new_tools.md

Latest Cool Tools

The following are a collection of recently-released pen test tools. I update this list every time that there is a new post and when I find a new one around the Internet. The rest of the repository has hundreds of additional cybersecurity and pen test tools.

---

• Maskprocessor - High-Performance Word Generator With A Per-Position Configureable Charset
• X64Dbg - An Open-Source X64/X32 Debugger For Windows
• DroneSploit - Drone Pentesting Framework Console
• Padding-Oracle-Attacker - CLI Tool And Library To Execute Padding Oracle Attacks Easily
• Debotnet - A Tiny Portable Tool For Controlling Windows 10's Many Privacy-Related Settings And Keep Your Personal Data Private
• Santa - A Binary Whitelisting/Blacklisting System For macOS
• FinDOM-XSS - A Fast DOM Based XSS Vulnerability Scanner With Simplicity
• ParamSpider - Mining Parameters From Dark Corners Of Web Archives
• OWASP Threat Dragon - Cross-Platform Threat Modeling Application
• GIVINGSTORM - Infection Vector That Bypasses AV, IDS, And IPS
• Converting MBOX to Outlook Easily
• WordListGen - Super Simple Python Word List Generator For Fuzzing And Brute Forcing In Python
• dorkScanner - A Typical Search Engine Dork Scanner Scrapes Search Engines With Dorks That You Provide In Order To Find Vulnerable URLs
• Harbian-Audit - Hardened Debian GNU/Linux Distro Auditing
• Shhgit - Find GitHub Secrets In Real Time
• Scant3R - Web Security Scanner
• Scant3R - ScanT3r - Web Security Scanner
• Airshare - Cross-platform Content Sharing In A Local Network
• Git All The Payloads! A Collection Of Web Attack Payloads
• Faxhell - A Bind Shell Using The Fax Service And A DLL Hijack
• Exe_To_Dll - Converts A EXE Into DLL
• HackingTool - ALL IN ONE Hacking Tool For Hackers
• FastNetMon Community - Very Fast DDoS Analyzer With Sflow/Netflow/Mirror Support
• GoGhost - High Performance, Lightweight, Portable Open Source Tool For Mass SMBGhost Scan
• How to Report IP Addresses
• Server Side Template Injection Payloads
• Behave - A Monitoring Browser Extension For Pages Acting As Bad Boys
• ShellGen - Reverse shell generator
• KITT-Lite - Python-Based Pentesting CLI Tool
• How AI and Voice Technology is Similar to a Service Dog
• IIS-Raid - A Native Backdoor Module For Microsoft IIS (Internet Information Services)
• UsoDllLoader - Windows - Weaponizing Privileged File Writes With The Update Session Orchestrator Service
• Basecrack - Best Decoder Tool For Base Encoding Schemes
• MSFPC - MSFvenom Payload Creator
• Kube-Bench - Checks Whether Kubernetes Is Deployed According To Security Best Practices As Defined In The CIS Kubernetes Benchmark
• EvilNet - Network Attack Wifi Attack Vlan Attack Arp Attack Mac Attack Attack Revealed Etc...
• Xeexe - Undetectable And XOR Encrypting With Custom KEY (FUD Metasploit RAT)
• BSF - Botnet Simulation Framework
• Espionage - A Network Packet And Traffic Interceptor For Linux. Spoof ARP & Wiretap A Network
• Screenspy - Capture user screenshots using shortcut file (Bypass SmartScreen/Defender)
• VBSmin - VBScript Minifier
• Cloudtopolis - Cracking Hashes In The Cloud For Free
• Spyse: All-In-One Cybersecurity Search Engine
• Colabcat - Running Hashcat On Google Colab With Session Backup And Restore
• CorsMe - Cross Origin Resource Sharing MisConfiguration Scanner
• How to Free Recover Deleted Files on Your Mac
• Sifter 7.4 - OSINT, Recon & Vulnerability Scanner
• Hmmcookies - Grab Cookies From Firefox, Chrome, Opera Using A Shortcut File (Bypass UAC)
• Business Secure: How AI is Sneaking into our Restaurants
• InQL - A Burp Extension For GraphQL Security Testing
• TokenBreaker - JSON RSA To HMAC And None Algorithm Vulnerability POC
• SAyHello - Capturing Audio (.Wav) From Target Using A Link
• Lynis 3.0.0 - Security Auditing Tool for Unix/Linux Systems
• O.G. AUTO-RECON - Enumerate A Target Based Off Of Nmap Results
• Zip Cracker - Python Script To Crack Zip Password With Dictionary Attack And Also Use Crunch As Pipeline
• DroidTracker - Script To Generate An Android App To Track Location In Real Time
• Iox - Tool For Port Forward &Amp; Intranet Proxy
• OSS-Fuzz - Continuous Fuzzing Of Open Source Software
• Vhosts-Sieve - Searching For Virtual Hosts Among Non-Resolvable Domains
• Formphish - Auto Phishing Form-Based Websites
• SGN - Encoder Ported Into Go With Several Improvements
• TeaBreak - A Productivity Burp Extension Which Reminds To Take Break While You Are At Work!
