Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

venom

👽 The collection of awesome software, tools, libraries, documents, books, resources and cool stuff about information security, penetration testing and offensive cybersecurity.
https://github.com/kraloveckey/venom

Last synced: 3 days ago
JSON representation

  • Vulnerability Databases

    • Penetration Testing Report Templates

      • `Full-Disclosure` - Public, vendor-neutral forum for detailed discussion of vulnerabilities, often publishes details before many other sources.
      • `Packet Storm` - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
      • `SecuriTeam` - Independent source of software vulnerability information.
      • `Packet Storm` - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
      • `Packet Storm` - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
      • `Bugtraq (BID)` - Software security bug identification database compiled from submissions to the SecurityFocus mailing list and other sources, operated by Symantec, Inc.
      • `China National Vulnerability Database (CNNVD)` - Chinese government-run vulnerability database analoguous to the United States's CVE database hosted by Mitre Corporation.
      • `US-CERT Vulnerability Notes Database` - Summaries, technical details, remediation information, and lists of vendors affected by software vulnerabilities, aggregated by the United States Computer Emergency Response Team (US-CERT).
      • `VulDB` - Independent vulnerability database with user community, exploit details, and additional meta data (e.g. CPE, CVSS, CWE)
      • `Packet Storm` - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
      • `Snyk Vulnerability DB` - Detailed information and remediation guidance for vulnerabilities known by Snyk.
      • `Packet Storm` - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
      • 'Vulert' - Vulert's vulnerability database lists recent security issues found in open-source packages for languages like PHP, Java, Python, Node.js, and others.
      • `Common Vulnerabilities and Exposures (CVE)` - Dictionary of common names (i.e., CVE Identifiers) for publicly known security vulnerabilities.
      • `CXSecurity` - Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a Google dork database for discovering the listed vulnerability.
      • `Exploit-DB` - Non-profit project hosting exploits for software vulnerabilities, provided as a public service by Offensive Security.
      • `HPI-VDB` - Aggregator of cross-referenced software vulnerabilities offering free-of-charge API access, provided by the Hasso-Plattner Institute, Potsdam.
      • `National Vulnerability Database (NVD)` - United States government's National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine.
      • `Open Source Vulnerabilities (OSV)` - Database of vulnerabilities affecting open source software, queryable by project, Git commit, or version.
      • `Rapid7` - Vulnerability & Exploit Database.
      • `Sploitus` - Convenient central place for identifying the newest exploits and finding attacks that exploit known vulnerabilities.
      • `Vulmon` - Vulnerability search engine with vulnerability intelligence features that conducts full text searches in its database.
      • `Vulnerability Lab` - Open forum for security advisories organized by category of exploit target.
      • `Vulners` - Security database of software vulnerabilities.
      • `Packet Storm` - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.

  • Useful Resources

  • Analysis Tools

    • `CyberChef` - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis.
    • `DocBleach` - An open-source Content Disarm & Reconstruct software sanitizing Office, PDF and RTF Documents.
    • `peepdf` - Python tool to explore PDF files in order to find out if the file can be harmful or not.
    • `Veles` - Binary data visualization and analysis tool.

  • Anonymity / Tor Tools

    • `dos-over-tor` - Proof of concept denial of service over Tor stress test tool.
    • `kalitorify` - Transparent proxy through Tor for Kali Linux OS.
    • `I2P` - The Invisible Internet Project.
    • `Nipe` - Script to redirect all traffic from the machine to the Tor network.
    • `What Every Browser Knows About You` - Comprehensive detection page to test your own Web browser's configuration for privacy and identity leaks.
    • `Metadata Anonymization Toolkit (MAT)` - Metadata removal tool, supporting a wide range of commonly used file formats, written in Python3.
    • `OnionScan` - Tool for investigating the Dark Web by finding operational security issues introduced by Tor hidden service operators.
    • `Tor` - Free software and onion routed overlay network that helps you defend against traffic analysis.

  • Web

    • Web Proxies Intercepting

      • `mitmproxy` - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
      • `Fiddler` - Free cross-platform web debugging proxy with user-friendly companion tools.
      • `OWASP Zed Attack Proxy (ZAP)` - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.

    • Web Vulnerability Scanners

      • `Nikto` - Noisy but fast black box web server and web application vulnerability scanner.
      • `SecApps` - In-browser web application security testing suite.
      • `skipfish` - Performant and adaptable active web application security reconnaissance tool.
      • `WPScan` - Black box WordPress vulnerability scanner.
      • `Wapiti` - Black box web application vulnerability scanner with built-in fuzzer.
      • `ACSTIS` - Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.
      • `Cyclops` - The Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink.
      • `is-website-vulnerable` - finds publicly known security vulnerabilities in a website's frontend JavaScript libraries.
      • `JCS` - Joomla Vulnerability Component Scanner with automatic database updater from exploitdb and packetstorm.
      • `joomscan` - Joomla vulnerability scanner.
      • `katana` - A next-generation crawling and spidering framework.
      • `Keyscope` - Keyscope is an extensible key and secret validation for checking active secrets against multiple SaaS vendors built in Rust.
      • `recon` - a fast Rust based CLI that uses SQL to query over files, code, or malware with content classification and processing for security experts.
      • `reconFTW` - A tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities.
      • `Scanmycode CE (Community Edition)` - Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report. Currently supports: PHP, Java, Scala, Python, Ruby, Javascript, GO, Secret Scanning, Dependency Confusion, Trojan Source, Open Source and Proprietary Checks (total ca. 1000 checks)
      • `w3af` - Web application attack and audit framework.
      • `WebReaver` - Commercial, graphical web application vulnerability scanner designed for macOS.
      • `ZAP` - The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

    • Penetration Testing Report Templates

      • `Awesome Web Hacking` - This list is for anyone wishing to learn about web application security but do not have a starting point.

    • Web Exploitation

      • `corschecker` - Java Script for performing CORS security test.
      • `badtouch` - Scriptable network authentication cracker.
      • `FuzzDB` - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
      • `gobuster` - Lean multipurpose brute force search/fuzzing tool for Web (and DNS) reconnaissance.
      • `h2t` - HTTP Hardening Tool for scans a website and suggests security headers to apply.
      • `Parth` - Heuristic Vulnerable Parameter Scanner.
      • `Raccoon` - High performance offensive security tool for reconnaissance and vulnerability scanning.
      • `sslstrip2` - SSLStrip version to defeat HSTS.
      • `WPSploit` - Exploit WordPress-powered websites with Metasploit.
      • `autochrome` - Chrome browser profile preconfigured with appropriate settings needed for web application testing.
      • `sslstrip` - Demonstration of the HTTPS stripping attacks.

    • Web Accessible Source Code Ripping Tools

      • `DVCS Ripper` - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.
      • `GitTools` - Automatically find and download Web-accessible `.git` repositories.
      • `git-dumper` - Tool to dump a git repository from a website.
      • `git-scanner` - Tool for bug hunting or pentesting websites that have open `.git` repositories available in public.

    • Web Application Firewall

      • `Curiefense` - Curiefense adds a broad set of automated web security tools, including a WAF to Envoy Proxy.
      • `ironbee` - IronBee is an open source project to build a universal web application security sensor. IronBee as a framework for developing a system for securing web applications - a framework for building a web application firewall (WAF).
      • `NAXSI` - NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX, NAXSI means Nginx Anti Xss & Sql Injection.
      • `sql_firewall`

    • Web File Inclusion Tools

      • `fimap` - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
      • `Kadimus` - LFI scan and exploit tool.
      • `LFISuite` - Automatic LFI scanner and exploiter.
      • `liffy` - LFI exploitation tool.

    • Web Injection Tools

      • `Commix` - Automated all-in-one operating system command injection and exploitation tool.
      • `NoSQLmap` - Automatic NoSQL injection and database takeover tool.
      • `tplmap` - Automatic server-side template injection and Web server takeover tool.

    • Web Path Discovery / Bruteforcing Tools

      • `dirhunt` - Find web directories without bruteforce.
      • `dirsearch` - Web path scanner.
      • `GooFuzz` - Tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).
      • `lulzbuster` - Search files and folders on web-sites.
      • `recursebuster` - Content discovery tool to perform directory and file bruteforcing.
      • `DotDotPwn` - Directory traversal fuzzer.

