Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

venom

👽 The collection of awesome software, tools, libraries, documents, books, resources and cool stuff about information security, penetration testing and offensive cybersecurity.
https://github.com/kraloveckey/venom

Last synced: 6 days ago
JSON representation

  • Useful Resources

  • CTF Tools / Resources / Courses

    • `Awesome CTF` - A curated list of CTF frameworks, libraries, resources and software.
    • `Hack The Box` - An online cybersecurity training platform allowing IT professionals to advance their ethical hacking skills and be part of a worldwide community.
    • `TryHackMe` - Online platform for learning cyber security, using hands-on exercises and labs.
    • `Roppers Academy Training` - Free courses on computing and security fundamentals designed to train a beginner to crush their first CTF.
    • `Offensive Security Training` - Training from BackTrack/Kali developers.
    • `OverTheWire War Games` - The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games.
    • `PayloadsAllTheThings` - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
    • `Awesome Cyber Skills` - A curated list of hacking environments where you can train your cyber skills legally and safely.
    • `CTF Field Guide` - Everything you need to win your next CTF competition.
    • `shellpop` - Easily generate sophisticated reverse or bind shell commands to help you save time during penetration tests.
    • `leaked-system-prompts`
    • `RsaCtfTool` - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks.
    • `Ciphey` - Automated decryption tool using artificial intelligence and natural language processing.

  • Endpoint

    • Anti-Virus / Anti-Malware

      • `Awesome Malware Analysis` - A curated list of awesome malware analysis tools and resources.
      • `Linux Malware Detect` - A malware scanner for Linux designed around the threats faced in shared hosted environments.
      • `ClamAv` - ClamAV® is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
      • `Fastfinder` - Fast customisable cross-platform suspicious file finder. Supports md5/sha1/sha256 hashs, litteral/wildcard strings, regular expressions and YARA rules. Can easily be packed to be deployed on any windows / linux host.
      • `LOKI` - Simple Indicators of Compromise and Incident Response Scanner.
      • `gocheck` - A golang implementation of Matterpreter's [`DefenderCheck`](https://github.com/matterpreter/DefenderCheck) that aims to aid red teams in their malware development capabilities by identifying the exact bytes in their malware that are flagged by security solutions.
      • `rkhunter` - A Rootkit Hunter for Linux.

    • Mobile / Android / iOS

      • `android-security-awesome` - A collection of android security related resources. A lot of work is happening in academia and industry on tools to perform dynamic analysis, static analysis and reverse engineering of android apps.
      • `Themis` - High-level multi-platform cryptographic framework for protecting sensitive data: secure messaging with forward secrecy and secure data storage (AES256GCM), suits for building end-to-end encrypted applications.
      • `dotPeek` - Free-of-charge standalone tool based on ReSharper's bundled decompiler.
      • `jadx` - Command line and GUI tools for produce Java source code from Android Dex and Apk files.
      • `frida` - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
      • `Apktool` - A tool for reverse engineering Android apk files.
      • `Quark-Engine` - An Obfuscation-Neglect Android Malware Scoring System.
      • `OSX Security Awesome` - A collection of OSX and iOS security resources
      • `enjarify` - A tool for translating Dalvik bytecode to equivalent Java bytecode.
      • `symbiote` - Your target's phone's front and back cameras can be accessed by sending a link.
      • `hardened_malloc` - Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-based platforms. It will gain more portability / integration over time.
      • `reFlutter` - Flutter Reverse Engineering Framework.
      • `OWASP Mobile Security Testing Guide` - A comprehensive manual for mobile app security testing and reverse engineering.
      • `Android Exploits` - Guide on Android Exploitation and Hacks.
      • `SecMobi Wiki` - A collection of mobile security resources which including articles, blogs, books, groups, projects, tools and conferences. *
      • `Android Storage Extractor` - A tool to extract local data storage of an Android application in one click.
      • `AMExtractor` - AMExtractor can dump out the physical content of your Android device even without kernel source code.
      • `UDcide` - Android Malware Behavior Editor.
      • `Mobile Security Wiki` - A collection of mobile security resources.

    • Authentication

      • `FreeOTP` - A two-factor authentication application for systems utilizing one-time password protocols. Tokens can be added easily by scanning a QR code.
      • `Stegcloak` - Securely assign Digital Authenticity to any written text
      • `google-authenticator` - The Google Authenticator project includes implementations of one-time passcode generators for several mobile platforms, as well as a pluggable authentication module (PAM). One-time passcodes are generated using open standards developed by the Initiative for Open Authentication (OATH) (which is unrelated to OAuth). These implementations support the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm specified in RFC 6238. [Tutorials: How to set up two-factor authentication for SSH login on Linux](http://xmodulo.com/two-factor-authentication-ssh-login-linux.html)

    • Forensics

      • `mig` - MIG is a platform to perform investigative surgery on remote endpoints. It enables investigators to obtain information from large numbers of systems in parallel, thus accelerating investigation of incidents and day-to-day operations security.
      • `Logdissect` - CLI utility and Python API for analyzing log files and other data.
      • `Awesome Forensics` - Free (mostly open source) forensic analysis tools and resources.
      • `Maigret` - Maigret collect a dossier on a person by username only, checking for accounts on a huge number of sites and gathering all the available information from web pages.
      • `Volatility` - Python based memory extraction and analysis framework.
      • `grr` - GRR Rapid Response is an incident response framework focused on remote live forensics.
      • `Rekall` - The Rekall Framework is a completely open collection of tools, implemented in Python under the Apache and GNU General Public License, for the extraction and analysis of digital artifacts computer systems.
      • `ir-rescue` - *ir-rescue* is a Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
      • `Meerkat` - PowerShell-based Windows artifact collection for threat hunting and incident response.
      • `url-sandbox` - Scalable URL Sandbox for analyzing URLs and Domains from phishing attacks.

    • Configuration Management

      • `GLPi` - Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing.
      • `Fleet device management` - Fleet is the lightweight, programmable telemetry platform for servers and workstations. Get comprehensive, customizable data from all your devices and operating systems.
      • `Rudder` - Rudder is an easy to use, web-driven, role-based solution for IT Infrastructure Automation & Compliance. Automate common system administration tasks (installation, configuration); Enforce configuration over time (configuring once is good, ensuring that configuration is valid and automatically fixing it is better); Inventory of all managed nodes; Web interface to configure and manage nodes and their configuration; Compliance reporting, by configuration and/or by node.

  • Network

    • Honey Pot / Honey Net

      • `awesome-honeypots` - The canonical awesome honeypot list.
      • `Conpot` - ICS/SCADA Honeypot. Conpot is a low interactive server side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. By providing a range of common industrial control protocols we created the basics to build your own system, capable to emulate complex infrastructures to convince an adversary that he just found a huge industrial complex. To improve the deceptive capabilities, we also provided the possibility to server a custom human machine interface to increase the honeypots attack surface. The response times of the services can be artificially delayed to mimic the behaviour of a system under constant load. Because we are providing complete stacks of the protocols, Conpot can be accessed with productive HMI's or extended with real hardware. Conpot is developed under the umbrella of the Honeynet Project and on the shoulders of a couple of very big giants.
      • `Kippo` - Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.
      • `HoneyPy` - HoneyPy is a low to medium interaction honeypot. It is intended to be easy to: deploy, extend functionality with plugins, and apply custom configurations.
      • `Amun` - Amun Python-based low-interaction Honeypot.
      • `HonSSH` - HonSSH is a high-interaction Honey Pot solution. HonSSH will sit between an attacker and a honey pot, creating two separate SSH connections between them.
      • `Conpot` - ICS/SCADA Honeypot. Conpot is a low interactive server side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. By providing a range of common industrial control protocols we created the basics to build your own system, capable to emulate complex infrastructures to convince an adversary that he just found a huge industrial complex. To improve the deceptive capabilities, we also provided the possibility to server a custom human machine interface to increase the honeypots attack surface. The response times of the services can be artificially delayed to mimic the behaviour of a system under constant load. Because we are providing complete stacks of the protocols, Conpot can be accessed with productive HMI's or extended with real hardware. Conpot is developed under the umbrella of the Honeynet Project and on the shoulders of a couple of very big giants.
      • `Glastopf` - Glastopf is a Honeypot which emulates thousands of vulnerabilities to gather data from attacks targeting web applications. The principle behind it is very simple: Reply the correct response to the attacker exploiting the web application.
      • `Cuckoo Sandbox` - Cuckoo Sandbox is an Open Source software for automating analysis of suspicious files. To do so it makes use of custom components that monitor the behavior of the malicious processes while running in an isolated environment.
      • `Kojoney` - Kojoney is a low level interaction honeypot that emulates an SSH server. The daemon is written in Python using the Twisted Conch libraries.