• Digital Signature Hijack - Binaries, PowerShell Scripts And Information About Digital Signature Hijacking
• SecretFinder - A Python Script For Find Sensitive Data (Apikeys, Accesstoken, JWT...) And Search Anything On Javascript Files
• Fsociety - A Modular Penetration Testing Framework
• EvilDLL - Malicious DLL (Reverse Shell) Generator For DLL Hijacking
• Axiom - A Dynamic Infrastructure Toolkit For Red Teamers And Bug Bounty Hunters!
• Fast-Google-Dorks-Scan - Fast Google Dorks Scan
• URLCADIZ - A Simple Script To Generate A Hidden Url For Social Engineering
• Shodanfy.py - Get Ports, Vulnerabilities, Informations, Banners, ..Etc For Any IP With Shodan (No Apikey! No Rate-Limit!)
• KatroLogger - KeyLogger For Linux Systems
• Attacker-Group-Predictor - Tool To Predict Attacker Groups From The Techniques And Software Used
• EvilPDF - Embedding Executable Files In PDF Documents
• Needle - Instant Access To You Bug Bounty Submission Dashboard On Various Platforms + Publicly Disclosed Reports + #Bugbountytip
• RMIScout - Wordlist And Bruteforce Strategies To Enumerate Java RMI Functions And Exploit RMI Parameter Unmarshalling Vulnerabilities
• Atlas - Quick SQLMap Tamper Suggester
• Stegcloak - Hide Secrets With Invisible Characters In Plain Text Securely Using Passwords
• BabyShark - Basic C2 Server
• URLCrazy - Generate And Test Domain Typos And Variations To Detect And Perform Typo Squatting, URL Hijacking, Phishing, And Corporate Espionage
• Impost3r - A Linux Password Thief
• Tangalanga - The Zoom Conference Scanner Hacking Tool
• Spyeye - Script To Generate Win32 .Exe File To Take Screenshots
• Words Scraper - Selenium Based Web Scraper To Generate Passwords List
• JSshell - A JavaScript Reverse Shell For Exploiting XSS Remotely Or Finding Blind XSS, Working With Both Unix And Windows OS
• Astsu - A Network Scanner Tool
• Git-Scanner - A Tool For Bug Hunting Or Pentesting For Targeting Websites That Have Open .git Repositories Available In Public
• Recox - Master Script For Web Reconnaissance
• Jshole - A JavaScript Components Vulnrability Scanner, Based On RetireJS
• GitMonitor - A Github Scanning System To Look For Leaked Sensitive Information Based On Rules
• Eviloffice - Inject Macro And DDE Code Into Excel And Word Documents (Reverse Shell)
• Ligolo - Reverse Tunneling Made Easy For Pentesters, By Pentesters
• Inshackle - Instagram Hacks: Track Unfollowers, Increase Your Followers, Download Stories, Etc
• GhostShell - Malware Indetectable, With AV Bypass Techniques, Anti-Disassembly, And More
• Forerunner - Fast And Extensible Network Scanning Library Featuring Multithreading, Ping Probing, And Scan Fetchers
• Enumy - Linux Post Exploitation Privilege Escalation Enumeration
• Bing-Ip2Hosts - Bingip2Hosts Is A Bing.com Web Scraper That Discovers Websites By IP Address
• Vault - A Tool For Secrets Management, Encryption As A Service, And Privileged Access Management
• ADCollector - A Lightweight Tool To Quickly Extract Valuable Information From The Active Directory Environment For Both Attacking And Defending
• ANDRAX v5R NH-Killer - Penetration Testing on Android
• DroidFiles - Get Files From Android Directories
• Purify - All-in-one Tool For Managing Vulnerability Reports From AppSec Pipelines
• MemoryMapper - Lightweight Library Which Allows The Ability To Map Both Native And Managed Assemblies Into Memory
• Project iKy v2.6.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
• RepoPeek - A Python Script To Get Details About A Repository Without Cloning It
• Pivotnacci - A Tool To Make Socks Connections Through HTTP Agents
• OhMyQR - Hijack Services That Relies On QR Code Authentication
• FinalRecon - The Last Web Recon Tool You'll Need
• Jaeles v0.9 - The Swiss Army Knife For Automated Web Application Testing
• Game-based learning platform provides full immersion into cybersecurity
• AutoRDPwn v5.1 - The Shadow Attack Framework
• EvilApp - Phishing Attack Using An Android App To Grab Session Cookies For Any Website (ByPass 2FA)
• S3BucketList - Firefox Plugin The Lists Amazon S3 Buckets Found In Requests
• Locator - Geolocator, Ip Tracker, Device Info By URL (Serveo And Ngrok)
• Guardedbox - Online Client-Side Manager For Secure Storage And Secrets Sharing
• Faraday v3.11 - Collaborative Penetration Test and Vulnerability Management Platform
• Minimalistic-offensive-security-tools - A Repository Of Tools For Pentesting Of Restricted And Isolated Environments
• Carina - Webshell, Virtual Private Server (VPS) And cPanel Database
• Nishang - Offensive PowerShell For Red Team, Penetration Testing And Offensive Security
• Web Hacker's Weapons - A Collection Of Cool Tools Used By Web Hackers
• Spray - A Password Spraying Tool For Active Directory Credentials By Jacob Wilkin(Greenwolf)
• Self-XSS - Self-XSS Attack Using Bit.Ly To Grab Cookies Tricking Users Into Running Malicious Code