    • Web Reconnaissance Tools

    • Web Shells / C2 Frameworks

      • `Browser Exploitation Framework (BeEF)` - Command and control server for delivering exploits to commandeered Web browsers.
      • `DAws` - Advanced Web shell.
      • `Merlin` - Cross-platform post-exploitation HTTP/2 Command and Control server and agent written in Golang.
      • `PhpSploit` - Full-featured C2 framework which silently persists on webserver via evil PHP oneliner.
      • `SharPyShell` - Tiny and obfuscated ASP.NET webshell for C# web applications.
      • `weevely3` - Weaponized PHP-based web shell.

    • Web Subdomains

      • `Dome` - Subdomain enumeration tool, fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.
      • `knock` - Python3 tool designed to quickly enumerate subdomains on a target domain through dictionary attack.
      • `subbrute` - DNS meta-query spider that enumerates DNS records, and subdomains.
      • `subDomainsBrute` - Fast sub domain brute tool for pentesters.
      • `subfinder` - Subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
      • `Sublist3r` - Fast subdomains enumeration tool for penetration testers.

  • Anti-virus Evasion Tools

    • `Shellter` - Dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.
    • `Shellter` - Dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.
    • `AntiVirus Evasion Tool (AVET)` - Post-process exploits containing executable files targeted for Windows machines to avoid being recognized by antivirus software.
    • `CarbonCopy` - Tool that creates a spoofed certificate of any online website and signs an Executable for AV evasion.
    • `peCloakCapstone` - Multi-platform fork of the `peCloak.py` automated malware antivirus evasion tool.
    • `UniByAv` - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key.
    • `Veil` - Generate metasploit payloads that bypass common anti-virus solutions.

  • Endpoint

    • Mobile / Android / iOS

      • `Mobile Security Wiki` - A collection of mobile security resources.
      • `android-security-awesome` - A collection of android security related resources. A lot of work is happening in academia and industry on tools to perform dynamic analysis, static analysis and reverse engineering of android apps.
      • `dotPeek` - Free-of-charge standalone tool based on ReSharper's bundled decompiler.
      • `Themis` - High-level multi-platform cryptographic framework for protecting sensitive data: secure messaging with forward secrecy and secure data storage (AES256GCM), suits for building end-to-end encrypted applications.
      • `Android Exploits` - Guide on Android Exploitation and Hacks.
      • `AMExtractor` - AMExtractor can dump out the physical content of your Android device even without kernel source code.
      • `Android Storage Extractor` - A tool to extract local data storage of an Android application in one click.
      • `Apktool` - A tool for reverse engineering Android apk files.
      • `enjarify` - A tool for translating Dalvik bytecode to equivalent Java bytecode.
      • `frida` - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
      • `hardened_malloc` - Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-based platforms. It will gain more portability / integration over time.
      • `jadx` - Command line and GUI tools for produce Java source code from Android Dex and Apk files.
      • `OSX Security Awesome` - A collection of OSX and iOS security resources
      • `OWASP Mobile Security Testing Guide` - A comprehensive manual for mobile app security testing and reverse engineering.
      • `symbiote` - Your target's phone's front and back cameras can be accessed by sending a link.
      • `Quark-Engine` - An Obfuscation-Neglect Android Malware Scoring System.
      • `reFlutter` - Flutter Reverse Engineering Framework.
      • `SecMobi Wiki` - A collection of mobile security resources which including articles, blogs, books, groups, projects, tools and conferences. *
      • `UDcide` - Android Malware Behavior Editor.

    • Authentication

      • `FreeOTP` - A two-factor authentication application for systems utilizing one-time password protocols. Tokens can be added easily by scanning a QR code.
      • `google-authenticator` - The Google Authenticator project includes implementations of one-time passcode generators for several mobile platforms, as well as a pluggable authentication module (PAM). One-time passcodes are generated using open standards developed by the Initiative for Open Authentication (OATH) (which is unrelated to OAuth). These implementations support the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm specified in RFC 6238. [Tutorials: How to set up two-factor authentication for SSH login on Linux](http://xmodulo.com/two-factor-authentication-ssh-login-linux.html)
      • `Stegcloak` - Securely assign Digital Authenticity to any written text

    • Anti-Virus / Anti-Malware

      • `Fastfinder` - Fast customisable cross-platform suspicious file finder. Supports md5/sha1/sha256 hashs, litteral/wildcard strings, regular expressions and YARA rules. Can easily be packed to be deployed on any windows / linux host.
      • `gocheck` - A golang implementation of Matterpreter's [`DefenderCheck`](https://github.com/matterpreter/DefenderCheck) that aims to aid red teams in their malware development capabilities by identifying the exact bytes in their malware that are flagged by security solutions.
      • `LOKI` - Simple Indicators of Compromise and Incident Response Scanner.
      • `Awesome Malware Analysis` - A curated list of awesome malware analysis tools and resources.
      • `ClamAv` - ClamAV® is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
      • `Linux Malware Detect` - A malware scanner for Linux designed around the threats faced in shared hosted environments.
      • `rkhunter` - A Rootkit Hunter for Linux.

    • Configuration Management

      • `Fleet device management` - Fleet is the lightweight, programmable telemetry platform for servers and workstations. Get comprehensive, customizable data from all your devices and operating systems.
      • `GLPi` - Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing.

    • Forensics

      • `Awesome Forensics` - Free (mostly open source) forensic analysis tools and resources.
      • `grr` - GRR Rapid Response is an incident response framework focused on remote live forensics.
      • `ir-rescue` - *ir-rescue* is a Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
      • `Logdissect` - CLI utility and Python API for analyzing log files and other data.
      • `Maigret` - Maigret collect a dossier on a person by username only, checking for accounts on a huge number of sites and gathering all the available information from web pages.
      • `Meerkat` - PowerShell-based Windows artifact collection for threat hunting and incident response.
      • `Rekall` - The Rekall Framework is a completely open collection of tools, implemented in Python under the Apache and GNU General Public License, for the extraction and analysis of digital artifacts computer systems.
      • `Volatility` - Python based memory extraction and analysis framework.
      • `url-sandbox` - Scalable URL Sandbox for analyzing URLs and Domains from phishing attacks.
      • `mig` - MIG is a platform to perform investigative surgery on remote endpoints. It enables investigators to obtain information from large numbers of systems in parallel, thus accelerating investigation of incidents and day-to-day operations security.

  • Social Engineering

    • Penetration Testing Report Templates

      • `wifiphisher` - Automated phishing attacks against WiFi networks.
      • `fakeinfo` - Generate Fake Info.
      • `zeoob` - Create Fake Instagram, Twitter & Facebook Posts.
      • `awesome-social-engineering`
      • `Beelogger` - Tool for generating keylooger.
      • `Catphish` - Tool for phishing and corporate espionage written in Ruby.
      • `Evilginx2` - Standalone Machine-in-the-Middle (MitM) reverse proxy attack framework for setting up phishing pages capable of defeating most forms of 2FA security schemes.
      • `FiercePhish` - Full-fledged phishing framework to manage all phishing engagements.
      • `King Phisher` - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content.
      • `Modlishka` - Flexible and powerful reverse proxy with real-time two-factor authentication.
      • `phishery` - TLS/SSL enabled Basic Auth credential harvester.
      • `Social Engineer Toolkit (SET)` - Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly.
      • `SocialFish` - Social media phishing framework that can run on an Android phone or in a Docker container.
      • `fake-telegram-chat-generator` - Generate your very own fake Telegram Messanger Chat.

  • Cloud Platform Attack Tools

    • `HackingThe.cloud`
    • `CloudHunter` - Looks for AWS, Azure and Google cloud storage buckets and lists permissions for vulnerable buckets.
    • `cloudsploit` - source project designed to allow detection of security risks in cloud infrastructure accounts, including: Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI), and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.
    • `GCPBucketBrute` - Script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.
    • `Cloud Container Attack Tool (CCAT)` - Tool for testing security of container environments.

