https://github.com/yogsec/hacking-tools

A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.
https://github.com/yogsec/hacking-tools

blue-team bug-bounty-tools bugbounty bugbountytips cybersecurity ethical-hacking-tools exploit forensics hackers hacking hacking-tools kali-linux linux-tools penetration-testing penetration-testing-tools red-team reverse-engineering vulnerability web-security

Last synced: 19 days ago
JSON representation

A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.

• Host: GitHub
• URL: https://github.com/yogsec/hacking-tools
• Owner: yogsec
• License: mit
• Created: 2025-02-13T08:09:05.000Z (about 1 year ago)
• Default Branch: main
• Last Pushed: 2026-01-25T10:38:41.000Z (about 2 months ago)
• Last Synced: 2026-01-25T21:29:53.494Z (about 2 months ago)
• Topics: blue-team, bug-bounty-tools, bugbounty, bugbountytips, cybersecurity, ethical-hacking-tools, exploit, forensics, hackers, hacking, hacking-tools, kali-linux, linux-tools, penetration-testing, penetration-testing-tools, red-team, reverse-engineering, vulnerability, web-security
• Homepage: https://linktr.ee/yogsec
• Size: 64.5 KB
• Stars: 502
• Watchers: 5
• Forks: 108
• Open Issues: 3
• Metadata Files:
  • Readme: README.md
  • Funding: .github/FUNDING.yml
  • License: LICENSE

Awesome Lists containing this project

README

          
# Hacking-Tools



A curated list of penetration testing and ethical hacking tools, organized by category. This collection includes Kali Linux tools and other notable utilities.


![Hacking Anime](https://media0.giphy.com/media/v1.Y2lkPTc5MGI3NjExdHJjMXpvb2hkdXJvN2Y3cmllNG81YXNsem90ejhwY2NqbXB5OXgzaiZlcD12MV9pbnRlcm5hbF9naWZfYnlfaWQmY3Q9Zw/137EaR4vAOCn1S/giphy.gif)








  

  

    

  

  

    

  

  

    

  

  

    

  

  

    

  




---

## Table of Contents

- [🔍 Information Gathering](#-information-gathering)

- [🔎 Vulnerability Analysis](#-vulnerability-analysis)

- [💥 Exploitation Tools](#-exploitation-tools)

- [📡 Wireless Attacks](#-wireless-attacks)

- [🧑‍💻 Forensics Tools](#-forensics-tools)

- [⏳ Stress Testing](#-stress-testing)

- [🕵️‍♀️ Sniffing & Spoofing](#-sniffing--spoofing)

- [🔐 Password Attacks](#-password-attacks)

- [🌐 Web Application Analysis](#-web-application-analysis)

- [🧑‍💻 Reverse Engineering](#-reverse-engineering)

- [📝 Reporting Tools](#-reporting-tools)

- [🎭 Social Engineering Tools](#-social-engineering-tools)

- [🧩 Miscellaneous](#-miscellaneous)

## Information Gathering

- 🛜 **[Nmap](https://nmap.org/)** – Network scanning and mapping tool.

- 📶 **[Kismet](https://www.kismetwireless.net/)** – Wireless network detector, sniffer, and intrusion detection.

- 🕵️ **[Maltego](https://www.maltego.com/)** – OSINT and data mining tool for information analysis.

- 📨 **[theHarvester](https://github.com/laramies/theHarvester)** – Tool to gather emails, subdomains, hosts, and more.

- 🔗 **[Recon-ng](https://github.com/lanmaster53/recon-ng)** – Full-featured web reconnaissance framework.

- 🕵️‍♂️ **[SpiderFoot](https://github.com/smicallef/spiderfoot)** – Automate OSINT collection from multiple sources.

- 🔍 **[Amass](https://github.com/OWASP/Amass)** – Network mapping and external asset discovery tool.

- 🗂️ **[Sublist3r](https://github.com/aboul3la/Sublist3r)** – Subdomain enumeration using search engines.

- 🧑‍💻 **[Assetfinder](https://github.com/tomnomnom/assetfinder)** – Subdomain discovery using various sources.

- 🌍 **[crt.sh](https://crt.sh/)** – SSL certificate transparency log search engine.

- 🧪 **[Dnsrecon](https://github.com/darkoperator/dnsrecon)** – Perform DNS enumeration and zone transfers.

- 📜 **[Fierce](https://github.com/mschwager/fierce)** – DNS reconnaissance and attack tool.

- 📄 **[WHOIS](https://www.whois.com/)** – Domain registration and ownership lookup.

- 📬 **[EmailHarvester](https://github.com/maldevel/EmailHarvester)** – Email enumeration and gathering.

