{"id":25804790,"url":"https://github.com/yogsec/hacking-tools","last_synced_at":"2026-03-05T13:02:28.586Z","repository":{"id":277309359,"uuid":"932010353","full_name":"yogsec/Hacking-Tools","owner":"yogsec","description":"A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.","archived":false,"fork":false,"pushed_at":"2026-01-25T10:38:41.000Z","size":66,"stargazers_count":502,"open_issues_count":3,"forks_count":108,"subscribers_count":5,"default_branch":"main","last_synced_at":"2026-01-25T21:29:53.494Z","etag":null,"topics":["blue-team","bug-bounty-tools","bugbounty","bugbountytips","cybersecurity","ethical-hacking-tools","exploit","forensics","hackers","hacking","hacking-tools","kali-linux","linux-tools","penetration-testing","penetration-testing-tools","red-team","reverse-engineering","vulnerability","web-security"],"latest_commit_sha":null,"homepage":"https://linktr.ee/yogsec","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yogsec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["yogsec"],"patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"lfx_crowdfunding":null,"polar":null,"buy_me_a_coffee":null,"thanks_dev":null,"custom":null}},"created_at":"2025-02-13T08:09:05.000Z","updated_at":"2026-01-25T10:38:44.000Z","dependencies_parsed_at":"2025-03-31T20:31:20.049Z","dependency_job_id":"6be53e82-1c9f-437d-92c7-051af860b9a2","html_url":"https://github.com/yogsec/Hacking-Tools","commit_stats":null,"previous_names":["yogsec/hacking-tools"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/yogsec/Hacking-Tools","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yogsec%2FHacking-Tools","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yogsec%2FHacking-Tools/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yogsec%2FHacking-Tools/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yogsec%2FHacking-Tools/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yogsec","download_url":"https://codeload.github.com/yogsec/Hacking-Tools/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yogsec%2FHacking-Tools/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30127217,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-05T12:40:50.676Z","status":"ssl_error","status_checked_at":"2026-03-05T12:39:32.209Z","response_time":93,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blue-team","bug-bounty-tools","bugbounty","bugbountytips","cybersecurity","ethical-hacking-tools","exploit","forensics","hackers","hacking","hacking-tools","kali-linux","linux-tools","penetration-testing","penetration-testing-tools","red-team","reverse-engineering","vulnerability","web-security"],"created_at":"2025-02-27T18:53:50.751Z","updated_at":"2026-03-05T13:02:28.575Z","avatar_url":"https://github.com/yogsec.png","language":null,"funding_links":["https://github.com/sponsors/yogsec","https://ko-fi.com/W7W116EDDL"],"categories":[],"sub_categories":[],"readme":"# Hacking-Tools\n\u003cdiv align=\"center\" style=\"margin: 30px 0;\"\u003e\nA curated list of penetration testing and ethical hacking tools, organized by category. This collection includes Kali Linux tools and other notable utilities.\n\u003c/br\u003e\n\n![Hacking Anime](https://media0.giphy.com/media/v1.Y2lkPTc5MGI3NjExdHJjMXpvb2hkdXJvN2Y3cmllNG81YXNsem90ejhwY2NqbXB5OXgzaiZlcD12MV9pbnRlcm5hbF9naWZfYnlfaWQmY3Q9Zw/137EaR4vAOCn1S/giphy.gif)\n\u003c/div\u003e\n\u003cbr\u003e\n\n\u003cdiv align=\"center\" style=\"margin: 30px 0;\"\u003e\n  \n  \u003ca href=\"https://www.linkedin.com/in/privacy-checker/\"\u003e\n    \u003cimg src=\"https://img.shields.io/static/v1?style=for-the-badge\u0026message=LinkedIn\u0026color=0A66C2\u0026logo=LinkedIn\u0026logoColor=FFFFFF\u0026label=\" alt=\"LinkedIn\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://linktr.ee/yogsec\"\u003e\n    \u003cimg src=\"https://img.shields.io/static/v1?style=for-the-badge\u0026message=LinkTree\u0026color=25D366\u0026logo=linktree\u0026logoColor=FFFFFF\u0026label=\" alt=\"LinkTree\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://x.com/yogsec\"\u003e\n    \u003cimg src=\"https://img.shields.io/static/v1?style=for-the-badge\u0026message=X\u0026color=000000\u0026logo=x\u0026logoColor=FFFFFF\u0026label=\" alt=\"X\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"mailto:abhinavsingwal@gmail.com?subject=Hi%20YogSec%20,%20nice%20to%20meet%20you!