/PentestTools

Awesome Pentest Tools Collection

Pentest Tools

The tools listed below are commonly used in penetration testing, and the tool catalog is referenced from Kali Tools, most of which are open source software. The project long-term supplementary update QAQ

TODO

  • Directory
  • Source Code
  • Documentation

List

Information Gathering

Google Hacking

  • GHDB - Google Hack Database
  • SearchDiggity - SearchDiggity 3.1 is the primary attack tool of the Google Hacking Diggity Project
  • Katana - A Python Tool For google Hacking

Github

  • GitHack - GitHack is a .git folder disclosure exploit.
  • GitGraber - gitGraber is a tool developed in Python3 to monitor GitHub to search and find sensitive data in real time for different online services.
  • GitMiner - Tool for advanced mining for content on Github.
  • Gitrob - Reconnaissance tool for GitHub organizations.

Svn

  • svnExploit - Support for SVN source code disclosure of full version and Dump it.

Port Scan

  • Nmap | Zenmap - Free and open source utility for network discovery and security auditing
  • Masscan - TCP port scanner, spews SYN packets asynchronously
  • Ports - Common service ports and exploitations
  • Goby - Attack surface mapping

OSINT

  • theHarvester- E-mails, subdomains and names Harvester - OSINT
  • FOCA - Tool to find metadata and hidden information in the documents.
  • Amass - In-depth Attack Surface Mapping and Asset Discovery
  • Censys-subdomain-finder - Perform subdomain enumeration using the certificate transparency logs from Censys.
  • EmailHarvester - Email addresses harvester
  • Finalrecon - The Last Web Recon Tool You'll Need.
  • LittleBrother - Information gathering (OSINT) on a person (EU)

Phishing

  • gophish - Open-Source Phishing Toolkit

Vulnerability Analysis

Web Applications

CMS & Framwork Identification

  • AngelSword - CMS vulnerability detection framework
  • WhatWeb - Next generation web scanner
  • Wappalyzer - Cross-platform utility that uncovers the technologies used on websites
  • Whatruns - A free browser extension that helps you identify technologies used on any website at the click of a button (Just for chrome)
  • WhatCMS - CMS Detection and Exploit Kit based on Whatcms.org API
  • CMSeeK - CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs

Online Tools

  • Yunsee - Online website for to find the CMS footprint
  • Bugscaner - A simple online fingerprint identification system that supports hundreds of cms source code recognition
  • WhatCMS online - CMS Detection and Exploit Kit website Whatcms.org
  • Tscan - A online tool to get the informathion of website
  • TideFinger - Fingerprinter Tool from TideSec Team

Web Applications Proxies

  • Burpsuite - Burpsuite is a graphical tool for testing Web application security
  • ZAP One of the world’s most popular free security tools
  • Mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
  • Broxy - An HTTP/HTTPS intercept proxy written in Go.

Vulnerability Scanner

  • Struts-Scan - Struts2 vulnerability detection and utilization tools
  • Nikto - Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items
  • W3af - Web application attack and audit framework, the open source web vulnerability scanner
  • Openvas - The world's most advanced Open Source vulnerability scanner and manager
  • Archery - Open Source Vulnerability Assessment and Management helps developers and pentesters to perform scans and manage vulnerabilities
  • Taipan - Web application vulnerability scanner
  • Arachni - Web Application Security Scanner Framework

Web Crawlers & Directory Brute Force

  • Dirbrute - Multi-thread WEB directory blasting tool (with dics inside)
  • Dirbuster - DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers

Docker Scanners

  • Fuxi-Scanner - open source network security vulnerability scanner, it comes with multiple functions.
  • Xunfeng - The patrol is a rapid emergency response and cruise scanning system for enterprise intranets
  • WebMap - Nmap Web Dashboard and Reporting

Database Assessment

Password Attacks

  • Hydra - Hydra is a parallelized login cracker which supports numerous protocols to attack
  • Medusa - Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer
  • Sparta: Document - Network Infrastructure Penetration Testing Tool
  • Hashcat - World's fastest and most advanced password recovery utility
  • Patator - Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
  • HackBrowserDat - Decrypt passwords/cookies/history/bookmarks from the browser