    • Monitoring / Logging / Event Management

      • `Falco` - The cloud-native runtime security project and de facto Kubernetes threat detection engine now part of the CNCF.
      • `Node Security Platform` - Similar feature set to Snyk, but free in most cases, and very cheap for others.
      • `Prelude` - Prelude is a Universal "Security Information & Event Management" (SIEM) system. Prelude collects, normalizes, sorts, aggregates, correlates and reports all security-related events independently of the product brand or license giving rise to such events; Prelude is "agentless".
      • `opensnitch` - OpenSnitch is a GNU/Linux port of the Little Snitch application firewall.
      • `uptime-kuma` - Fancy self-hosted monitoring tool.
      • `plow` - High-performance HTTP benchmarking tool with real-time web UI and terminal displaying.
      • `httpx` - Fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library. It is designed to maintain result reliability with an increased number of threads.
      • `Matano`
      • `BoxyHQ` - Open source API for security and compliance audit logging.
      • `FIR` - Fast Incident Response, a cybersecurity incident management platform.
      • `openvpn-monitor` - Web based OpenVPN monitor, that shows current connection information, such as users, location and data transferred.
      • `LogESP` - Open Source SIEM (Security Information and Event Management system).
      • `VAST` - Open source security data pipeline engine for structured event data, supporting high-volume telemetry ingestion, compaction, and retrieval; purpose-built for security content execution, guided threat hunting, and large-scale investigation.
      • `justniffer` - Justniffer is a network protocol analyzer that captures network traffic and produces logs in a customized way, can emulate Apache web server log files, track response times and extract all "intercepted" files from the HTTP traffic.
      • `sagan` - Sagan uses a 'Snort like' engine and rules to analyze logs (syslog/event log/snmptrap/netflow/etc).
      • `ngrep` - ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.
      • `OSSIM` - OSSIM provides all of the features that a security professional needs from a SIEM offering – event collection, normalization, and correlation.
      • `httpry` - httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the traffic as it is parsed, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications.
      • `justniffer` - Justniffer is a network protocol analyzer that captures network traffic and produces logs in a customized way, can emulate Apache web server log files, track response times and extract all "intercepted" files from the HTTP traffic.
      • `ntopng` - Ntopng is a network traffic probe that shows the network usage, similar to what the popular top Unix command does.

    • Protocol Analyzers / Sniffers

      • `Wireshark` - Widely-used graphical, cross-platform network protocol analyzer.
      • `NetworkMiner`
      • `Live HTTP headers` - Live HTTP headers is a free firefox addon to see your browser requests in real time. It shows the entire headers of the requests and can be used to find the security loopholes in implementations.
      • `PCredz` - RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
      • `Dshell` - Network forensic analysis framework.
      • `sniffglue` - Secure multithreaded packet sniffer.
      • `stenographer` - Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets.
      • `tcpflow - tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis and debugging. Each TCP flow is stored in its own file. Thus, the typical TCP flow will be stored in two files, one for each direction. tcpflow can also process stored 'tcpdump' packet flows.
      • `Deepfence PacketStreamer` - High-performance remote packet capture and collection tool, distributed tcpdump for cloud native environments.
      • `netsniff-ng` - Swiss army knife for network sniffing.
      • `Netzob` - Reverse engineering, traffic generation and fuzzing of communication protocols.
      • `Moloch` - Moloch is an open source, large scale IPv4 packet capturing (PCAP), indexing and database system. A simple web interface is provided for PCAP browsing, searching, and exporting. APIs are exposed that allow PCAP data and JSON-formatted session data to be downloaded directly. Simple security is implemented by using HTTPS and HTTP digest password support or by using apache in front. Moloch is not meant to replace IDS engines but instead work along side them to store and index all the network traffic in standard PCAP format, providing fast access. Moloch is built to be deployed across many systems and can scale to handle multiple gigabits/sec of traffic.
      • `OpenFPC` - OpenFPC is a set of tools that combine to provide a lightweight full-packet network traffic recorder & buffering system. It's design goal is to allow non-expert users to deploy a distributed network traffic recorder on COTS hardware while integrating into existing alert and log management tools.
      • `Debookee` - Simple and powerful network traffic analyzer for macOS.
      • `Xplico` - The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).

    • Network Reconnaissance Tools

      • `nmap` - Free security scanner for network exploration & security audits.
      • `DNSDumpster` - Online DNS recon and search service.
      • `dnstracer` - Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
      • `zmap` - Open source network scanner that enables researchers to easily perform Internet-wide network studies.
      • `dnschecker` - Online DNS Check.
      • `AQUATONE` - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.
      • `Mass Scan` - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
      • `fierce` - Python3 port of the original `fierce.pl` DNS reconnaissance tool for locating non-contiguous IP space.
      • `passivedns` - Network sniffer that logs all DNS server replies for use in a passive DNS setup.
      • `CloudFail` - Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
      • `XRay` - Network (sub)domain discovery and reconnaissance automation tool.
      • `scanless` - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.
      • `ACLight` - Script for advanced discovery of sensitive Privileged Accounts - includes Shadow Admins.
      • `ScanCannon` - POSIX-compliant BASH script to quickly enumerate large networks by calling `masscan` to quickly identify open ports and then `nmap` to gain details on the systems/services on those ports.
      • `WatchYourLAN` - Lightweight network IP scanner. Can be used to notify about new hosts and monitor host online/offline history.
      • `netdiscover` - Network address discovery scanner, based on ARP sweeps, developed mainly for those wireless networks without a DHCP server.
      • `graphpath`
      • `passivedns-client` - Library and query tool for querying several passive DNS providers.
      • `OWASP Amass` - Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc.
      • `dnstracer` - Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
      • `MAC Address Vendor Lookup` - By a given MAC address/OUI/IAB, retrieve OUI vendor information, detect virtual machines, manufacturer, locations, read the information encoded in the MAC, and get our research's results regarding any MAC address, OUI, IAB, IEEE.
      • `RustScan` - Lightweight and quick open-source port scanner designed to automatically pipe open ports into Nmap.

    • Firewall

      • `pfSense` - Firewall and Router FreeBSD distribution.
      • `OPNsense` - is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform. OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources.
      • `fwknop` - Protects ports via Single Packet Authorization in your firewall.
      • `ipset` - Framework inside the Linux kernel, which can be administered by the ipset utility. Depending on the type, an IP set may store IP addresses, networks, (TCP/UDP) port numbers, MAC addresses, interface names or combinations of them in a way, which ensures lightning speed when matching an entry against a set.
      • `blocklist-ipsets` - ipsets dynamically updated with firehol's update-ipsets.sh script.

    • IDS / IPS / Host IDS / Host IPS

      • `Snort` - Snort is a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS)created by Martin Roesch in 1998. Snort is now developed by Sourcefire, of which Roesch is the founder and CTO. In 2009, Snort entered InfoWorld's Open Source Hall of Fame as one of the "greatest [pieces of] open source software of all time".
      • `Zeek` - Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
      • `Stealth` - File integrity checker that leaves virtually no sediment. Controller runs from another machine, which makes it hard for an attacker to know that the file system is being checked at defined pseudo random intervals over SSH. Highly recommended for small to medium deployments.
      • `AIEngine` - AIEngine is a next generation interactive/programmable Python/Ruby/Java/Lua packet inspection engine with capabilities of learning without any human intervention, NIDS(Network Intrusion Detection System) functionality, DNS domain classification, network collector, network forensics and many others.
      • `Suricata` - Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors.
      • `maltrail` - Malicious traffic detection system.
      • `wazuh` - Wazuh is a free and open source XDR platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. Great tool foor all kind of deployments, it includes SIEM capabitilies (indexing + searching + WUI).
      • `zeek2es` - An open source tool to convert Zeek logs to Elastic/OpenSearch. You can also output pure JSON from Zeek's TSV logs!
      • `CrowdSec` - CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network. It stacks on Fail2Ban's philosophy but is IPV6 compatible and 60x faster (Go vs Python), uses Grok patterns to parse logs and YAML scenario to identify behaviors. CrowdSec is engineered for modern Cloud / Containers / VM based infrastructures (by decoupling detection and remediation). Once detected, you can remedy threats with various bouncers (firewall block, nginx http 403, Captchas, etc.) while the aggressive IPs can be sent to CrowdSec for curation before being shared among all users to further strengthen the community
      • `ssh-audit` - SSH server & client auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc).
      • `sshwatch` - IPS for SSH similar to DenyHosts written in Python. It also can gather information about attacker during the attack in a log.
      • `SSHGuard` - A software to protect services in addition to SSH, written in C.
      • `Denyhosts` - Thwart SSH dictionary based attacks and brute force attacks.
      • `Fail2Ban` - Scans log files and takes action on IPs that show malicious behavior.
      • `OSSEC` - Comprehensive Open Source HIDS. Not for the faint of heart. Takes a bit to get your head around how it works. Performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, MacOS, Solaris, HP-UX, AIX and Windows. Plenty of reasonable documentation. Sweet spot is medium to large deployments.
      • `Security Onion` - Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It's based on Ubuntu and contains Snort, Suricata, Zeek, OSSEC, Sguil, Squert, Snorby, ELSA, Xplico, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!
      • `SSHGuard` - A software to protect services in addition to SSH, written in C.

