugchecking the machine (local DoS).
- CVE-2019-6453 - Proof of calc for CVE-2019-6453 (Mirc exploit).
- Desharialize - Easy mode to Exploit CVE-2019-0604 (Sharepoint XML Deserialization Unauthenticated RCE).
- ES File Explorer Open Port Vulnerability - ES File Explorer Open Port Vulnerability - CVE-2019-6447.
- HolicPOC - CVE-2015-2546, CVE-2016-0165, CVE-2016-0167, CVE-2017-0101, CVE-2017-0263, CVE-2018-8120.
- Jira-Scan - Jira scanner for CVE-2017-9506.
- Kernel Exploits - Various kernel exploits.
- Qemu-vm-escape - This is an exploit for CVE-2019-6778, a heap buffer overflow in slirp:tcp_emu().
- MS17-010 - Exploits for MS17-010.
- Ruby-advisory-db - A database of vulnerable Ruby Gems.
- The Exploit Database - The official Exploit Database repository.
- XiphosResearch Exploits - Miscellaneous proof of concept exploit code written at Xiphos Research for testing purposes.
- Bundler-audit - Patch-level verification for Bundler.
- Commando-vm - Complete Mandiant Offensive VM (Commando VM), the first full Windows-based penetration testing virtual machine distribution. The security community recognizes Kali Linux as the go-to penetration testing platform for those that prefer Linux. Commando VM is for penetration testers that prefer Windows.
- Dnsenum - A perl script that enumerates DNS information.
- Dnsmap - Passive DNS network mapper.
- Dnsrecon - DNS Enumeration Script.
- EyeWitness - EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
- Knock - A python tool designed to enumerate subdomains on a target domain through a wordlist.
- IVRE - An open-source framework for network recon. It relies on open-source well-known tools to gather data (network intelligence), stores it in a database, and provides tools to analyze it.
- Operative-framework - This is a framework based on fingerprint action, this tool is used for get information on a website or a enterprise target with multiple modules (Viadeo search,Linkedin search, Reverse email whois, Reverse ip whois, SQL file forensics ...).
- Recon-ng - A full-featured Web Reconnaissance framework written in Python.
- SPartan - Frontpage and Sharepoint fingerprinting and attack tool.
- Sparty - MS Sharepoint and Frontpage Auditing Tool.
- SMBMap - A handy SMB enumeration tool.
- SSLMap - TLS/SSL cipher suite scanner.
- Subbrute - A DNS meta-query spider that enumerates DNS records, and subdomains.
- SubFinder - A subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
- SubQuest - Fast, Elegant subdomain scanner using nodejs.
- TruffleHog - Searches through git repositories for high entropy strings, digging deep into commit history.
- URLextractor - Information gathering & website reconnaissance.
- VHostScan - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
- Wmap - Information gathering for web hacking.
- XRay - A tool for recon, mapping and OSINT gathering from public networks.
- AndroFuzz - A fuzzing utility for Android that focuses on reporting and delivery portions of the fuzzing process.
- Construct - Declarative data structures for python that allow symmetric parsing and building.
- Deepstate - A unit test-like interface for fuzzing and symbolic execution.
- Eclipser - Grey-box Concolic Testing on Binary Code.
- Fusil - A Python library used to write fuzzing programs. It helps to start process with a prepared environment (limit memory, environment variables, redirect stdout, etc.), start network client or server, and create mangled files.
- Fuzzbox - A multi-codec media fuzzing tool.
- Fuzzlyn - Fuzzer for the .NET toolchains, utilizes Roslyn to generate random C# programs.
- Honggfuzz - Security oriented fuzzer with powerful analysis options. Supports evolutionary, feedback-driven fuzzing based on code coverage (sw and hw).
- Melkor-android - An Android port of the melkor ELF fuzzer.
- MFFA - Media Fuzzing Framework for Android.
- Netzob - Netzob is an opensource tool for reverse engineering, traffic generation and fuzzing of communication protocols.
- Python-AFL - American fuzzy lop fork server and instrumentation for pure-Python code.
- Radamsa-android - An Android port of radamsa fuzzer.
- Razzer - A Kernel fuzzer focusing on race bugs.
- RPCForge - Windows RPC Python fuzzer.
- Retrowrite - Retrofitting compiler passes though binary rewriting.
- SecLists - A collection of multiple types of lists used during security assessments.