- 🕸️ **[Shodan](https://www.shodan.io/)** – Search engine for internet-connected devices.

- 🔥 **[Censys](https://censys.io/)** – Search engine for hosts and networks on the internet.

- 🌐 **[OSINT Framework](https://osintframework.com/)** – Collection of OSINT tools and resources.

- 🧑‍💻 **[FOCA](https://github.com/ElevenPaths/FOCA)** – Metadata extraction and document analysis.

- 🛡️ **[Netcraft](https://www.netcraft.com/)** – Website profiling and phishing detection.

- 🏛️ **[BuiltWith](https://builtwith.com/)** – Website technology lookup and analysis.

## Vulnerability Analysis

- 🧪 **[OpenVAS](https://github.com/greenbone/openvas-scanner)** – Open-source vulnerability scanner.

- 🛡️ **[Nessus](https://www.tenable.com/products/nessus)** – Commercial vulnerability assessment tool.

- 🕵️‍♂️ **[Nikto](https://cirt.net/Nikto2)** – Web server scanner for detecting vulnerabilities.

- 🐺 **[Wapiti](https://github.com/wapiti-scanner/wapiti)** – Web application security scanner.

- 🧑‍💻 **[Vega](https://github.com/subgraph/Vega)** – GUI-based web vulnerability scanner.

- 🕷️ **[Arachni](https://github.com/Arachni/arachni)** – Feature-rich web application security scanner.

- 🐍 **[SQLmap](https://github.com/sqlmapproject/sqlmap)** – Automated SQL injection detection and exploitation tool.

- 🕸️ **[OWASP ZAP](https://www.zaproxy.org/)** – Open-source web application security scanner.

- 🛜 **[Nmap Vulners](https://github.com/vulnersCom/nmap-vulners)** – Nmap NSE script for CVE detection.

- 🔎 **[Retire.js](https://github.com/RetireJS/retire.js)** – JavaScript library vulnerability scanner.

- ⚙️ **[Dependency-Check](https://github.com/jeremylong/DependencyCheck)** – Vulnerability analysis for project dependencies.

- 🧑‍💻 **[Bandit](https://github.com/PyCQA/bandit)** – Security linter for Python code.

- 🐞 **[Vuls](https://github.com/future-architect/vuls)** – Agentless vulnerability scanner for Linux/FreeBSD servers.

- 📦 **[Trivy](https://github.com/aquasecurity/trivy)** – Vulnerability scanner for containers and dependencies.

- 🧑‍💻 **[Grype](https://github.com/anchore/grype)** – Vulnerability scanner for container images and filesystems.

- 🧑‍💻 **[Safety](https://github.com/pyupio/safety)** – Python dependency security scanner.

- 📄 **[Lychee](https://github.com/lycheeverse/lychee)** – Broken link checker with vulnerability detection potential.

- 📜 **[GitLeaks](https://github.com/gitleaks/gitleaks)** – Detect hardcoded secrets and sensitive data.

- 🧑‍💻 **[ScoutSuite](https://github.com/nccgroup/ScoutSuite)** – Multi-cloud security auditing tool.

- 🧑‍💻 **[CloudSploit](https://github.com/aquasecurity/cloudsploit)** – AWS security auditing tool.

## Exploitation Tools

- 🎯 [**Metasploit Framework**](https://github.com/rapid7/metasploit-framework) – Powerful exploit development and penetration testing framework.

- 🚀 [**Armitage**](https://github.com/rsmudge/armitage) – GUI front-end for Metasploit to visualize attacks.

- 🌐 [**BeEF (Browser Exploitation Framework)**](https://github.com/beefproject/beef) – Exploits browser vulnerabilities for client-side attacks.

- 💻 [**ExploitDB**](https://github.com/offensive-security/exploitdb) – Archive of public exploits and proof-of-concept code.

- 📜 [**SearchSploit**](https://github.com/offensive-security/exploitdb-bin-sploits) – Offline version of ExploitDB for quick exploit searching.

- 🐍 [**sqlmap**](https://github.com/sqlmapproject/sqlmap) – Automated SQL injection exploitation tool.

- 📤 [**Commix**](https://github.com/commixproject/commix) – Automated command injection vulnerability scanner.

- 🖥️ [**RouterSploit**](https://github.com/threat9/routersploit) – Exploits vulnerabilities in routers, IoT, and embedded devices.

- 📲 [**SET (Social Engineering Toolkit)**](https://github.com/trustedsec/social-engineer-toolkit) – Human hacking via phishing, payloads, and more.

- 🕵️‍♂️ [**Empire**](https://github.com/BC-SECURITY/Empire) – Post-exploitation framework for PowerShell agents.