    • Forensics

      • `Intercepter-NG` - Multifunctional network toolkit.
      • `Ncrack` - High-speed network authentication cracking tool built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords.
      • `Praeda` - Automated multi-function printer data harvester for gathering usable data during security assessments.
      • `dsniff` - Collection of tools for network auditing and pentesting.
      • `THC Hydra` - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more.
      • `rshijack` - TCP connection hijacker, Rust rewrite of `shijack`.
      • `CrackMapExec` - Swiss army knife for pentesting networks.
      • `Printer Exploitation Toolkit (PRET)` - Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
      • `Zarp` - Network attack tool centered around the exploitation of local networks.
      • `network-segmentation-cheat-sheet` - This project was created to publish the best practices for segmentation of the corporate network of any company. In general, the schemes in this project are suitable for any company.
      • `dnstwist` - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage.
      • `Tsunami` - General purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
      • `NetExec` - Network service exploitation tool that helps automate assessing the security of large networks.
      • `SigPloit` - Signaling security testing framework dedicated to telecom security for researching vulnerabilites in the signaling protocols used in mobile (cellular phone) operators.
      • `routersploit` - Open source exploitation framework similar to Metasploit but dedicated to embedded devices.
      • `Legion` - Graphical semi-automated discovery and reconnaissance framework based on Python 3 and forked from SPARTA.
      • `Network-Tools.com` - Website offering an interface to numerous basic network utilities like `ping`, `traceroute`, `whois`, and more.
      • `Intercepter-NG` - Multifunctional network toolkit.
      • `Praeda` - Automated multi-function printer data harvester for gathering usable data during security assessments.
      • `IKEForce` - Command line IPSEC VPN brute forcing tool for Linux that allows group name/ID enumeration and XAUTH brute forcing capabilities.
      • `pivotsuite` - Portable, platform independent and powerful network pivoting toolkit.

    • DDoS Tools

      • `Anevicon` - Powerful UDP-based load generator, written in Rust.
      • `HOIC` - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures.
      • `T50` - Faster network stress tool.
      • `SlowLoris` - DoS tool that uses low bandwidth on the attacking side.
      • `Impulse` - Modern Denial-of-service ToolKit.
      • `UFONet` - Abuses OSI layer 7 HTTP to create/manage 'zombies' and to conduct different attacks using; `GET`/`POST`, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
      • `DDoS-Ripper` - Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic.
      • `Low Orbit Ion Canon (LOIC)` - Open source network stress tool written for Windows.
      • `Memcrashed` - DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API.
      • `Ddosify` - Effortless Kubernetes Monitoring and Performance Testing. Available on CLI, Self-Hosted, and Cloud.
      • `Finshir` - A coroutines-driven Low & Slow traffic generator, written in Rust.
      • `D(HE)ater` - D(HE)ater sends forged cryptographic handshake messages to enforce the Diffie-Hellman key exchange.

    • Network Traffic Replay and Editing Tools

      • `TraceWrangler` - Network capture file toolkit that can edit and merge `pcap` or `pcapng` files with batch editing features.
      • `tcpreplay` - Suite of free Open Source utilities for editing and replaying previously captured network traffic.
      • `scapy` - Python-based interactive packet manipulation program and library.
      • `hping3` - Network tool able to send custom TCP/IP packets.
      • `pig` - GNU/Linux packet crafting tool.
      • `bittwist` - Simple yet powerful libpcap-based Ethernet packet generator useful in simulating networking traffic or scenario, testing firewall, IDS, and IPS, and troubleshooting various network problems.

    • Proxies and Machine-in-the-Middle (MITM) Tools

      • `BetterCAP` - Modular, portable and easily extensible MITM framework.
      • `evilgrade` - Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
      • `SSH MITM` - Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.
      • `Morpheus` - Automated ettercap TCP/IP Hijacking tool.
      • `dnschef` - Highly configurable DNS proxy for pentesters.
      • `mallory` - HTTP/HTTPS proxy over SSH.
      • `oregano` - Python module that runs as a machine-in-the-middle (MITM) accepting Tor client requests.
      • `MITMf` - Framework for Man-In-The-Middle attacks.
      • `Habu` - Python utility implementing a variety of network attacks, such as ARP poisoning, DHCP starvation, and more.
      • `Lambda-Proxy` - Utility for testing SQL Injection vulnerabilities on AWS Lambda serverless functions.
      • `sylkie` - Command line tool and library for testing networks for common address spoofing security vulnerabilities in IPv6 networks using the Neighbor Discovery Protocol.

    • Wireless Network Tools

      • `Aircrack-ng` - Set of tools for auditing wireless networks.
      • `BoopSuite` - Suite of tools written in Python for wireless auditing.
      • `Kismet` - Wireless network detector, sniffer, and IDS.
      • `Reaver` - Brute force attack against WiFi Protected Setup.
      • `pwnagotchi` - Deep reinforcement learning based AI that learns from the Wi-Fi environment and instruments BetterCAP in order to maximize the WPA key material captured.
      • `wifi-arsenal` - Resources for Wi-Fi Pentesting.
      • `krackattacks-scripts` - WPA2 Krack attack scripts.
      • `Fluxion` - Suite of automated social engineering based WPA attacks.
      • `Wifite` - Automated wireless attack tool.
      • `Cowpatty` - Brute-force dictionary attack against WPA-PSK.
      • `Airgeddon` - Multi-use bash script for Linux systems to audit wireless networks.
      • `infernal-twin` - Automated wireless hacking tool.
      • `WiFi-Pumpkin` - Framework for rogue Wi-Fi access point attack.
      • `KRACK Detector` - Detect and prevent KRACK attacks in your network.

    • Network Vulnerability Scanners

      • `Nexpose` - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
      • `Goby` - The new generation of network security technology achieves rapid security emergency through the establishment of a complete asset database for the target.
      • `trivy` - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more.
      • `Vuls` - Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go.
      • `Deepfence ThreatMapper` - Apache v2, powerful runtime vulnerability scanner for kubernetes, virtual machines and serverless.
      • `nuclei` - Fast and customizable vulnerability scanner based on simple YAML based DSL.
      • `nuclei-templates` - Community curated list of templates for the nuclei engine to find security vulnerabilities.
      • `Netz` - Discover internet-wide misconfigurations, using zgrab2 and others.
      • `celerystalk` - Asynchronous enumeration and vulnerability scanner that "runs all the tools on all the hosts" in a configurable manner.
      • `Boofuzz` - Fuzzing engine and fuzz testing framework.
      • `log4j-scan` - Fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts.
      • `Deepfence SecretScanner` - Find secrets and passwords in container images and file systems.
      • `Pompem` - Pompem is an open source tool, which is designed to automate the search for exploits in major databases. Developed in Python, has a system of advanced search, thus facilitating the work of pentesters and ethical hackers. In its current version, performs searches in databases: Exploit-db, 1337day, Packetstorm Security.
      • `monsoon` - Very flexible and fast interactive HTTP enumeration/fuzzing.
      • `Bolt` - CSRF Scanner.
      • `CVS` - Powerful and customizable vulnerability scanner based on VDSL, which can replace Nessus or Nuclei, etc.
      • `Nucleimonst3r` - Powerful vulnerability scanner that can help Bug Bounty Hunters find low hanging fruit vulnerabilities for known CVEs and exploits but also gather all the technology running behind them for further investigation for a potential target.
      • `Above` - Automates the search for network vulnerabilities, designed for pentesters, Red Team operators, and network security engineers.

    • VPN

      • `OpenVPN` - OpenVPN is an open source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange.
      • `Firezone` - Open-source VPN server and egress firewall for Linux built on WireGuard that makes it simple to manage secure remote access to your company’s private networks. Firezone is easy to set up (all dependencies are bundled thanks to Chef Omnibus), secure, performant, and self hostable.

    • Anti-Spam

      • `SpamAssassin` - A powerful and popular email spam filter employing a variety of detection technique.
      • `Spam Scanner` - Anti-Spam Scanning Service and Anti-Spam API.
      • `rspamd` - Fast, free and open-source spam filtering system.

