The tools listed below are commonly used in penetration testing, and the tool catalog is referenced from Kali Tools, most of which are open source software. The project long-term supplementary update QAQ
- Directory
- Browser bookmarks
- Install Scripts
- Documentation
- Information Gathering
- Vulnerability Analysis
- Web Applications
- Database Assessment
- Password Attacks
- Wireless Attacks
- Reverse Engineering
- Exploitation Tools
- Sniffing & Spoofng
- Maintaining Access
- Golang Sec Tools
- Reporting Tools
- Social Engineering
- System Services
- Code Audit
- Port Forwarding & Proxies
- DevSecOps
- RootKit
- Cyber Range
- GHDB - Google Hack Database
- SearchDiggity - SearchDiggity 3.1 is the primary attack tool of the Google Hacking Diggity Project
- Katana - A Python Tool For google Hacking
- uDork - uDork is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information in files or directories, find IoT devices, detect versions of web applications, and so on.
- Pagodo - pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching .
- GitHack - GitHack is a .git folder disclosure exploit.
- GitGraber - gitGraber is a tool developed in Python3 to monitor GitHub to search and find sensitive data in real time for different online services.
- GitMiner - Tool for advanced mining for content on Github.
- Gitrob - Reconnaissance tool for GitHub organizations.
- svnExploit - Support for SVN source code disclosure of full version and Dump it.
- SvnHack - SvnHack is a SVN folder disclosure exploit.
- Nmap | Zenmap - Free and open source utility for network discovery and security auditing
- Masscan - TCP port scanner, spews SYN packets asynchronously
- Ports - Common service ports and exploitations
- Goby - Attack surface mapping
- Goscan - Interactive Network Scanner
- NimScan - 🚀 Fast Port Scanner 🚀
- RustScan - 🤖 The Modern Port Scanner 🤖
- theHarvester- E-mails, subdomains and names Harvester - OSINT
- SpiderFoot - SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
- FOCA - Tool to find metadata and hidden information in the documents.
- Amass - In-depth Attack Surface Mapping and Asset Discovery
- Censys-subdomain-finder - Perform subdomain enumeration using the certificate transparency logs from Censys.
- EmailHarvester - Email addresses harvester
- Finalrecon - The Last Web Recon Tool You'll Need.
- LittleBrother - Information gathering (OSINT) on a person (EU)
- gophish - Open-Source Phishing Toolkit
- AdvPhishing - This is Advance Phishing Tool ! OTP PHISHING
- SocialFish - Educational Phishing Tool & Information Collector
- Zphisher - An automated phishing tool with 30+ templates. This Tool is made for educational purpose only ! Author will not be responsible for any misuse of this toolkit !
- Nexphisher - Advanced Phishing tool for Linux & Termux
- Struts-Scan - Struts2 vulnerability detection and utilization tools
- Nikto - Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items
- W3af - Web application attack and audit framework, the open source web vulnerability scanner
- Openvas - The world's most advanced Open Source vulnerability scanner and manager
- Archery - Open Source Vulnerability Assessment and Management helps developers and pentesters to perform scans and manage vulnerabilities
- Taipan - Web application vulnerability scanner
- Arachni - Web Application Security Scanner Framework
- AngelSword - CMS vulnerability detection framework
- WhatWeb - Next generation web scanner
- Wappalyzer - Cross-platform utility that uncovers the technologies used on websites
- Whatruns - A free browser extension that helps you identify technologies used on any website at the click of a button (Just for chrome)
- WhatCMS - CMS Detection and Exploit Kit based on Whatcms.org API
- CMSeeK - CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs
Online Tools
- Yunsee - Online website for to find the CMS footprint
- Bugscaner - A simple online fingerprint identification system that supports hundreds of cms source code recognition
- WhatCMS online - CMS Detection and Exploit Kit website Whatcms.org
- Tscan - A online tool to get the informathion of website
- TideFinger - Fingerprinter Tool from TideSec Team
- Burpsuite - Burpsuite is a graphical tool for testing Web application security
- ZAP One of the world’s most popular free security tools
- Mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
- Broxy - An HTTP/HTTPS intercept proxy written in Go.