- 🧑‍💻 [**Pupy**](https://github.com/n1nj4sec/pupy) – Cross-platform post-exploitation remote access tool (RAT).

- 🧨 [**Sliver**](https://github.com/BishopFox/sliver) – C2 framework for adversary simulation and red teaming.

- 🐚 [**Shellter**](https://www.shellterproject.com) – Dynamic shellcode injector for Windows executables.

- 🐦 [**Merlin**](https://github.com/Ne0nd0g/merlin) – Post-exploitation command & control server using HTTP/2.

- 🧙‍♂️ [**Covenant**](https://github.com/cobbr/Covenant) – C#-based post-exploitation platform.

- 🔒 [**PowerSploit**](https://github.com/PowerShellMafia/PowerSploit) – PowerShell scripts for post-exploitation.

- 🔎 [**Windows Exploit Suggester**](https://github.com/bitsadmin/wesng) – Suggests exploits based on Windows OS versions.

- 📦 [**PayloadsAllTheThings**](https://github.com/swisskyrepo/PayloadsAllTheThings) – Collection of payloads for exploits, fuzzing, and pentesting.

- 🧑‍💻 [**Fuzzbunch**](https://github.com/fuzzbunch/fuzzbunch) – NSA’s exploit framework (part of the Shadow Brokers leak).

- 🛠️ [**CrackMapExec**](https://github.com/byt3bl33d3r/CrackMapExec) – Swiss army knife for post-exploitation in Windows environments.

## Wireless Attacks

- 📡 [**Aircrack-ng**](https://github.com/aircrack-ng/aircrack-ng) – WiFi cracking suite

- 🛠️ [**Reaver**](https://github.com/t6x/reaver-wps-fork) – WPS attack tool

- 🧑‍💻 [**Fern WiFi Cracker**](https://github.com/savio-code/fern-wifi-cracker) – Wireless network auditing tool

- 🔓 [**Wifite**](https://github.com/derv82/wifite) – Automated wireless attack tool

- 🛡️ [**Kismet**](https://kismetwireless.net/) – Wireless network detector & sniffer

- 🌐 [**MDK3**](https://github.com/aircrack-ng/mdk3) – Wireless network attack tool

- 🎯 [**PixieWPS**](https://github.com/wiire/aircrack-ng) – WPS offline attack tool

- 🧠 [**WPA2 Wordlist Generator**](https://github.com/edenhill/wpa2-wordlist-generator) – Generate custom WPA2 wordlists

- 🕵️‍♂️ [**Bully**](https://github.com/aanarchyy/bully) – WPS attack tool for brute-forcing

- 🔄 [**Evil Twin**](https://github.com/derv82/evil-twin) – Create fake AP for capturing handshakes

- 🚀 [**WiFi-Pumpkin**](https://github.com/P0cL4bs/WiFi-Pumpkin) – Man-in-the-middle framework for Wi-Fi networks

- 🧩 [**Airgeddon**](https://github.com/v1s1t0r1sh3r3/airgeddon) – Multi-use bash script for wireless auditing

- 🧑‍💻 [**Ghost Phisher**](https://github.com/sundowndev/ghost-phisher) – Wireless network attack tool for phishing

- 🧑‍🔧 [**NoCatSplash**](https://github.com/no-such-project/NoCatSplash) – Captive portal for Wi-Fi networks

- 🦠 [**Wifiphisher**](https://github.com/wifiphisher/wifiphisher) – Phishing tool for Wi-Fi networks

- 📡 [**WLANPi**](https://github.com/wlanpi/wlanpi) – Wireless attack platform for pen-testers

- 🛠️ [**Cowpatty**](https://github.com/wiire/cowpatty) – Tool for offline WPA2 cracking

- 🌐 [**Scapy**](https://github.com/secdev/scapy) – Python tool for packet manipulation and analysis

- 📶 [**NetStumbler**](http://www.netstumbler.com/) – Wi-Fi scanner for Windows

- 🔒 [**Wi-Fi Pineapple**](https://github.com/securestate/wifipineapple) – Wireless attack platform by Hak5

## Forensics Tools

- 🧑‍💻 [**Autopsy**](https://www.autopsy.com/) – Digital forensics platform for analyzing hard drives and smartphones.

- 🧠 [**Volatility**](https://www.volatilityfoundation.org/) – Memory forensics framework for analyzing RAM dumps.

- 🗂️ [**Binwalk**](https://github.com/ReFirmLabs/binwalk) – Firmware analysis tool for extracting embedded files.

