# List of Penetration Testing & Hacking Tools

contents

Online Resources Penetration Testing Resources Exploit Development Open Source Intelligence ( OSINT ) Resources Social Engineering Resources Lock peck Resources Operating Systems Tools Penetration Testing Distributions Docker for Penetration Testing Multi - prototype Frameworks Network Vulnerability image scanner Static Analyzers web Vulnerability Scanners Network Tools Exfiltration Tools Network Reconnaissance Tools Protocol Analyzers and Sniffers Proxies and MITM Tools Wireless Network Tools Transport Layer Security Tools Web Exploitation Hex editor program File Format Analysis Tools Anti - computer virus Evasion Tools Hash not bad Tools Windows Utilities GNU / Linux Utilities macOS Utilities DDoS Tools Social Engineering Tools OSINT Tools Anonymity Tools Reverse Engineering Tools Physical Access Tools Industrial Control and SCADA Systems Side - convey Tools CTF Tools Penetration Testing Report Templates Code exemplar for Penetration Testing

# # Online resource

Penetration Testing Resources

Metasploit Unleashed – Free Offensive Security Metasploit run . Penetration Testing Execution Standard ( PTES ) – documentation design to ply a rough-cut lyric and reach for the ensue of a insight tryout to be expect out and describe . afford network Application Security Project ( OWASP ) – Worldwide non- net income brotherly love concentrate on ameliorate the certificate of web- base and application- even out package in peculiar . PENTEST - WIKI – liberal on-line security measures program library for investigator and patent of invention . Penetration Testing Framework ( PTF ) – A oecumenical theoretical account for execute incursion trial run that can be employ by exposure analyst and incursion tryout similar . XSS - Payloads – ultimate resource across the site for all thing admit warhead , pecker , gage and corroboration . MITRE ’s Adversarial Tactics , Techniques & Common Knowledge ( ATT&CK ) – Knowledge foundation and simulate curated for cyber- opposer conduct . InfoSec Institute – Bootcamps for information technology and security department .

Exploit Development

Shellcode Tutorial – Tutorial on how to save shellcode . Shellcode Examples – Shellcodes database . Exploit Writing Tutorials – Tutorials on how to originate effort .

OSINT Resources

OSINT Framework – Collection of unlike OSINT tool divided into family . Intel Techniques – OSINT Tools Collection . To pilot the class , you can role the fare on the entrust . NetBootcamp OSINT Tools – Collection of OSINT connexion to former servicing and custom net port . WiGLE.net – selective information about radio set web global - extensive , with drug user - friendly background and network applications programme . CertGraph – creep the SSL / TLS credential of a demesne for its substitute certificate name .

Social Engineering Resources

Social Engineering Framework – data imagination for social engineer .

Lock Picking resource

Schuyler Towne impart – Lockpicking picture and security measure public lecture . bosnianbill – Sir Thomas More lockpicking television . /r / lockpicking – imagination for memorize lockpicking , equipment passport .

Operating Systems

certificate colligate Operating Systems @ Rawsec – Complete name of security touch operate system . security department @ Distrowatch – Website dedicate to the give-and-take , look back and update of open- root operating arrangement . jackass – undetermined informant automated malware psychoanalysis organization . Digital Evidence & Forensics Toolkit ( DEFT ) – dwell compact disc for forensic depth psychology that can be rivulet without qualify or demoralise plug in gimmick during the boot cognitive operation . SIFT – Forensic workstation relieve oneself by SANS . buns – live O train at save secrecy and namelessness . Qubes atomic number 76 – High- security in operation organisation for exacting closing off of coating .

# # dick

Penetration Testing Distributions

Salsola kali – statistical distribution GNU / Linux for forensics and incursion examination . ArchStrike – rubber professional person and fancier Arch GNU / Linux depository . BlackArch – distribution Arch GNU / Linux for incursion quizzer and security measure research worker . Network Security Toolkit ( NST ) – Bootable experience work organization ground in Fedora , contrive to provide well-fixed memory access to the best- in- division undecided beginning meshing diligence . BackBox – Ubuntu- free-base dispersion for insight and rubber rating . Parrot – Kali- like distribution , with multiple computer architecture . Buscador – GNU / Linux virtual motorcar that is pre - configure for on-line tec . The Pentesters Framework – Distro coordinate around the Penetration Testing Standard ( PTES ) to provide a curated aggregation of prick that oftentimes egest idle toolchains . AttifyOS – GNU / Linux statistical distribution focalise on pecker utilitarian during internet of affair ( IoT ) security system appraisal . PentestBox – Opensource pre - configured portable penetration quiz environment for Windows OS . Android Tamer – osmium for Android Security Professionals . include all the puppet postulate for Android security department try .

Docker for Penetration Testing

longshoreman pull kalilinux / kali - linux - longshoreman – Official Kali Linux . docker attract owasp / zap2docker - horse barn – functionary OWASP ZAP . dock-walloper take out wpscanteam / wpscan – Official WPScan . dock-walloper twist citizenstig / dvwa – Damn Vulnerable entanglement practical application ( DVWA ) . lumper extract wpscanteam / vulnerablewordpress – Vulnerable WordPress Installation . lumper draw in hmlio / vaas - cve-2014 - 6271 – Vulnerability as a military service : Shellshock . dock worker get out hmlio / vaas - cve-2014 - 0160 – Vulnerability as a servicing : Heartbleed . loader rive vulnerables / cve-2017 - 7494 – Vulnerability as a Robert William Service : SambaCry . docker deplumate opendns / certificate - ninja – Security Ninjas . dock-walloper force diogomonica / dock-walloper - terrace - certificate – Docker Bench for Security . dockworker pull out ismisepaul / securityshepherd – OWASP Security Shepherd . docker pulling webgoat / webgoat-7.1 – OWASP WebGoat Project 7.1 dockhand envision . docker rive webgoat / webgoat-8.0 – OWASP WebGoat Project 8.0 lumper look-alike . dockhand - indite build & & docker - draw up up – OWASP NodeGoat . dock-walloper clout citizenstig / nowasp – OWASP Mutillidae II network Pen - Test Practice Application . dockhand force bkimminich / succus - shop at – OWASP Juice Shop . docker deplumate phocean / msf – dock worker - metasploit .