    • IP

      • `abuseipdb` - Check an IP Address, Domain Name, or Subnet.
      • `myip` - Live Whois IP Source.
      • `ifconfig.io` - What is my ip address?.
      • `ipdeny` - All country IP block files are provided in CIDR format.
      • `subnet-calculator` - The CIDR Calculator enables CIDR network calculations using IP address, subnet mask, mask bits, maximum required IP addresses and maximum required subnets.
      • `cyberbro` - A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.
      • `CloakQuest3r` - Uncover the true IP address of websites safeguarded by Cloudflare & Others.
      • `iknowwhatyoudownload` - Use internet connection of other people (Wi Fi, their computers, tablets and smartphones) to know what they download in torrent network.

    • Transport Layer Security Tools

      • `mkcert` - A simple zero-config tool to make locally trusted development certificates with any names you'd like.
      • `SSLyze` - Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.
      • `localhost.direct` - Localhost with public CA signed SSL certificate.
      • `tls_prober` - Fingerprint a server's SSL/TLS implementation.
      • `crackpkcs12` - Multithreaded program to crack PKCS#12 files (`.p12` and `.pfx` extensions), such as TLS/SSL certificates.

  • Operating Systems

    • Operating System Distributions

      • `Kali` - Rolling Debian-based GNU/Linux distribution designed for penetration testing and digital forensics.
      • `ArchStrike` - Arch GNU/Linux repository for security professionals and enthusiasts.
      • `Android Tamer` - Distribution built for Android security professionals that includes tools required for Android security testing.
      • `BlackArch` - Arch GNU/Linux-based distribution for penetration testers and security researchers.
      • `Buscador` - GNU/Linux virtual machine that is pre-configured for online investigators.
      • `Parrot` - Distribution similar to Kali, with support for multiple hardware architectures.
      • `PentestBox` - Open source pre-configured portable penetration testing environment for the Windows Operating System.
      • `Qubes OS` - Qubes OS is a free and open-source security-oriented operating system meant for single-user desktop computing.
      • `tsurugi` - heavily customized Linux distribution that designed to support DFIR investigations, malware analysis and OSINT activities.
      • `The Pentesters Framework` - Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that omits less frequently used utilities.
      • `AttifyOS` - GNU/Linux distribution focused on tools useful during Internet of Things (IoT) security assessments.

    • Linux

      • `Lynis` - Auditing tool for UNIX-based systems.
      • `GTFOBins` - Curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
      • `LOLBAS (Living Off The Land Binaries and Scripts)` - Documents binaries, scripts, and libraries that can be used for "Living Off The Land" techniques, i.e., binaries that can be used by an attacker to perform actions beyond their original purpose.
      • `explainshell` - Write down a command-line to see the help text that matches each argument.
      • `crontab.guru` - The quick and simple editor for cron schedule expressions.
      • `chmod calculator` - Chmod calculator allows you to quickly generate permissions in numerical and symbolic formats. All extra options are included (recursive, sticky, etc). You’ll be ready to copy paste your chmod command into your terminal in seconds.
      • `Unix TS Converter` - Epoch & Unix Timestamp Conversion Tools.
      • `Data Storage Converter` - Popular data storage unit conversions.
      • `LDAP TS Converter` - LDAP, Active Directory & Filetime Timestamp Converter.
      • `How-To-Secure-A-Linux-Server` - An evolving how-to guide for securing a Linux server.
      • `RecoverPy` - Interactively find and recover deleted or overwritten files from your terminal.
      • `PwnKit` - Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation.
      • `LinEnum` - Scripted Local Linux Enumeration & Privilege Escalation Checks.
      • `linuxprivchecker` - Linux Privilege Escalation Check Script
      • `unix-privesc-check` - Shell script to check for simple privilege escalation vectors on UNIX systems.
      • `linux-smart-enumeration` - Linux enumeration tool for pentesting and CTFs with verbosity levels.
      • `Bashark` - Aids pentesters and security researchers during the post-exploitation phase of security audit.
      • `Fenrir` - Simple IOC scanner bash script.
      • `Linux-Privilege-Escalation` - This cheatsheet is aimed at the OSCP aspirants to help them understand the various methods of Escalating Privilege on Linux based Machines and CTFs with examples.
      • `pyBackdoor` - a cross-platform (Windows/Linux/MacOS) yet simple and powerful backdoor/reverse tcp/RAT made in Python3 which contains many features such as multi-client support.
      • `boring`
      • `GTFONow` - Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.
      • `Hwacha` - Post-exploitation tool to quickly execute payloads via SSH on one or more Linux systems simultaneously.
      • `linux-private-i` - Linux bash tool for Enumeration & Privilege Escalation.
      • `SSH-Harvester` - Harvest passwords automatically from OpenSSH server.
      • `Linux Exploit Suggester` - Heuristic reporting on potentially viable exploits for a given GNU/Linux system.
      • `LinPEAS` - LinPEAS is a script that search for possible paths to escalate privileges on Linux/Unix*/MacOS hosts.

    • Online Operating Systems Resources

    • Windows

      • `Empire` - Pure PowerShell post-exploitation agent.
      • `Windows Credentials Editor` - Inspect logon sessions and add, change, list, and delete associated credentials, including Kerberos tickets.
      • `wePWNise` - Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software.
      • `Ruler` - Abuses client-side Outlook features to gain a remote shell on a Microsoft Exchange server.
      • `ctftool` - Interactive Collaborative Translation Framework (CTF) exploration tool capable of launching cross-session edit session attacks.
      • `Fibratus` - Tool for exploration and tracing of the Windows kernel.
      • `Covenant` - ASP .NET Core application that serves as a collaborative command and control platform for red teamers.
      • `PowerSploit` - PowerShell Post-Exploitation Framework.
      • `LaZagne` - Credentials recovery project.
      • `RID_ENUM` - Python script that can enumerate all users from a Windows Domain Controller and crack those user's passwords using brute-force.
      • `Responder` - Link-Local Multicast Name Resolution (LLMNR), NBT-NS, and mDNS poisoner.
      • `DomainPasswordSpray` - Tool written in PowerShell to perform a password spray attack against users of a domain.
      • `DeathStar` - Python script that uses Empire's RESTful API to automate gaining Domain Admin rights in Active Directory environments.
      • `Rubeus` - Toolset for raw Kerberos interaction and abuses.
      • `MailSniper` - Modular tool for searching through email in a Microsoft Exchange environment, gathering the Global Address List from Outlook Web Access (OWA) and Exchange Web Services (EWS), and more.
      • `SprayingToolkit` - Scripts to make password spraying attacks against Lync/S4B, Outlook Web Access (OWA) and Office 365 (O365) a lot quicker, less painful and more efficient.
      • `Inveigh` - Windows PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer/machine-in-the-middle tool.
      • `SauronEye` - Search tool to find specific files containing specific words, i.e. files containing passwords.
      • `redsnarf` - Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers.
      • `Commando VM` - Automated installation of over 140 Windows software packages for penetration testing and red teaming.
      • `Windows Exploit Suggester` - Detects potential missing patches on the target.
      • `Active Directory and Privilege Escalation (ADAPE)` - Umbrella script that automates numerous useful PowerShell modules to discover security misconfigurations and attempt privilege escalation against Active Directory.
      • `SCOMDecrypt` - Retrieve and decrypt RunAs credentials stored within Microsoft System Center Operations Manager (SCOM) databases.
      • `NauthNRPC`
      • `ToxicEye` - Program for remote control of windows computers via telegram bot. Written in C#.

    • Web application and resource analysis tools

      • `PEASS-ng` - Here you will find privilege escalation tools for Windows and Linux/Unix* and MacOS. These tools search for possible local privilege escalation paths that you could exploit and print them to you with nice colors so you can recognize the misconfigurations easily.

    • macOS

      • `EvilOSX` - Modular RAT that uses numerous evasion and exfiltration techniques out-of-the-box.
      • `Bella` - Pure Python post-exploitation data mining and remote administration tool for macOS.

  • Anonymity / Tor Tools

    • `Tor` - Free software and onion routed overlay network that helps you defend against traffic analysis.
    • `Metadata Anonymization Toolkit (MAT)` - Metadata removal tool, supporting a wide range of commonly used file formats, written in Python3.
    • `OnionScan` - Tool for investigating the Dark Web by finding operational security issues introduced by Tor hidden service operators.
    • `dos-over-tor` - Proof of concept denial of service over Tor stress test tool.
    • `kalitorify` - Transparent proxy through Tor for Kali Linux OS.
    • `Nipe` - Script to redirect all traffic from the machine to the Tor network.
    • `What Every Browser Knows About You` - Comprehensive detection page to test your own Web browser's configuration for privacy and identity leaks.
    • `I2P` - The Invisible Internet Project.