- 🔍 [**Sleuth Kit (TSK)**](https://www.sleuthkit.org/sleuthkit/) – Command-line tools for disk image investigation.

- 🧑‍💻 [**ExifTool**](https://exiftool.org/) – Metadata extractor for images, videos, and documents.

- 🗃️ [**TestDisk**](https://www.cgsecurity.org/wiki/TestDisk) – Disk recovery tool to restore lost partitions.

- 🔄 [**PhotoRec**](https://www.cgsecurity.org/wiki/PhotoRec) – File recovery software for deleted files from disks.

- 🧑‍💻 [**Foremost**](https://foremost.sourceforge.net/) – File carving tool for data recovery based on headers.

- 🔑 [**Hashdeep**](https://github.com/jessek/hashdeep) – File hashing tool with recursive hashing & audit mode.

- 🧑‍💻 [**Bulk Extractor**](https://github.com/simsong/bulk_extractor) – Extracts email, URLs, and other artifacts from raw data.

- 🗄️ [**Digital Forensics Framework (DFF)**](https://github.com/arxsys/dff) – Open-source platform for digital forensics.

- 🧑‍💻 [**Xplico**](https://www.xplico.org/) – Network forensics tool to reconstruct network sessions.

- 🧑‍💻 [**NetworkMiner**](https://www.netresec.com/?page=NetworkMiner) – Passive network packet analyzer for network forensics.

- 🧑‍💻 [**Pdf-parser**](https://blog.didierstevens.com/programs/pdf-tools/) – Analyze and extract content from PDF files.

- 🧑‍💻 [**RegRipper**](https://github.com/keydet89/RegRipper3.0) – Windows registry analysis tool.

- 🧑‍💻 [**PEView**](https://www.aldeid.com/wiki/PEview) – Portable executable (PE) file viewer for malware analysis.

- 🧑‍💻 [**YARA**](https://github.com/VirusTotal/yara) – Malware pattern-matching tool used by researchers.

- 🧑‍💻 [**HxD**](https://mh-nexus.de/en/hxd/) – Hex editor for raw disk editing and analysis.

- 🧑‍💻 [**FTK Imager**](https://accessdata.com/products-services/ftk-imager) – Disk imaging and evidence preview tool.

- 🧑‍💻 [**Capstone**](https://www.capstone-engine.org/) – Disassembly framework for binary analysis.

## Stress Testing

- 🐌 **[Slowloris](https://github.com/gkbrk/slowloris)** – HTTP DoS tool for keeping many connections open

- 🛰️ **[LOIC](https://github.com/NewEraCracker/LOIC)** – Low Orbit Ion Cannon for stress testing

- 🐻 **[HULK](https://github.com/evilarc/HULK)** – HTTP flood tool that makes use of varied requests

- 🦸 **[GoldenEye](https://github.com/jseidl/GoldenEye)** – Python-based HTTP denial-of-service tool

- 💨 **[Tsunami](https://github.com/tsunami-pft/tsunami)** – Network stress testing and security evaluation

- 🛑 **[R-U-Dead-Yet](https://github.com/m0nad/DDoS)** – Simple DoS testing tool

- 🧯 **[DDoS-Sim](https://github.com/DDoS-Sim/DDoS-Sim)** – DDoS simulation tool

- 💥 **[Xerxes](https://github.com/BigMondo/Xerxes)** – Powerful DDoS attack tool for testing purposes

- 🎯 **[Web-Hulk](https://github.com/wwkman/Web-Hulk)** – Web server stress testing tool

- 🚀 **[Synful](https://github.com/SynfulTeam/synful)** – SYN flood tool for stress testing

- 💣 **[LOIC-PowerShell](https://github.com/LOIC-PowerShell/LOIC-PowerShell)** – PowerShell-based LOIC for DDoS testing

- 🌐 **[T50](https://github.com/technitium/T50)** – A powerful stress testing tool that simulates multiple attack vectors

- 🌪️ **[RIP-Lite](https://github.com/Sp0oF/RIP-Lite)** – Lightweight stress testing tool for HTTP and SOCKS

- 🐉 **[Stress-ng](https://github.com/ColinIanKing/stress-ng)** – A tool that can stress test the CPU, RAM, I/O, and more

- 🛠️ **[XDT](https://github.com/xwdn/xdt)** – DDoS testing tool with multi-protocol support

- 🥂 **[Botnet](https://github.com/yeswepwn/Botnet)** – DDoS botnet attack simulation tool

- 🔨 **[DDOS-Exploit](https://github.com/nemesis2020/DDOS-Exploit)** – Exploit kit for DDoS stress testing

- 🛡️ **[Fudp](https://github.com/Toph-3r/fudp)** – A multi-threaded UDP flooder for stress testing