• Open Sesame - A Tool Which Runs To Display Random Publicly Disclosed Hackerone Reports When Bored
• BlackDir-Framework - Web Application Vulnerability Scanner
• Sharingan - Offensive Security Recon Tool
• BADlnk - Reverse Shell In Shortcut File (.lnk)
• ParamKit - A Small Library Helping To Parse Commandline Parameters
• Hidden-Cry - Windows Crypter/Decrypter Generator With AES 256 Bits Key
• Open-Sesame - A Python Tool Which Runs To Display Random Publicly Disclosed Hackerone Reports When Bored
• Evilreg - Reverse Shell Using Windows Registry Files (.Reg)
• URLBrute - Tool To Brute Website Sub-Domains And Dirs
• Getdroid - FUD Android Payload And Listener
• DiscordRAT - Discord Remote Administration Tool Fully Written In Python
• Lockphish - A Tool For Phishing Attacks On The Lock Screen, Designed To Grab Windows Credentials, Android PIN And iPhone Passcode
• DalFox (Finder Of XSS) - Parameter Analysis And XSS Scanning Tool Based On Golang
• Saycheese - Grab Target'S Webcam Shots By Link
• Kaiten - A Undetectable Payload Generation
• Kali Linux 2020.2 Release - Penetration Testing and Ethical Hacking Linux Distribution
• Clipboardme - Grab And Inject Clipboard Content By Link
• Threadtear - Multifunctional Java Deobfuscation Tool Suite
• Wifipumpkin3 - Powerful Framework For Rogue Access Point Attack
• Catchyou - FUD Win32 Msfvenom Payload Generator
• PayloadsAllTheThings - A List Of Useful Payloads And Bypass For Web Application Security And Pentest/CTF
• Exegol - Exegol Is A Kali Light Base With A Few Useful Additional Tools And Some Basic Configuration
• GDBFrontend - An Easy, Flexible And Extensionable GUI Debugger
• Shellerator - Simple CLI Tool For The Generation Of Bind And Reverse Shells In Multiple Languages
• Powerob - An On-The-Fly Powershell Script Obfuscator Meant For Red Team Engagements
• How to Set Up a VPN on Kodi in 2 Minutes or Less
• PowerSploit - A PowerShell Post-Exploitation Framework
• HiveJack - This Tool Can Be Used During Internal Penetration Testing To Dump Windows Credentials From An Already-Compromised Host
• Nexphisher - Advanced Phishing Tool For Linux & Termux
• TorghostNG - Make All Your Internet Traffic Anonymized Through Tor Network
• Sshprank - A Fast SSH Mass-Scanner, Login Cracker And Banner Grabber Tool Using The Python-Masscan Module
• Generator-Burp-Extension - Everything You Need About Burp Extension Generation
• Parsec - Secure Cloud Framework
• Invoker - Penetration Testing Utility
• Authelia - The Single Sign-On Multi-Factor Portal For Web Apps
• OSSEM - A Tool To Assess Data Quality
• Klar - Integration Of Clair And Docker Registry
• Powershell-Reverse-Tcp - PowerShell Script For Connecting To A Remote Host.
• INTERCEPT - Policy As Code Static Analysis Auditing
• Thoron Framework - Tool To Generate Simple Payloads To Provide Linux TCP Attack
• SkyWrapper - Tool That Helps To Discover Suspicious Creation Forms And Uses Of Temporary Tokens In AWS
• Runtime Mobile Security (RMS) - A Powerful Web Interface That Helps You To Manipulate Android Java Classes And Methods At Runtime
• Elemental - An MITRE ATTACK Threat Library
• ROADtools - The Azure AD Exploration Framework
• Terrier - A Image And Container Analysis Tool To Identify And Verify The Presence Of Specific Files According To Their Hashes
• wxHexEditor - Hex Editor / Disk Editor for Huge Files or Devices on Linux, Windows and MacOSX
• DeathRansom - A Ransomware Developed In Python, With Bypass Technics, For Educational Purposes
• Nuclei - Nuclei Is A Fast Tool For Configurable Targeted Scanning Based On Templates Offering Massive Extensibility And Ease Of Use
• Print-My-Shell - Tool To Automate The Process Of Generating Various Reverse Shells
• S3Reverse - The Format Of Various S3 Buckets Is Convert In One Format
• Pwned - Simple CLI Script To Check If You Have A Password That Has Been Compromised In A Data Breach
• Project iKy v2.5.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
• Should-I-Trust - OSINT Tool To Evaluate The Trustworthiness Of A Company
• Wotop - Web On Top Of Any Protocol
• Firebase-Extractor - A Tool Written In Python For Scraping Firebase Data
• Lulzbuster - A Very Fast And Smart Web Directory And File Enumeration Tool Written In C
• Impulse - Impulse Denial-of-service ToolKit
• Nullscan - A Modular Framework Designed To Chain And Automate Security Tests
• githubFind3r - Fast Command Line Repo/User/Commit Search Tool
• Httpgrep - Scans HTTP Servers To Find Given Strings In URIs
• Adamantium-Thief - Decrypt Chromium Based Browsers Passwords, Cookies, Credit Cards, History, Bookmarks
• Lk Scraper - An Fully Configurable Linkedin Scrape (Scrape Anything Within Linkedin)
• Flux-Keylogger - Modern Javascript Keylogger With Web Panel
• Vulnx v2.0 - An Intelligent Bot Auto Shell Injector That Detect Vulnerabilities In Multiple Types Of CMS (Wordpress , Joomla , Drupal , Prestashop ...)