\"\u003e\n    \u003cimg src=\"https://img.shields.io/static/v1?style=for-the-badge\u0026message=Gmail\u0026color=EA4335\u0026logo=Gmail\u0026logoColor=FFFFFF\u0026label=\" alt=\"Email\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://yogsec.wordpress.com\"\u003e\n    \u003cimg src=\"https://img.shields.io/static/v1?style=for-the-badge\u0026message=Website\u0026color=FFFFC5\u0026logo=Firefox\u0026logoColor=000000\u0026label=\" alt=\"Website\"\u003e\n  \u003c/a\u003e\n\n\u003c/div\u003e\n\n\n---\n\n## Table of Contents\n\n- [🔍 Information Gathering](#-information-gathering)\n- [🔎 Vulnerability Analysis](#-vulnerability-analysis)\n- [💥 Exploitation Tools](#-exploitation-tools)\n- [📡 Wireless Attacks](#-wireless-attacks)\n- [🧑‍💻 Forensics Tools](#-forensics-tools)\n- [⏳ Stress Testing](#-stress-testing)\n- [🕵️‍♀️ Sniffing \u0026 Spoofing](#-sniffing--spoofing)\n- [🔐 Password Attacks](#-password-attacks)\n- [🌐 Web Application Analysis](#-web-application-analysis)\n- [🧑‍💻 Reverse Engineering](#-reverse-engineering)\n- [📝 Reporting Tools](#-reporting-tools)\n- [🎭 Social Engineering Tools](#-social-engineering-tools)\n- [🧩 Miscellaneous](#-miscellaneous)\n\n## Information Gathering\n\n- 🛜 **[Nmap](https://nmap.org/)** – Network scanning and mapping tool.\n- 📶 **[Kismet](https://www.kismetwireless.net/)** – Wireless network detector, sniffer, and intrusion detection.\n- 🕵️ **[Maltego](https://www.maltego.com/)** – OSINT and data mining tool for information analysis.\n- 📨 **[theHarvester](https://github.com/laramies/theHarvester)** – Tool to gather emails, subdomains, hosts, and more.\n- 🔗 **[Recon-ng](https://github.com/lanmaster53/recon-ng)** – Full-featured web reconnaissance framework.\n- 🕵️‍♂️ **[SpiderFoot](https://github.com/smicallef/spiderfoot)** – Automate OSINT collection from multiple sources.\n- 🔍 **[Amass](https://github.com/OWASP/Amass)** – Network mapping and external asset discovery tool.\n- 🗂️ **[Sublist3r](https://github.com/aboul3la/Sublist3r)** – Subdomain enumeration using search engines.\n- 🧑‍💻 **[Assetfinder](https://github.com/tomnomnom/assetfinder)** – Subdomain discovery using various sources.\n- 🌍 **[crt.sh](https://crt.sh/)** – SSL certificate transparency log search engine.\n- 🧪 **[Dnsrecon](https://github.com/darkoperator/dnsrecon)** – Perform DNS enumeration and zone transfers.\n- 📜 **[Fierce](https://github.com/mschwager/fierce)** – DNS reconnaissance and attack tool.\n- 📄 **[WHOIS](https://www.whois.com/)** – Domain registration and ownership lookup.\n- 📬 **[EmailHarvester](https://github.com/maldevel/EmailHarvester)** – Email enumeration and gathering.\n- 🕸️ **[Shodan](https://www.shodan.io/)** – Search engine for internet-connected devices.\n- 🔥 **[Censys](https://censys.io/)** – Search engine for hosts and networks on the internet.\n- 🌐 **[OSINT Framework](https://osintframework.com/)** – Collection of OSINT tools and resources.\n- 🧑‍💻 **[FOCA](https://github.com/ElevenPaths/FOCA)** – Metadata extraction and document analysis.\n- 🛡️ **[Netcraft](https://www.netcraft.com/)** – Website profiling and phishing detection.\n- 🏛️ **[BuiltWith](https://builtwith.com/)** – Website technology lookup and analysis.\n\n\n## Vulnerability Analysis\n\n- 🧪 **[OpenVAS](https://github.com/greenbone/openvas-scanner)** – Open-source vulnerability scanner.\n- 🛡️ **[Nessus](https://www.tenable.com/products/nessus)** – Commercial vulnerability assessment tool.\n- 🕵️‍♂️ **[Nikto](https://cirt.net/Nikto2)** – Web server scanner for detecting vulnerabilities.\n- 🐺 **[Wapiti](https://github.com/wapiti-scanner/wapiti)** – Web application security scanner.\n- 🧑‍💻 **[Vega](https://github.com/subgraph/Vega)** – GUI-based web vulnerability scanner.\n- 🕷️ **[Arachni](https://github.com/Arachni/arachni)** – Feature-rich web application security scanner.\n- 🐍 **[SQLmap](https://github.com/sqlmapproject/sqlmap)** – Automated SQL injection detection and exploitation tool.\n- 🕸️ **[OWASP ZAP](https://www.zaproxy.org/)** – Open-source web application security scanner.\n- 🛜 **[Nmap Vulners](https://github.com/vulnersCom/nmap-vulners)** – Nmap NSE script for CVE detection.