- ⚡ **[BlackHAT](https://github.com/j3ssie/BlackHAT)** – A stress testing framework for web applications

## Sniffing & Spoofing

- 🌐 **[Wireshark](https://www.wireshark.org/)** – Network protocol analyzer

- 🕵️‍♂️ **[Ettercap](https://www.ettercap-project.org/)** – Man-in-the-middle attack tool

- ⚡ **[BetterCAP](https://www.bettercap.org/)** – Flexible network attack & monitoring tool

- 📡 **[Tcpdump](https://www.tcpdump.org/)** – Command-line packet analyzer

- 🌍 **[Nessus](https://www.tenable.com/products/nessus)** – Vulnerability scanner with sniffing capabilities

- 🐍 **[Scapy](https://scapy.net/)** – Python-based interactive packet manipulation program

- 🌐 **[MITMf](https://github.com/byt3bl33d3r/MITMf)** – Man-in-the-middle framework for network attacks

- 🦊 **[Fakenet-NG](https://github.com/axil/fakenet-ng)** – Fake network traffic generation tool

- 🐾 **[Dsniff](https://github.com/joschi/dsniff)** – Collection of network monitoring tools for penetration testers

- 🎯 **[Responder](https://github.com/SpiderLabs/Responder)** – LLMNR, NBT-NS, and MDNS poisoner for internal network attacks

- 💻 **[Ettercap-NG](https://github.com/Ettercap/ettercap)** – Enhanced version of Ettercap with additional features

- 🧑‍💻 **[Arp-Spoof](https://github.com/vanhauser-thc/thc-hydra)** – Tool to intercept network traffic by sending ARP packets

- 🌐 **[WiFi-Pumpkin](https://github.com/P0cL4bs/WiFi-Pumpkin)** – WiFi spoofing tool

- 🎣 **[Aircrack-ng](https://www.aircrack-ng.org/)** – Suite for wireless network auditing and cracking WEP/WPA keys

- 🧩 **[Xplico](https://www.xplico.org/)** – Network forensics tool that extracts applications' data from pcap files

- 📊 **[Pry-Fi](https://github.com/Kevin-Robert/Pry-Fi)** – A tool to find and exploit vulnerabilities in wireless networks

- 🕵️‍♀️ **[Kismet](https://kismetwireless.net/)** – Wireless network detector, sniffer, and intrusion detection system

- 🐍 **[Burp Suite](https://portswigger.net/burp)** – Web vulnerability scanner and network attack tool with advanced interception features

- 💻 **[Snoopy](https://github.com/marooned/snoopy)** – Sniffing & spoofing tool focused on DNS & HTTP traffic

- 📡 **[Snort](https://www.snort.org/)** – Open-source network intrusion detection & prevention system

## Password Attacks

- 🔥 **[John the Ripper](https://www.openwall.com/john/)** – Password cracking tool for various password hashes.

- 🧑‍💻 **[Hydra](https://github.com/vanhauser-thc/thc-hydra)** – Brute-force tool that supports a wide range of protocols.

- ⚡ **[Hashcat](https://github.com/hashcat/hashcat)** – Advanced password recovery using GPUs.

- 🐍 **[Medusa](https://github.com/jmk-foofus/medusa)** – A speedy, parallelized login brute-forcer.

- 🌐 **[Aircrack-ng](https://www.aircrack-ng.org/)** – WiFi password cracking suite.

- 🔐 **[Wifite](https://github.com/derv82/wifite2)** – Wireless network attack tool focused on WPA/WPA2.

- 🧠 **[THC-Hydra](https://github.com/vanhauser-thc/thc-hydra)** – A very fast network login cracker.

- 🎯 **[Hash-Toolkit](https://github.com/rapid7/hash_toolkit)** – A tool for password hash cracking.

- 🛠️ **[Brutus](https://www.hoobie.net/brutus/)** – An old but reliable password cracker for HTTP, FTP, and more.

- 🔑 **[Burp Suite](https://portswigger.net/burp)** – A popular web vulnerability scanner with password attack features.

- 🧑‍💻 **[Ophcrack](http://ophcrack.sourceforge.net/)** – A Windows password cracker using rainbow tables.

- 💻 **[Cain & Abel](https://www.oxid.it/cain.html)** – A versatile tool for cracking various password hashes, sniffing networks, and decoding passwords.

- 🔐 **[L0phtCrack](https://www.l0phtcrack.com/)** – Windows password auditing and recovery tool.

- 🧩 **[CrackStation](https://crackstation.net/)** – A free online service for cracking password hashes using dictionary attacks.