• Vulnx v2.0 - An Intelligent Bot Auto Shell Injector That Detect Vulnerabilities In Multiple Types Of CMS {(Wordpress , Joomla , Drupal , Prestashop ...)
• goBox - GO Sandbox To Run Untrusted Code
• RS256-2-HS256 - JWT Attack To Change The Algorithm RS256 To HS256
• PEASS - Privilege Escalation Awesome Scripts SUITE
• Pwndrop - Self-Deployable File Hosting Service For Red Teamers, Allowing To Easily Upload And Share Payloads Over HTTP And WebDAV
• DNSProbe - A Tool Built On Top Of Retryabledns That Allows You To Perform Multiple DNS Queries Of Your Choice With A List Of User Supplied Resolvers
• Crescendo - A Swift Based, Real Time Event Viewer For macOS - It Utilizes Apple's Endpoint Security Framework
• Burp Exporter - A Burp Suite Extension To Copy A Request To The Clipboard As Multiple Programming Languages Functions
• crauEmu - An uEmu Extension For Developing And Analyzing Payloads For Code-Reuse Attacks
• Htbenum - A Linux Enumeration Script For Hack The Box
• Domained - Multi Tool Subdomain Enumeration
• Lollipopz - Data Exfiltration Utility For Testing Detection Capabilities
• Sherloq - An Open-Source Digital Image Forensic Toolset
• Inhale - A Malware Analysis And Classification Tool
• Privacy Badger - A Browser Extension That Automatically Learns To Block Invisible Trackers
• Audix - A PowerShell Tool To Quickly Configure The Windows Event Audit Policies For Security Monitoring
• Serverless Prey - Serverless Functions For Establishing Reverse Shells To Lambda, Azure Functions, And Google Cloud Functions
• Lunar - A Lightweight Native DLL Mapping Library That Supports Mapping Directly From Memory
• Ps-Tools - An Advanced Process Monitoring Toolkit For Offensive Operations
• Eavesarp - Analyze ARP Requests To Identify Intercommunicating Hosts And Stale Network Address Configurations (SNACs)
• Richkit - Domain Enrichment Toolkit
• Chromepass - Hacking Chrome Saved Passwords
• Tentacle - A POC Vulnerability Verification And Exploit Framework
• Tails 4.5 - Live System to Preserve Your Privacy and Anonymity
• MSOLSpray - A Password Spraying Tool For Microsoft Online Accounts (Azure/O365)
• Git-Hound v1.1 - GitHound Pinpoints Exposed API Keys On GitHub Using Pattern Matching, Commit History Searching, And A Unique Result Scoring System
• DNSteal v2.0 - DNS Exfiltration Tool For Stealthily Sending Files Over DNS Requests
• OSSEM - Open Source Security Events Metadata
• Angrgdb - Use Angr Inside GDB - Create An Angr State From The Current Debugger State
• SSHPry v2.0 - Spy and Control os SSH Connected client's TTY
• HikPwn - A Simple Scanner For Hikvision Devices
• Sandcastle - A Python Script For AWS S3 Bucket Enumeration
• Tweetshell - Multi-thread Twitter BruteForcer In Shell Script
• Jackdaw - Tool To Collect All Information In Your Domain And Show You Nice Graphs
• Frida API Fuzzer - This Experimetal Fuzzer Is Meant To Be Used For API In-Memory Fuzzing
• DigiTrack - Attacks For $5 Or Less Using Arduino
• FProbe - Take A List Of Domains/Subdomains And Probe For Working HTTP/HTTPS Server
• MSSQLi-DUET - SQL Injection Script For MSSQL That Extracts Domain Users From An Active Directory Environment Based On RID Bruteforcing
• Awspx - A Graph-Based Tool For Visualizing Effective Access And Resource Relationships In AWS Environments
• Pulsar - Network Footprint Scanner Platform - Discover Domains And Run Your Custom Checks Periodically
• CVE-2020-0796 - CVE-2020-0796 Pre-Auth POC
• CVE-2020-0796 - Windows SMBv3 LPE Exploit #SMBGhost
• R00Kie-Kr00Kie - PoC Exploit For The CVE-2019-15126 Kr00K Vulnerability
• One-Lin3r v2.1 - Gives You One-Liners That Aids In Penetration Testing Operations, Privilege Escalation And More
• Project iKy v2.4.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
• Project iKy v2.4.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
• SauronEye - Search Tool To Find Specific Files Containing Specific Words, I.E. Files Containing Passwords
• Webkiller v2.0 - Tool Information Gathering
• InQL Scanner - A Burp Extension For GraphQL Security Testing
• Mssqlproxy - A Toolkit Aimed To Perform Lateral Movement In Restricted Environments Through A Compromised Microsoft SQL Server Via Socket Reuse
• ProjectOpal - Stealth Post-Exploitation Framework For Wordpress
• ConEmu - Customizable Windows Terminal With Tabs, Splits, Quake-Style, Hotkeys And More
• Tinfoil Chat - Onion-routed, Endpoint Secure Messaging System
• Tinfoil Chat - Onion-routed, Endpoint Secure Messaging System
• Ninja - Open Source C2 Server Created For Stealth Red Team Operations
• RapidPayload - Metasploit Payload Generator
• Katana - A Python Tool For Google Hacking
• Envizon v3.0 - Network Visualization And Vulnerability Management/Reporting
• Zphisher - Automated Phishing Tool
• XSS-LOADER - XSS Payload Generator / XSS Scanner / XSS Dork Finder
• Starkiller - A Frontend For PowerShell Empire
• FinalRecon v1.0.2 - OSINT Tool For All-In-One Web Reconnaissance
• ScoringEngine - Scoring Engine For Red/White/Blue Team Competitions
• Astra - Automated Security Testing For REST API's
• HTTPS Everywhere - A Browser Extension That Encrypts Your Communications With Many Websites That Offer HTTPS But Still Allow Unencrypted Connections
• uDork - Google Hacking Tool
• XXExploiter - Tool To Help Exploit XXE Vulnerabilities
• Maryam v1.4.0 - Open-source Intelligence(OSINT) Framework
• InstaSave - Python Script To Download Images, Videos & Profile Pictures From Instagram
• xShock - Shellshock Exploit
• Chepy - A Python Lib/Cli Equivalent Of The Awesome CyberChef Tool.