  • Web

    • Web Proxies Intercepting

      • `Fiddler` - Free cross-platform web debugging proxy with user-friendly companion tools.
      • `OWASP Zed Attack Proxy (ZAP)` - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
      • `mitmproxy` - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

    • Web Vulnerability Scanners

      • `Nikto` - Noisy but fast black box web server and web application vulnerability scanner.
      • `SecApps` - In-browser web application security testing suite.
      • `WPScan` - Black box WordPress vulnerability scanner.
      • `WebReaver` - Commercial, graphical web application vulnerability scanner designed for macOS.
      • `skipfish` - Performant and adaptable active web application security reconnaissance tool.
      • `ZAP` - The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
      • `Cyclops` - The Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink.
      • `katana` - A next-generation crawling and spidering framework.
      • `is-website-vulnerable` - finds publicly known security vulnerabilities in a website's frontend JavaScript libraries.
      • `w3af` - Web application attack and audit framework.
      • `reconFTW` - A tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities.
      • `Keyscope` - Keyscope is an extensible key and secret validation for checking active secrets against multiple SaaS vendors built in Rust.
      • `recon` - a fast Rust based CLI that uses SQL to query over files, code, or malware with content classification and processing for security experts.
      • `JCS` - Joomla Vulnerability Component Scanner with automatic database updater from exploitdb and packetstorm.
      • `ACSTIS` - Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.
      • `Scanmycode CE (Community Edition)` - Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report. Currently supports: PHP, Java, Scala, Python, Ruby, Javascript, GO, Secret Scanning, Dependency Confusion, Trojan Source, Open Source and Proprietary Checks (total ca. 1000 checks)
      • `joomscan` - Joomla vulnerability scanner.
      • `Wapiti` - Black box web application vulnerability scanner with built-in fuzzer.

    • Web Exploitation

      • `autochrome` - Chrome browser profile preconfigured with appropriate settings needed for web application testing.
      • `sslstrip` - Demonstration of the HTTPS stripping attacks.
      • `h2t` - HTTP Hardening Tool for scans a website and suggests security headers to apply.
      • `gobuster` - Lean multipurpose brute force search/fuzzing tool for Web (and DNS) reconnaissance.
      • `FuzzDB` - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
      • `Raccoon` - High performance offensive security tool for reconnaissance and vulnerability scanning.
      • `Parth` - Heuristic Vulnerable Parameter Scanner.
      • `badtouch` - Scriptable network authentication cracker.
      • `WPSploit` - Exploit WordPress-powered websites with Metasploit.
      • `sslstrip2` - SSLStrip version to defeat HSTS.
      • `corschecker` - Java Script for performing CORS security test.

    • Web Path Discovery / Bruteforcing Tools

      • `DotDotPwn` - Directory traversal fuzzer.
      • `dirsearch` - Web path scanner.
      • `dirhunt` - Find web directories without bruteforce.
      • `lulzbuster` - Search files and folders on web-sites.
      • `GooFuzz` - Tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).
      • `recursebuster` - Content discovery tool to perform directory and file bruteforcing.

    • Web Shells / C2 Frameworks

      • `Merlin` - Cross-platform post-exploitation HTTP/2 Command and Control server and agent written in Golang.
      • `Browser Exploitation Framework (BeEF)` - Command and control server for delivering exploits to commandeered Web browsers.
      • `weevely3` - Weaponized PHP-based web shell.
      • `PhpSploit` - Full-featured C2 framework which silently persists on webserver via evil PHP oneliner.
      • `DAws` - Advanced Web shell.
      • `SharPyShell` - Tiny and obfuscated ASP.NET webshell for C# web applications.

    • Web Subdomains

      • `Sublist3r` - Fast subdomains enumeration tool for penetration testers.
      • `subbrute` - DNS meta-query spider that enumerates DNS records, and subdomains.
      • `knock` - Python3 tool designed to quickly enumerate subdomains on a target domain through dictionary attack.
      • `subfinder` - Subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
      • `subDomainsBrute` - Fast sub domain brute tool for pentesters.
      • `Dome` - Subdomain enumeration tool, fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.

    • Web Application Firewall

      • `NAXSI` - NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX, NAXSI means Nginx Anti Xss & Sql Injection.
      • `Curiefense` - Curiefense adds a broad set of automated web security tools, including a WAF to Envoy Proxy.
      • `sql_firewall`
      • `ironbee` - IronBee is an open source project to build a universal web application security sensor. IronBee as a framework for developing a system for securing web applications - a framework for building a web application firewall (WAF).
      • `ModSecurity` - ModSecurity is a toolkit for real-time web application monitoring, logging, and access control.

    • Web Accessible Source Code Ripping Tools

      • `GitTools` - Automatically find and download Web-accessible `.git` repositories.
      • `git-dumper` - Tool to dump a git repository from a website.
      • `DVCS Ripper` - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.
      • `git-scanner` - Tool for bug hunting or pentesting websites that have open `.git` repositories available in public.

    • Web Injection Tools

      • `Commix` - Automated all-in-one operating system command injection and exploitation tool.
      • `NoSQLmap` - Automatic NoSQL injection and database takeover tool.
      • `tplmap` - Automatic server-side template injection and Web server takeover tool.

    • Web Reconnaissance Tools

    • Web File Inclusion Tools

      • `LFISuite` - Automatic LFI scanner and exploiter.
      • `fimap` - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
      • `Kadimus` - LFI scan and exploit tool.
      • `liffy` - LFI exploitation tool.

    • Penetration Testing Report Templates

      • `Awesome Web Hacking` - This list is for anyone wishing to learn about web application security but do not have a starting point.
      • `OWASP` - The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software.

  • Emails

  • Open Sources Intelligence (OSINT)

    • Network device discovery tools

      • `Shodan` - World's first search engine for Internet-connected devices.
      • `ZoomEye` - Search engine for cyberspace that lets the user find specific network components.

    • OSINT Online Resources

      • `whatsmyname` - This tool allows you to enumerate usernames across many websites.
      • `WiGLE.net` - Information about wireless networks world-wide, with user-friendly desktop and web applications.
      • `GhostProject` - Searchable database of billions of cleartext passwords, partially visible for free.
      • `NetBootcamp OSINT Tools` - Collection of OSINT links and custom Web interfaces to other services.
      • `bugmenot` - Find and share logins, see if the bugmenot community has shared any logins for it.
      • `Extract Images` - Extract Images from any public website by using a virtual browser.
      • `iHUNT Intelligence FRAMEWORK` - Focuses on gathering information from free and open-source tools or resources. The intention is to help people find free and open source combined OSINT, GEOINT, SOCMINT and HUMINT resources for research or practice purposes, especially Law Enforcement and Intelligence Officers.
      • `CertGraph` - Crawls a domain's SSL/TLS certificates for its certificate alternative names.
      • `HostHunter` - Recon tool for discovering hostnames using OSINT techniques.
      • `investigator` - Online handy-recon tool.

    • Wireless Network Tools

      • `Hunter.io` - Data broker providing a Web search interface for discovering the email addresses and other organizational details of a company.
      • `Threat Crowd` - Search engine for threats.
      • `awesome-osint`
      • `sn0int` - Semi-automatic OSINT framework and package manager.
      • `Sn1per` - Automated Pentest Recon Scanner.
      • `recon-ng` - Full-featured Web Reconnaissance framework written in Python.
      • `gOSINT` - OSINT tool with multiple modules and a telegram scraper.
      • `Skiptracer` - OSINT scraping framework that utilizes basic Python webscraping (BeautifulSoup) of PII paywall sites to compile passive information on a target on a ramen noodle budget.
      • `creepy` - Geolocation OSINT tool.
      • `bbot` - OSINT automation for hackers.
      • `GyoiThon` - GyoiThon is an Intelligence Gathering tool using Machine Learning.
      • `surfraw` - Fast UNIX command line interface to a variety of popular WWW search engines.
      • `image-match` - Quickly search over billions of images.
      • `Depix` - Tool for recovering passwords from pixelized screenshots (by de-pixelating text).
      • `Intrigue` - Automated OSINT & Attack Surface discovery framework with powerful API, UI and CLI.
      • `z-cam` - The First Python Compatible Camera Hacking Tool.
      • `Spiderfoot` - Multi-source OSINT automation tool with a Web UI and report visualizations.
      • `Facebook Friend List Scraper` - Tool to scrape names and usernames from large friend lists on Facebook, without being rate limited.