- 🔓 **[RainbowCrack](https://project-rainbowcrack.com/)** – A tool that utilizes rainbow tables to crack passwords.

- 🧑‍💻 **[Medusa](https://github.com/jmk-foofus/medusa)** – Parallelized login brute-forcer for multiple protocols.

- 🔥 **[Patator](https://github.com/lanjelot/patator)** – A multi-purpose brute-forcing tool that supports numerous protocols.

- 🛡️ **[RSMangler](https://github.com/s0md3v/Hash-Buster)** – A hash bruteforce tool for creating password dictionaries.

- 🧑‍💻 **[CrackMapExec](https://github.com/byt3bl33d3r/CrackMapExec)** – A post-exploitation tool for automating credential validation.

- 🕵️‍♀️ **[SudoKiller](https://github.com/TH3xACE/SudoKiller)** – A tool for privilege escalation that can be used for password cracking in Unix-based systems.

## Web Application Analysis

- 🧑‍💻 [**Burp Suite**](https://portswigger.net/burp) – Web security testing toolkit.

- 🕵️ [**OWASP ZAP**](https://www.zaproxy.org/) – Open-source web application scanner.

- 🐍 [**SQLmap**](https://github.com/sqlmapproject/sqlmap) – Automated SQL injection tool.

- 📜 [**Wappalyzer**](https://www.wappalyzer.com/) – Identify technologies on websites.

- 🧑‍💻 [**Dirb**](https://gitlab.com/kalilinux/packages/dirb) – Web content scanner.

- 📂 [**Gobuster**](https://github.com/OJ/gobuster) – Directory and DNS brute-forcing.

- 🔍 [**Nikto**](https://github.com/sullo/nikto) – Web server vulnerability scanner.

- 🧑‍💻 [**Sublist3r**](https://github.com/aboul3la/Sublist3r) – Subdomain enumeration.

- 🕵️ [**Amass**](https://github.com/owasp-amass/amass) – Network mapping and subdomain enumeration.

- 📝 [**Httpx**](https://github.com/projectdiscovery/httpx) – Fast HTTP probing.

- 🌐 [**FFUF**](https://github.com/ffuf/ffuf) – Fast web fuzzer.

- 🧑‍💻 [**WhatWeb**](https://github.com/urbanadventurer/WhatWeb) – Identify web technologies.

- 🛠️ [**Nuclei**](https://github.com/projectdiscovery/nuclei) – Vulnerability scanning and templating.

- 🧑‍💻 [**XSStrike**](https://github.com/s0md3v/XSStrike) – XSS detection and exploitation.

- 🐞 [**Commix**](https://github.com/commixproject/commix) – Automated command injection.

- 🔥 [**WPScan**](https://github.com/wpscanteam/wpscan) – WordPress security scanner.

- 🛡️ [**Cmsmap**](https://github.com/Dionach/CMSmap) – CMS detection and exploitation.

- 🔍 [**Arachni**](https://github.com/Arachni/arachni) – Advanced web vulnerability scanner.

- 🕵️ [**Waybackurls**](https://github.com/tomnomnom/waybackurls) – Fetch URLs from Wayback Machine.

- 🧑‍💻 [**Unfurl**](https://github.com/tomnomnom/unfurl) – Extract URLs and data from URLs.

- 📂 [**Dirsearch**](https://github.com/maurosoria/dirsearch) – A fast and powerful scanner that uses brute-force to find hidden directories and files on web servers. It discovers inaccessible content with customizable wordlists.

## Reverse Engineering

- 🧠 [**Ghidra**](https://ghidra-sre.org/) – Open-source software reverse engineering framework.

- 🔎 [**Radare2**](https://github.com/radareorg/radare2) – Command-line reverse engineering toolkit.

- 🛠️ [**OllyDbg**](http://www.ollydbg.de/) – 32-bit assembler-level debugger for Windows.

- 🧑‍💻 [**IDA Pro**](https://hex-rays.com/ida-pro/) – Industry-standard interactive disassembler.

- 🐍 [**Binary Ninja**](https://binary.ninja/) – Interactive binary analysis platform.

- 🛡️ [**x64dbg**](https://x64dbg.com/) – Open-source Windows debugger for x64 and x86.

- 🧬 [**Cutter**](https://cutter.re/) – GUI for Radare2 with advanced analysis features.

- 📝 [**Hopper**](https://www.hopperapp.com/) – Mac & Linux disassembler with powerful analysis.

- 🧑‍💻 [**dnSpy**](https://github.com/dnSpy/dnSpy) – .NET debugger and assembly editor.

- 🔄 [**RetDec**](https://retdec.com/) – Open-source decompiler for machine code.