• Sshuttle - Transparent Proxy Server That Works As A Poor Man'S VPN. Forwards Over SSH
• Lazydocker - The Lazier Way To Manage Everything Docker
• Pypykatz - Mimikatz Implementation In Pure Python
• Token-Reverser - Word List Generator To Crack Security Tokens
• shuffleDNS - Wrapper Around Massdns Written In Go That Allows You To Enumerate Valid Subdomains
• AWSGen.py - Generates Permutations, Alterations And Mutations Of AWS S3 Buckets Names
• Jeopardize - A Low(Zero) Cost Threat Intelligence & Response Tool Against Phishing Domains
• TEA - Ssh-Client Worm
• Zelos - A Comprehensive Binary Emulation Platform
• Pickl3 - Windows Active User Credential Phishing Tool
• Betwixt - Web Debugging Proxy Based On Chrome DevTools Network Panel
• Dirble - Fast Directory Scanning And Scraping Tool
• Pentest Tools Framework - A Database Of Exploits, Scanners And Tools For Penetration Testing
• RedRabbit - Red Team PowerShell Script
• Sifter - A OSINT, Recon And Vulnerability Scanner
• FuzzBench - Fuzzer Benchmarking As A Service
• SSRF Sheriff - A Simple SSRF-testing Sheriff Written In Go
• Evil SSDP - Spoof SSDP Replies And Create Fake UPnP Devices To Phish For Credentials And NetNTLM Challenge/Response
• Proton Framework - A Windows Post Exploitation Framework Similar To Other Penetration Testing Tools Such As Meterpreter And Powershell Invader Framework
• NTLMRecon - A Tool To Enumerate Information From NTLM Authentication Enabled Web Endpoints
• HoneyBot - Capture, Upload And Analyze Network Traffic
• HTTP Asynchronous Reverse Shell - Asynchronous Reverse Shell Using The HTTP Protocol
• Entropy Toolkit - A Set Of Tools To Exploit Netwave And GoAhead IP Webcams
• SharpRDP - Remote Desktop Protocol .NET Console Application For Authenticated Command Execution
• Ghost Framework - An Android Post Exploitation Framework That Uses An Android Debug Bridge To Remotely Access A n Android Device
• Extended-XSS-Search - Scans For Different Types Of XSS On A List Of URLs
• Phonia Toolkit - One Of The Most Advanced Toolkits To Scan Phone Numbers Using Only Free Resources
• PrivescCheck - Privilege Escalation Enumeration Script For Windows
• TwitWork - Monitor Twitter Stream
• XCTR Hacking Tools - All in one tools for Information Gathering
• WiFi Passview v2.0 - An Open Source Batch Script Based WiFi Passview For Windows!
• dnsFookup - DNS Rebinding Toolkit
• BadBlood - Fills A Microsoft Active Directory Domain With A Structure And Thousands Of Objects
• Xencrypt - A PowerShell Script Anti-Virus Evasion Tool
• Subfinder - A Subdomain Discovery Tool That Discovers Valid Subdomains For Websites
• Extended-SSRF-Search - Smart SSRF Scanner Using Different Methods Like Parameter Brute Forcing In Post And Get...
• IoTGoat - A Deliberately Insecure Firmware Based On OpenWrt
• Polyshell - A Bash/Batch/PowerShell Polyglot!
