The tools listed below are commonly used in penetration testing, and the tool catalog is referenced from Kali Tools, most of which are open source software. The project long-term supplementary update QAQ
- Directory
- Browser bookmarks
- Tools Usage
- Virtual machine - Windows11 Penetration Suite Toolkit
- Information Gathering
- Vulnerability Analysis
- Web Applications
- Database Assessment
- Password Attacks
- Wireless Attacks
- Reverse Engineering
- Exploitation Tools
- Sniffing & Spoofng
- Maintaining Access
- Golang Sec Tools
- Reporting Tools
- Social Engineering
- Code Audit
- Port Forwarding & Proxies
- DevSecOps
- RootKit
- Cyber Range
- whois - Windows Whois performs the registration record for the domain name or IP address that you specify.
- subDomainsBrute - A fast sub domain brute tool for pentesters
- ksubdomain - Subdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second
- Sublist3r - Fast subdomains enumeration tool for penetration testers
- OneForAll - 👊 OneForAll is a powerful subdomain integration tool
- LayerDomainFinder - a subdomains enumeration tool by Layer
- GHDB - Google Hack Database
- SearchDiggity - SearchDiggity 3.1 is the primary attack tool of the Google Hacking Diggity Project
- Katana - A Python Tool For google Hacking
- uDork - uDork is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information in files or directories, find IoT devices, detect versions of web applications, and so on.
- GooFuzz - GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).
- Pagodo - pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching .
- GitHacker - 🕷️ A Git source leak exploit tool that restores the entire Git repository, including data from stash, for white-box auditing and analysis of developers' mind.
- GitGraber - gitGraber is a tool developed in Python3 to monitor GitHub to search and find sensitive data in real time for different online services.
- GitMiner - Tool for advanced mining for content on Github.
- Gitrob - Reconnaissance tool for GitHub organizations.
- svnExploit - Support for SVN source code disclosure of full version and Dump it.
- SvnHack - SvnHack is a SVN folder disclosure exploit. 🔒
- Nmap | Zenmap - Free and open source utility for network discovery and security auditing
- Masscan - TCP port scanner, spews SYN packets asynchronously
- Ports - Common service ports and exploitations
- Goby - Attack surface mapping
- Goscan - Interactive Network Scanner
- NimScan - 🚀 Fast Port Scanner 🚀
- RustScan - 🤖 The Modern Port Scanner 🤖
- TXPortMap - Port Scanner & Banner Identify From TianXiang
- Scaninfo - fast scan for redtools
- theHarvester- E-mails, subdomains and names Harvester - OSINT
- SpiderFoot - SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
- Recon-ng - Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.
- FOCA - Tool to find metadata and hidden information in the documents.
- Amass - In-depth Attack Surface Mapping and Asset Discovery
- Censys-subdomain-finder - Perform subdomain enumeration using the certificate transparency logs from Censys.
- EmailHarvester - Email addresses harvester
- Finalrecon - The Last Web Recon Tool You'll Need.
- LittleBrother - Information gathering (OSINT) on a person (EU)
- Octosuite - Advanced Github OSINT Framework
- gophish - Open-Source Phishing Toolkit
- AdvPhishing - This is Advance Phishing Tool ! OTP PHISHING
- SocialFish - Educational Phishing Tool & Information Collector
- Zphisher - An automated phishing tool with 30+ templates. This Tool is made for educational purpose only ! Author will not be responsible for any misuse of this toolkit !
- Nexphisher - Advanced Phishing tool for Linux & Termux
- Struts-Scan - Struts2 vulnerability detection and utilization tools
- Nikto - Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items
- W3af - Web application attack and audit framework, the open source web vulnerability scanner
- Openvas - The world's most advanced Open Source vulnerability scanner and manager
- Archery - Open Source Vulnerability Assessment and Management helps developers and pentesters to perform scans and manage vulnerabilities
- Taipan - Web application vulnerability scanner
- Arachni - Web Application Security Scanner Framework
- Nuclei - Fast and customizable vulnerability scanner based on simple YAML based DSL.
- Xray - A passive-vulnerability-scanner Tool.
- SiteScan - AllinOne Website Information Gathering Tools for pentest.
- Banli - High-risk asset identification and high-risk vulnerability scanner.
- vscan - Open Source Vulnerability Scanner.
- Wapiti - Web vulnerability scanner written in Python3.
- AngelSword - CMS vulnerability detection framework 🔒
- WhatWeb - Next generation web scanner
- Wappalyzer - Cross-platform utility that uncovers the technologies used on websites
- Whatruns - A free browser extension that helps you identify technologies used on any website at the click of a button (Just for chrome)
- WhatCMS - CMS Detection and Exploit Kit based on Whatcms.org API
- CMSeeK - CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs
- EHole - CMS Detection for RedTeam
Online Tools
- Yunsee - Online website for to find the CMS footprint
- Bugscaner - A simple online fingerprint identification system that supports hundreds of cms source code recognition
- WhatCMS online - CMS Detection and Exploit Kit website Whatcms.org
- TideFinger - Fingerprinter Tool from TideSec Team
- 360finger-p - Fingerprinter Tool from 360 Team
- Burpsuite - Burpsuite is a graphical tool for testing Web application security
- ZAP One of the world’s most popular free security tools
- Mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
- Broxy - An HTTP/HTTPS intercept proxy written in Go.