- Dirbrute - Multi-thread WEB directory blasting tool (with dics inside)
- Dirbuster - DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers
- Fuxi-Scanner - open source network security vulnerability scanner, it comes with multiple functions.
- Xunfeng - The patrol is a rapid emergency response and cruise scanning system for enterprise intranets
- WebMap - Nmap Web Dashboard and Reporting
- Hydra - Hydra is a parallelized login cracker which supports numerous protocols to attack
- Medusa - Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer
- Sparta: Document - Network Infrastructure Penetration Testing Tool
- Hashcat - World's fastest and most advanced password recovery utility
- Patator - Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
- HackBrowserDat - Decrypt passwords/cookies/history/bookmarks from the browser
- Fern Wifi cracker - Fern-Wifi-Cracker is designed to be used in testing and discovering flaws in ones own network with the aim of fixing the flaws detected
- Ollydbg - OllyDbg is a 32-bit assembler level analysing debugger for Microsoft Windows
- SPLOITUS - Sploitus is а convenient central place for identifying the newest exploits and finding attacks that exploit known vulnerabilities
- SearchSploit - The official Exploit Database repository
- Getsploit - Command line utility for searching and downloading exploits
- BeeF - The Browser Exploitation Framework Project
- BlueLotus_XSSReceiver - XSS Receiver platform without SQL
- xssor2 - XSS'OR - Hack with JavaScript.
- Xsser-Varbaek - From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 + Extras
- Xsser-Epsylon - Cross Site "Scripter" (aka XSSer) is an automatic framework to detect, exploit and report XSS vulnerabilities in web-based applications.
- Xenotix - An advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework
- Sqlmap - Automatic SQL injection and database takeover tool
- Sqlmate - A friend of SQLmap which will do what you always expected from SQLmap
- SQLiScanner - Automatic SQL injection with Charles and sqlmap api
- Commix - Automated All-in-One OS command injection and exploitation tool
- LFIsuite - Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
- Kadimus - Kadimus is a tool to check sites to lfi vulnerability , and also exploit it
- Shellfire - Exploitation shell for exploiting LFI, RFI, and command injection vulnerabilities
- LFIter2 - LFIter2 Local File Include (LFI) Tool - Auto File Extractor & Username Bruteforcer
- FDsploit - File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
- Fuxploider - File upload vulnerability scanner and exploitation tool
- XXEinjector - Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods
- Oxml_xxe - A tool for embedding XXE/XML exploits into different filetypes
- Deemon - Deemon is a tool to detect CSRF in web application
- POC-T - Pentest Over Concurrent Toolkit
- Pocsuite - Pocsuite is an open-sourced remote vulnerability testing framework developed by the Knownsec Security Team
- Metasploit - The world’s most used penetration testing framework
- Venom - Shellcode generator/compiler/handler (metasploit)
- Empire - Empire is a PowerShell and Python post-exploitation agent
- Koadic - Koadic C3 COM Command & Control - JScript RAT
- Viper - metasploit-framework UI manager Tools
- MSFvenom-gui - gui tool to create normal payload by msfvenom
- DeepExploit - Fully automatic penetration test tool using Machine Learning
- GyoiThon - GyoiThon is a growing penetration test tool using Machine Learning
- Generator - Fully automatically generate numerous injection codes for web application assessment
- AutoSploit - Automated Mass Exploiter
- WinPwn - Automation for internal Windows Penetrationtest / AD-Security
- WireShark - Wireshark is a network traffic analyzer, or "sniffer", for Unix and Unix-like operating systems.
- Cain & able - Cain & Abel is a password recovery tool for Microsoft Operating Systems.
- Goshell - Generate reverse shells in command line with Go !
- Print-My-Shell - Python script wrote to automate the process of generating various reverse shells.
- Girsh - Automatically spawn a reverse shell fully interactive for Linux or Windows victim
- Blueshell - Generate a reverse shells for RedTeam
- Clink - Powerful Bash-style command line editing for cmd.exe
- Novahot - A webshell framework for penetration testers.
- Awsome-Webshells - Collection of reverse shells
- Chopper
Tips: The tool comes from the network, no backdoor verification, please choose it on yourself......