- Sienna-locomotive - A user-friendly fuzzing and crash triage tool for Windows.
- Sulley - Fuzzer development and fuzz testing framework consisting of multiple extensible components.
- TAOF - The Art of Fuzzing, including ProxyFuzz, a man-in-the-middle non-deterministic network fuzzer.
- Winafl - A fork of AFL for fuzzing Windows binaries.
- Windows IPC Fuzzing Tools - A collection of tools used to attack applications that use Windows Interprocess Communication mechanisms.
- Zulu - A fuzzer designed for rapid prototyping that normally happens on a client engagement where something needs to be fuzzed within tight timescales.
- AFE - Android Framework for Exploitation, is a framework for exploiting android based devices.
- AndroBugs - An efficient Android vulnerability scanner that helps developers or hackers find potential security vulnerabilities in Android applications.
- Android-vts - Android Vulnerability Test Suite - In the spirit of open data collection, and with the help of the community, let's take a pulse on the state of Android security.
- Androl4b - A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis.
- CobraDroid - A custom build of the Android operating system geared specifically for application security analysts and for individuals dealing with mobile malware.
- Drozer - The Leading Security Assessment Framework for Android.
- Idb - A tool to simplify some common tasks for iOS pentesting and research.
- Introspy-iOS - Security profiling for blackbox iOS.
- Keychain-Dumper - A tool to check which keychain items are available to an attacker once an iOS device has been jailbroken.
- JAADAS - Joint Advanced Defect assEsment for android applications.
- Mobile Security Framework - An intelligent, all-in-one open source mobile application (Android/iOS/Windows) automated pen-testing framework capable of performing static, dynamic analysis and web API testing.
- QARK - QARK by LinkedIn is for app developers to scan app for security issues.
- Dnsspoof - DNS spoofer. Drops DNS responses from the router and replaces it with the spoofed DNS response.
- Ettercap - A comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.
- Bettercap - A powerful, flexible and portable tool created to perform various types of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sniff for credentials and much more.
- Caplets - Bettercap scripts (caplets) and proxy modules.
- Mallory - An extensible TCP/UDP man in the middle proxy that is designed to be run as a gateway. Unlike other tools of its kind, Mallory supports modifying non-standard protocols on the fly.
- MITMf - Framework for Man-In-The-Middle attacks.
- Mitmproxy - An interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface.
- Mitmsocks4j - Man in the Middle SOCKS Proxy for JAVA.
- Nogotofail - An on-path blackbox network traffic security testing tool.
- Responder - A LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
- Ssh-mitm - An SSH/SFTP man-in-the-middle tool that logs interactive sessions and passwords.
- BozoCrack - A silly & effective MD5 cracker in Ruby.
- Common-substr - Simple awk script to extract the most common substrings from an input text. Built for password cracking.
- HashCat - World's fastest and most advanced password recovery utility.
- Hashcrack - Guesses hash types, picks some sensible dictionaries and rules for hashcat.
- Hob0Rules - Password cracking rules for Hashcat based on statistics and industry patterns.
- John the Ripper - A fast password cracker.
- NPK - A mostly-serverless distributed hash cracking platform.
- Patator - Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
- THC-Hydra - A very fast network logon cracker which support many different services.
- Angry IP Scanner - Fast and friendly network scanner.
- Evilscan - NodeJS Simple Network Scanner.
- Flan - A pretty sweet vulnerability scanner.
- Masscan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
- Nmap - Free Security Scanner For Network Exploration & Security Audits.
- Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
- Zmap - An open-source network scanner that enables researchers to easily perform Internet-wide network studies.
- Backdoorme - Powerful auto-backdooring utility.
- Covenant - Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers.
- CrackMapExec - A post-exploitation tool that helps automate assessing the security of large Active Directory networks.
- CredCrack - A fast and stealthy credential harvester.
- Creddump - Dump windows credentials.
- DBC2 - DropboxC2 is a modular post-exploitation tool, composed of an agent running on the victim's machine, a controler, running on any machine, powershell modules, and Dropbox servers as a means of communication.
- DET - (extensible) Data Exfiltration Toolkit (DET).
- DNSlivery - Easy files and payloads delivery over DNS.
- Dnsteal - DNS Exfiltration tool for stealthily sending files over DNS requests.
- Empire - Empire is a pure PowerShell post-exploitation agent.