\n- 🔎 **[Retire.js](https://github.com/RetireJS/retire.js)** – JavaScript library vulnerability scanner.\n- ⚙️ **[Dependency-Check](https://github.com/jeremylong/DependencyCheck)** – Vulnerability analysis for project dependencies.\n- 🧑‍💻 **[Bandit](https://github.com/PyCQA/bandit)** – Security linter for Python code.\n- 🐞 **[Vuls](https://github.com/future-architect/vuls)** – Agentless vulnerability scanner for Linux/FreeBSD servers.\n- 📦 **[Trivy](https://github.com/aquasecurity/trivy)** – Vulnerability scanner for containers and dependencies.\n- 🧑‍💻 **[Grype](https://github.com/anchore/grype)** – Vulnerability scanner for container images and filesystems.\n- 🧑‍💻 **[Safety](https://github.com/pyupio/safety)** – Python dependency security scanner.\n- 📄 **[Lychee](https://github.com/lycheeverse/lychee)** – Broken link checker with vulnerability detection potential.\n- 📜 **[GitLeaks](https://github.com/gitleaks/gitleaks)** – Detect hardcoded secrets and sensitive data.\n- 🧑‍💻 **[ScoutSuite](https://github.com/nccgroup/ScoutSuite)** – Multi-cloud security auditing tool.\n- 🧑‍💻 **[CloudSploit](https://github.com/aquasecurity/cloudsploit)** – AWS security auditing tool.\n\n\n## Exploitation Tools\n\n- 🎯 [**Metasploit Framework**](https://github.com/rapid7/metasploit-framework) – Powerful exploit development and penetration testing framework.\n- 🚀 [**Armitage**](https://github.com/rsmudge/armitage) – GUI front-end for Metasploit to visualize attacks.\n- 🌐 [**BeEF (Browser Exploitation Framework)**](https://github.com/beefproject/beef) – Exploits browser vulnerabilities for client-side attacks.\n- 💻 [**ExploitDB**](https://github.com/offensive-security/exploitdb) – Archive of public exploits and proof-of-concept code.\n- 📜 [**SearchSploit**](https://github.com/offensive-security/exploitdb-bin-sploits) – Offline version of ExploitDB for quick exploit searching.\n- 🐍 [**sqlmap**](https://github.com/sqlmapproject/sqlmap) – Automated SQL injection exploitation tool.\n- 📤 [**Commix**](https://github.com/commixproject/commix) – Automated command injection vulnerability scanner.\n- 🖥️ [**RouterSploit**](https://github.com/threat9/routersploit) – Exploits vulnerabilities in routers, IoT, and embedded devices.\n- 📲 [**SET (Social Engineering Toolkit)**](https://github.com/trustedsec/social-engineer-toolkit) – Human hacking via phishing, payloads, and more.\n- 🕵️‍♂️ [**Empire**](https://github.com/BC-SECURITY/Empire) – Post-exploitation framework for PowerShell agents.\n- 🧑‍💻 [**Pupy**](https://github.com/n1nj4sec/pupy) – Cross-platform post-exploitation remote access tool (RAT).\n- 🧨 [**Sliver**](https://github.com/BishopFox/sliver) – C2 framework for adversary simulation and red teaming.\n- 🐚 [**Shellter**](https://www.shellterproject.com) – Dynamic shellcode injector for Windows executables.\n- 🐦 [**Merlin**](https://github.com/Ne0nd0g/merlin) – Post-exploitation command \u0026 control server using HTTP/2.\n- 🧙‍♂️ [**Covenant**](https://github.com/cobbr/Covenant) – C#-based post-exploitation platform.\n- 🔒 [**PowerSploit**](https://github.com/PowerShellMafia/PowerSploit) – PowerShell scripts for post-exploitation.\n- 🔎 [**Windows Exploit Suggester**](https://github.com/bitsadmin/wesng) – Suggests exploits based on Windows OS versions.\n- 📦 [**PayloadsAllTheThings**](https://github.com/swisskyrepo/PayloadsAllTheThings) – Collection of payloads for exploits, fuzzing, and pentesting.\n- 🧑‍💻 [**Fuzzbunch**](https://github.com/fuzzbunch/fuzzbunch) – NSA’s exploit framework (part of the Shadow Brokers leak).\n- 🛠️ [**CrackMapExec**](https://github.com/byt3bl33d3r/CrackMapExec) – Swiss army knife for post-exploitation in Windows environments.