  • Collaboration Tools

    • `Lair` - Reactive attack collaboration framework and web application built with meteor.
    • `Reconmap` - Open-source collaboration platform for InfoSec professionals that streamlines the pentest process.
    • `cset` - by-step process to collect facility-specific information addressing topics such as hardware, software, administrative policies, and user obligations. It then compares that information to relevant security standards and regulations, assesses overall compliance, and provides appropriate recommendations for improving cybersecurity posture. The tool pulls its recommendations from a collection of the best available cybersecurity standards, guidelines, and practices. Where appropriate, recommendations are linked to a set of actions that can be applied to enhance cybersecurity controls.
    • `Pentest Collaboration Framework (PCF)` - Open source, cross-platform, and portable toolkit for automating routine pentest processes with a team.
    • `RedELK` - Track and alarm about Blue Team activities while providing better usability in long term offensive operations.
    • `sysreptor`

  • CTF Tools / Resources / Courses

    • `Awesome CTF` - A curated list of CTF frameworks, libraries, resources and software.
    • `Hack The Box` - An online cybersecurity training platform allowing IT professionals to advance their ethical hacking skills and be part of a worldwide community.
    • `Offensive Security Training` - Training from BackTrack/Kali developers.
    • `OverTheWire War Games` - The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games.
    • `Roppers Academy Training` - Free courses on computing and security fundamentals designed to train a beginner to crush their first CTF.
    • `TryHackMe` - Online platform for learning cyber security, using hands-on exercises and labs.
    • `Awesome Cyber Skills` - A curated list of hacking environments where you can train your cyber skills legally and safely.
    • `CTF Field Guide` - Everything you need to win your next CTF competition.
    • `leaked-system-prompts`
    • `PayloadsAllTheThings` - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
    • `RsaCtfTool` - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks.
    • `shellpop` - Easily generate sophisticated reverse or bind shell commands to help you save time during penetration tests.

  • Datastores

    • `databunker` - Databunker is an address book on steroids for storing personal data. GDPR and encryption are out of the box.
    • `nextcloud` - A safe home for all your data.
    • `passbolt` - The password manager your team was waiting for. Free, open source, extensible, based on OpenPGP.
    • `acra` - Database security suite: proxy for data protection with transparent "on the fly" data encryption, data masking and tokenization, SQL firewall (SQL injections prevention), intrusion detection system.
    • `aws-vault` - Store AWS credentials in the OSX Keychain or an encrypted file
    • `blackbox` - Safely store secrets in a VCS repo using GPG
    • `chamber` - Store secrets using AWS KMS and SSM Parameter Store
    • `confidant` - Stores secrets in AWS DynamoDB, encrypted at rest and integrates with IAM
    • `credstash` - Store secrets using AWS KMS and DynamoDB
    • `dotgpg` - A tool for backing up and versioning your production secrets or shared passwords securely and easily.
    • `LunaSec` - Database for PII with automatic encryption/tokenization, sandboxed components for handling data, and centralized authorization controls.
    • `passpie` - Multiplatform command-line password manager
    • `pwndrop` - Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.
    • `redoctober` - Server for two-man rule style file encryption and decryption.
    • `Sops` - An editor of encrypted files that supports YAML, JSON and BINARY formats and encrypts with AWS KMS and PGP.
    • `Vault` - An encrypted datastore secure enough to hold environment and application secrets.
    • `Yopass` - Secure sharing of secrets, passwords and files.

  • Emails

  • Hash Cracking Tools

    • Forensics

      • `CeWL` - Generates custom wordlists by spidering a target's website and collecting unique words.
      • `BruteForce Wallet` - Find the password of an encrypted wallet file (i.e. `wallet.dat`).
      • `duplicut` - Quickly remove duplicates, without changing the order, and without getting OOM on huge wordlists.
      • `GoCrack` - Management Web frontend for distributed password cracking sessions using hashcat (or other supported tools) written in Go.
      • `hate_crack` - Tool for automating cracking methodologies through Hashcat.
      • `JWT Cracker` - Simple HS256 JSON Web Token (JWT) token brute force cracker.
      • `pydictor` - A powerful and useful hacker dictionary builder for a brute-force attack.
      • `crackstation` - Password Hash Cracker.
      • `Rar Crack` - RAR bruteforce cracker.

  • Hex Editors

    • Forensics

      • `Hexinator` - World's finest (proprietary, commercial) Hex Editor.
      • `wxHexEditor` - Free GUI hex editor for GNU/Linux, macOS, and Windows.
      • `Frhed` - Binary file editor for Windows.
      • `Bless` - High quality, full featured, cross-platform graphical hex editor written in Gtk#.
      • `hexedit` - Simple, fast, console-based hex editor.

  • Multi-paradigm Frameworks

    • Forensics

      • `Armitage` - Java-based GUI front-end for the Metasploit Framework.
      • `AutoSploit` - Automated mass exploiter, which collects target by employing the Shodan API and programmatically chooses Metasploit exploit modules based on the Shodan query.
      • `Decker` - Penetration testing orchestration and automation framework, which allows writing declarative, reusable configurations capable of ingesting variables and using outputs of tools it has run as inputs to others.
      • `Faraday` - Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.
      • `Metasploit Framework` - A tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research.
      • `Pupy` - Cross-platform (Windows, Linux, macOS, Android) remote administration and post-exploitation tool.
      • `Metasploit` - Software for offensive security teams to help verify vulnerabilities and manage security assessments.

  • Network

    • Forensics

      • `Intercepter-NG` - Multifunctional network toolkit.
      • `Praeda` - Automated multi-function printer data harvester for gathering usable data during security assessments.
      • `network-segmentation-cheat-sheet` - This project was created to publish the best practices for segmentation of the corporate network of any company. In general, the schemes in this project are suitable for any company.
      • `CrackMapExec` - Swiss army knife for pentesting networks.
      • `dnstwist` - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage.
      • `IKEForce` - Command line IPSEC VPN brute forcing tool for Linux that allows group name/ID enumeration and XAUTH brute forcing capabilities.
      • `Intercepter-NG` - Multifunctional network toolkit.
      • `Legion` - Graphical semi-automated discovery and reconnaissance framework based on Python 3 and forked from SPARTA.
      • `NetExec` - Network service exploitation tool that helps automate assessing the security of large networks.
      • `Network-Tools.com` - Website offering an interface to numerous basic network utilities like `ping`, `traceroute`, `whois`, and more.
      • `pivotsuite` - Portable, platform independent and powerful network pivoting toolkit.
      • `Praeda` - Automated multi-function printer data harvester for gathering usable data during security assessments.
      • `Printer Exploitation Toolkit (PRET)` - Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
      • `routersploit` - Open source exploitation framework similar to Metasploit but dedicated to embedded devices.
      • `rshijack` - TCP connection hijacker, Rust rewrite of `shijack`.
      • `SigPloit` - Signaling security testing framework dedicated to telecom security for researching vulnerabilites in the signaling protocols used in mobile (cellular phone) operators.
      • `THC Hydra` - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more.
      • `Tsunami` - General purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
      • `Zarp` - Network attack tool centered around the exploitation of local networks.
      • `dsniff` - Collection of tools for network auditing and pentesting.
      • `Ncrack` - High-speed network authentication cracking tool built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords.

    • DDoS Tools

      • `T50` - Faster network stress tool.
      • `DDoS-Ripper` - Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic.
      • `Ddosify` - Effortless Kubernetes Monitoring and Performance Testing. Available on CLI, Self-Hosted, and Cloud.
      • `Finshir` - A coroutines-driven Low & Slow traffic generator, written in Rust.
      • `Impulse` - Modern Denial-of-service ToolKit.
      • `Low Orbit Ion Canon (LOIC)` - Open source network stress tool written for Windows.
      • `Memcrashed` - DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API.
      • `SlowLoris` - DoS tool that uses low bandwidth on the attacking side.
      • `UFONet` - Abuses OSI layer 7 HTTP to create/manage 'zombies' and to conduct different attacks using; `GET`/`POST`, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
      • `Anevicon` - Powerful UDP-based load generator, written in Rust.
      • `HOIC` - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures.