- ⚙️ [**angr**](https://angr.io/) – Python framework for binary analysis.

- 🧑‍💻 [**Frida**](https://frida.re/) – Dynamic instrumentation toolkit.

- 🔗 [**Binary Analysis Toolkit (BAT)**](https://github.com/cea-sec/BAT) – Malware analysis and binary inspection.

- 🐛 [**Rizin**](https://rizin.re/) – Fork of Radare2 with a focus on usability.

- 🗂️ [**PEiD**](https://www.softpedia.com/get/Programming/File-Editors/PEiD.shtml) – Detect packers, cryptors, and compilers.

- 🧑‍💻 [**DiE (Detect It Easy)**](https://github.com/horsicq/Detect-It-Easy) – Portable executable identifier.

- 📊 [**LIEF**](https://lief.quarkslab.com/) – Library for parsing and modifying executables.

- 🔍 [**Snowman**](https://derevenets.com/) – Native code to C++ decompiler.

- 🧑‍💻 [**APKTool**](https://github.com/iBotPeaches/Apktool) – Decompile and rebuild Android APKs.

- 🔓 [**JEB Decompiler**](https://www.pnfsoftware.com/jeb/) – Commercial decompiler for Android and other platforms.

## Reporting Tools

- 📄 [**Dradis**](https://dradisframework.com/) – Collaboration and reporting platform for pentesters.

- 🧑‍💻 [**Faraday**](https://faradaysec.com/) – Multi-user penetration testing IDE.

- 🌳 [**MagicTree**](http://www.magictree.org/) – Pentesting productivity tool for data aggregation and reporting.

- 📊 [**Serpico**](https://github.com/SerpicoProject/Serpico) – Simplifying pentest reporting using templates.

- 📝 [**LaTeX**](https://www.latex-project.org/) – High-quality typesetting system often used for security reports.

- 📑 [**reNgine**](https://github.com/yogeshojha/rengine) – Automated reconnaissance framework with reporting.

- 🧑‍💻 [**ReconNote**](https://github.com/nahamsec/recon_note) – Web-based notes manager for recon and reporting.

- 📝 [**Pentracker**](https://github.com/noraj/pentracker) – Pentest reporting and management tool.

- 📄 [**Markdown**](https://www.markdownguide.org/) – Lightweight markup language for clean report writing.

- 📄 [**Ghostwriter**](https://github.com/GhostManager/Ghostwriter) – Reporting and engagement management platform.

- 📊 [**VulnReport**](https://github.com/salesforce/vulnreport) – Automated vulnerability reporting platform.

- 📋 [**Katana Framework**](https://github.com/PowerScript/KatanaFramework) – Post-exploitation and reporting utility.

- 📑 [**Pentest-Report-Template**](https://github.com/adamjdeacon/Pentest-Report-Template) – Professional pentest report LaTeX template.

- 📄 [**ProofSuite**](https://github.com/danielfuentes/proofsuite) – Automated proof of concept and reporting tool.

- 🧑‍💻 [**VulnWhisperer**](https://github.com/austin-taylor/VulnWhisperer) – Vulnerability management reporting with Nessus, Qualys, and OpenVAS.

- 📜 [**RiskSense**](https://www.risksense.com/) – Risk-based vulnerability management and reporting.

- 📝 [**Pentestly**](https://github.com/praetorian-code/pentestly) – Powershell-based post-exploitation and reporting.

- 📄 [**SecReport**](https://github.com/Matir/secreport) – Report generation tool for pentesters.

- 📋 [**PwnDoc**](https://github.com/pwndoc/pwndoc) – Pentest reporting tool with customizable templates.

- 🧑‍💻 [**PenTest-Wiki**](https://github.com/nixawk/pentest-wiki) – Knowledge base for pentesting & reporting references.

## Social Engineering Tools

- 🧑‍💻 [**SET (Social-Engineer Toolkit)**](https://github.com/trustedsec/social-engineer-toolkit) – Advanced framework for social engineering attacks.

- 📧 [**King Phisher**](https://github.com/rsmusllp/king-phisher) – Phishing campaign toolkit for testing and training.

- 🎣 [**Phishing Frenzy**](https://github.com/pentestgeek/phishing-frenzy) – Phishing campaign automation platform.

- 🪤 [**Gophish**](https://github.com/gophish/gophish) – Open-source phishing toolkit for awareness and testing.

- 📩 [**Evilginx2**](https://github.com/kgretzky/evilginx2) – Phishing toolkit using reverse proxy for capturing credentials & tokens.

- 🕵️‍♀️ [**HiddenEye**](https://github.com/DarkSecDevelopers/HiddenEye) – Modern phishing tool with advanced social engineering features.