Wireless Attacks

Wireless Tools

  • Fern Wifi cracker - Fern-Wifi-Cracker is designed to be used in testing and discovering flaws in ones own network with the aim of fixing the flaws detected

Reverse Engineering

  • Ollydbg - OllyDbg is a 32-bit assembler level analysing debugger for Microsoft Windows

Exploitation Tools

Vulnerability Search

  • SPLOITUS - Sploitus is а convenient central place for identifying the newest exploits and finding attacks that exploit known vulnerabilities
  • SearchSploit - The official Exploit Database repository
  • Getsploit - Command line utility for searching and downloading exploits

Cross-site Scripting(XSS)

  • BeeF - The Browser Exploitation Framework Project
  • BlueLotus_XSSReceiver - XSS Receiver platform without SQL
  • xssor2 - XSS'OR - Hack with JavaScript.
  • Xsser-Varbaek - From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 + Extras
  • Xsser-Epsylon - Cross Site "Scripter" (aka XSSer) is an automatic framework to detect, exploit and report XSS vulnerabilities in web-based applications.
  • Xenotix - An advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework

Sql Injection

  • Sqlmap - Automatic SQL injection and database takeover tool
  • Sqlmate - A friend of SQLmap which will do what you always expected from SQLmap
  • SQLiScanner - Automatic SQL injection with Charles and sqlmap api

Command Injection

  • Commix - Automated All-in-One OS command injection and exploitation tool

File Include

  • LFIsuite - Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
  • Kadimus - Kadimus is a tool to check sites to lfi vulnerability , and also exploit it
  • Shellfire - Exploitation shell for exploiting LFI, RFI, and command injection vulnerabilities
  • LFIter2 - LFIter2 Local File Include (LFI) Tool - Auto File Extractor & Username Bruteforcer

File Upload vulnerability

  • Fuxploider - File upload vulnerability scanner and exploitation tool

XML External Entity Attack(XXE)

  • XXEinjector - Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods
  • Oxml_xxe - A tool for embedding XXE/XML exploits into different filetypes

Cross-site request forgery (CSRF)

  • Deemon - Deemon is a tool to detect CSRF in web application

Exploit Framework

  • POC-T - Pentest Over Concurrent Toolkit
  • Pocsuite - Pocsuite is an open-sourced remote vulnerability testing framework developed by the Knownsec Security Team
  • Metasploit - The world’s most used penetration testing framework
  • Venom - Shellcode generator/compiler/handler (metasploit)
  • Empire - Empire is a PowerShell and Python post-exploitation agent
  • Koadic - Koadic C3 COM Command & Control - JScript RAT
  • Viper - metasploit-framework UI manager Tools

Machine Learning

  • DeepExploit - Fully automatic penetration test tool using Machine Learning
  • GyoiThon - GyoiThon is a growing penetration test tool using Machine Learning
  • Generator - Fully automatically generate numerous injection codes for web application assessment

Automate

  • AutoSploit - Automated Mass Exploiter
  • WinPwn - Automation for internal Windows Penetrationtest / AD-Security

Sniffing & Spoofng

  • WireShark - Wireshark is a network traffic analyzer, or "sniffer", for Unix and Unix-like operating systems.
  • Cain & able - Cain & Abel is a password recovery tool for Microsoft Operating Systems.

Maintaining Access

Shell

  • Goshell - Generate reverse shells in command line with Go !
  • Print-My-Shell - Python script wrote to automate the process of generating various reverse shells.
  • Girsh - Automatically spawn a reverse shell fully interactive for Linux or Windows victim
  • Blueshell - Generate a reverse shells for RedTeam

Web Shell

PHP
  • B374K - PHP Webshell with handy features
  • DAws - Advanced Web Shell
  • Weevely3 - Weaponized web shell
Chopper kind Webshell
  • Chopper

Tips: The tool comes from the network, no backdoor verification, please choose it on yourself......

Link: https://pan.baidu.com/s/1VnXkoQU-srSllG6JaY0nTA Password: v71d

  • AntSword : Document - AntSword is a cross-platform website management toolkit

  • CKnife - The cross platform webshell tool in java

Tips: The tool comes from the network, no backdoor verification, please choose it on yourself......