Link: https://pan.baidu.com/s/1VnXkoQU-srSllG6JaY0nTA Password: v71d
-
AntSword : Document - AntSword is a cross-platform website management toolkit
-
CKnife - The cross platform webshell tool in java
Tips: The tool comes from the network, no backdoor verification, please choose it on yourself......
Link: https://pan.baidu.com/s/1QZrnWU7DUuJhiXl7u1kELw Password: hjrh
- Altman - The cross platform webshell tool in .NET
- Behinder - dynamic binary encryption webshell management client
- Godzilla - a Java tool to encrypt network traffic
- windows-exploit-suggester - This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target
- Windows-kernel-exploits - windows-kernel-exploits
- linux-exploit-suggester-2 - Next-Generation Linux Kernel Exploit Suggester
- Linux-kernel-exploits - linux-kernel-exploits Linux
- BeRoot - Privilege Escalation Project - Windows / Linux / Mac
- PE-Linux - Linux Privilege Escalation Tool By WazeHell
- Portia - Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised.
- DeimosC2 - DeimosC2 is a Golang command and control framework for post-exploitation.
- Sliver - Implant framework
- PHPSploit - Full-featured C2 framework which silently persists on webserver via evil PHP oneliner 😈
- Shad0w - A post exploitation framework designed to operate covertly on heavily monitored environments (Win8、Win10)
- Covenant - Covenant is a collaborative .NET C2 framework for red teamers.
- Emp3r0r - linux post-exploitation framework made by linux user
Tips: Golang is a excellent cross platform language for security.
- Naabu - A fast port scanner written in go with focus on reliability and simplicity.
- ServerScan - A high concurrency network scanning and service detection tool developed by golang.
- Vulnreport - Open-source pentesting management and automation platform by Salesforce Product Security
- Pentest-Collaboration-Framework - Opensource, cross-platform and portable toolkit for automating routine processes when carrying out various works for testing!
- Cloc - cloc counts blank lines, comment lines, and physical lines of source code in many programming languages
- Cobra - Source Code Security Audit
- Cobra-W - Cobra for white hat
- Graudit - Grep rough audit - source code auditing tool
- Rips - A static source code analyser for vulnerabilities in PHP scripts
- EarthWorm - Tool for tunnel
- Termite - Tool for tunnel (Version 2)
- Frp - A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet
- Nps - A lightweight, high-performance, powerful intranet penetration proxy server, with a powerful web management terminal.
- Goproxy - A high-performance, full-featured, cross platform proxy server
- ReGeorg - The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn
- Venom - A Multi-hop Proxy for Penetration Testers
- Stowaway - 👻 Stowaway -- Multi-hop Proxy Tool for pentesters
- rport - Manage remote systems with ease.
- DevAudit - Open-source, cross-platform, multi-purpose security auditing tool
- DVWA - Damn Vulnerable Web Application (DVWA)
- WebGoat - WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons
- DSVW - DSVW is a deliberately vulnerable web application written in under 100 lines of code, created for educational purposes
- DVWS - Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities
- XVWA - XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security
- BWAPP - A buggy web application whit more than 100 vulnerabilities
- Sqli-lab - SQLI labs to test error based, Blind boolean based, Time based
- HackMe-SQL-Injection-Challenges - Hack your friend's online MMORPG game - specific focus, sql injection opportunities
- XSS-labs - Small set of scripts to practice exploit XSS and CSRF vulnerabilities
- SSRF-lab - Lab for exploring SSRF vulnerabilities
- SSRF_Vulnerable_Lab - This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
- LFI-labs - Small set of PHP scripts to practice exploiting LFI, RFI and CMD injection vulns
- Commix-testbed - A collection of web pages, vulnerable to command injection flaws
- File-Upload-Lab - Damn Vulnerable File Upload V 1.1
- Upload-labs - A summary of all types of uploading vulnerabilities for you
- XXE-Lab - A XXE vulnerability Demo containing language versions such as PHP, Java, python, C#, etc
-
Fopnp - A Network Playground for 《Foundations of Python Network Programming》
-
CyberRange - The Open-Source AWS Cyber Range