    • Honey Pot / Honey Net

      • `Conpot` - ICS/SCADA Honeypot. Conpot is a low interactive server side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. By providing a range of common industrial control protocols we created the basics to build your own system, capable to emulate complex infrastructures to convince an adversary that he just found a huge industrial complex. To improve the deceptive capabilities, we also provided the possibility to server a custom human machine interface to increase the honeypots attack surface. The response times of the services can be artificially delayed to mimic the behaviour of a system under constant load. Because we are providing complete stacks of the protocols, Conpot can be accessed with productive HMI's or extended with real hardware. Conpot is developed under the umbrella of the Honeynet Project and on the shoulders of a couple of very big giants.
      • `Amun` - Amun Python-based low-interaction Honeypot.
      • `Conpot` - ICS/SCADA Honeypot. Conpot is a low interactive server side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. By providing a range of common industrial control protocols we created the basics to build your own system, capable to emulate complex infrastructures to convince an adversary that he just found a huge industrial complex. To improve the deceptive capabilities, we also provided the possibility to server a custom human machine interface to increase the honeypots attack surface. The response times of the services can be artificially delayed to mimic the behaviour of a system under constant load. Because we are providing complete stacks of the protocols, Conpot can be accessed with productive HMI's or extended with real hardware. Conpot is developed under the umbrella of the Honeynet Project and on the shoulders of a couple of very big giants.
      • `Cuckoo Sandbox` - Cuckoo Sandbox is an Open Source software for automating analysis of suspicious files. To do so it makes use of custom components that monitor the behavior of the malicious processes while running in an isolated environment.
      • `Glastopf` - Glastopf is a Honeypot which emulates thousands of vulnerabilities to gather data from attacks targeting web applications. The principle behind it is very simple: Reply the correct response to the attacker exploiting the web application.
      • `HoneyPy` - HoneyPy is a low to medium interaction honeypot. It is intended to be easy to: deploy, extend functionality with plugins, and apply custom configurations.
      • `HonSSH` - HonSSH is a high-interaction Honey Pot solution. HonSSH will sit between an attacker and a honey pot, creating two separate SSH connections between them.
      • `Kippo` - Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.
      • `awesome-honeypots` - The canonical awesome honeypot list.
      • `Kojoney` - Kojoney is a low level interaction honeypot that emulates an SSH server. The daemon is written in Python using the Twisted Conch libraries.

    • Monitoring / Logging / Event Management

      • `Falco` - The cloud-native runtime security project and de facto Kubernetes threat detection engine now part of the CNCF.
      • `OSSIM` - OSSIM provides all of the features that a security professional needs from a SIEM offering – event collection, normalization, and correlation.
      • `BoxyHQ` - Open source API for security and compliance audit logging.
      • `FIR` - Fast Incident Response, a cybersecurity incident management platform.
      • `httpx` - Fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library. It is designed to maintain result reliability with an increased number of threads.
      • `justniffer` - Justniffer is a network protocol analyzer that captures network traffic and produces logs in a customized way, can emulate Apache web server log files, track response times and extract all "intercepted" files from the HTTP traffic.
      • `LogESP` - Open Source SIEM (Security Information and Event Management system).
      • `Matano`
      • `opensnitch` - OpenSnitch is a GNU/Linux port of the Little Snitch application firewall.
      • `openvpn-monitor` - Web based OpenVPN monitor, that shows current connection information, such as users, location and data transferred.
      • `plow` - High-performance HTTP benchmarking tool with real-time web UI and terminal displaying.
      • `sagan` - Sagan uses a 'Snort like' engine and rules to analyze logs (syslog/event log/snmptrap/netflow/etc).
      • `uptime-kuma` - Fancy self-hosted monitoring tool.
      • `VAST` - Open source security data pipeline engine for structured event data, supporting high-volume telemetry ingestion, compaction, and retrieval; purpose-built for security content execution, guided threat hunting, and large-scale investigation.
      • `Node Security Platform` - Similar feature set to Snyk, but free in most cases, and very cheap for others.
      • `Prelude` - Prelude is a Universal "Security Information & Event Management" (SIEM) system. Prelude collects, normalizes, sorts, aggregates, correlates and reports all security-related events independently of the product brand or license giving rise to such events; Prelude is "agentless".
      • `ngrep` - ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

    • Network Reconnaissance Tools

      • `dnschecker` - Online DNS Check.
      • `DNSDumpster` - Online DNS recon and search service.
      • `dnstracer` - Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
      • `ACLight` - Script for advanced discovery of sensitive Privileged Accounts - includes Shadow Admins.
      • `AQUATONE` - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.
      • `CloudFail` - Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
      • `dnstracer` - Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
      • `fierce` - Python3 port of the original `fierce.pl` DNS reconnaissance tool for locating non-contiguous IP space.
      • `graphpath`
      • `MAC Address Vendor Lookup` - By a given MAC address/OUI/IAB, retrieve OUI vendor information, detect virtual machines, manufacturer, locations, read the information encoded in the MAC, and get our research's results regarding any MAC address, OUI, IAB, IEEE.
      • `Mass Scan` - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
      • `netdiscover` - Network address discovery scanner, based on ARP sweeps, developed mainly for those wireless networks without a DHCP server.
      • `OWASP Amass` - Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc.
      • `passivedns-client` - Library and query tool for querying several passive DNS providers.
      • `passivedns` - Network sniffer that logs all DNS server replies for use in a passive DNS setup.
      • `RustScan` - Lightweight and quick open-source port scanner designed to automatically pipe open ports into Nmap.
      • `ScanCannon` - POSIX-compliant BASH script to quickly enumerate large networks by calling `masscan` to quickly identify open ports and then `nmap` to gain details on the systems/services on those ports.
      • `scanless` - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.
      • `XRay` - Network (sub)domain discovery and reconnaissance automation tool.
      • `WatchYourLAN` - Lightweight network IP scanner. Can be used to notify about new hosts and monitor host online/offline history.
      • `nmap` - Free security scanner for network exploration & security audits.
      • `zmap` - Open source network scanner that enables researchers to easily perform Internet-wide network studies.

    • Wireless Network Tools

      • `Aircrack-ng` - Set of tools for auditing wireless networks.
      • `BoopSuite` - Suite of tools written in Python for wireless auditing.
      • `Reaver` - Brute force attack against WiFi Protected Setup.
      • `Airgeddon` - Multi-use bash script for Linux systems to audit wireless networks.
      • `Cowpatty` - Brute-force dictionary attack against WPA-PSK.
      • `Fluxion` - Suite of automated social engineering based WPA attacks.
      • `infernal-twin` - Automated wireless hacking tool.
      • `KRACK Detector` - Detect and prevent KRACK attacks in your network.
      • `krackattacks-scripts` - WPA2 Krack attack scripts.
      • `pwnagotchi` - Deep reinforcement learning based AI that learns from the Wi-Fi environment and instruments BetterCAP in order to maximize the WPA key material captured.
      • `Wifite` - Automated wireless attack tool.
      • `wifi-arsenal` - Resources for Wi-Fi Pentesting.
      • `WiFi-Pumpkin` - Framework for rogue Wi-Fi access point attack.
      • `Kismet` - Wireless network detector, sniffer, and IDS.

    • Network Vulnerability Scanners

      • `Above` - Automates the search for network vulnerabilities, designed for pentesters, Red Team operators, and network security engineers.
      • `Bolt` - CSRF Scanner.
      • `Boofuzz` - Fuzzing engine and fuzz testing framework.
      • `celerystalk` - Asynchronous enumeration and vulnerability scanner that "runs all the tools on all the hosts" in a configurable manner.
      • `CVS` - Powerful and customizable vulnerability scanner based on VDSL, which can replace Nessus or Nuclei, etc.
      • `Deepfence SecretScanner` - Find secrets and passwords in container images and file systems.
      • `Deepfence ThreatMapper` - Apache v2, powerful runtime vulnerability scanner for kubernetes, virtual machines and serverless.
      • `log4j-scan` - Fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts.
      • `monsoon` - Very flexible and fast interactive HTTP enumeration/fuzzing.
      • `Netz` - Discover internet-wide misconfigurations, using zgrab2 and others.
      • `nuclei` - Fast and customizable vulnerability scanner based on simple YAML based DSL.
      • `nuclei-templates` - Community curated list of templates for the nuclei engine to find security vulnerabilities.
      • `Nucleimonst3r` - Powerful vulnerability scanner that can help Bug Bounty Hunters find low hanging fruit vulnerabilities for known CVEs and exploits but also gather all the technology running behind them for further investigation for a potential target.
      • `Pompem` - Pompem is an open source tool, which is designed to automate the search for exploits in major databases. Developed in Python, has a system of advanced search, thus facilitating the work of pentesters and ethical hackers. In its current version, performs searches in databases: Exploit-db, 1337day, Packetstorm Security.
      • `trivy` - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more.
      • `Vuls` - Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go.
      • `Goby` - The new generation of network security technology achieves rapid security emergency through the establishment of a complete asset database for the target.
      • `Nexpose` - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.