• Mouse Framework - An iOS And macOS Post Exploitation Surveillance Framework That Gives You A Command Line Session With Extra Functionality Between You And A Target Machine Using Only A Simple Mouse Payload
• Multi-Juicer - Run Capture The Flags And Security Trainings With OWASP Juice Shop
• Progress-Burp - Burp Suite Extension To Track Vulnerability Assessment Progress
• Faraday presents the latest version of their Security Platform for Vulnerability Management Automation
• ABD - Course Materials For Advanced Binary Deobfuscation
• Wifi-Hacker - Shell Script For Attacking Wireless Connections Using Built-In Kali Tools
• get_Team_Pass - Get Teamviewer's ID And Password From A Remote Computer In The LAN
• Faraday presents the latest version of their Security Platform for Vulnerability Management Automation
• Dnssearch - A Subdomain Enumeration Tool
• Liffy - Local File Inclusion Exploitation Tool
• DLLPasswordFilterImplant - DLL Password Filter Implant With Exfiltration Capabilities
• Ohmybackup - Scan Victim Backup Directories & Backup Files
• Gadgetinspector - A Byte Code Analyzer For Finding Deserialization Gadget Chains In Java Applications
• OWASP D4N155 - Intelligent And Dynamic Wordlist Using OSINT
• TaskManager-Button-Disabler - Simple Way To Disable/Rename Buttons From A Task Manager
• SUDO_KILLER - A Tool To Identify And Exploit Sudo Rules' Misconfigurations And Vulnerabilities Within Sudo
• Adama - Searches For Threat Hunting And Security Analytics
• Metabigor - Intelligence Tool But Without API Key
• Rabid - A CLI Tool And Library Allowing To Simply Decode All Kind Of BigIP Cookies
• 0L4Bs - Cross-site Scripting Labs For Web Application Security Enthusiasts
• CVE Api - Parse & filter the latest CVEs from cve.mitre.org
• NekoBot - Auto Exploiter With 500+ Exploit 2000+ Shell
• Gospider - Fast Web Spider Written In Go
• DecryptTeamViewer - Enumerate And Decrypt TeamViewer Credentials From Windows Registry
• DrSemu - Malware Detection And Classification Tool Based On Dynamic Behavior
• Syborg - Recursive DNS Subdomain Enumerator With Dead-End Avoidance System
• Manul - A Coverage-Guided Parallel Fuzzer For Open-Source And Blackbox Binaries On Windows, Linux And MacOS
• Fuzzowski - The Network Protocol Fuzzer That We Will Want To Use
• Nray - Distributed Port Scanner
• BurpSuite Random User-Agents - Burp Suite Extension For Generate A Random User-Agents
• CTFTOOL - Interactive CTF Exploration Tool
• Aduket - Straight-forward HTTP Client Testing, Assertions Included
• OpenRelayMagic - Tool To Find SMTP Servers Vulnerable To Open Relay
• Hashcracker - Python Hash Cracker
• KawaiiDeauther - Jam All Wifi Clients/Routers
• Agente - Distributed Simple And Robust Release Management And Monitoring System
• XSS-Freak - An XSS Scanner Fully Written In Python3 From Scratch
• IPv6Tools - A Robust Modular Framework That Enables The Ability To Visually Audit An IPv6 Enabled Network
• Pytm - A Pythonic Framework For Threat Modeling
• Netdata - Real-time Performance Monitoring
• InjuredAndroid - A Vulnerable Android Application That Shows Simple Examples Of Vulnerabilities In A CTF Style
• FockCache - Minimalized Test Cache Poisoning
• Acunetix v13 - Web Application Security Scanner
• SEcraper - Search Engine Scraper Tool With BASH Script.
• Re2Pcap - Create PCAP file from raw HTTP request or response in seconds
• Takeover v0.2 - Sub-Domain TakeOver Vulnerability Scanner
• Misp-Dashboard - A Dashboard For A Real-Time Overview Of Threat Intelligence From MISP Instances
• Jaeles v0.4 - The Swiss Army Knife For Automated Web Application Testing
• Dufflebag - Search Exposed EBS Volumes For Secrets
• Qiling - Advanced Binary Emulation Framework
• Nfstream - A Flexible Network Data Analysis Framework
• WhatTheHack - A Collection Of Challenge Based Hack-A-Thons Including Student Guide, Proctor Guide, Lecture Presentations, Sample/Instructional Code And Templates
• Injectus - CRLF And Open Redirect Fuzzer
• PCFG Cracker - Probabilistic Context Free Grammar (PCFG) Password Guess Generator
• DVNA - Damn Vulnerable NodeJS Application
• GDA Android Reversing Tool - A New Decompiler Written Entirely In C++, So It Does Not Rely On The Java Platform, Which Is Succinct, Portable And Fast, And Supports APK, DEX, ODEX, Oat
• Project-Black - Pentest/BugBounty Progress Control With Scanning Modules
• RiskAssessmentFramework - Static Application Security Testing
• MassDNS - A High-Performance DNS Stub Resolver For Bulk Lookups And Reconnaissance (Subdomain Enumeration)
• S3Enum - Fast Amazon S3 Bucket Enumeration Tool For Pentesters
• See-SURF - Python Based Scanner To Find Potential SSRF Parameters
• Blinder - A Python Library To Automate Time-Based Blind SQL Injection
• Obfuscapk - A Black-Box Obfuscation Tool For Android Apps