- Enumdb - MySQL and MSSQL brute force and post exploitation tool to search through databases and extract sensitive information.
- EvilOSX - A pure python, post-exploitation, RAT (Remote Administration Tool) for macOS / OSX.
- Fireaway - Next Generation Firewall Audit and Bypass Tool.
- FruityC2 - A post-exploitation (and open source) framework based on the deployment of agents on compromised machines. Agents are managed from a web interface under the control of an operator.
- GetVulnerableGPO - PowerShell script to find 'vulnerable' security-related GPOs that should be hardended.
- Iodine - Lets you tunnel IPv4 data through a DNS server.
- Koadic - Koadic C3 COM Command & Control - JScript RAT.
- Mallory - HTTP/HTTPS proxy over SSH.
- Mimikatz - A little tool to play with Windows security.
- Mimikittenz - A post-exploitation powershell tool for extracting juicy info from memory.
- NoPowerShell - PowerShell rebuilt in C# for Red Teaming purposes.
- Orc - A post-exploitation framework for Linux written in Bash.
- P0wnedShell - PowerShell Runspace Post Exploitation Toolkit.
- ProcessHider - Post-exploitation tool for hiding processes from monitoring applications.
- PowerOPS - PowerShell Runspace Portable Post Exploitation Tool aimed at making Penetration Testing with PowerShell "easier".
- Poet - Post-exploitation tool.
- Pupy - An opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python.
- Pwnat - Punches holes in firewalls and NATs allowing any numbers of clients behind NATs to directly connect to a server behind a different NAT.
- Pypykatz - Mimikatz implementation in pure Python.
- RemoteRecon - Remote Recon and Collection.
- RottenPotatoNG - New version of RottenPotato as a C++ DLL and standalone C++ binary - no need for meterpreter or other tools.
- SafetyKatz - SafetyKatz is a combination of slightly modified version of @gentilkiwi's Mimikatz project and @subTee's .NET PE Load.
- SpYDyishai - A Gmail credential harvester.
- Tgcd - A simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.
- TheFatRat - An easy tool to generate backdoor with msfvenom (a part from metasploit framework). This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV software protection.
- Weasel - DNS covert channel implant for Red Teams.
- WCE - Windows Credentials Editor (WCE) is a security tool to list logon sessions and add, change, list and delete associated credentials.
- Cartography - A Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view powered by a Neo4j database.
- DefectDojo - An open-source application vulnerability correlation and security orchestration tool.
- Dradis - Colllaboration and reporting for IT Security teams.
- Faraday - Collaborative Penetration Test and Vulnerability Management Platform.
- Sslstrip - A demonstration of the HTTPS stripping attacks.
- Sslstrip2 - SSLStrip version to defeat HSTS.
- SSLyze - SSL configuration scanner.
- Tls_prober - Fingerprint a server's SSL/TLS implementation.
- Android-InsecureBankv2 - Vulnerable Android application for developers and security enthusiasts to learn about Android insecurities.
- Don't Panic - Training linux bind shell with anti-reverse engineering techniques.
- DVWA - Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable.
- DVCP-TE - Damn Vulnerable Chemical Process - Tennessee Eastman.
- DVWS - Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication.
- Hackazon - A modern vulnerable web app.
- OWASP Juice Shop - An intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws.
- OWASP NodeGoat - An environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
- OWASP Railsgoat - A vulnerable version of Rails that follows the OWASP Top 10.
- OWASP Security Shepherd - A web and mobile application security training platform.
- OWASP WebGoat - A deliberately insecure Web Application.
- RopeyTasks - Deliberately vulnerable web application.
- Sqli-labs - SQLI labs to test error based, Blind boolean based, Time based.
- Sadcloud - A tool for standing up (and tearing down!) purposefully insecure cloud infrastructure.
- `Xvwa <https://github.com/s4n7h0/xvwa`_ - XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.
- WackoPicko - A vulnerable web application used to test web application vulnerability scanners.
- Arachni - Web Application Security Scanner Framework.
- Argumentinjectionhammer - A Burp Extension designed to identify argument injection vulnerabilities.
- BlindElephant - Web Application Fingerprinter.
- Brosec - An interactive reference tool to help security professionals utilize useful payloads and commands.
- Burp Suite - An integrated platform for performing security testing of web applications.