\n\n\n## Wireless Attacks\n\n- 📡 [**Aircrack-ng**](https://github.com/aircrack-ng/aircrack-ng) – WiFi cracking suite\n- 🛠️ [**Reaver**](https://github.com/t6x/reaver-wps-fork) – WPS attack tool\n- 🧑‍💻 [**Fern WiFi Cracker**](https://github.com/savio-code/fern-wifi-cracker) – Wireless network auditing tool\n- 🔓 [**Wifite**](https://github.com/derv82/wifite) – Automated wireless attack tool\n- 🛡️ [**Kismet**](https://kismetwireless.net/) – Wireless network detector \u0026 sniffer\n- 🌐 [**MDK3**](https://github.com/aircrack-ng/mdk3) – Wireless network attack tool\n- 🎯 [**PixieWPS**](https://github.com/wiire/aircrack-ng) – WPS offline attack tool\n- 🧠 [**WPA2 Wordlist Generator**](https://github.com/edenhill/wpa2-wordlist-generator) – Generate custom WPA2 wordlists\n- 🕵️‍♂️ [**Bully**](https://github.com/aanarchyy/bully) – WPS attack tool for brute-forcing\n- 🔄 [**Evil Twin**](https://github.com/derv82/evil-twin) – Create fake AP for capturing handshakes\n- 🚀 [**WiFi-Pumpkin**](https://github.com/P0cL4bs/WiFi-Pumpkin) – Man-in-the-middle framework for Wi-Fi networks\n- 🧩 [**Airgeddon**](https://github.com/v1s1t0r1sh3r3/airgeddon) – Multi-use bash script for wireless auditing\n- 🧑‍💻 [**Ghost Phisher**](https://github.com/sundowndev/ghost-phisher) – Wireless network attack tool for phishing\n- 🧑‍🔧 [**NoCatSplash**](https://github.com/no-such-project/NoCatSplash) – Captive portal for Wi-Fi networks\n- 🦠 [**Wifiphisher**](https://github.com/wifiphisher/wifiphisher) – Phishing tool for Wi-Fi networks\n- 📡 [**WLANPi**](https://github.com/wlanpi/wlanpi) – Wireless attack platform for pen-testers\n- 🛠️ [**Cowpatty**](https://github.com/wiire/cowpatty) – Tool for offline WPA2 cracking\n- 🌐 [**Scapy**](https://github.com/secdev/scapy) – Python tool for packet manipulation and analysis\n- 📶 [**NetStumbler**](http://www.netstumbler.com/) – Wi-Fi scanner for Windows\n- 🔒 [**Wi-Fi Pineapple**](https://github.com/securestate/wifipineapple) – Wireless attack platform by Hak5\n\n## Forensics Tools\n\n- 🧑‍💻 [**Autopsy**](https://www.autopsy.com/) – Digital forensics platform for analyzing hard drives and smartphones.\n- 🧠 [**Volatility**](https://www.volatilityfoundation.org/) – Memory forensics framework for analyzing RAM dumps.\n- 🗂️ [**Binwalk**](https://github.com/ReFirmLabs/binwalk) – Firmware analysis tool for extracting embedded files.\n- 🔍 [**Sleuth Kit (TSK)**](https://www.sleuthkit.org/sleuthkit/) – Command-line tools for disk image investigation.\n- 🧑‍💻 [**ExifTool**](https://exiftool.org/) – Metadata extractor for images, videos, and documents.\n- 🗃️ [**TestDisk**](https://www.cgsecurity.org/wiki/TestDisk) – Disk recovery tool to restore lost partitions.\n- 🔄 [**PhotoRec**](https://www.cgsecurity.org/wiki/PhotoRec) – File recovery software for deleted files from disks.\n- 🧑‍💻 [**Foremost**](https://foremost.sourceforge.net/) – File carving tool for data recovery based on headers.\n- 🔑 [**Hashdeep**](https://github.com/jessek/hashdeep) – File hashing tool with recursive hashing \u0026 audit mode.\n- 🧑‍💻 [**Bulk Extractor**](https://github.com/simsong/bulk_extractor) – Extracts email, URLs, and other artifacts from raw data.\n- 🗄️ [**Digital Forensics Framework (DFF)**](https://github.com/arxsys/dff) – Open-source platform for digital forensics.\n- 🧑‍💻 [**Xplico**](https://www.xplico.org/) – Network forensics tool to reconstruct network sessions.\n- 🧑‍💻 [**NetworkMiner**](https://www.netresec.com/?page=NetworkMiner) – Passive network packet analyzer for network forensics.\n- 🧑‍💻 [**Pdf-parser**](https://blog.didierstevens.com/programs/pdf-tools/) – Analyze and extract content from PDF files.\n- 🧑‍💻 [**RegRipper**](https://github.com/keydet89/RegRipper3.0) – Windows registry analysis tool.\n- 🧑‍💻 [**PEView**](https://www.aldeid.com/wiki/PEview) – Portable executable (PE) file viewer for malware analysis.\n- 🧑‍💻 [**YARA**](https://github.com/VirusTotal/yara) – Malware pattern-matching tool used by researchers.\n- 🧑‍💻 [**HxD**](https://mh-nexus.de/en/hxd/) – Hex editor for raw disk editing and analysis.\n- 🧑‍💻 [**FTK Imager**](https://accessdata.com/products-services/ftk-imager) – Disk imaging and evidence preview tool.\n- 🧑‍💻 [**Capstone**](https://www.capstone-engine.org/) – Disassembly framework for binary analysis.