A list of great resources for pentesting and similars. The resources marked with the symbol [+] are installed in Kali and Parrot OS by default
I will keep updated the project with new tools or changes.
- wfuzz --> https://github.com/xmendez/wfuzz [+]
- gobuster --> https://github.com/OJ/gobuster [+]
- dirbuster --> (It haven't a repository) [+]
- Amass --> https://github.com/OWASP/Amass [-]
- dirb --> (It haven't a repository) [+]
- feroxbuster --> https://github.com/epi052/feroxbuster [-]
- ffuz --> https://github.com/ffuf/ffuf [-]
- sublist3r --> https://github.com/aboul3la/Sublist3r [-]
- dig --> https://github.com/polarityio/dig [+]
-
nmap --> https://github.com/nmap/nmap [+]
-
masscan --> https://github.com/robertdavidgraham/masscan [+]
-
smbmap --> https://github.com/ShawnDEvans/smbmap [+]
-
enum4linux --> https://github.com/CiscoCXSecurity/enum4linux [+]
-
rpcenum --> https://github.com/s4vitar/rpcenum [-]
-
rpcclient --> https://www.samba.org/samba/docs/current/man-html/rpcclient.1.html [+]
-
WhatWaf --> https://github.com/Ekultek/WhatWaf [-]
-
whatw00f --> https://github.com/EnableSecurity/wafw00f [-]
- crackmapexec --> https://github.com/byt3bl33d3r/CrackMapExec [-]
- Rubeus --> https://github.com/GhostPack/Rubeus [-]
- netcat --> (It haven't a repository) [+]
- sqlmap --> https://github.com/sqlmapproject/sqlmap [+]
- nishang --> https://github.com/samratashok/nishang [-]
- snmpwalk --> https://github.com/etingof/snmpclitools [+]
- WhatWeb --> https://github.com/urbanadventurer/WhatWeb [+]
- Wappalyzer --> (You can find it as a Mozilla extension) [-]
- wpscan --> https://github.com/wpscanteam/wpscan [+]
- WPSeku --> https://github.com/Redshoee/WPSeku [-]
- joomscan --> https://github.com/OWASP/joomscan [-]
- mimikatz --> https://github.com/gentilkiwi/mimikatz [+]
- kerbrute --> https://github.com/ropnop/kerbrute [-]
- impacket --> https://github.com/SecureAuthCorp/impacket/ [+] (And all the tools such as secretsdump or responder)
- ldapdomaindump --> https://github.com/dirkjanm/ldapdomaindump [+]
- Responder --> https://github.com/lgandx/Responder [+]
- evil-winrm --> https://github.com/Hackplayers/evil-winrm [-]
- BloodHound --> https://github.com/BloodHoundAD/BloodHound [+]
- ldapsearch --> (It haven't a repository) [+]
- neo4j --> https://github.com/neo4j/neo4j [+]
- SharpHound --> https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors [-]
- PowerSploit --> https://github.com/PowerShellMafia/PowerSploit [-]
- Burp Suite --> https://portswigger.net/burp [+]
- kiterunner --> https://github.com/assetnote/kiterunner [-]
- xsshunter --> https://xsshunter.com/ [-]
- PEASS-ng --> https://github.com/carlospolop/PEASS-ng [-]
- Windows-Exploit-Suggester --> https://github.com/AonCyberLabs/Windows-Exploit-Suggester [-]
- CapProcess --> https://github.com/D3Ext/CapProcess [-]
- GTFOBins --> https://gtfobins.github.io/ [-]
- juicy-potato --> https://github.com/ohpe/juicy-potato [-]
- pspy --> https://github.com/DominicBreuker/pspy [-]
- JAWS --> https://github.com/411Hall/JAWS [-]
- BeRoot --> https://github.com/AlessandroZ/BeRoot [-]
- socat --> https://github.com/aledbf/socat-static-binary [+]
- proxychains --> https://github.com/haad/proxychains [+]
- chisel --> https://github.com/jpillora/chisel [-]
- Precompiled-Binaries --> https://github.com/andrew-d/static-binaries/tree/master/binaries [-]
- searchsploit --> https://github.com/offensive-security/exploitdb [-]
- metasploit --> https://www.metasploit.com/ (Not allowed in the OSCP) [+]
- msfvenom --> https://www.offensive-security.com/metasploit-unleashed/msfvenom/ [+]
- Ebowla --> https://github.com/Genetic-Malware/Ebowla [-]
- bin-sploits --> https://github.com/offensive-security/exploitdb-bin-sploits [+]
- eternalblue --> https://github.com/worawit/MS17-010 [-]
- heartbleed --> https://github.com/sensepost/heartbleed-poc [-]
- dirtycow --> https://dirtycow.ninja/ [-]
- shellshock --> https://github.com/opsxcq/exploit-CVE-2014-6271 [-]
- printnightmare --> https://github.com/calebstewart/CVE-2021-1675 [-]
- Log4j --> https://github.com/adilsoybali/Log4j-RCE-Scanner [-]
- john --> https://github.com/openwall/john [+] --> (And john variants like ssh2john or zip2john...)