- CloudScraper - Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
- Cms-explorer - CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.
- Dvcs-ripper - Rip web accessible (distributed) version control systems.
- Fimap - Find, prepare, audit, exploit and even google automatically for LFI/RFI bugs.
- Gobuster - Directory/file & DNS busting tool written in Go.
- Jok3r - Network and Web Pentest Framework.
- Joomscan - Joomla CMS scanner.
- Kadabra - Automatic LFI Exploiter and Scanner, written in C++ and a couple extern module in Python.
- Kadimus - LFI scan and exploit tool.
- Liffy - LFI exploitation tool.
- LinkFinder - A python script that finds endpoints in JavaScript files.
- Netsparker - Web Application Security Scanner.
- Nikto2 - Web application vulnerability scanner.
- NoSQLMap - Automated Mongo database and NoSQL web application exploitation tool.
- OWASP Xenotix - XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework.
- Paros - A Java based HTTP/HTTPS proxy for assessing web application vulnerability.
- PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF.
- Ratproxy - A semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems.
- Relative-url-extractor - A small tool that extracts relative URLs from a file.
- Scout2 - Security auditing tool for AWS environments.
- Skipfish - An active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes.
- SQLMap - Automatic SQL injection and database takeover tool.
- SQLNinja - SQL Server injection & takeover tool.
- TPLMap - Automatic Server-Side Template Injection Detection and Exploitation Tool.
- Tracy - A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.
- Yasuo - A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network.
- W3af - Web application attack and audit framework.
- Wapiti - Web application vulnerability scanner.
- Wappalyzer - Cross-platform utility that uncovers the technologies used on websites.
- Weevely3 - Weaponized web shell.
- Wfuzz - Web application fuzzer.
- WhatWeb - Website Fingerprinter.
- Wordpress Exploit Framework - A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
- WPScan - WPScan is a black box WordPress vulnerability scanner.
- WPSploit - Exploiting Wordpress With Metasploit.
- WS-Attacker - A modular framework for web services penetration testing.
- XSS-keylogger - A keystroke logger to exploit XSS vulnerabilities in a site.
- XSS-payload-list- XSS Payload list.
- Zed Attack Proxy (ZAP) - The OWASP ZAP core project.
- Aircrack-ng - An 802.11 WEP and WPA-PSK keys cracking program.
- Airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
- Kismet - Wireless network detector, sniffer, and IDS.
- Krackattacks-scripts - Scripts to test if clients or access points (APs) are affected by the KRACK attack against WPA2.
- LANs.py - Inject code, jam wifi, and spy on wifi users.
- Mass-deauth - A script for 802.11 mass-deauthentication.
- Reaver - Brute force attack against Wifi Protected Setup.
- Wifikill - A python program to kick people off of wifi.
- Wifijammer - Continuously jam all wifi clients/routers.
- Wifite - Automated wireless attack tool.
- Wifiphisher - Automated phishing attacks against Wi-Fi networks.
- Aws-nuke - Nuke a whole AWS account and delete all its resources.
- Azucar - Security auditing tool for Azure environments.
- CloudMapper - CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
- Hammer - Dow Jones Hammer : Protect the cloud with the power of the cloud(AWS).
- Parliament - An AWS IAM linting library. It reviews policies looking for problems.
- Security Monkey - Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
- AIDE - Advanced Intrusion Detection Environment is a file and directory integrity checker.
- Duckhunt - Prevent RubberDucky (or other keystroke injection) attacks.
- Hardentools - A utility that disables a number of risky Windows features.
- Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
- Osx-config-check - Verify the configuration of your OS X machine.
- Xnumon - Monitor macOS for malicious activity.
- Miteru - An experimental phishing kit detection tool.
- StreamingPhish - Python-based utility that uses supervised machine learning to detect phishing domains from the Certificate Transparency log network.
- Git-crypt - Transparent file encryption in git.
- GoSecure - An easy to use and portable Virtual Private Network (VPN) system built with Linux and a Raspberry Pi.
- I2P - The Invisible Internet Project.
- Nipe - A script to make Tor Network your default gateway.
- SecureDrop - Open-source whistleblower submission system that media organizations can use to securely accept documents from and communicate with anonymous sources.
- Tor - The free software for enabling onion routing online anonymity.
- Toriptables2 - A python script alternative to Nipe. Makes Tor Network your default gateway.
