Tools List

Tools.md

Tools

• Metaspoit: Penetration testing software
• BeEF: The Browser Exploitation Framework
• PTF: Penetration Testers Framework
• Bettercap: MITM framework
• Nessus: Vulnerability scanner
• AutoNessus: Auto Nessus
• BDFProxy: Patch Binaries via MITM (BackdoorFactory)
• Xplico: Network Forensic Analysis Tool (eg. parse pcap file)
• Sqlmap: Automatic SQL injection and database takeover tool
• jsql-injection: Java application for automatic SQL database injection
• HoneyProxy: MITM
• Gophish: Open-Source Phishing Framework
• SET: Social-Engineer Toolkit
• USBRubberDucky: USB Rubber Ducky
• USB Wifi Ducky: Upload, save and run keystroke injection payloads with an ESP8266 + ATMEGA32U4
• WHID: WiFi HID Injector for Fun & Profit - An USB Rubberducky On Steroids.
• SimplyEmail: Email recon framework
• WiFI pineapple: WiFI pineapple (mitm)
• makeMyCSRF: makeMyCSRF is a tool that can be used to automate auto-submit HTML form creation
• Weeman: HTTP Server for phishing
• PlugBot: The PlugBot: Hardware Botnet Research Project
• Pwn Phone: Portable pentesting device
• EmPyre: A post-exploitation OS X/Linux agent written in Python 2.7
• Mimikatz: A little tool to play with Windows security (videos)
• Acunetix: Scanner to check for XSS, SQL Injection and other web vulnerabilities
• Burp Suite: The leading toolkit for web application security testing
• Burp NoPE Proxy: Non-HTTP Protocol Extension (NoPE) Proxy and DNS for Burp Suite.
• ntopng: High-speed web-based traffic analysis
• nethogs: Linux 'net top' tool
• jnettop: traffic visualiser
• Lynis: Security auditing tool for Linux, macOS, and UNIX-based systems
• Volatility: An advanced memory forensics framework
• Radare: portable reversing framework
• Android Fallible: Secrets leak in Android apps
• XssPy: Web Application XSS Scanner
• Unicorn: Tool for using a PowerShell downgrade attack and inject shellcode straight into memory
• changeme: A default credential scanner
• Mercure: Tool for security managers who want to train their collaborators to phishing
• catphish: For phishing and corporate espionage
• Security Checklist: The SaaS CTO Security Checklist
• cgPwn: A lightweight VM for hardware hacking, RE (fuzzing, symEx, exploiting etc) and wargaming tasks
• pwlist: Password lists obtained from strangers attempting to log in to my server
• howmanypeoplearearound: Count the number of people around you by monitoring wifi signals
• xss-listener: XSS Listener is a penetration tool for easy to steal data with various XSS
• owasp-mstg: The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering
• KeychainCracker: macOS keychain cracking tool
• Microsploit: Fast and easy create backdoor office exploitation using module metasploit packet
• InjectProc: Process Injection Techniques
• expdevBadChars: Bad Characters highlighter for exploit development
• massExpConsole: Collection of Tools and Exploits with a CLI UI
• getsploit: Command line utility for searching and downloading exploits
• Findsploit: Find exploits in local and online databases instantly
• vulscan: Advanced vulnerability scanning with Nmap NSE
• psychoPATH: a blind webroot file upload & LFI detection tool
• repo-supervisor: Scan your code for security misconfiguration, search for passwords and secrets
• xssor: Hack with Javascript (online tool)
• xray: XRay is a tool for recon, mapping and OSINT gathering from public networks
• Frida: Inject JavaScript to explore native apps on Windows, macOS, Linux, iOS, Android, and QNX
• objection: runtime mobile exploration (based on Frida)
• pwnbox: Docker container with tools for binary reverse engineering and exploitation
• backdoor-apk: shell script that simplifies the process of adding a backdoor to any Android APK file
• Attify OS: Distro for pentesting IoT devices
• Zeus: AWS Auditing & Hardening Tool
• EvilAbigail: Automated Linux evil maid attack (backdoors initrd)
• mitm-router: Man-in-the-middle wireless access point inside a docker container
• Dracnmap: Exploit Network and Gathering Information with Nmap
• RastLeak: Tool To Automatic Leak Information Using Hacking With Engine Searches
• pupy: remote administration and post-exploitation tool (python)
• pwndsh: Post-exploitation framework (bash) (presentation)
• kwetza: Python script to inject existing Android applications with a Meterpreter payload
• zmap: ZMap Internet Scanner
• zgrab: Application layer scanner that operates with ZMap
• OpenVAS: The world's most advanced Open Source vulnerability scanner and manager
• Vulny-Code-Static-Analysis: Basic script to detect vulnerabilities into a PHP source code
• knockpy: Knock Subdomain Scan
• BoopSuite: A Suite of Tools written in Python for wireless auditing and security testing (demo)
• DataSploit: An OSINT Framework to perform various recon techniques
• domain_analyzer: Analyze the security of any domain by finding all the information possible
• Luckystrike: A PowerShell based utility for the creation of malicious Office macro documents (demo)
• sqlcheck: Automatically identify anti-patterns in SQL queries
• SSRF Testing: https://github.com/cujanovic/SSRF-Testing/
• XFLTReaT: Tunnelling Framework (kitploit)
• rudra: Framework for exhaustive analysis of (PCAP and PE) files
• PenBox: Penetration Testing Framework - The Tool With All The Tools , The Hacker's Repo (website)
• post-exploitation: Post Exploitation Collection
• p0wnedShell: PowerShell Runspace Post Exploitation Toolkit
• sshpry: Seamlessly spy on SSH session like it is your tty
• cameradar: Cameradar hacks its way into RTSP CCTV cameras
• DET: Data Exfiltration Toolkit
• AhMyth-Android-RAT: Android Remote Administration Tool
• cve-search: tool to perform local searches for known vulnerabilities