• Kali Linux 2020.1 Release - Penetration Testing and Ethical Hacking Linux Distribution
• PythonAESObfuscate - Obfuscates A Python Script And The Accompanying Shellcode
• ApplicationInspector - A Source Code Analyzer Built For Surfacing Features Of Interest And Other Characteristics To Answer The Question 'What'S In It' Using Static Analysis With A Json Based Rules Engine
• CredNinja - A Multithreaded Tool Designed To Identify If Credentials Are Valid, Invalid, Or Local Admin Valid Credentials Within A Network At-Scale Via SMB, Plus Now With A User Hunter
• Mimir - Smart OSINT Collection Of Common IOC Types
• Socialscan - Check Email Address And Username Availability On Online Platforms With 100% Accuracy
• Aircrack-ng 1.6 - Complete Suite Of Tools To Assess WiFi Network Security
• Memhunter - Live Hunting Of Code Injection Techniques
• AgentSmith-HIDS - Open Source Host-based Intrusion Detection System (HIDS)
• Hershell - Multiplatform Reverse Shell Generator
• Check-LocalAdminHash - A PowerShell Tool That Attempts To Authenticate To Multiple Hosts Over Either WMI Or SMB Using A Password Hash To Determine If The Provided Credential Is A Local Administrator
• SharpStat - C# Utility That Uses WMI To Run "cmd.exe /c netstat -n", Save The Output To A File, Then Use SMB To Read And Delete The File Remotely
• KsDumper - Dumping Processes Using The Power Of Kernel Space
• YARASAFE - Automatic Binary Function Similarity Checks with Yara
• AlertResponder - Automatic Security Alert Response Framework By AWS Serverless Application Model
• TAS - A Tiny Framework For Easily Manipulate The Tty And Create Fake Binaries
• Corsy v1.0 - CORS Misconfiguration Scanner
• TeleGram-Scraper - Telegram Group Scraper Tool (Fetch All Information About Group Members)
• Grouper2 - Find Vulnerabilities In AD Group Policy
• Gophish - Open-Source Phishing Toolkit
• Aaia - AWS Identity And Access Management Visualizer And Anomaly Finder
• Scallion - GPU-based Onion Addresses Hash Generator
• Bluewall - A Firewall Framework Designed For Offensive And Defensive Cyber Professionals
• AntiCheat-Testing-Framework - Framework To Test Any Anti-Cheat
• Gowitness - A Golang, Web Screenshot Utility Using Chrome Headless
• Lsassy - Extract Credentials From Lsass Remotely
• LOLBITS - C# Reverse Shell Using Background Intelligent Transfer Service (BITS) As Communication Protocol
• Shell Backdoor List - PHP / ASP Shell Backdoor List
• Hakrawler - Simple, Fast Web Crawler Designed For Easy, Quick Discovery Of Endpoints And Assets Within A Web Application
• Gtfo - Search For Unix Binaries That Can Be Exploited To Bypass System Security Restrictions
• SWFPFinder - SWF Potential Parameters Finder
• laravelN00b - Automated Scan .env Files And Checking Debug Mode In Victim Host
• Andriller - Software Utility With A Collection Of Forensic Tools For Smartphones
• LAVA - Large-scale Automated Vulnerability Addition
• Heapinspect - Inspect Heap In Python
• CHAPS - Configuration Hardening Assessment PowerShell Script
• Karonte - A Static Analysis Tool To Detect Multi-Binary Vulnerabilities In Embedded Firmware
• IotShark - Monitoring And Analyzing IoT Traffic
• LNAV - Log File Navigator
• TuxResponse - Linux Incident Response
• Stowaway - Multi-hop Proxy Tool For Pentesters
• Git-Vuln-Finder - Finding Potential Software Vulnerabilities From Git Commit Messages
• WAFW00F v2.0 - Allows One To Identify And Fingerprint Web Application Firewall (WAF) Products Protecting A Website
• XposedOrNot - Tool To Search An Aggregated Repository Of Xposed Passwords Comprising Of ~850 Million Real Time Passwords
• Dsync - IDAPython Plugin That Synchronizes Disassembler And Decompiler Views
• RFCpwn - An Enumeration And Exploitation Toolkit Using RFC Calls To SAP
• LKWA - Lesser Known Web Attack Lab
• Multiscanner - Modular File Scanning/Analysis Framework
• Findomain v0.9.3 - The Fastest And Cross-Platform Subdomain Enumerator
• OKadminFinder - Admin Panel Finder / Admin Login Page Finder
• BetterBackdoor - A Backdoor With A Multitude Of Features
• Spraykatz - A Tool Able To Retrieve Credentials On Windows Machines And Large Active Directory Environments
• Shelly - Simple Backdoor Manager With Python (Based On Weevely)
• huskyCI - Performing Security Tests Inside Your CI
• AttackSurfaceMapper - A Tool That Aims To Automate The Reconnaissance Process
• Pylane - An Python VM Injector With Debug Tools, Based On GDB
• PAKURI - Penetration Test Achieve Knowledge Unite Rapid Interface
• Malwinx - Just A Normal Flask Web App To Understand Win32Api With Code Snippets And References
• Quark-Engine - An Obfuscation-Neglect Android Malware Scoring System
• nmapAutomator - Tool To Automate All Of The Process Of Recon/Enumeration