- hashcat --> https://github.com/hashcat/hashcat [+]
- hash-identifier --> https://github.com/blackploit/hash-identifier [+]
- HashID --> https://github.com/psypanda/hashID [+]
- Crackstation --> https://crackstation.net/ [-]
- aircrack-ng --> https://github.com/aircrack-ng/aircrack-ng [+]
- Wireshark --> https://github.com/wireshark/wireshark [+]
- wifite2 --> https://github.com/derv82/wifite2 [+]
- macchanger --> (It havent a repository) [+]
- bettercap --> https://github.com/bettercap/bettercap [+]
- Pyrit --> https://github.com/JPaulMora/Pyrit [-]
- Evil-Trust --> https://github.com/s4vitar/evilTrust [-]
- exiftool --> https://github.com/exiftool/exiftool [+]
- brakeman --> https://github.com/presidentbeef/brakeman [-]
- radare2 --> https://github.com/radareorg/radare2 [-]
- gdb --> https://github.com/cs01/gdbgui [+]
- gef --> https://github.com/hugsy/gef [-] (It's a gdb extension))
- peda --> https://github.com/longld/peda [-]
- ghydra --> https://github.com/NationalSecurityAgency/ghidra/ [-]
- ropper --> https://github.com/sashs/Ropper [-]
- InmunityDebugger --> https://www.immunityinc.com/products/debugger/ [-]
- mona --> https://github.com/corelan/mona [-]
- odat --> https://github.com/quentinhardy/odat [-]
- cewl --> https://github.com/digininja/CeWL [+]
- rlwrap --> https://github.com/hanslub42/rlwrap [-]
- ModHeader --> (You can find it as a Mozilla extension) [-]
- enyx --> https://github.com/trickster0/Enyx [-]
- webshell --> https://gist.github.com/joswr1ght/22f40787de19d80d110b37fb79ac3985 [-]
- PRET --> https://github.com/RUB-NDS/PRET [-]
- kbd-audio --> https://github.com/ggerganov/kbd-audio [-]
- swaks --> https://github.com/jetmore/swaks [+]
- wabt --> https://github.com/WebAssembly/wabt [-]
- IOXIDResolver --> https://github.com/mubix/IOXIDResolver [-]
- SprayingToolkit --> https://github.com/byt3bl33d3r/SprayingToolkit [-]
- Reverse-Shells
- PayloadsAllTheThings
- Wrappers
- ExploitDB
- HackTricks
- Buffer-Overflow
- Wifi-Cheat-Sheet
- CVE
- AppLockerByPass
- SecLists
- HackingDream
- MalwareSourceCode
- Pivoting-Cheat-Sheet
- HackTheBox-Writeups
- ViewDns
Always try to search in internet for potential vulnerabilities, default credentials and things you don't know about