    • Network Traffic Replay and Editing Tools

      • `bittwist` - Simple yet powerful libpcap-based Ethernet packet generator useful in simulating networking traffic or scenario, testing firewall, IDS, and IPS, and troubleshooting various network problems.
      • `hping3` - Network tool able to send custom TCP/IP packets.
      • `pig` - GNU/Linux packet crafting tool.
      • `scapy` - Python-based interactive packet manipulation program and library.
      • `tcpreplay` - Suite of free Open Source utilities for editing and replaying previously captured network traffic.
      • `TraceWrangler` - Network capture file toolkit that can edit and merge `pcap` or `pcapng` files with batch editing features.

    • Anti-Spam

      • `rspamd` - Fast, free and open-source spam filtering system.
      • `Spam Scanner` - Anti-Spam Scanning Service and Anti-Spam API.
      • `SpamAssassin` - A powerful and popular email spam filter employing a variety of detection technique.

    • Firewall

      • `blocklist-ipsets` - ipsets dynamically updated with firehol's update-ipsets.sh script.
      • `fwknop` - Protects ports via Single Packet Authorization in your firewall.
      • `ipset` - Framework inside the Linux kernel, which can be administered by the ipset utility. Depending on the type, an IP set may store IP addresses, networks, (TCP/UDP) port numbers, MAC addresses, interface names or combinations of them in a way, which ensures lightning speed when matching an entry against a set.
      • `OPNsense` - is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform. OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources.
      • `pfSense` - Firewall and Router FreeBSD distribution.

    • IDS / IPS / Host IDS / Host IPS

      • `CrowdSec` - CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network. It stacks on Fail2Ban's philosophy but is IPV6 compatible and 60x faster (Go vs Python), uses Grok patterns to parse logs and YAML scenario to identify behaviors. CrowdSec is engineered for modern Cloud / Containers / VM based infrastructures (by decoupling detection and remediation). Once detected, you can remedy threats with various bouncers (firewall block, nginx http 403, Captchas, etc.) while the aggressive IPs can be sent to CrowdSec for curation before being shared among all users to further strengthen the community
      • `maltrail` - Malicious traffic detection system.
      • `ssh-audit` - SSH server & client auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc).
      • `SSHGuard` - A software to protect services in addition to SSH, written in C.
      • `sshwatch` - IPS for SSH similar to DenyHosts written in Python. It also can gather information about attacker during the attack in a log.
      • `wazuh` - Wazuh is a free and open source XDR platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. Great tool foor all kind of deployments, it includes SIEM capabitilies (indexing + searching + WUI).
      • `zeek2es` - An open source tool to convert Zeek logs to Elastic/OpenSearch. You can also output pure JSON from Zeek's TSV logs!
      • `AIEngine` - AIEngine is a next generation interactive/programmable Python/Ruby/Java/Lua packet inspection engine with capabilities of learning without any human intervention, NIDS(Network Intrusion Detection System) functionality, DNS domain classification, network collector, network forensics and many others.
      • `Snort` - Snort is a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS)created by Martin Roesch in 1998. Snort is now developed by Sourcefire, of which Roesch is the founder and CTO. In 2009, Snort entered InfoWorld's Open Source Hall of Fame as one of the "greatest [pieces of] open source software of all time".
      • `Stealth` - File integrity checker that leaves virtually no sediment. Controller runs from another machine, which makes it hard for an attacker to know that the file system is being checked at defined pseudo random intervals over SSH. Highly recommended for small to medium deployments.
      • `Suricata` - Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors.
      • `Zeek` - Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
      • `Denyhosts` - Thwart SSH dictionary based attacks and brute force attacks.

    • IP

      • `cyberbro` - A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.
      • `CloakQuest3r` - Uncover the true IP address of websites safeguarded by Cloudflare & Others.
      • `iknowwhatyoudownload` - Use internet connection of other people (Wi Fi, their computers, tablets and smartphones) to know what they download in torrent network.
      • `abuseipdb` - Check an IP Address, Domain Name, or Subnet.
      • `ifconfig.io` - What is my ip address?.
      • `ipdeny` - All country IP block files are provided in CIDR format.
      • `myip` - Live Whois IP Source.
      • `subnet-calculator` - The CIDR Calculator enables CIDR network calculations using IP address, subnet mask, mask bits, maximum required IP addresses and maximum required subnets.

    • Protocol Analyzers / Sniffers

      • `Deepfence PacketStreamer` - High-performance remote packet capture and collection tool, distributed tcpdump for cloud native environments.
      • `Dshell` - Network forensic analysis framework.
      • `Moloch` - Moloch is an open source, large scale IPv4 packet capturing (PCAP), indexing and database system. A simple web interface is provided for PCAP browsing, searching, and exporting. APIs are exposed that allow PCAP data and JSON-formatted session data to be downloaded directly. Simple security is implemented by using HTTPS and HTTP digest password support or by using apache in front. Moloch is not meant to replace IDS engines but instead work along side them to store and index all the network traffic in standard PCAP format, providing fast access. Moloch is built to be deployed across many systems and can scale to handle multiple gigabits/sec of traffic.
      • `netsniff-ng` - Swiss army knife for network sniffing.
      • `NetworkMiner`
      • `Netzob` - Reverse engineering, traffic generation and fuzzing of communication protocols.
      • `OpenFPC` - OpenFPC is a set of tools that combine to provide a lightweight full-packet network traffic recorder & buffering system. It's design goal is to allow non-expert users to deploy a distributed network traffic recorder on COTS hardware while integrating into existing alert and log management tools.
      • `PCredz` - RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
      • `sniffglue` - Secure multithreaded packet sniffer.
      • `stenographer` - Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets.
      • `tcpflow - tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis and debugging. Each TCP flow is stored in its own file. Thus, the typical TCP flow will be stored in two files, one for each direction. tcpflow can also process stored 'tcpdump' packet flows.
      • `Live HTTP headers` - Live HTTP headers is a free firefox addon to see your browser requests in real time. It shows the entire headers of the requests and can be used to find the security loopholes in implementations.
      • `Wireshark` - Widely-used graphical, cross-platform network protocol analyzer.

    • Proxies and Machine-in-the-Middle (MITM) Tools

      • `dnschef` - Highly configurable DNS proxy for pentesters.
      • `evilgrade` - Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
      • `Habu` - Python utility implementing a variety of network attacks, such as ARP poisoning, DHCP starvation, and more.
      • `Lambda-Proxy` - Utility for testing SQL Injection vulnerabilities on AWS Lambda serverless functions.
      • `mallory` - HTTP/HTTPS proxy over SSH.
      • `MITMf` - Framework for Man-In-The-Middle attacks.
      • `Morpheus` - Automated ettercap TCP/IP Hijacking tool.
      • `oregano` - Python module that runs as a machine-in-the-middle (MITM) accepting Tor client requests.
      • `SSH MITM` - Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.
      • `sylkie` - Command line tool and library for testing networks for common address spoofing security vulnerabilities in IPv6 networks using the Neighbor Discovery Protocol.
      • `BetterCAP` - Modular, portable and easily extensible MITM framework.

    • Transport Layer Security Tools

      • `crackpkcs12` - Multithreaded program to crack PKCS#12 files (`.p12` and `.pfx` extensions), such as TLS/SSL certificates.
      • `localhost.direct` - Localhost with public CA signed SSL certificate.
      • `mkcert` - A simple zero-config tool to make locally trusted development certificates with any names you'd like.
      • `SSLyze` - Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.
      • `testssl.sh` - Command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.
      • `tls_prober` - Fingerprint a server's SSL/TLS implementation.