- WebXray - A tool for analyzing third-party content on webpages and identifying the companies which collect user data.
- AndBug - A debugger targeting the Android platform's Dalvik virtual machine intended for reverse engineers and developers.
- Angr - A platform-agnostic binary analysis framework developed by the Computer Security Lab at UC Santa Barbara and their associated CTF team, Shellphish.
- Apk2Gold - Yet another Android decompiler.
- ApkTool - A tool for reverse engineering Android apk files.
- B2R2 - A collection of useful algorithms, functions, and tools for binary analysis.
- Barf - Binary Analysis and Reverse engineering Framework.
- Binaryanalysis-ng - Binary Analysis Next Generation is a framework for unpacking files (like firmware) recursively and running checks on the unpacked files. Its intended use is to be able to find out the provenance of the unpacked files and classify/label files, making them available for further analysis.
- BinText - A small, very fast and powerful text extractor.
- BinWalk - Analyze, reverse engineer, and extract firmware images.
- Boomerang - Decompile x86/SPARC/PowerPC/ST-20 binaries to C.
- Bytecode-viewer - A Java 8 Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More).
- Bytecode_graph - Module designed to modify Python bytecode. Allows instructions to be added or removed from a Python bytecode string.
- Capstone - Lightweight multi-platform, multi-architecture disassembly framework with Python bindings.
- CHIPSEC - Platform Security Assessment Framework.
- Coda - Coredump analyzer.
- Ctf_import – Run basic functions from stripped binaries cross platform.
- Edb - A cross platform x86/x86-64 debugger.
- Dex2jar - Tools to work with android .dex and java .class files.
- Distorm - Powerful Disassembler Library For x86/AMD64.
- DotPeek - A free-of-charge .NET decompiler from JetBrains.
- Dwarf - A gui for mobile reverse engineers, crackers and security analyst. Or damn, what a reversed fluffy or yet, duck warrios are rich as fuck. Whatever you like! Built on top of pyqt5, frida and some terrible code.
- Enjarify - A tool for translating Dalvik bytecode to equivalent Java bytecode. This allows Java analysis tools to analyze Android applications.
- Fibratus - Tool for exploration and tracing of the Windows kernel.
- Fino - An Android Dynamic Analysis Tool.
- Flare-ida - IDA Pro utilities from FLARE team.
- Frida - Inject JavaScript to explore native apps on Windows, macOS, Linux, iOS, Android, and QNX.
- Gdb-dashboard - Modular visual interface for GDB in Python.
- GEF - Multi-Architecture GDB Enhanced Features for Exploiters & Reverse-Engineers.
- Ghidra - A software reverse engineering (SRE) framework.
- Heap-viewer - An IDA Pro plugin to examine the glibc heap, focused on exploit development.
- Hopper - A OS X and Linux Disassembler/Decompiler for 32/64 bit Windows/Mac/Linux/iOS executables.
- Idaemu - Is an IDA Pro Plugin, use for emulating code in IDA Pro.
- IDA Free - The freeware version of IDA.
- IDA Patcher - IDA Patcher is a plugin for Hex-Ray's IDA Pro disassembler designed to enhance IDA's ability to patch binary files and memory.
- IDA Pomidor - IDA Pomidor is a plugin for Hex-Ray's IDA Pro disassembler that will help you retain concentration and productivity during long reversing sessions.
- IDA Pro - A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger.
- IDA Sploiter - IDA Sploiter is a plugin for Hex-Ray's IDA Pro disassembler designed to enhance IDA's capabilities as an exploit development and vulnerability research tool.
- IDAPython - An IDA plugin which makes it possible to write scripts for IDA in the Python programming language.
- IDAwasm - IDA Pro loader and processor modules for WebAssembly.
- Immunity Debugger - A powerful new way to write exploits and analyze malware.
- JAD - JAD Java Decompiler.
- Jadx - Decompile Android files.
- JD-GUI - Aims to develop tools in order to decompile and analyze Java 5 “byte code” and the later versions.
- Keystone Engine - A lightweight multi-platform, multi-architecture assembler framework.
- Krakatau - Java decompiler, assembler, and disassembler.
- Manticore - Prototyping tool for dynamic binary analysis, with support for symbolic execution, taint analysis, and binary instrumentation.
- Levitate - Reverse Engineering and Static Malware Analysis Platform.