    • Metadata harvesting and analysis

    • Web application and resource analysis tools

      • `Wappalyzer` - Wappalyzer uncovers the technologies used on websites.
      • `EyeWitness` - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
      • `WhatWeb` - Website fingerprinter.
      • `wafw00f` - Identifies and fingerprints Web Application Firewall (WAF) products.
      • `WhatWaf` - Detect and bypass web application firewalls and protection systems.
      • `VHostScan` - Virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
      • `webscreenshot` - Simple script to take screenshots of websites from a list of sites.
      • `BlindElephant` - Web application fingerprinter.

    • Dorking tools

      • `BinGoo` - GNU/Linux bash based Bing and Google Dorking Tool.
      • `snitch` - Information gathering via dorks.
      • `github-dorks` - CLI tool to scan GitHub repos/organizations for potential sensitive information leaks.
      • `git-hound` - Reconnaissance tool for GitHub code search. Scans for exposed API keys across all of GitHub, not just known repos and orgs.
      • `pagodo` - Automate Google Hacking Database scraping.
      • `dorkbot` - Command-line tool to scan Google (or other) search results for vulnerabilities.
      • `tartufo` - Searches through git repositories for high entropy strings and secrets, digging deep into commit history.
      • `GooDork` - Command line Google dorking tool.
      • `dork-cli` - Command line Google dork tool.
      • `fast-recon` - Perform Google dorks against a domain.
      • `dorks` - Google hack database automation tool.
      • `Google Hacking Database` - Database of Google dorks; can be used for recon.
      • `WhatBreach` - Search email addresses and discover all known breaches that this email has been seen in, and download the breached database if it is publicly available.
      • `email2phonenumber` - OSINT tool to obtain a target's phone number just by having his email address.
      • `SimplyEmail` - Email recon made fast and easy.
      • `Moriarty-Project` - this tool gives information about the phone number that you entered.
      • `EmailFinder` - Search emails from a domain through search engines
      • `enola` - This is [Sherlock](https://github.com/sherlock-project/sherlock)'s sister Enola, Modern shiny CLI tool written with Golang to help you: 🔎 Hunt down social media accounts by username across social networks.
      • `Infoga` - Email OSINT.

    • Source code repository searching tools

      • `vcsmap` - Plugin-based tool to scan public version control systems for sensitive information.

  • Multi-paradigm Frameworks

    • Forensics

      • `Metasploit` - Software for offensive security teams to help verify vulnerabilities and manage security assessments.
      • `Armitage` - Java-based GUI front-end for the Metasploit Framework.
      • `Metasploit Framework` - A tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research.
      • `Faraday` - Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.
      • `Pupy` - Cross-platform (Windows, Linux, macOS, Android) remote administration and post-exploitation tool.
      • `AutoSploit` - Automated mass exploiter, which collects target by employing the Shodan API and programmatically chooses Metasploit exploit modules based on the Shodan query.
      • `Decker` - Penetration testing orchestration and automation framework, which allows writing declarative, reusable configurations capable of ingesting variables and using outputs of tools it has run as inputs to others.

  • Penetration Testing

    • Online Penetration Testing Resources

    • Penetration Testing Report Templates

    • Online Operating Systems Resources

    • Addintional Penetration Tools

      • `arsenal` - is just a quick inventory, reminder and launcher for pentest commands.
      • `rsg` - A tool to generate various ways to do a reverse shell.
      • `SSH-Snake` - Self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
      • `SUDO_KILLER` - A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileges on the system, essentially allowing a regular user to execute commands as the root user.

    • Passwords

  • Threat Intelligence

    • Penetration Testing Report Templates

      • `PhishStats` - Phishing Statistics with search for IP, domain and website title.
      • `Threat Jammer` - REST API service that allows developers, security engineers, and other IT professionals to access curated threat intelligence data from a variety of sources.
      • `Internet Storm Center` - The ISC was created in 2001 following the successful detection, analysis, and widespread warning of the Li0n worm. Today, the ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers.
      • `leakedin.com` - The primary purpose of leakedin.com is to make visitors aware about the risks of loosing data. This blog just compiles samples of data lost or disclosed on sites like pastebin.com.
      • `MISP - Open Source Threat Intelligence Platform` - MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators. A threat intelligence platform for gathering, sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information. The MISP project includes software, common libraries ([taxonomies](https://www.misp-project.org/taxonomies.html), [threat-actors and various malware](https://www.misp-project.org/galaxy.html)), an extensive data model to share new information using [objects](https://www.misp-project.org/objects.html) and default [feeds](https://www.misp-project.org/feeds/).
      • `Tor Bulk Exit List` - CollecTor, your friendly data-collecting service in the Tor network. CollecTor fetches data from various nodes and services in the public Tor network and makes it available to the world. If you're doing research on the Tor network, or if you're developing an application that uses Tor network data, this is your place to start. [TOR Node List](https://www.dan.me.uk/tornodes) / [DNS Blacklists](https://www.dan.me.uk/dnsbl) / [Tor Node List](http://torstatus.blutmagie.de/)
      • `AutoShun` - AutoShun is a Snort plugin that allows you to send your Snort IDS logs to a centralized server that will correlate attacks from your sensor logs with other snort sensors, honeypots, and mail filters from around the world.
      • `Awesome Threat Detection and Hunting` - A curated list of awesome threat detection and hunting resources.
      • `Awesome Threat Intelligence` - A curated list of threat intelligence resources.
      • `Cyberowl` - A daily updated summary of the most frequent types of security incidents currently being reported from different sources.
      • `Awesome Threat Modeling` - A curated list of Threat Modeling resources.
      • `virustotal` - VirusTotal, a subsidiary of Google, is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. At the same time, it may be used as a means to detect false positives, i.e. innocuous resources detected as malicious by one or more scanners.
      • `FireEye OpenIOCs` - FireEye Publicly Shared Indicators of Compromise (IOCs)
      • `CIFv2` - CIF is a cyber threat intelligence management system. CIF allows you to combine known malicious threat information from many sources and use that information for identification (incident response), detection (IDS) and mitigation (null route).
      • `leakedin.com` - The primary purpose of leakedin.com is to make visitors aware about the risks of loosing data. This blog just compiles samples of data lost or disclosed on sites like pastebin.com.
      • `Threat Jammer` - REST API service that allows developers, security engineers, and other IT professionals to access curated threat intelligence data from a variety of sources.
      • `AlienVault Open Threat Exchange` - AlienVault Open Threat Exchange (OTX), to help you secure your networks from data loss, service disruption and system compromise caused by malicious IP addresses.
      • `abuse.ch` - ZeuS Tracker / SpyEye Tracker / Palevo Tracker / Feodo Tracker tracks Command&Control servers (hosts) around the world and provides you a domain- and an IP-blocklist.
      • `DNS-BH` - The DNS-BH project creates and maintains a listing of domains that are known to be used to propagate malware and spyware. This project creates the Bind and Windows zone files required to serve fake replies to localhost for any requests to these, thus preventing many spyware installs and reporting.
      • `Emerging Threats - Open Source` - Emerging Threats began 10 years ago as an open source community for collecting Suricata and SNORT® rules, firewall rules, and other IDS rulesets. The open source community still plays an active role in Internet security, with more than 200,000 active users downloading the ruleset daily. The ETOpen Ruleset is open to any user or organization, as long as you follow some basic guidelines. Our ETOpen Ruleset is available for download any time.
      • `OpenVAS NVT Feed` - The public feed of Network Vulnerability Tests (NVTs). It contains more than 35,000 NVTs (as of April 2014), growing on a daily basis. This feed is configured as the default for OpenVAS.
      • `PhishTank` - PhishTank is a collaborative clearing house for data and information about phishing on the Internet. Also, PhishTank provides an open API for developers and researchers to integrate anti-phishing data into their applications at no charge.
      • `Project Honey Pot` - Project Honey Pot is the first and only distributed system for identifying spammers and the spambots they use to scrape addresses from your website. Using the Project Honey Pot system you can install addresses that are custom-tagged to the time and IP address of a visitor to your site. If one of these addresses begins receiving email we not only can tell that the messages are spam, but also the exact moment when the address was harvested and the IP address that gathered it.
      • `SBL / XBL / PBL / DBL / DROP / ROKSO` - The Spamhaus Project is an international nonprofit organization whose mission is to track the Internet's spam operations and sources, to provide dependable realtime anti-spam protection for Internet networks, to work with Law Enforcement Agencies to identify and pursue spam and malware gangs worldwide, and to lobby governments for effective anti-spam legislation.