- Hetty - An HTTP toolkit for security research.
- Hack-Tools - The all-in-one Red Team extension for Web Pentester 🛠
- Dirbrute - Multi-thread WEB directory blasting tool (with dics inside) 🔒
- ffuf - Fast web fuzzer written in Go.
- Dirbuster - DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.
- Dirsearch - Web path scanner.
- Gobuster Directory/File, DNS and VHost busting tool written in Go.
- WebPathBrute - Web path Bruter.
- wfuzz - Web application fuzzer
- Dirmap - An advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.
- Fuxi-Scanner - open source network security vulnerability scanner, it comes with multiple functions.
- Xunfeng - The patrol is a rapid emergency response and cruise scanning system for enterprise intranets.
- WebMap - Nmap Web Dashboard and Reporting.
- Hydra - Hydra is a parallelized login cracker which supports numerous protocols to attack
- Medusa - Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer
- Sparta - Network Infrastructure Penetration Testing Tool.
- Hashcat - World's fastest and most advanced password recovery utility
- Patator - Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
- HackBrowserDat - Decrypt passwords/cookies/history/bookmarks from the browser
- John - John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs.
- Fern Wifi cracker - Fern-Wifi-Cracker is designed to be used in testing and discovering flaws in ones own network with the aim of fixing the flaws detected
- Ollydbg - OllyDbg is a 32-bit assembler level analysing debugger for Microsoft Windows
- SPLOITUS - Sploitus is а convenient central place for identifying the newest exploits and finding attacks that exploit known vulnerabilities
- SearchSploit - The official Exploit Database repository
- Getsploit - Command line utility for searching and downloading exploits
- Houndsploit - An advanced graphical search engine for Exploit-DB
- BeeF - The Browser Exploitation Framework Project
- BlueLotus_XSSReceiver - XSS Receiver platform without SQL
- XSStrike - Most advanced XSS scanner.
- xssor2 - XSS'OR - Hack with JavaScript.
- Xsser-Varbaek - From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 + Extras
- Xsser-Epsylon - Cross Site "Scripter" (aka XSSer) is an automatic framework to detect, exploit and report XSS vulnerabilities in web-based applications.
- Xenotix - An advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework
- Sqlmap - Automatic SQL injection and database takeover tool
- Sqlmate - A friend of SQLmap which will do what you always expected from SQLmap
- SQLiScanner - Automatic SQL injection with Charles and sqlmap api
- Commix - Automated All-in-One OS command injection and exploitation tool
- LFIsuite - Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
- Kadimus - Kadimus is a tool to check sites to lfi vulnerability , and also exploit it
- Shellfire - Exploitation shell for exploiting LFI, RFI, and command injection vulnerabilities
- LFIter2 - LFIter2 Local File Include (LFI) Tool - Auto File Extractor & Username Bruteforcer
- FDsploit - File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
- Fuxploider - File upload vulnerability scanner and exploitation tool
- XXEinjector - Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods
- Oxml_xxe - A tool for embedding XXE/XML exploits into different filetypes
- Deemon - Deemon is a tool to detect CSRF in web application
- POC-T - Pentest Over Concurrent Toolkit
- Pocsuite - Pocsuite is an open-sourced remote vulnerability testing framework developed by the Knownsec Security Team
- Metasploit - The world’s most used penetration testing framework
- Venom - Shellcode generator/compiler/handler (metasploit)
- Empire - Empire is a PowerShell and Python post-exploitation agent
- Koadic - Koadic C3 COM Command & Control - JScript RAT
- Viper - metasploit-framework UI manager Tools
- MSFvenom-gui - gui tool to create normal payload by msfvenom
- DeepExploit - Fully automatic penetration test tool using Machine Learning
- GyoiThon - GyoiThon is a growing penetration test tool using Machine Learning
- Generator - Fully automatically generate numerous injection codes for web application assessment
- AutoSploit - Automated Mass Exploiter
- WinPwn - Automation for internal Windows Penetrationtest / AD-Security
- WireShark - Wireshark is a network traffic analyzer, or "sniffer", for Unix and Unix-like operating systems.
- Cain & able - Cain & Abel is a password recovery tool for Microsoft Operating Systems.
- Goshell - Generate reverse shells in command line with Go !
- Print-My-Shell - Python script wrote to automate the process of generating various reverse shells.
- Girsh - Automatically spawn a reverse shell fully interactive for Linux or Windows victim
- Blueshell - Generate a reverse shells for RedTeam
- Clink - Powerful Bash-style command line editing for cmd.exe
- Natpass - A new RAT Tools, Support Web VNC and Webshell
- Chopper
Tips: The tool comes from the network, no backdoor verification, please choose it on yourself......