\n\n## Stress Testing\n\n- 🐌 **[Slowloris](https://github.com/gkbrk/slowloris)** – HTTP DoS tool for keeping many connections open\n- 🛰️ **[LOIC](https://github.com/NewEraCracker/LOIC)** – Low Orbit Ion Cannon for stress testing\n- 🐻 **[HULK](https://github.com/evilarc/HULK)** – HTTP flood tool that makes use of varied requests\n- 🦸 **[GoldenEye](https://github.com/jseidl/GoldenEye)** – Python-based HTTP denial-of-service tool\n- 💨 **[Tsunami](https://github.com/tsunami-pft/tsunami)** – Network stress testing and security evaluation\n- 🛑 **[R-U-Dead-Yet](https://github.com/m0nad/DDoS)** – Simple DoS testing tool\n- 🧯 **[DDoS-Sim](https://github.com/DDoS-Sim/DDoS-Sim)** – DDoS simulation tool\n- 💥 **[Xerxes](https://github.com/BigMondo/Xerxes)** – Powerful DDoS attack tool for testing purposes\n- 🎯 **[Web-Hulk](https://github.com/wwkman/Web-Hulk)** – Web server stress testing tool\n- 🚀 **[Synful](https://github.com/SynfulTeam/synful)** – SYN flood tool for stress testing\n- 💣 **[LOIC-PowerShell](https://github.com/LOIC-PowerShell/LOIC-PowerShell)** – PowerShell-based LOIC for DDoS testing\n- 🌐 **[T50](https://github.com/technitium/T50)** – A powerful stress testing tool that simulates multiple attack vectors\n- 🌪️ **[RIP-Lite](https://github.com/Sp0oF/RIP-Lite)** – Lightweight stress testing tool for HTTP and SOCKS\n- 🐉 **[Stress-ng](https://github.com/ColinIanKing/stress-ng)** – A tool that can stress test the CPU, RAM, I/O, and more\n- 🛠️ **[XDT](https://github.com/xwdn/xdt)** – DDoS testing tool with multi-protocol support\n- 🥂 **[Botnet](https://github.com/yeswepwn/Botnet)** – DDoS botnet attack simulation tool\n- 🔨 **[DDOS-Exploit](https://github.com/nemesis2020/DDOS-Exploit)** – Exploit kit for DDoS stress testing\n- 🛡️ **[Fudp](https://github.com/Toph-3r/fudp)** – A multi-threaded UDP flooder for stress testing\n- ⚡ **[BlackHAT](https://github.com/j3ssie/BlackHAT)** – A stress testing framework for web applications\n\n\n## Sniffing \u0026 Spoofing\n\n\n- 🌐 **[Wireshark](https://www.wireshark.org/)** – Network protocol analyzer\n- 🕵️‍♂️ **[Ettercap](https://www.ettercap-project.org/)** – Man-in-the-middle attack tool\n- ⚡ **[BetterCAP](https://www.bettercap.org/)** – Flexible network attack \u0026 monitoring tool\n- 📡 **[Tcpdump](https://www.tcpdump.org/)** – Command-line packet analyzer\n- 🌍 **[Nessus](https://www.tenable.com/products/nessus)** – Vulnerability scanner with sniffing capabilities\n- 🐍 **[Scapy](https://scapy.net/)** – Python-based interactive packet manipulation program\n- 🌐 **[MITMf](https://github.com/byt3bl33d3r/MITMf)** – Man-in-the-middle framework for network attacks\n- 🦊 **[Fakenet-NG](https://github.com/axil/fakenet-ng)** – Fake network traffic generation tool\n- 🐾 **[Dsniff](https://github.com/joschi/dsniff)** – Collection of network monitoring tools for penetration testers\n- 🎯 **[Responder](https://github.com/SpiderLabs/Responder)** – LLMNR, NBT-NS, and MDNS poisoner for internal network attacks\n- 💻 **[Ettercap-NG](https://github.com/Ettercap/ettercap)** – Enhanced version of Ettercap with additional features\n- 🧑‍💻 **[Arp-Spoof](https://github.com/vanhauser-thc/thc-hydra)** – Tool to intercept network traffic by sending ARP packets\n- 🌐 **[WiFi-Pumpkin](https://github.com/P0cL4bs/WiFi-Pumpkin)** – WiFi spoofing tool\n- 🎣 **[Aircrack-ng](https://www.aircrack-ng.org/)** – Suite for wireless network auditing and cracking WEP/WPA keys\n- 🧩 **[Xplico](https://www.xplico.org/)** – Network forensics tool that extracts applications' data from pcap files\n- 📊 **[Pry-Fi](https://github.com/Kevin-Robert/Pry-Fi)** – A tool to find and exploit vulnerabilities in wireless networks\n- 🕵️‍♀️ **[Kismet](https://kismetwireless.net/)** – Wireless network detector, sniffer, and intrusion detection system\n- 🐍 **[Burp Suite](https://portswigger.net/burp)** – Web vulnerability scanner and network attack tool with advanced interception features\n- 💻 **[Snoopy](https://github.com/marooned/snoopy)** – Sniffing \u0026 spoofing tool focused on DNS \u0026 HTTP traffic\n- 📡 **[Snort](https://www.snort.org/)** – Open-source network intrusion detection \u0026 prevention system\n\n## Password Attacks\n\n- 🔥 **[John the Ripper](https://www.openwall.com/john/)** – Password cracking tool for various password hashes.\n- 🧑‍💻 **[Hydra](https://github.com/vanhauser-thc/thc-hydra)** – Brute-force tool that supports a wide range of protocols.\n- ⚡ **[Hashcat](https://github.com/hashcat/hashcat)** – Advanced password recovery using GPUs.\n- 🐍 **[Medusa](https://github.com/jmk-foofus/medusa)** – A speedy, parallelized login brute-forcer.\n- 🌐 **[Aircrack-ng](https://www.aircrack-ng.org/)** – WiFi password cracking suite.\n- 🔐 **[Wifite](https://github.com/derv82/wifite2)** – Wireless network attack tool focused on WPA/WPA2.