• RansomCoin - A DFIR Tool To Extract Cryptocoin Addresses And Other Indicators Of Compromise From Binaries
• Pown.js - A Security Testing An Exploitation Toolkit Built On Top Of Node.js And NPM
• Top 20 Most Popular Hacking Tools in 2019
• Turbolist3r - Subdomain Enumeration Tool With Analysis Features For Discovered Domains
• SQLMap v1.4 - Automatic SQL Injection And Database Takeover Tool
• AVCLASS++ - Yet Another Massive Malware Labeling Tool
• XSpear v1.3 - Powerfull XSS Scanning And Parameter Analysis Tool
• Kamerka GUI - Ultimate Internet Of Things/Industrial Control Systems Reconnaissance Tool
• SysWhispers - AV/EDR Evasion Via Direct System Calls
• S3Tk - A Security Toolkit For Amazon S3
• WindowsFirewallRuleset - Windows Firewall Ruleset Powershell Scripts
• AWS Report - Tool For Analyzing Amazon Resources
• Tishna - Complete Automated Pentest Framework For Servers, Application Layer To Web Security
• RedPeanut - A Small RAT Developed In .Net Core 2 And Its Agent In .Net 3.5/4.0
• DetectionLab - Vagrant And Packer Scripts To Build A Lab Environment Complete With Security Tooling And Logging Best Practices
• Andor - Blind SQL Injection Tool With Golang
• SQL Injection Payload List
• WinPwn - Automation For Internal Windows Penetrationtest / AD-Security
• Ddoor - Cross Platform Backdoor Using Dns Txt Records
• Custom Header - Automatic Add New Header To Entire BurpSuite HTTP Requests
• SCShell - Fileless Lateral Movement Tool That Relies On ChangeServiceConfigA To Run Command
• Ultimate Facebook Scraper - A Bot Which Scrapes Almost Everything About A Facebook User'S Profile Including All Public Posts/Statuses Available On The User'S Timeline, Uploaded Photos, Tagged Photos, Videos, Friends List And Their Profile Photos
• FireProx - AWS API Gateway Management Tool For Creating On The Fly HTTP Pass-Through Proxies For Unique IP Rotation
• DNCI - Dot Net Code Injector
• RdpThief - Extracting Clear Text Passwords From Mstsc.Exe Using API Hooking
• Leprechaun - Tool Used To Map Out The Network Data Flow To Help Penetration Testers Identify Potentially Valuable Targets
• Glances - An Eye On Your System. A Top/Htop Alternative For GNU/Linux, BSD, Mac OS And Windows Operating Systems
• Sshtunnel - SSH Tunnels To Remote Server
• RE:TERNAL - Repo Containing Docker-Compose Files And Setup Scripts Without Having To Clone The Individual Reternal Components
• Antispy - A Free But Powerful Anti Virus And Rootkits Toolkit
• Flan - A Pretty Sweet Vulnerability Scanner By CloudFlare
• Corsy - CORS Misconfiguration Scanner
• Kali Linux 2019.4 Release - Penetration Testing and Ethical Hacking Linux Distribution
• XML External Entity (XXE) Injection Payload List
• ATFuzzer - Dynamic Analysis Of AT Interface For Android Smartphones
• Netstat2Neo4J - Create Cypher Create Statements For Neo4J Out Of Netstat Files From Multiple Machines
• BaseQuery - A Way To Organize Public Combo-Lists And Leaks In A Way That You Can Easily Search Through Everything
• Attack Monitor - Endpoint Detection And Malware Analysis Software
• Crashcast-Exploit - This Tool Allows You Mass Play Any YouTube Video With Chromecasts Obtained From Shodan.io
• Tool-X - A Kali Linux Hacking Tool Installer
• SQLMap v1.3 - Automatic SQL Injection And Database Takeover Tool
• Stretcher - Tool Designed To Help Identify Open Elasticsearch Servers That Are Exposing Sensitive Information
• Aztarna - A Footprinting Tool For Robots
• Hediye - Hash Generator & Cracker Online Offline
• Killcast - Manipulate Chromecast Devices In Your Network
• bypass-firewalls-by-DNS-history - Firewall Bypass Script Based On DNS History Records
• WiFi-Pumpkin v0.8.7 - Framework for Rogue Wi-Fi Access Point Attack
• H8Mail - Email OSINT And Password Breach Hunting
• Kube-Hunter - Hunt For Security Weaknesses In Kubernetes Clusters
• Metasploit 5.0 - The World’s Most Used Penetration Testing Framework
• Interlace - Easily Turn Single Threaded Command Line Applications Into Fast, Multi Threaded Ones With CIDR And Glob Support
• Twifo-Cli - Get User Information Of A Twitter User
• Sitadel - Web Application Security Scanner
• Pe-Sieve - Recognizes And Dumps A Variety Of Potentially Malicious Implants (Replaced/Injected PEs, Shellcodes, Hooks, In-Memory Patches)
• Malboxes - Builds Malware Analysis Windows VMs So That You Don'T Have To
• Snyk - CLI And Build-Time Tool To Find & Fix Known Vulnerabilities In Open-Source Dependencies
• Shed - .NET Runtime Inspector
• Stardox - Github Stargazers Information Gathering Tool
• Commix v2.7 - Automated All-in-One OS Command Injection And Exploitation Tool
• AutoSploit v3.0 - Automated Mass Exploiter
• Faraday v3.5 - Collaborative Penetration Test and Vulnerability Management Platform
• Recaf - A Modern Java Bytecode Editor
• dnSpy - .NET Debugger And Assembly Editor