Use cases

• https://github.com/eset/malware-ioc: Indicators of Compromises (IOC) of our various investigations

Devices

• Emutag: Mifare ultralight and ntag2x3 emulator
• WiFi deauther OLED V2
• Mobile Hack Gear

Wifi

• bully-vanilla: Bully is a new implementation of the WPS brute force attack
• boxon: Détecteur box vulnérables à la brèche PIN NULL (topic)
• NullWpsPinAuto: Simple bash script intended to exploit the Null Wps Pin breach automatically

Blog / Docs

• The definitive guide to form-based website authentication
• Improved Persistent Login Cookie Best Practice
• Nmap Cheat Sheet
• XSS Cheat Sheet

Training

• HackTheBox
• Hacker House
• Docker Hacking Challenge

Misc

• Collection of CSP bypasses

Other lists

• https://github.com/zbetcheckin/Security_list
• https://github.com/Hack-with-Github/Awesome-Hacking
• https://github.com/enaqx/awesome-pentest
• https://github.com/shieldfy/API-Security-Checklist
• https://github.com/forter/security-101-for-saas-startups
• https://github.com/carpedm20/awesome-hacking
• https://github.com/sobolevn/awesome-cryptography
• https://github.com/secfigo/Awesome-Fuzzing
• https://github.com/vitalysim/Awesome-Hacking-Resources
• https://github.com/jivoi/awesome-osint

the helper tools Provides lots free tools for Text Content Tools,Website Management Tools,pdf converter, Image Editing and text editing tools and many other developers tools where you can minifier,maxifier your code

Unique tools that you can use for free emoji copy and paste .you just need to click on emoji and copy and use as you want.

tomba.io is a really useful tool if you need to research new contacts, email addresses, and more. You can either use their extension or domain search on their site. With tomba.io you can start your reach-out strategy with a whole website of new people pretty fast tomba.io
email finder