\n- 🧠 **[THC-Hydra](https://github.com/vanhauser-thc/thc-hydra)** – A very fast network login cracker.\n- 🎯 **[Hash-Toolkit](https://github.com/rapid7/hash_toolkit)** – A tool for password hash cracking.\n- 🛠️ **[Brutus](https://www.hoobie.net/brutus/)** – An old but reliable password cracker for HTTP, FTP, and more.\n- 🔑 **[Burp Suite](https://portswigger.net/burp)** – A popular web vulnerability scanner with password attack features.\n- 🧑‍💻 **[Ophcrack](http://ophcrack.sourceforge.net/)** – A Windows password cracker using rainbow tables.\n- 💻 **[Cain \u0026 Abel](https://www.oxid.it/cain.html)** – A versatile tool for cracking various password hashes, sniffing networks, and decoding passwords.\n- 🔐 **[L0phtCrack](https://www.l0phtcrack.com/)** – Windows password auditing and recovery tool.\n- 🧩 **[CrackStation](https://crackstation.net/)** – A free online service for cracking password hashes using dictionary attacks.\n- 🔓 **[RainbowCrack](https://project-rainbowcrack.com/)** – A tool that utilizes rainbow tables to crack passwords.\n- 🧑‍💻 **[Medusa](https://github.com/jmk-foofus/medusa)** – Parallelized login brute-forcer for multiple protocols.\n- 🔥 **[Patator](https://github.com/lanjelot/patator)** – A multi-purpose brute-forcing tool that supports numerous protocols.\n- 🛡️ **[RSMangler](https://github.com/s0md3v/Hash-Buster)** – A hash bruteforce tool for creating password dictionaries.\n- 🧑‍💻 **[CrackMapExec](https://github.com/byt3bl33d3r/CrackMapExec)** – A post-exploitation tool for automating credential validation.\n- 🕵️‍♀️ **[SudoKiller](https://github.com/TH3xACE/SudoKiller)** – A tool for privilege escalation that can be used for password cracking in Unix-based systems.\n\n## Web Application Analysis\n\n- 🧑‍💻 [**Burp Suite**](https://portswigger.net/burp) – Web security testing toolkit.\n- 🕵️ [**OWASP ZAP**](https://www.zaproxy.org/) – Open-source web application scanner.\n- 🐍 [**SQLmap**](https://github.com/sqlmapproject/sqlmap) – Automated SQL injection tool.\n- 📜 [**Wappalyzer**](https://www.wappalyzer.com/) – Identify technologies on websites.\n- 🧑‍💻 [**Dirb**](https://gitlab.com/kalilinux/packages/dirb) – Web content scanner.\n- 📂 [**Gobuster**](https://github.com/OJ/gobuster) – Directory and DNS brute-forcing.\n- 🔍 [**Nikto**](https://github.com/sullo/nikto) – Web server vulnerability scanner.\n- 🧑‍💻 [**Sublist3r**](https://github.com/aboul3la/Sublist3r) – Subdomain enumeration.\n- 🕵️ [**Amass**](https://github.com/owasp-amass/amass) – Network mapping and subdomain enumeration.\n- 📝 [**Httpx**](https://github.com/projectdiscovery/httpx) – Fast HTTP probing.\n- 🌐 [**FFUF**](https://github.com/ffuf/ffuf) – Fast web fuzzer.\n- 🧑‍💻 [**WhatWeb**](https://github.com/urbanadventurer/WhatWeb) – Identify web technologies.\n- 🛠️ [**Nuclei**](https://github.com/projectdiscovery/nuclei) – Vulnerability scanning and templating.\n- 🧑‍💻 [**XSStrike**](https://github.com/s0md3v/XSStrike) – XSS detection and exploitation.\n- 🐞 [**Commix**](https://github.com/commixproject/commix) – Automated command injection.\n- 🔥 [**WPScan**](https://github.com/wpscanteam/wpscan) – WordPress security scanner.\n- 🛡️ [**Cmsmap**](https://github.com/Dionach/CMSmap) – CMS detection and exploitation.\n- 🔍 [**Arachni**](https://github.com/Arachni/arachni) – Advanced web vulnerability scanner.\n- 🕵️ [**Waybackurls**](https://github.com/tomnomnom/waybackurls) – Fetch URLs from Wayback Machine.\n- 🧑‍💻 [**Unfurl**](https://github.com/tomnomnom/unfurl) – Extract URLs and data from URLs.\n- 📂 [**Dirsearch**](https://github.com/maurosoria/dirsearch) – A fast and powerful scanner that uses brute-force to find hidden directories and files on web servers. It discovers inaccessible content with customizable wordlists.\n\n## Reverse Engineering\n\n- 🧠 [**Ghidra**](https://ghidra-sre.org/) – Open-source software reverse engineering framework.\n- 🔎 [**Radare2**](https://github.com/radareorg/radare2) – Command-line reverse engineering toolkit.\n- 🛠️ [**OllyDbg**](http://www.ollydbg.de/) – 32-bit assembler-level debugger for Windows.\n- 🧑‍💻 [**IDA Pro**](https://hex-rays.com/ida-pro/) – Industry-standard interactive disassembler.\n- 🐍 [**Binary Ninja**](https://binary.ninja/) – Interactive binary analysis platform.\n- 🛡️ [**x64dbg**](https://x64dbg.com/) – Open-source Windows debugger for x64 and x86.