    • VPN

      • `Firezone` - Open-source VPN server and egress firewall for Linux built on WireGuard that makes it simple to manage secure remote access to your company’s private networks. Firezone is easy to set up (all dependencies are bundled thanks to Chef Omnibus), secure, performant, and self hostable.
      • `OpenVPN` - OpenVPN is an open source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange.

  • Open Sources Intelligence (OSINT)

    • Wireless Network Tools

      • `Hunter.io` - Data broker providing a Web search interface for discovering the email addresses and other organizational details of a company.
      • `Spiderfoot` - Multi-source OSINT automation tool with a Web UI and report visualizations.
      • `awesome-osint`
      • `bbot` - OSINT automation for hackers.
      • `creepy` - Geolocation OSINT tool.
      • `Depix` - Tool for recovering passwords from pixelized screenshots (by de-pixelating text).
      • `gOSINT` - OSINT tool with multiple modules and a telegram scraper.
      • `GyoiThon` - GyoiThon is an Intelligence Gathering tool using Machine Learning.
      • `image-match` - Quickly search over billions of images.
      • `Intrigue` - Automated OSINT & Attack Surface discovery framework with powerful API, UI and CLI.
      • `recon-ng` - Full-featured Web Reconnaissance framework written in Python.
      • `Skiptracer` - OSINT scraping framework that utilizes basic Python webscraping (BeautifulSoup) of PII paywall sites to compile passive information on a target on a ramen noodle budget.
      • `sn0int` - Semi-automatic OSINT framework and package manager.
      • `Sn1per` - Automated Pentest Recon Scanner.
      • `surfraw` - Fast UNIX command line interface to a variety of popular WWW search engines.
      • `z-cam` - The First Python Compatible Camera Hacking Tool.
      • `Threat Crowd` - Search engine for threats.
      • `Infoga` - Email OSINT.
      • `email2phonenumber` - OSINT tool to obtain a target's phone number just by having his email address.
      • `EmailFinder` - Search emails from a domain through search engines
      • `enola` - This is [Sherlock](https://github.com/sherlock-project/sherlock)'s sister Enola, Modern shiny CLI tool written with Golang to help you: 🔎 Hunt down social media accounts by username across social networks.
      • `Moriarty-Project` - this tool gives information about the phone number that you entered.
      • `SimplyEmail` - Email recon made fast and easy.
      • `WhatBreach` - Search email addresses and discover all known breaches that this email has been seen in, and download the breached database if it is publicly available.

    • Dorking tools

      • `Google Hacking Database` - Database of Google dorks; can be used for recon.
      • `BinGoo` - GNU/Linux bash based Bing and Google Dorking Tool.
      • `dorkbot` - Command-line tool to scan Google (or other) search results for vulnerabilities.
      • `dorks` - Google hack database automation tool.
      • `dork-cli` - Command line Google dork tool.
      • `fast-recon` - Perform Google dorks against a domain.
      • `github-dorks` - CLI tool to scan GitHub repos/organizations for potential sensitive information leaks.
      • `git-hound` - Reconnaissance tool for GitHub code search. Scans for exposed API keys across all of GitHub, not just known repos and orgs.
      • `GooDork` - Command line Google dorking tool.
      • `pagodo` - Automate Google Hacking Database scraping.
      • `snitch` - Information gathering via dorks.
      • `tartufo` - Searches through git repositories for high entropy strings and secrets, digging deep into commit history.

    • Metadata harvesting and analysis

    • Network device discovery tools

      • `ZoomEye` - Search engine for cyberspace that lets the user find specific network components.
      • `Shodan` - World's first search engine for Internet-connected devices.

    • OSINT Online Resources

      • `CertGraph` - Crawls a domain's SSL/TLS certificates for its certificate alternative names.
      • `HostHunter` - Recon tool for discovering hostnames using OSINT techniques.
      • `investigator` - Online handy-recon tool.
      • `bugmenot` - Find and share logins, see if the bugmenot community has shared any logins for it.
      • `Extract Images` - Extract Images from any public website by using a virtual browser.
      • `GhostProject` - Searchable database of billions of cleartext passwords, partially visible for free.
      • `iHUNT Intelligence FRAMEWORK` - Focuses on gathering information from free and open-source tools or resources. The intention is to help people find free and open source combined OSINT, GEOINT, SOCMINT and HUMINT resources for research or practice purposes, especially Law Enforcement and Intelligence Officers.
      • `NetBootcamp OSINT Tools` - Collection of OSINT links and custom Web interfaces to other services.
      • `whatsmyname` - This tool allows you to enumerate usernames across many websites.
      • `WiGLE.net` - Information about wireless networks world-wide, with user-friendly desktop and web applications.

    • Source code repository searching tools

      • `vcsmap` - Plugin-based tool to scan public version control systems for sensitive information.

    • Web application and resource analysis tools

      • `VHostScan` - Virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
      • `wafw00f` - Identifies and fingerprints Web Application Firewall (WAF) products.
      • `webscreenshot` - Simple script to take screenshots of websites from a list of sites.
      • `WhatWaf` - Detect and bypass web application firewalls and protection systems.
      • `WhatWeb` - Website fingerprinter.
      • `EyeWitness` - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
      • `Wappalyzer` - Wappalyzer uncovers the technologies used on websites.

  • Operating Systems

    • Linux

      • `Lynis` - Auditing tool for UNIX-based systems.
      • `crontab.guru` - The quick and simple editor for cron schedule expressions.
      • `LinPEAS` - LinPEAS is a script that search for possible paths to escalate privileges on Linux/Unix*/MacOS hosts.
      • `Bashark` - Aids pentesters and security researchers during the post-exploitation phase of security audit.
      • `boring`
      • `Fenrir` - Simple IOC scanner bash script.
      • `GTFONow` - Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.
      • `How-To-Secure-A-Linux-Server` - An evolving how-to guide for securing a Linux server.
      • `Hwacha` - Post-exploitation tool to quickly execute payloads via SSH on one or more Linux systems simultaneously.
      • `LinEnum` - Scripted Local Linux Enumeration & Privilege Escalation Checks.
      • `linuxprivchecker` - Linux Privilege Escalation Check Script
      • `linux-private-i` - Linux bash tool for Enumeration & Privilege Escalation.
      • `Linux-Privilege-Escalation` - This cheatsheet is aimed at the OSCP aspirants to help them understand the various methods of Escalating Privilege on Linux based Machines and CTFs with examples.
      • `linux-smart-enumeration` - Linux enumeration tool for pentesting and CTFs with verbosity levels.
      • `pyBackdoor` - a cross-platform (Windows/Linux/MacOS) yet simple and powerful backdoor/reverse tcp/RAT made in Python3 which contains many features such as multi-client support.
      • `RecoverPy` - Interactively find and recover deleted or overwritten files from your terminal.
      • `PwnKit` - Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation.
      • `SSH-Harvester` - Harvest passwords automatically from OpenSSH server.
      • `unix-privesc-check` - Shell script to check for simple privilege escalation vectors on UNIX systems.
      • `GTFOBins` - Curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
      • `LOLBAS (Living Off The Land Binaries and Scripts)` - Documents binaries, scripts, and libraries that can be used for "Living Off The Land" techniques, i.e., binaries that can be used by an attacker to perform actions beyond their original purpose.
      • `chmod calculator` - Chmod calculator allows you to quickly generate permissions in numerical and symbolic formats. All extra options are included (recursive, sticky, etc). You’ll be ready to copy paste your chmod command into your terminal in seconds.
      • `Data Storage Converter` - Popular data storage unit conversions.
      • `explainshell` - Write down a command-line to see the help text that matches each argument.
      • `LDAP TS Converter` - LDAP, Active Directory & Filetime Timestamp Converter.
      • `Unix TS Converter` - Epoch & Unix Timestamp Conversion Tools.