  • Datastores

    • `nextcloud` - A safe home for all your data.
    • `passbolt` - The password manager your team was waiting for. Free, open source, extensible, based on OpenPGP.
    • `databunker` - Databunker is an address book on steroids for storing personal data. GDPR and encryption are out of the box.
    • `blackbox` - Safely store secrets in a VCS repo using GPG
    • `passpie` - Multiplatform command-line password manager
    • `acra` - Database security suite: proxy for data protection with transparent "on the fly" data encryption, data masking and tokenization, SQL firewall (SQL injections prevention), intrusion detection system.
    • `LunaSec` - Database for PII with automatic encryption/tokenization, sandboxed components for handling data, and centralized authorization controls.
    • `aws-vault` - Store AWS credentials in the OSX Keychain or an encrypted file
    • `chamber` - Store secrets using AWS KMS and SSM Parameter Store
    • `Yopass` - Secure sharing of secrets, passwords and files.
    • `pwndrop` - Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.
    • `redoctober` - Server for two-man rule style file encryption and decryption.
    • `credstash` - Store secrets using AWS KMS and DynamoDB
    • `confidant` - Stores secrets in AWS DynamoDB, encrypted at rest and integrates with IAM
    • `Sops` - An editor of encrypted files that supports YAML, JSON and BINARY formats and encrypts with AWS KMS and PGP.
    • `Vault` - An encrypted datastore secure enough to hold environment and application secrets.
    • `dotgpg` - A tool for backing up and versioning your production secrets or shared passwords securely and easily.
    • `Safe` - A Vault CLI that makes reading from and writing to the Vault easier to do.

  • Anti-virus Evasion Tools

    • `Shellter` - Dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.
    • `UniByAv` - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key.
    • `Veil` - Generate metasploit payloads that bypass common anti-virus solutions.
    • `AntiVirus Evasion Tool (AVET)` - Post-process exploits containing executable files targeted for Windows machines to avoid being recognized by antivirus software.
    • `peCloakCapstone` - Multi-platform fork of the `peCloak.py` automated malware antivirus evasion tool.
    • `CarbonCopy` - Tool that creates a spoofed certificate of any online website and signs an Executable for AV evasion.
    • `Shellter` - Dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.

  • Cloud Platform Attack Tools

    • `HackingThe.cloud`
    • `Cloud Container Attack Tool (CCAT)` - Tool for testing security of container environments.
    • `GCPBucketBrute` - Script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.
    • `cloudsploit` - source project designed to allow detection of security risks in cloud infrastructure accounts, including: Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI), and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.
    • `CloudHunter` - Looks for AWS, Azure and Google cloud storage buckets and lists permissions for vulnerable buckets.

  • Collaboration Tools

    • `Lair` - Reactive attack collaboration framework and web application built with meteor.
    • `Reconmap` - Open-source collaboration platform for InfoSec professionals that streamlines the pentest process.
    • `sysreptor`
    • `cset` - by-step process to collect facility-specific information addressing topics such as hardware, software, administrative policies, and user obligations. It then compares that information to relevant security standards and regulations, assesses overall compliance, and provides appropriate recommendations for improving cybersecurity posture. The tool pulls its recommendations from a collection of the best available cybersecurity standards, guidelines, and practices. Where appropriate, recommendations are linked to a set of actions that can be applied to enhance cybersecurity controls.
    • `RedELK` - Track and alarm about Blue Team activities while providing better usability in long term offensive operations.
    • `Pentest Collaboration Framework (PCF)` - Open source, cross-platform, and portable toolkit for automating routine pentest processes with a team.

  • Exfiltration Tools

    • Forensics

      • `Iodine` - Tunnel IPv4 data through a DNS server; useful for exfiltration from networks where Internet access is firewalled, but DNS queries are allowed.
      • `TrevorC2` - Client/server tool for masking command and control and data exfiltration through a normally browsable website, not typical HTTP POST requests.
      • `dnscat2` - Tool designed to create an encrypted command and control channel over the DNS protocol, which is an effective tunnel out of almost every network.
      • `pwnat` - Punches holes in firewalls and NATs.
      • `QueenSono` - Client/Server Binaries for data exfiltration with ICMP. Useful in a network where ICMP protocol is less monitored than others (which is a common case).
      • `DET` - Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.
      • `tgcd` - Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.

  • Analysis Tools

    • `peepdf` - Python tool to explore PDF files in order to find out if the file can be harmful or not.
    • `Veles` - Binary data visualization and analysis tool.
    • `CyberChef` - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis.
    • `DocBleach` - An open-source Content Disarm & Reconstruct software sanitizing Office, PDF and RTF Documents.
    • `ExifTool` - Platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files.

  • Hash Cracking Tools

    • Forensics

      • `CeWL` - Generates custom wordlists by spidering a target's website and collecting unique words.
      • `Rar Crack` - RAR bruteforce cracker.
      • `crackstation` - Password Hash Cracker.
      • `hate_crack` - Tool for automating cracking methodologies through Hashcat.
      • `duplicut` - Quickly remove duplicates, without changing the order, and without getting OOM on huge wordlists.
      • `JWT Cracker` - Simple HS256 JSON Web Token (JWT) token brute force cracker.
      • `BruteForce Wallet` - Find the password of an encrypted wallet file (i.e. `wallet.dat`).
      • `GoCrack` - Management Web frontend for distributed password cracking sessions using hashcat (or other supported tools) written in Go.
      • `pydictor` - A powerful and useful hacker dictionary builder for a brute-force attack.

  • Hex Editors

    • Forensics

      • `Hexinator` - World's finest (proprietary, commercial) Hex Editor.
      • `wxHexEditor` - Free GUI hex editor for GNU/Linux, macOS, and Windows.
      • `hexedit` - Simple, fast, console-based hex editor.
      • `Bless` - High quality, full featured, cross-platform graphical hex editor written in Gtk#.
      • `Frhed` - Binary file editor for Windows.

  • Physical Access Tools

    • Penetration Testing Report Templates

      • `AT Commands` - Use AT commands over an Android device's USB port to rewrite device firmware, bypass security mechanisms, exfiltrate sensitive information, perform screen unlocks, and inject touch events.
      • `Poisontap` - Siphons cookies, exposes internal (LAN-side) router and installs web backdoor on locked computers.
      • `Proxmark3` - RFID/NFC cloning, replay, and spoofing toolkit often used for analyzing and attacking proximity cards/readers, wireless keys/keyfobs, and more.
      • `Thunderclap` - Open source I/O security research platform for auditing physical DMA-enabled hardware peripheral ports.
      • `PCILeech` - Uses PCIe hardware devices to read and write from the target system memory via Direct Memory Access (DMA) over PCIe.

  • Reverse Engineering

    • Penetration Testing Report Templates

      • `angr` - Platform-agnostic binary analysis framework.
      • `Capstone` - Lightweight multi-platform, multi-architecture disassembly framework.
      • `Immunity Debugger` - Powerful way to write exploits and analyze malware.
      • `OllyDbg` - x86 debugger for Windows binaries that emphasizes binary code analysis.
      • `UEFITool` - UEFI firmware image viewer and editor.
      • `pwndbg` - GDB plug-in that eases debugging with GDB, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers, and exploit developers.
      • `Voltron` - Extensible debugger UI toolkit written in Python.
      • `Medusa` - Open source, cross-platform interactive disassembler.
      • `Detect It Easy(DiE)` - Program for determining types of files for Windows, Linux and MacOS.
      • `PyREBox` - Python scriptable Reverse Engineering sandbox by Cisco-Talos.
      • `boxxy` - Linkable sandbox explorer.
      • `dnSpy` - Tool to reverse engineer .NET assemblies.
      • `OllyDbg` - x86 debugger for Windows binaries that emphasizes binary code analysis.
      • `binwalk` - Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
      • `plasma` - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.

