- Instrumentation
- Binary analysis
- Kaitai - A new way to develop parsers for binary structures.
- binwalk - Firmware Analysis Tool
- UEFItools - Working with UEFI firmware images
- 010 Editor - Professional Text/Hex Editor with Binary Templates
- xxd - creates a hex dump of a given file or standard input. It can also convert a hex dump back to its original binary form.
- binvis.io - visual analysis of binary files
- yara - the pattern matching swiss knife for malware researchers
- Disassembler
- Debugger/ Profiling
- pwndbg - Exploit Development and Reverse Engineering with GDB Made Easy
- GEF - GDB Enhanced Features for exploit devs & reversers
- x64dbg - An open-source x64/x32 debugger for windows
- WinDbg - WinDbg is a multipurpose debugger for the Microsoft Windows computer operating system
- valgrind - A suite of tools for debugging and profiling.
- KCachegrind - Profile data visualization
- ELF format
- PE format
- PE Explorer - Resource Editor, EXE File Editor, Disassembler, DLL Viewer, DLL Dependency Scanner
- Dependency Walker / Dependancies - builds a hierarchical tree diagram of all dependent modules.
- wrestool (package icoutils) - Extract Windows PE Resources
- Android
- apktool - A tool for reverse engineering 3rd party, closed, binary Android apps.
- JEB - Decompiler
- jadx - Dex to Java decompiler
- Frida - Dynamic instrumentation toolkit
- objection - runtime mobile exploration
- MobSF - Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing
- uber-apk-signer - Convenient tool to quickly sign APK
- Androguard - Androguard is a full python tool to play with Android files.
- Decompiler
- .NET disassembly
- ILSpy - .NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform!
- .NET Reflector - Decompile, understand, and fix any .NET code
- dnSpy - dnSpy is a debugger and .NET assembly editor. Note: runs better with obfuscated code than ILSpy
- Java
- JD-Gui - Java Decompiler
- .NET disassembly
- Windows
- Sysinternals - Utilities to manage, diagnose, troubleshoot, and monitor a Microsoft Windows environment.
- NirSoft utilities - Nice set of utilities
- API Monitor - API Monitor is a software that monitors and displays API calls made by applications and services
- FLARE VM - Windows-based security distribution for malware analysis, incident response, penetration testing - List of tools
- checksec - Checksec is a bash script to check the properties of executables (like PIE, RELRO, PaX, Canaries, ASLR, Fortify Source).
- pwntools - pwntools is a CTF framework and exploit development library.
- metasploit - The world’s most used penetration testing framework
- ROPgadget - This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation.
- ropper - Display information about files in different file formats and find gadgets to build rop chains
- Burp - Burp Suite is a graphical tool for testing Web application security.
- gobuster - Directory/File, DNS and VHost busting tool written in Go
- aiodnsbrute - A Python 3.5+ tool that uses asyncio to brute force domain names asynchronously.
- weevely - Weaponized web shell
- wpscan - WPScan a WordPress Vulnerability Scanner
- ngrok - Secure introspectable tunnels to localhost
- sqlmap - automatic SQL injection and database takeover tool
- wfuzz - Web Application fuzzer
- wapiti - The web-application vulnerability scanner
- w3af - Web Application Attack and Audit Framework
- Gopherus - This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
- JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool
- nmap - Nmap Free Security Scanner, Port Scanner, & Network Exploration Tool.
- ncat - Ncat is a free, open-source Netcat replacement for Linux, Windows, OS X and more. TLS/SSL encryption, proxy support, IPv6, Lua scripting.
- wireshark - Wireshark is a free and open-source packet analyzer.
- Scapy - Scapy an interactive Python based packet crafting tool
- yersinia - A framework for layer 2 attacks
- mitmproxy - mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing.
- aircrack-ng - Aircrack-ng is a complete suite of tools to assess WiFi network security.
- truffleHog - Searches through git repositories for high entropy strings and secrets, digging deep into commit history
- rusty-hog - A suite of secret scanners built in Rust for performance.
- mimikatz - A little tool to play with Windows security
- List of 2C (Command and Control) Post-Exploit framework here and here
- hashcat - advanced password recovery
- PEASS - Privilege Escalation Awesome Scripts SUITE
- dive - A tool for exploring each layer in a docker image
- docker-bench-security - The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.
- Kubernetes
- Popeye - Popeye is a utility that scans live Kubernetes cluster and reports potential issues with deployed resources and configurations.
- kubeaudit - kubeaudit is a command line tool and a Go package to audit Kubernetes clusters for various different security concerns
- kubesec - Security risk analysis for Kubernetes resources
- kube-bench - kube-bench is a Go application that checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark.
- kubectl-who-can - Shows which subjects have RBAC permissions to VERB [TYPE | TYPE/NAME | NONRESOURCEURL] in Kubernetes.
- checkov - Checkov is a static code analysis tool for infrastructure-as-code.
- lynis - Auditing, system hardening, compliance testing
- my-arsenal-of-aws-security-tools - List of ressources for AWS