- 🔥 [**BlackEye**](https://github.com/An0nUD4Y/blackeye) – Phishing tool with site cloning capabilities.

- 🛜 [**Zphisher**](https://github.com/htr-tech/zphisher) – Advanced phishing tool with tunneling support.

- 📡 [**SocialFish**](https://github.com/UndeadSec/SocialFish) – Social engineering phishing framework.

- 🧑‍💻 [**HiddenEye Reborn**](https://github.com/DarkSecDevelopers/HiddenEyeReborn) – Improved version of HiddenEye for phishing & spoofing.

- 🧑‍💻 [**EvilPhish**](https://github.com/An0nNiemus/EvilPhish) – Social engineering tool for phishing websites.

- 📬 [**ShellPhish**](https://github.com/thelinuxchoice/shellphish) – Automated phishing tool supporting multiple templates.

- 🧑‍💻 [**CamPhish**](https://github.com/techchipnet/CamPhish) – Webcam phishing attack tool.

- 🕵️ [**Weeman**](https://github.com/evait-security/weeman) – HTTP server-based phishing framework.

- 📲 [**QRGen**](https://github.com/sdushantha/qrgen) – QR code phishing generator.

- 🕵️ [**PyPhisher**](https://github.com/KasRoudra/PyPhisher) – Python-based phishing toolkit with multiple site templates.

- 🕸️ [**AdvPhishing**](https://github.com/Ignitetch/AdvPhishing) – Advanced phishing tool with login page cloning.

- 🎯 [**SocialBox**](https://github.com/samsesh/SocialBox) – Brute-force social media hacking toolkit.

- 🧑‍💻 [**XPhisher**](https://github.com/htr-tech/xphisher) – Advanced phishing tool with inbuilt tunneling.

- 🌐 [**CredSniper**](https://github.com/ustayready/CredSniper) – Phishing framework with two-factor authentication bypass support.

## Miscellaneous

- 🐉 **[Kali Linux](https://www.kali.org/)** – Advanced penetration testing and security auditing OS.

- 🦜 **[Parrot Security OS](https://www.parrotsec.org/)** – Security-focused OS for pentesting and privacy.

- 🧑‍💻 **[BackBox](https://www.backbox.org/)** – Ubuntu-based Linux distro for penetration testing.

- 🕵️ **[BlackArch Linux](https://blackarch.org/)** – Arch-based OS with 2800+ hacking tools.

- 🔎 **[Pentoo](https://www.pentoo.ch/)** – Security-focused Gentoo-based Linux.

- 🧑‍💻 **[Tails](https://tails.boum.org/)** – Privacy and anonymity-focused live OS.

- 🧪 **[CAINE](https://www.caine-live.net/)** – Digital forensics live Linux distro.

- 🧑‍💻 **[Bugtraq](https://bugtraq-team.com/)** – Linux distro for pentesting & malware analysis.

- 🔒 **[Whonix](https://www.whonix.org/)** – Anonymous OS based on Tor.

- 🧠 **[DEFT Linux](https://www.deftlinux.net/)** – Digital evidence & forensics toolkit.

- 🌐 **[Subgraph OS](https://subgraph.com/)** – Secure Linux distro with hardened kernel.

- 🧑‍💻 **[ArchStrike](https://archstrike.org/)** – Arch Linux repository for security tools.

- 🧑‍💻 **[Fedora Security Lab](https://labs.fedoraproject.org/security/)** – Fedora spin for security auditing.

- 🧑‍💻 **[SamuraiWTF](https://github.com/SamuraiWTF/samuraiwtf)** – Web application penetration testing environment.

- 🔎 **[Cyborg Hawk](https://cyborg.ztrela.com/)** – Security distro for penetration testing.

- 🧑‍💻 **[Matriux Krypton](https://www.matriux.com/)** – Debian-based security distribution.

- 🔥 **[NodeZero](https://sourceforge.net/projects/nodezero/)** – Ubuntu-based penetration testing OS.

- 🧑‍💻 **[GnackTrack](https://sourceforge.net/projects/gnacktrack/)** – Linux live distribution for penetration testing.

- 🛡️ **[SELKS](https://www.stamus-networks.com/open-source)** – Suricata-based IDS/IPS platform.

- 🕵️‍♂️ **[PentestBox](https://pentestbox.org/)** – Penetration testing toolkit for Windows.

---

### Support

You can support this project **directly** using **Ko-fi**:  

[![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/W7W116EDDL)

> Every contribution, small or large, helps keep open-source cybersecurity alive. Thank you for supporting **Hacking-Tools**! 🛡️