\n- 🧬 [**Cutter**](https://cutter.re/) – GUI for Radare2 with advanced analysis features.\n- 📝 [**Hopper**](https://www.hopperapp.com/) – Mac \u0026 Linux disassembler with powerful analysis.\n- 🧑‍💻 [**dnSpy**](https://github.com/dnSpy/dnSpy) – .NET debugger and assembly editor.\n- 🔄 [**RetDec**](https://retdec.com/) – Open-source decompiler for machine code.\n- ⚙️ [**angr**](https://angr.io/) – Python framework for binary analysis.\n- 🧑‍💻 [**Frida**](https://frida.re/) – Dynamic instrumentation toolkit.\n- 🔗 [**Binary Analysis Toolkit (BAT)**](https://github.com/cea-sec/BAT) – Malware analysis and binary inspection.\n- 🐛 [**Rizin**](https://rizin.re/) – Fork of Radare2 with a focus on usability.\n- 🗂️ [**PEiD**](https://www.softpedia.com/get/Programming/File-Editors/PEiD.shtml) – Detect packers, cryptors, and compilers.\n- 🧑‍💻 [**DiE (Detect It Easy)**](https://github.com/horsicq/Detect-It-Easy) – Portable executable identifier.\n- 📊 [**LIEF**](https://lief.quarkslab.com/) – Library for parsing and modifying executables.\n- 🔍 [**Snowman**](https://derevenets.com/) – Native code to C++ decompiler.\n- 🧑‍💻 [**APKTool**](https://github.com/iBotPeaches/Apktool) – Decompile and rebuild Android APKs.\n- 🔓 [**JEB Decompiler**](https://www.pnfsoftware.com/jeb/) – Commercial decompiler for Android and other platforms.\n\n## Reporting Tools\n\n- 📄 [**Dradis**](https://dradisframework.com/) – Collaboration and reporting platform for pentesters.\n- 🧑‍💻 [**Faraday**](https://faradaysec.com/) – Multi-user penetration testing IDE.\n- 🌳 [**MagicTree**](http://www.magictree.org/) – Pentesting productivity tool for data aggregation and reporting.\n- 📊 [**Serpico**](https://github.com/SerpicoProject/Serpico) – Simplifying pentest reporting using templates.\n- 📝 [**LaTeX**](https://www.latex-project.org/) – High-quality typesetting system often used for security reports.\n- 📑 [**reNgine**](https://github.com/yogeshojha/rengine) – Automated reconnaissance framework with reporting.\n- 🧑‍💻 [**ReconNote**](https://github.com/nahamsec/recon_note) – Web-based notes manager for recon and reporting.\n- 📝 [**Pentracker**](https://github.com/noraj/pentracker) – Pentest reporting and management tool.\n- 📄 [**Markdown**](https://www.markdownguide.org/) – Lightweight markup language for clean report writing.\n- 📄 [**Ghostwriter**](https://github.com/GhostManager/Ghostwriter) – Reporting and engagement management platform.\n- 📊 [**VulnReport**](https://github.com/salesforce/vulnreport) – Automated vulnerability reporting platform.\n- 📋 [**Katana Framework**](https://github.com/PowerScript/KatanaFramework) – Post-exploitation and reporting utility.\n- 📑 [**Pentest-Report-Template**](https://github.com/adamjdeacon/Pentest-Report-Template) – Professional pentest report LaTeX template.\n- 📄 [**ProofSuite**](https://github.com/danielfuentes/proofsuite) – Automated proof of concept and reporting tool.\n- 🧑‍💻 [**VulnWhisperer**](https://github.com/austin-taylor/VulnWhisperer) – Vulnerability management reporting with Nessus, Qualys, and OpenVAS.\n- 📜 [**RiskSense**](https://www.risksense.com/) – Risk-based vulnerability management and reporting.\n- 📝 [**Pentestly**](https://github.com/praetorian-code/pentestly) – Powershell-based post-exploitation and reporting.\n- 📄 [**SecReport**](https://github.com/Matir/secreport) – Report generation tool for pentesters.\n- 📋 [**PwnDoc**](https://github.com/pwndoc/pwndoc) – Pentest reporting tool with customizable templates.\n- 🧑‍💻 [**PenTest-Wiki**](https://github.com/nixawk/pentest-wiki) – Knowledge base for pentesting \u0026 reporting references.\n\n## Social Engineering Tools\n\n- 🧑‍💻 [**SET (Social-Engineer Toolkit)**](https://github.com/trustedsec/social-engineer-toolkit) – Advanced framework for social engineering attacks.\n- 📧 [**King Phisher**](https://github.com/rsmusllp/king-phisher) – Phishing campaign toolkit for testing and training.\n- 🎣 [**Phishing Frenzy**](https://github.com/pentestgeek/phishing-frenzy) – Phishing campaign automation platform.\n- 🪤 [**Gophish**](https://github.com/gophish/gophish) – Open-source phishing toolkit for awareness and testing.\n- 📩 [**Evilginx2**](https://github.com/kgretzky/evilginx2) – Phishing toolkit using reverse proxy for capturing credentials \u0026 tokens.