    • Windows

      • `ToxicEye` - Program for remote control of windows computers via telegram bot. Written in C#.
      • `Active Directory and Privilege Escalation (ADAPE)` - Umbrella script that automates numerous useful PowerShell modules to discover security misconfigurations and attempt privilege escalation against Active Directory.
      • `Commando VM` - Automated installation of over 140 Windows software packages for penetration testing and red teaming.
      • `Covenant` - ASP .NET Core application that serves as a collaborative command and control platform for red teamers.
      • `ctftool` - Interactive Collaborative Translation Framework (CTF) exploration tool capable of launching cross-session edit session attacks.
      • `DeathStar` - Python script that uses Empire's RESTful API to automate gaining Domain Admin rights in Active Directory environments.
      • `DomainPasswordSpray` - Tool written in PowerShell to perform a password spray attack against users of a domain.
      • `Fibratus` - Tool for exploration and tracing of the Windows kernel.
      • `Inveigh` - Windows PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer/machine-in-the-middle tool.
      • `LaZagne` - Credentials recovery project.
      • `MailSniper` - Modular tool for searching through email in a Microsoft Exchange environment, gathering the Global Address List from Outlook Web Access (OWA) and Exchange Web Services (EWS), and more.
      • `NauthNRPC`
      • `PowerSploit` - PowerShell Post-Exploitation Framework.
      • `redsnarf` - Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers.
      • `Responder` - Link-Local Multicast Name Resolution (LLMNR), NBT-NS, and mDNS poisoner.
      • `RID_ENUM` - Python script that can enumerate all users from a Windows Domain Controller and crack those user's passwords using brute-force.
      • `Rubeus` - Toolset for raw Kerberos interaction and abuses.
      • `Ruler` - Abuses client-side Outlook features to gain a remote shell on a Microsoft Exchange server.
      • `SauronEye` - Search tool to find specific files containing specific words, i.e. files containing passwords.
      • `SCOMDecrypt` - Retrieve and decrypt RunAs credentials stored within Microsoft System Center Operations Manager (SCOM) databases.
      • `SprayingToolkit` - Scripts to make password spraying attacks against Lync/S4B, Outlook Web Access (OWA) and Office 365 (O365) a lot quicker, less painful and more efficient.
      • `Windows Exploit Suggester` - Detects potential missing patches on the target.
      • `Empire` - Pure PowerShell post-exploitation agent.
      • `wePWNise` - Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software.
      • `Windows Credentials Editor` - Inspect logon sessions and add, change, list, and delete associated credentials, including Kerberos tickets.

    • Web application and resource analysis tools

      • `PEASS-ng` - Here you will find privilege escalation tools for Windows and Linux/Unix* and MacOS. These tools search for possible local privilege escalation paths that you could exploit and print them to you with nice colors so you can recognize the misconfigurations easily.

    • macOS

      • `EvilOSX` - Modular RAT that uses numerous evasion and exfiltration techniques out-of-the-box.

    • Operating System Distributions

      • `AttifyOS` - GNU/Linux distribution focused on tools useful during Internet of Things (IoT) security assessments.
      • `The Pentesters Framework` - Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that omits less frequently used utilities.
      • `Android Tamer` - Distribution built for Android security professionals that includes tools required for Android security testing.
      • `ArchStrike` - Arch GNU/Linux repository for security professionals and enthusiasts.
      • `BlackArch` - Arch GNU/Linux-based distribution for penetration testers and security researchers.
      • `Buscador` - GNU/Linux virtual machine that is pre-configured for online investigators.
      • `Kali` - Rolling Debian-based GNU/Linux distribution designed for penetration testing and digital forensics.
      • `Parrot` - Distribution similar to Kali, with support for multiple hardware architectures.
      • `PentestBox` - Open source pre-configured portable penetration testing environment for the Windows Operating System.
      • `Qubes OS` - Qubes OS is a free and open-source security-oriented operating system meant for single-user desktop computing.
      • `tsurugi` - heavily customized Linux distribution that designed to support DFIR investigations, malware analysis and OSINT activities.

    • Online Operating Systems Resources

  • Penetration Testing

    • Online Penetration Testing Resources

    • Passwords

    • Online Operating Systems Resources

    • Addintional Penetration Tools

      • `arsenal` - is just a quick inventory, reminder and launcher for pentest commands.
      • `rsg` - A tool to generate various ways to do a reverse shell.
      • `SSH-Snake` - Self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
      • `SUDO_KILLER` - A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileges on the system, essentially allowing a regular user to execute commands as the root user.

    • Penetration Testing Report Templates

  • Physical Access Tools

    • Penetration Testing Report Templates

      • `Thunderclap` - Open source I/O security research platform for auditing physical DMA-enabled hardware peripheral ports.
      • `PCILeech` - Uses PCIe hardware devices to read and write from the target system memory via Direct Memory Access (DMA) over PCIe.
      • `AT Commands` - Use AT commands over an Android device's USB port to rewrite device firmware, bypass security mechanisms, exfiltrate sensitive information, perform screen unlocks, and inject touch events.
      • `Poisontap` - Siphons cookies, exposes internal (LAN-side) router and installs web backdoor on locked computers.
      • `Proxmark3` - RFID/NFC cloning, replay, and spoofing toolkit often used for analyzing and attacking proximity cards/readers, wireless keys/keyfobs, and more.

  • Reverse Engineering

    • Penetration Testing Report Templates

      • `OllyDbg` - x86 debugger for Windows binaries that emphasizes binary code analysis.
      • `boxxy` - Linkable sandbox explorer.
      • `Detect It Easy(DiE)` - Program for determining types of files for Windows, Linux and MacOS.
      • `dnSpy` - Tool to reverse engineer .NET assemblies.
      • `Medusa` - Open source, cross-platform interactive disassembler.
      • `OllyDbg` - x86 debugger for Windows binaries that emphasizes binary code analysis.
      • `pwndbg` - GDB plug-in that eases debugging with GDB, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers, and exploit developers.
      • `PyREBox` - Python scriptable Reverse Engineering sandbox by Cisco-Talos.
      • `UEFITool` - UEFI firmware image viewer and editor.
      • `Voltron` - Extensible debugger UI toolkit written in Python.
      • `angr` - Platform-agnostic binary analysis framework.
      • `Capstone` - Lightweight multi-platform, multi-architecture disassembly framework.
      • `Immunity Debugger` - Powerful way to write exploits and analyze malware.

  • Threat Intelligence

    • Penetration Testing Report Templates

      • `leakedin.com` - The primary purpose of leakedin.com is to make visitors aware about the risks of loosing data. This blog just compiles samples of data lost or disclosed on sites like pastebin.com.
      • `PhishStats` - Phishing Statistics with search for IP, domain and website title.
      • `Threat Jammer` - REST API service that allows developers, security engineers, and other IT professionals to access curated threat intelligence data from a variety of sources.
      • `AutoShun` - AutoShun is a Snort plugin that allows you to send your Snort IDS logs to a centralized server that will correlate attacks from your sensor logs with other snort sensors, honeypots, and mail filters from around the world.
      • `AutoShun` - AutoShun is a Snort plugin that allows you to send your Snort IDS logs to a centralized server that will correlate attacks from your sensor logs with other snort sensors, honeypots, and mail filters from around the world.
      • `AlienVault Open Threat Exchange` - AlienVault Open Threat Exchange (OTX), to help you secure your networks from data loss, service disruption and system compromise caused by malicious IP addresses.
      • `Awesome Threat Detection and Hunting` - A curated list of awesome threat detection and hunting resources.
      • `Awesome Threat Intelligence` - A curated list of threat intelligence resources.
      • `Awesome Threat Modeling` - A curated list of Threat Modeling resources.
      • `CIFv2` - CIF is a cyber threat intelligence management system. CIF allows you to combine known malicious threat information from many sources and use that information for identification (incident response), detection (IDS) and mitigation (null route).
      • `Cyberowl` - A daily updated summary of the most frequent types of security incidents currently being reported from different sources.
      • `FireEye OpenIOCs` - FireEye Publicly Shared Indicators of Compromise (IOCs)
      • `leakedin.com` - The primary purpose of leakedin.com is to make visitors aware about the risks of loosing data. This blog just compiles samples of data lost or disclosed on sites like pastebin.com.
      • `Threat Jammer` - REST API service that allows developers, security engineers, and other IT professionals to access curated threat intelligence data from a variety of sources.
      • `virustotal` - VirusTotal, a subsidiary of Google, is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. At the same time, it may be used as a means to detect false positives, i.e. innocuous resources detected as malicious by one or more scanners.
      • `Internet Storm Center` - The ISC was created in 2001 following the successful detection, analysis, and widespread warning of the Li0n worm. Today, the ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers.
      • `MISP - Open Source Threat Intelligence Platform` - MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators. A threat intelligence platform for gathering, sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information. The MISP project includes software, common libraries ([taxonomies](https://www.misp-project.org/taxonomies.html), [threat-actors and various malware](https://www.misp-project.org/galaxy.html)), an extensive data model to share new information using [objects](https://www.misp-project.org/objects.html) and default [feeds](https://www.misp-project.org/feeds/).
      • `Tor Bulk Exit List` - CollecTor, your friendly data-collecting service in the Tor network. CollecTor fetches data from various nodes and services in the public Tor network and makes it available to the world. If you're doing research on the Tor network, or if you're developing an application that uses Tor network data, this is your place to start. [TOR Node List](https://www.dan.me.uk/tornodes) / [DNS Blacklists](https://www.dan.me.uk/dnsbl) / [Tor Node List](http://torstatus.blutmagie.de/)