  • Vulnerability Databases

    • Penetration Testing Report Templates

      • `Bugtraq (BID)` - Software security bug identification database compiled from submissions to the SecurityFocus mailing list and other sources, operated by Symantec, Inc.
      • `CXSecurity` - Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a Google dork database for discovering the listed vulnerability.
      • `China National Vulnerability Database (CNNVD)` - Chinese government-run vulnerability database analoguous to the United States's CVE database hosted by Mitre Corporation.
      • `Common Vulnerabilities and Exposures (CVE)` - Dictionary of common names (i.e., CVE Identifiers) for publicly known security vulnerabilities.
      • `Exploit-DB` - Non-profit project hosting exploits for software vulnerabilities, provided as a public service by Offensive Security.
      • `HPI-VDB` - Aggregator of cross-referenced software vulnerabilities offering free-of-charge API access, provided by the Hasso-Plattner Institute, Potsdam.
      • `National Vulnerability Database (NVD)` - United States government's National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine.
      • `Open Source Vulnerabilities (OSV)` - Database of vulnerabilities affecting open source software, queryable by project, Git commit, or version.
      • `US-CERT Vulnerability Notes Database` - Summaries, technical details, remediation information, and lists of vendors affected by software vulnerabilities, aggregated by the United States Computer Emergency Response Team (US-CERT).
      • `Vulnerability Lab` - Open forum for security advisories organized by category of exploit target.
      • `Vulners` - Security database of software vulnerabilities.
      • `Vulmon` - Vulnerability search engine with vulnerability intelligence features that conducts full text searches in its database.
      • `Rapid7` - Vulnerability & Exploit Database.
      • `Sploitus` - Convenient central place for identifying the newest exploits and finding attacks that exploit known vulnerabilities.
      • 'Vulert' - Vulert's vulnerability database lists recent security issues found in open-source packages for languages like PHP, Java, Python, Node.js, and others.
      • `Packet Storm` - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
      • `Packet Storm` - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
      • `Snyk Vulnerability DB` - Detailed information and remediation guidance for vulnerabilities known by Snyk.
      • `Packet Storm` - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
      • `Packet Storm` - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
      • `SecuriTeam` - Independent source of software vulnerability information.
      • `Full-Disclosure` - Public, vendor-neutral forum for detailed discussion of vulnerabilities, often publishes details before many other sources.
      • `Packet Storm` - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
      • `Packet Storm` - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
      • `Zero Day Initiative` - Bug bounty program with publicly accessible archive of published security advisories, operated by TippingPoint.
      • `Mozilla Foundation Security Advisories` - Archive of security advisories impacting Mozilla software, including the Firefox Web Browser.
      • `VulDB` - Independent vulnerability database with user community, exploit details, and additional meta data (e.g. CPE, CVSS, CWE)

  • Web Servers

    • Web Vulnerability Scanners

      • `Server Side TLS` - help teams with the configuration of TLS.
      • `nginx playground` - Paste in an nginx config, and then a server starts nginx for you and runs any curl or http command you want against that nginx server.
      • `nginxpwner` - Simple tool to look for common Nginx misconfigurations and vulnerabilities.

  • Other

  • Social Engineering

    • Penetration Testing Report Templates

      • `fakeinfo` - Generate Fake Info.
      • `fake-telegram-chat-generator` - Generate your very own fake Telegram Messanger Chat.
      • `zeoob` - Create Fake Instagram, Twitter & Facebook Posts.
      • `Social Engineer Toolkit (SET)` - Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly.
      • `Beelogger` - Tool for generating keylooger.
      • `Evilginx2` - Standalone Machine-in-the-Middle (MitM) reverse proxy attack framework for setting up phishing pages capable of defeating most forms of 2FA security schemes.
      • `Catphish` - Tool for phishing and corporate espionage written in Ruby.
      • `SocialFish` - Social media phishing framework that can run on an Android phone or in a Docker container.
      • `Modlishka` - Flexible and powerful reverse proxy with real-time two-factor authentication.
      • `FiercePhish` - Full-fledged phishing framework to manage all phishing engagements.
      • `phishery` - TLS/SSL enabled Basic Auth credential harvester.
      • `King Phisher` - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content.
      • `awesome-social-engineering`
      • `wifiphisher` - Automated phishing attacks against WiFi networks.

  • Static Analyzers

    • Penetration Testing Report Templates

      • `sobelow` - Security-focused static analysis for the Phoenix Framework.
      • `Brakeman` - Static analysis security vulnerability scanner for Ruby on Rails applications.
      • `cwe_checker` - Suite of tools built atop the Binary Analysis Platform (BAP) to heuristically detect CWEs in compiled binaries and firmware.
      • `Progpilot` - Static security analysis tool for PHP code.
      • `RegEx-DoS` - Analyzes source code for Regular Expressions susceptible to Denial of Service attacks.
      • `cppcheck` - Extensible C/C++ static analyzer focused on finding bugs.
      • `FindBugs` - Free software static analyzer to look for bugs in Java code.

  • Exploit Development Tools

    • Forensics

      • `peda` - Python Exploit Development Assistance for GDB.
      • `Pwntools` - Rapid exploit development framework built for use in CTFs.
      • `Wordpress Exploit Framework` - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
      • `Magic Unicorn` - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or `certutil` (using fake certificates).
      • `VcenterKit` - Vcenter Comprehensive Penetration and Exploitation Toolkit.

  • Databases

    • `PGTune` - Tuning PostgreSQL config by your hardware.

  • Intentionally Vulnerable Systems

  • Samba Enumerating

    • Penetration Testing Report Templates

      • `enum4linux-ng` - Checking public resources for specified ranges on the local network.
      • `smbmap` - Checking public resources for specified ranges on the local network.
      • `MANSPIDER` - Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported.
      • `smbclient-ng` - A fast and user friendly way to interact with SMB shares.
      • `SMBSR` - Lookup for interesting stuff in SMB shares.

  • Steganography Tools

    • Penetration Testing Report Templates

      • `Cloakify` - Textual steganography toolkit that converts any filetype into lists of everyday strings.
      • `StegCracker` - Steganography brute-force utility to uncover hidden data inside files.

  • Zero Trust

    • Web Vulnerability Scanners

      • `octelium` - gen FOSS self-hosted unified zero trust secure access platform that can operate as a remote access VPN, a ZTNA/BeyondCorp architecture, API/AI gateway, a PaaS, an infrastructure for MCP & A2A architectures or even as an ngrok-alternative and a homelab infrastructure.
Programming Languages
Python 144 Go 42 C 28 Shell 22 JavaScript 14 Rust 12 PHP 8 Ruby 7 C# 7 HTML 7
Categories
Network 189 Web 69 Operating Systems 67 Open Sources Intelligence (OSINT) 61 Useful Resources 52 Endpoint 42 Vulnerability Databases 27 Threat Intelligence 24 Penetration Testing 20 Datastores 18 Reverse Engineering 15 Social Engineering 14 CTF Tools / Resources / Courses 13 Hash Cracking Tools 9 Anonymity / Tor Tools 8 Static Analyzers 7 Multi-paradigm Frameworks 7 Exfiltration Tools 7 Anti-virus Evasion Tools 7 Collaboration Tools 6 Analysis Tools 5 Samba Enumerating 5 Physical Access Tools 5 Exploit Development Tools 5 Hex Editors 5 Emails 5 Cloud Platform Attack Tools 5 Intentionally Vulnerable Systems 3 Other 3 Web Servers 3 Steganography Tools 2 Zero Trust 1 Databases 1
Sub Categories
Penetration Testing Report Templates 105 Forensics 67 Wireless Network Tools 32 Security Awesome Lists 29 Linux 27 Other Lists 26 Windows 25 Web Vulnerability Scanners 22 Network Reconnaissance Tools 22 Monitoring / Logging / Event Management 20 Mobile / Android / iOS 19 Network Vulnerability Scanners 18 IDS / IPS / Host IDS / Host IPS 17 Protocol Analyzers / Sniffers 15 DDoS Tools 12 Dorking tools 12 Proxies and Machine-in-the-Middle (MITM) Tools 11 Web Exploitation 11 Operating System Distributions 11 Honey Pot / Honey Net 10 OSINT Online Resources 10 Web application and resource analysis tools 9 Online Penetration Testing Resources 8 IP 8 Email, phone search and analysis tools 7 Anti-Virus / Anti-Malware 7 Web Shells / C2 Frameworks 6 Web Subdomains 6 Web Path Discovery / Bruteforcing Tools 6 Network Traffic Replay and Editing Tools 6 Web Application Firewall 5 Transport Layer Security Tools 5 Firewall 5 Web File Inclusion Tools 4 Addintional Penetration Tools 4 Web Accessible Source Code Ripping Tools 4 Online Operating Systems Resources 3 Web Proxies Intercepting 3 Anti-Spam 3 Configuration Management 3 Metadata harvesting and analysis 3 Authentication 3 Web Injection Tools 3 macOS 2 Network device discovery tools 2 Passwords 2 VPN 2 Web Reconnaissance Tools 1 Source code repository searching tools 1
Keywords
security 100 pentesting 44 security-tools 43 hacking 40 python 40 awesome 32 awesome-list 31 osint 27 pentest 23 penetration-testing 22 cybersecurity 20 bugbounty 19 security-audit 18 linux 16 infosec 15 scanner 15 pentest-tool 14 recon 13 golang 13 hacking-tool 13 reconnaissance 13 redteam 11 devops 10 cli 10 list 10 enumeration 10 go 10 windows 9 reverse-engineering 9 python3 9 rust 9 docker 9 vulnerability-scanners 9 malware 8 network 8 network-security 8 post-exploitation 8 hacking-tools 8 forensics 8 android 8 cryptography 7 javascript 7 phishing 7 dfir 7 incident-response 7 threat-hunting 7 vulnerability 7 fuzzing 7 bash 7 security-scanner 7