- MARA Framework - A Mobile Application Reverse engineering and Analysis Framework.
- Medusa - A disassembler designed to be both modular and interactive.
- MegaDumper - Dump native and .NET assemblies.
- Minhook - The Minimalistic x86/x64 API Hooking Library for Windows.
- Mona.py - PyCommand for Immunity Debugger that replaces and improves on pvefindaddr.
- OllyDbg - An x86 debugger that emphasizes binary code analysis.
- Paimei - Reverse engineering framework, includes PyDBG, PIDA, pGRAPH.
- PEDA - Python Exploit Development Assistance for GDB.
- Pigaios - A tool for matching and diffing source codes directly against binaries.
- Plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
- Procyon - A modern open-source Java decompiler.
- Protobuf-inspector - Tool to reverse-engineer Protocol Buffers with unknown definition.
- Pyew - Command line hexadecimal editor and disassembler, mainly to analyze malware.
- Qira - QEMU Interactive Runtime Analyser.
- R2MSDN - R2 plugin to add MSDN documentation URLs and parameter names to imported function calls.
- RABCDAsm - Robust ABC (ActionScript Bytecode) [Dis-]Assembler.
- Radare2 - Opensource, crossplatform reverse engineering framework.
- Radare2-bindings - Bindings of the r2 api for Valabind and friends.
- Redexer - A reengineering tool that manipulates Android app binaries.
- ScratchABit - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API.
- Shed - .NET runtime inspector.
- Simplify - Generic Android Deobfuscator.
- Smali - Smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation.
- Swiffas - SWF parser and AVM2 (Actionscript 3) bytecode parser.
- Swift-frida - Frida library for interacting with Swift programs.
- Toolbag - The IDA Toolbag is a plugin providing supplemental functionality to Hex-Rays IDA Pro disassembler.
- uEmu - Tiny cute emulator plugin for IDA based on unicorn.
- Ufgraph - A simple script which parses the output of the uf (un-assemble function) command in windbg and uses graphviz to generate a control flow graph as a PNG/SVG/PDF/GIF (see -of option) and displays it.
- Uncompyle - Decompile Python 2.7 binaries (.pyc).
- Unicorn Engine - A lightweight, multi-platform, multi-architecture CPU emulator framework based on QEMU.
- Voltron - An extensible debugger UI toolkit written in Python. It aims to improve the user experience of various debuggers (LLDB, GDB, VDB and WinDbg) by enabling the attachment of utility views that can retrieve and display data from the debugger host.
- WinDbg - Windows Driver Kit and WinDbg.
- WinHex - A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security.
- Unlinker - Unlinker is a tool that can rip functions out of Visual C++ compiled binaries and produce Visual C++ COFF object files.
- UPX - The Ultimate Packer for eXecutables.
- X64_dbg - An open-source x64/x32 debugger for windows.
- Xxxswf - A Python script for analyzing Flash files.
- YaCo - An Hex-Rays IDA plugin. When enabled, multiple users can work simultaneously on the same binary. Any modification done by any user is synchronized through git version control.
- SET - The Social-Engineer Toolkit from TrustedSec.
- Creepy - A geolocation OSINT tool.
- Datasploit - A tool to perform various OSINT techniques, aggregate all the raw data, visualise it on a dashboard, and facilitate alerting and monitoring on the data.
- Email-enum - Searches mainstream websites and tells you if an email is registered.
- Github-dorks - CLI tool to scan github repos/organizations for potential sensitive information leak.
- Maltego - Proprietary software for open source intelligence and forensics, from Paterva.
- Metagoofil - Metadata harvester.
- TheHarvester - E-mail, subdomain and people names harvester.
- TTSL - Tool to scrape LinkedIn.
- Blackeye - The most complete Phishing Tool, with 32 templates +1 customizable.
- CredSniper - A phishing framework written with the Python micro-framework Flask and Jinja2 templating which supports capturing 2FA tokens.
- FiercePhish - A full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.
- GoPhish - Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.
- Modlishka - Reverse Proxy. Phishing NG.
- Phishing-frenzy - Ruby on Rails Phishing Framework.
- Pompa - Fully-featured spear-phishing toolkit - web front-end.
- Whatsapp-phishing - Proof of principle code for running a phishing attack against the official Whatsapp Web client.
- Voipwardialer - A Voip Wardialer for the phreaking of 2020.