Link: https://pan.baidu.com/s/1QZrnWU7DUuJhiXl7u1kELw Password: hjrh

  • Altman - The cross platform webshell tool in .NET
  • Behinder - dynamic binary encryption webshell management client
  • Godzilla - a Java tool to encrypt network traffic

Privilege Escalation Auxiliary

  • windows-exploit-suggester - This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target
  • Windows-kernel-exploits - windows-kernel-exploits
  • linux-exploit-suggester-2 - Next-Generation Linux Kernel Exploit Suggester
  • Linux-kernel-exploits - linux-kernel-exploits Linux
  • BeRoot - Privilege Escalation Project - Windows / Linux / Mac
  • PE-Linux - Linux Privilege Escalation Tool By WazeHell
  • Portia - Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised.

C2

  • DeimosC2 - DeimosC2 is a Golang command and control framework for post-exploitation.
  • Sliver - Implant framework
  • PHPSploit - Full-featured C2 framework which silently persists on webserver via evil PHP oneliner 😈
  • Shad0w - A post exploitation framework designed to operate covertly on heavily monitored environments (Win8、Win10)
  • Covenant - Covenant is a collaborative .NET C2 framework for red teamers.

Golang Sec Tools

Tips: Golang is a excellent cross platform language for security.

  • Naabu - A fast port scanner written in go with focus on reliability and simplicity.
  • ServerScan - A high concurrency network scanning and service detection tool developed by golang.

Reporting Tools

  • Vulnreport - Open-source pentesting management and automation platform by Salesforce Product Security

Social Engineering

System Services

Code Audit

  • Cloc - cloc counts blank lines, comment lines, and physical lines of source code in many programming languages
  • Cobra - Source Code Security Audit
  • Cobra-W - Cobra for white hat
  • Graudit - Grep rough audit - source code auditing tool
  • Rips - A static source code analyser for vulnerabilities in PHP scripts

Port Forwarding & Proxies

  • EarthWorm - Tool for tunnel
  • Termite - Tool for tunnel (Version 2)
  • Frp - A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet
  • Nps - A lightweight, high-performance, powerful intranet penetration proxy server, with a powerful web management terminal.
  • Goproxy - A high-performance, full-featured, cross platform proxy server
  • ReGeorg - The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn

DevSecOps

RootKit

  • Beurk - BEURK Experimental Unix RootKit
  • Bedevil - LD_PRELOAD Linux rootkit (x86 & ARM)

Audit Tools

  • DevAudit - Open-source, cross-platform, multi-purpose security auditing tool

Cyber Range

Vulnerability application

  • DVWA - Damn Vulnerable Web Application (DVWA)
  • WebGoat - WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons
  • DSVW - DSVW is a deliberately vulnerable web application written in under 100 lines of code, created for educational purposes
  • DVWS - Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities
  • XVWA - XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security
  • BWAPP - A buggy web application whit more than 100 vulnerabilities
  • Sqli-lab - SQLI labs to test error based, Blind boolean based, Time based
  • HackMe-SQL-Injection-Challenges - Hack your friend's online MMORPG game - specific focus, sql injection opportunities
  • XSS-labs - Small set of scripts to practice exploit XSS and CSRF vulnerabilities
  • SSRF-lab - Lab for exploring SSRF vulnerabilities
  • SSRF_Vulnerable_Lab - This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
  • LFI-labs - Small set of PHP scripts to practice exploiting LFI, RFI and CMD injection vulns
  • Commix-testbed - A collection of web pages, vulnerable to command injection flaws
  • File-Upload-Lab - Damn Vulnerable File Upload V 1.1
  • Upload-labs - A summary of all types of uploading vulnerabilities for you
  • XXE-Lab - A XXE vulnerability Demo containing language versions such as PHP, Java, python, C#, etc
  • MSFvenom-gui - gui tool to create normal payload by msfvenom

Simulation range

  • Fopnp - A Network Playground for 《Foundations of Python Network Programming》

  • CyberRange - The Open-Source AWS Cyber Range