Link: https://pan.baidu.com/s/1VnXkoQU-srSllG6JaY0nTA Password: v71d
-
AntSword : Document - AntSword is a cross-platform website management toolkit
-
CKnife - The cross platform webshell tool in java
Tips: The tool comes from the network, no backdoor verification, please choose it on yourself......
Link: https://pan.baidu.com/s/1QZrnWU7DUuJhiXl7u1kELw Password: hjrh
- Behinder - dynamic binary encryption webshell management client
- Godzilla - a Java tool to encrypt network traffic
- Skyscorpion - Modified version of Behinder.
- PyShell - Multiplatform Python WebShell.
- Weevely3 - Weaponized web shell
- Awsome-Webshells - Collection of reverse shells.
- windows-exploit-suggester - This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target
- Windows-kernel-exploits - windows-kernel-exploits
- linux-exploit-suggester-2 - Next-Generation Linux Kernel Exploit Suggester
- Linux-kernel-exploits - linux-kernel-exploits Linux
- BeRoot - Privilege Escalation Project - Windows / Linux / Mac
- PE-Linux - Linux Privilege Escalation Tool By WazeHell
- Portia - Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised.
- PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
- GTFOBins - GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
- LOLBAS - Living Off The Land Binaries, Scripts and Libraries.
- DeimosC2 - DeimosC2 is a Golang command and control framework for post-exploitation.
- Sliver - Implant framework
- PHPSploit - Full-featured C2 framework which silently persists on webserver via evil PHP oneliner 😈
- Shad0w - A post exploitation framework designed to operate covertly on heavily monitored environments (Win8、Win10)
- Covenant - Covenant is a collaborative .NET C2 framework for red teamers.
- Emp3r0r - linux post-exploitation framework made by linux user
- C3 - Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.
Tips: Golang is a excellent cross platform language for security.
- Naabu - A fast port scanner written in go with focus on reliability and simplicity.
- ServerScan - A high concurrency network scanning and service detection tool developed by golang.
- Vulnreport - Open-source pentesting management and automation platform by Salesforce Product Security
- Pentest-Collaboration-Framework - Opensource, cross-platform and portable toolkit for automating routine processes when carrying out various works for testing!
- CervantesSec - Cervantes is an opensource collaborative platform for pentesters or red teams who want to save time to manage their projects, clients, vulnerabilities and reports in one place.
- Cloc - cloc counts blank lines, comment lines, and physical lines of source code in many programming languages
- Cobra - Source Code Security Audit
- Cobra-W - Cobra for white hat
- Graudit - Grep rough audit - source code auditing tool
- Rips - A static source code analyser for vulnerabilities in PHP scripts
- EarthWorm - Tool for tunnel
- Termite - Tool for tunnel (Version 2)
- Frp - A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet
- Nps - A lightweight, high-performance, powerful intranet penetration proxy server, with a powerful web management terminal.
- Goproxy - A high-performance, full-featured, cross platform proxy server
- ReGeorg - The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn
- Venom - A Multi-hop Proxy for Penetration Testers
- Stowaway - 👻 Stowaway -- Multi-hop Proxy Tool for pentesters
- rport - Manage remote systems with ease.
- DevAudit - Open-source, cross-platform, multi-purpose security auditing tool
- DVWA - Damn Vulnerable Web Application (DVWA)
- WebGoat - WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons
- DSVW - DSVW is a deliberately vulnerable web application written in under 100 lines of code, created for educational purposes
- DVWS - Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities
- XVWA - XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security
- BWAPP - A buggy web application whit more than 100 vulnerabilities
- Sqli-lab - SQLI labs to test error based, Blind boolean based, Time based
- HackMe-SQL-Injection-Challenges - Hack your friend's online MMORPG game - specific focus, sql injection opportunities
- XSS-labs - Small set of scripts to practice exploit XSS and CSRF vulnerabilities
- SSRF-lab - Lab for exploring SSRF vulnerabilities
- SSRF_Vulnerable_Lab - This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
- LFI-labs - Small set of PHP scripts to practice exploiting LFI, RFI and CMD injection vulns
- Commix-testbed - A collection of web pages, vulnerable to command injection flaws
- File-Upload-Lab - Damn Vulnerable File Upload V 1.1
- Upload-labs - A summary of all types of uploading vulnerabilities for you
- XXE-Lab - A XXE vulnerability Demo containing language versions such as PHP, Java, python, C#, etc
-
Fopnp - A Network Playground for 《Foundations of Python Network Programming》
-
CyberRange - The Open-Source AWS Cyber Range
- Vulnhub - VulnHub provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration
- TryHackMe - TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!
- Hackthebox - Hack The Box is a massive, online cybersecurity training platform, allowing individuals, companies, universities and all kinds of organizations around the world to level up their hacking skills.
- Root Me - Root Me allows everyone to test and improve their knowledge in computer security and hacking.