\n- 🕵️‍♀️ [**HiddenEye**](https://github.com/DarkSecDevelopers/HiddenEye) – Modern phishing tool with advanced social engineering features.\n- 🔥 [**BlackEye**](https://github.com/An0nUD4Y/blackeye) – Phishing tool with site cloning capabilities.\n- 🛜 [**Zphisher**](https://github.com/htr-tech/zphisher) – Advanced phishing tool with tunneling support.\n- 📡 [**SocialFish**](https://github.com/UndeadSec/SocialFish) – Social engineering phishing framework.\n- 🧑‍💻 [**HiddenEye Reborn**](https://github.com/DarkSecDevelopers/HiddenEyeReborn) – Improved version of HiddenEye for phishing \u0026 spoofing.\n- 🧑‍💻 [**EvilPhish**](https://github.com/An0nNiemus/EvilPhish) – Social engineering tool for phishing websites.\n- 📬 [**ShellPhish**](https://github.com/thelinuxchoice/shellphish) – Automated phishing tool supporting multiple templates.\n- 🧑‍💻 [**CamPhish**](https://github.com/techchipnet/CamPhish) – Webcam phishing attack tool.\n- 🕵️ [**Weeman**](https://github.com/evait-security/weeman) – HTTP server-based phishing framework.\n- 📲 [**QRGen**](https://github.com/sdushantha/qrgen) – QR code phishing generator.\n- 🕵️ [**PyPhisher**](https://github.com/KasRoudra/PyPhisher) – Python-based phishing toolkit with multiple site templates.\n- 🕸️ [**AdvPhishing**](https://github.com/Ignitetch/AdvPhishing) – Advanced phishing tool with login page cloning.\n- 🎯 [**SocialBox**](https://github.com/samsesh/SocialBox) – Brute-force social media hacking toolkit.\n- 🧑‍💻 [**XPhisher**](https://github.com/htr-tech/xphisher) – Advanced phishing tool with inbuilt tunneling.\n- 🌐 [**CredSniper**](https://github.com/ustayready/CredSniper) – Phishing framework with two-factor authentication bypass support.\n\n## Miscellaneous\n\n- 🐉 **[Kali Linux](https://www.kali.org/)** – Advanced penetration testing and security auditing OS.\n- 🦜 **[Parrot Security OS](https://www.parrotsec.org/)** – Security-focused OS for pentesting and privacy.\n- 🧑‍💻 **[BackBox](https://www.backbox.org/)** – Ubuntu-based Linux distro for penetration testing.\n- 🕵️ **[BlackArch Linux](https://blackarch.org/)** – Arch-based OS with 2800+ hacking tools.\n- 🔎 **[Pentoo](https://www.pentoo.ch/)** – Security-focused Gentoo-based Linux.\n- 🧑‍💻 **[Tails](https://tails.boum.org/)** – Privacy and anonymity-focused live OS.\n- 🧪 **[CAINE](https://www.caine-live.net/)** – Digital forensics live Linux distro.\n- 🧑‍💻 **[Bugtraq](https://bugtraq-team.com/)** – Linux distro for pentesting \u0026 malware analysis.\n- 🔒 **[Whonix](https://www.whonix.org/)** – Anonymous OS based on Tor.\n- 🧠 **[DEFT Linux](https://www.deftlinux.net/)** – Digital evidence \u0026 forensics toolkit.\n- 🌐 **[Subgraph OS](https://subgraph.com/)** – Secure Linux distro with hardened kernel.\n- 🧑‍💻 **[ArchStrike](https://archstrike.org/)** – Arch Linux repository for security tools.\n- 🧑‍💻 **[Fedora Security Lab](https://labs.fedoraproject.org/security/)** – Fedora spin for security auditing.\n- 🧑‍💻 **[SamuraiWTF](https://github.com/SamuraiWTF/samuraiwtf)** – Web application penetration testing environment.\n- 🔎 **[Cyborg Hawk](https://cyborg.ztrela.com/)** – Security distro for penetration testing.\n- 🧑‍💻 **[Matriux Krypton](https://www.matriux.com/)** – Debian-based security distribution.\n- 🔥 **[NodeZero](https://sourceforge.net/projects/nodezero/)** – Ubuntu-based penetration testing OS.\n- 🧑‍💻 **[GnackTrack](https://sourceforge.net/projects/gnacktrack/)** – Linux live distribution for penetration testing.\n- 🛡️ **[SELKS](https://www.stamus-networks.com/open-source)** – Suricata-based IDS/IPS platform.\n- 🕵️‍♂️ **[PentestBox](https://pentestbox.org/)** – Penetration testing toolkit for Windows.\n\n---\n\n### Support\n\nYou can support this project **directly** using **Ko-fi**:  \n\n[![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/W7W116EDDL)\n\n\u003e Every contribution, small or large, helps keep open-source cybersecurity alive. Thank you for supporting **Hacking-Tools**! 🛡️\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyogsec%2Fhacking-tools","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyogsec%2Fhacking-tools","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyogsec%2Fhacking-tools/lists"}