  • Exfiltration Tools

    • Forensics

      • `tgcd` - Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.
      • `DET` - Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.
      • `dnscat2` - Tool designed to create an encrypted command and control channel over the DNS protocol, which is an effective tunnel out of almost every network.
      • `pwnat` - Punches holes in firewalls and NATs.
      • `QueenSono` - Client/Server Binaries for data exfiltration with ICMP. Useful in a network where ICMP protocol is less monitored than others (which is a common case).
      • `TrevorC2` - Client/server tool for masking command and control and data exfiltration through a normally browsable website, not typical HTTP POST requests.
      • `Iodine` - Tunnel IPv4 data through a DNS server; useful for exfiltration from networks where Internet access is firewalled, but DNS queries are allowed.

  • Static Analyzers

    • Penetration Testing Report Templates

      • `cppcheck` - Extensible C/C++ static analyzer focused on finding bugs.
      • `FindBugs` - Free software static analyzer to look for bugs in Java code.
      • `Brakeman` - Static analysis security vulnerability scanner for Ruby on Rails applications.
      • `cwe_checker` - Suite of tools built atop the Binary Analysis Platform (BAP) to heuristically detect CWEs in compiled binaries and firmware.
      • `Progpilot` - Static security analysis tool for PHP code.
      • `RegEx-DoS` - Analyzes source code for Regular Expressions susceptible to Denial of Service attacks.
      • `sobelow` - Security-focused static analysis for the Phoenix Framework.

  • Databases

    • `PGTune` - Tuning PostgreSQL config by your hardware.

  • Exploit Development Tools

    • Forensics

      • `Magic Unicorn` - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or `certutil` (using fake certificates).
      • `peda` - Python Exploit Development Assistance for GDB.
      • `Pwntools` - Rapid exploit development framework built for use in CTFs.
      • `VcenterKit` - Vcenter Comprehensive Penetration and Exploitation Toolkit.
      • `Wordpress Exploit Framework` - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.

  • Intentionally Vulnerable Systems

  • Samba Enumerating

    • Penetration Testing Report Templates

      • `enum4linux-ng` - Checking public resources for specified ranges on the local network.
      • `MANSPIDER` - Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported.
      • `smbclient-ng` - A fast and user friendly way to interact with SMB shares.
      • `smbmap` - Checking public resources for specified ranges on the local network.
      • `SMBSR` - Lookup for interesting stuff in SMB shares.

  • Steganography Tools

    • Penetration Testing Report Templates

      • `Cloakify` - Textual steganography toolkit that converts any filetype into lists of everyday strings.
      • `StegCracker` - Steganography brute-force utility to uncover hidden data inside files.

  • Web Servers

    • Web Vulnerability Scanners

      • `nginxpwner` - Simple tool to look for common Nginx misconfigurations and vulnerabilities.
      • `nginx playground` - Paste in an nginx config, and then a server starts nginx for you and runs any curl or http command you want against that nginx server.
      • `Server Side TLS` - help teams with the configuration of TLS.

  • Zero Trust

    • Web Vulnerability Scanners

      • `octelium` - gen FOSS self-hosted unified zero trust secure access platform that can operate as a remote access VPN, a ZTNA/BeyondCorp architecture, API/AI gateway, a PaaS, an infrastructure for MCP & A2A architectures or even as an ngrok-alternative and a homelab infrastructure.

  • Other

Programming Languages
Python 144 Go 42 C 28 Shell 22 JavaScript 14 Rust 13 PHP 8 Ruby 7 C# 7 HTML 7
Categories
Network 180 Web 67 Operating Systems 65 Open Sources Intelligence (OSINT) 59 Useful Resources 52 Endpoint 41 Vulnerability Databases 25 Penetration Testing 19 Threat Intelligence 18 Datastores 17 Social Engineering 14 Reverse Engineering 13 CTF Tools / Resources / Courses 12 Hash Cracking Tools 9 Anonymity / Tor Tools 8 Static Analyzers 7 Multi-paradigm Frameworks 7 Exfiltration Tools 7 Anti-virus Evasion Tools 7 Collaboration Tools 6 Cloud Platform Attack Tools 5 Samba Enumerating 5 Physical Access Tools 5 Emails 5 Exploit Development Tools 5 Hex Editors 5 Analysis Tools 4 Intentionally Vulnerable Systems 4 Other 3 Web Servers 3 Steganography Tools 2 Zero Trust 1 Databases 1
Sub Categories
Penetration Testing Report Templates 94 Forensics 68 Wireless Network Tools 31 Security Awesome Lists 29 Linux 26 Other Lists 26 Windows 25 Web Vulnerability Scanners 22 Network Reconnaissance Tools 22 Mobile / Android / iOS 19 Network Vulnerability Scanners 18 Monitoring / Logging / Event Management 17 Protocol Analyzers / Sniffers 13 IDS / IPS / Host IDS / Host IPS 13 Dorking tools 12 Web Exploitation 11 DDoS Tools 11 Operating System Distributions 11 Proxies and Machine-in-the-Middle (MITM) Tools 11 Honey Pot / Honey Net 10 OSINT Online Resources 10 Web application and resource analysis tools 8 IP 8 Anti-Virus / Anti-Malware 7 Email, phone search and analysis tools 7 Online Penetration Testing Resources 7 Web Subdomains 6 Transport Layer Security Tools 6 Web Shells / C2 Frameworks 6 Web Path Discovery / Bruteforcing Tools 6 Network Traffic Replay and Editing Tools 6 Firewall 5 Addintional Penetration Tools 4 Web Application Firewall 4 Web File Inclusion Tools 4 Web Accessible Source Code Ripping Tools 4 Web Proxies Intercepting 3 Anti-Spam 3 Online Operating Systems Resources 3 Metadata harvesting and analysis 3 Authentication 3 Web Injection Tools 3 Network device discovery tools 2 Configuration Management 2 Passwords 2 VPN 2 Web Reconnaissance Tools 1 macOS 1 Source code repository searching tools 1
Keywords
security 102 pentesting 46 security-tools 44 hacking 42 python 40 awesome 32 awesome-list 31 osint 27 pentest 23 penetration-testing 22 cybersecurity 20 bugbounty 19 security-audit 18 linux 16 scanner 15 infosec 15 pentest-tool 14 golang 13 reconnaissance 13 recon 13 hacking-tool 13 redteam 11 docker 10 cli 10 enumeration 10 devops 10 list 10 rust 10 go 10 reverse-engineering 9 python3 9 vulnerability-scanners 9 windows 9 javascript 8 forensics 8 network 8 malware 8 android 8 network-security 8 hacking-tools 8 post-exploitation 8 oscp 7 devsecops 7 phishing 7 vulnerability-scanner 7 dfir 7 incident-response 7 aws 7 security-scanner 7 vulnerability 7