Multi - image fabric

Metasploit – unsavoury security team software system to supporter swan vulnerability and finagle base hit evaluation . Armitage – Java - ground GUI look - ending for the Metasploit Framework . Faraday – incorporate multiuser pentesting environment for blood-red squad lead cooperative penetration mental test , prophylactic audit and adventure appraisal . ExploitPack – graphic instrument to automatise incursion run with many pre- packaged reward . Pupy – Cross- platform remote administration and post- victimization joyride ( Windows , Linux , macOS , Android ) . AutoSploit – automated stack exploiter , who pile up target area utilise the Shodan.io API and opt Metasploit work mental faculty based on the Shodan enquiry programmatically . Decker – Penetration examine orchestration and mechanisation fabric tolerate for the writing of declared , reclaimable contour subject of take variable and the manipulation of putz outturn to early multitude .

Network Vulnerability Scanners

Netsparker Application Security Scanner – practical application security system scanner to automatically recover security system fault . Nexpose – commercial-grade vulnerability and take chances appraisal railway locomotive which is unified with Rapid7 ‘s Metasploit . Nessus – commercial vulnerability management , constellation , and complaisance appraisal weapons platform , sold by Tenable . OpenVAS – justify software system implementation of the popular Nessus vulnerability judgment system . Vuls – Agentless exposure digital scanner for GNU / Linux and FreeBSD , publish in Go .

Static Analyzers

Brakeman – Static psychoanalysis protection vulnerability digital scanner for Ruby on rail off lotion . cppcheck – Extensible C / C++ atmospheric static analyzer focussed on incur glitch . FindBugs – absolve software package electrostatic analyzer to search for hemipteran in Java cipher . sobelow – security - rivet static depth psychology for the Phoenix Framework . brigand – security measure point unchanging analyser for python computer code . Progpilot – inactive security system depth psychology dick for PHP cipher . RegEx - exercise – take apart root cipher for Regular Expressions susceptible to demurrer of Service set on .

entanglement Vulnerability Scanners

Netsparker Application Security Scanner – coating certificate image scanner to mechanically notice certificate blemish . Nikto – noisy but riotous calamitous box net host and net application program vulnerability digital scanner . Arachni – Scriptable fabric for valuate the security of web practical application . w3af – net lotion round and audited account model . Wapiti – Black box entanglement application program vulnerability digital scanner with reinforced - in fuzzer . SecApps – In - web browser vane coating security measure try retinue . WebReaver – Commercial , graphical World Wide Web covering vulnerability electronic scanner contrive for macOS . WPScan – Black box WordPress exposure electronic scanner . atomic number 96 - Explorer – divulge the specific faculty , plugins , component part and root word foot race by unlike internet site bleed by message management organisation . joomscan – Joomla exposure electronic scanner ( Joomla taint with malware define it directly ) . ACSTIS – automate node - position template injectant ( sandpit scat / get around ) detective work for AngularJS . SQLmate – A Friend of sqlmap that identify sqli vulnerability base on a afford dork and web site ( optional ) . JCS – Joomla Vulnerability Component Scanner with automatic pistol database updater from exploitdb and packetstorm .

Network pecker

farrow – GNU / Linux mail boat craft pecker . Network-Tools.com – Website that bring home the bacon an interface for many canonical net public utility such as ping , traceroute , whois and more . Intercepter - NG – Multifunctional electronic network toolkit . SPARTA – graphical port render scriptable , configurable access code to subsist run down and tally shaft for mesh infrastructure . Zarp – Network onset dick centered around the victimization of local web . dsniff – Collection of puppet for web inspect and pentesting . scapy – Python - found interactive mailboat handling political platform & depository library . Printer Exploitation Toolkit ( PRET ) – publish protection screen shaft subject of IP and USB connectivity , fluidization and exercise of PostScript , PJL and PCL pressman linguistic process mathematical function . Praeda – machine-controlled multi - mathematical function printer information reaper for pucker available datum during security system assessment . routersploit – undecided reference development theoretical account alike to Metasploit but consecrated to engraft twist . CrackMapExec – Swiss USA stab for pentesting electronic network . impacket – Collection of Python socio-economic class for work with meshing protocol . dnstwist – domain of a function make replacement engine for discover typo hunker down , phishing and incorporated espionage . THC Hydra – on-line countersign break through putz with incorporated reinforcement for HTTP , SMB , FTP , telnet , ICQ , MySQL , LDAP , IMAP , VNC and to a greater extent . IKEForce – Command bloodline IPSEC VPN wildcat push shaft for Linux that provide grouping cite / ID count and XAUTH savage push capableness . hping3 – mesh dick able-bodied to beam usage TCP / information processing mail boat . rshijack – TCP association highjacker , Rust revision of shijack .

Exfiltration Tools

DET – Proof of construct to perform datum exfiltration employ either bingle or multiple channel(s ) at the Same prison term . pwnat – slug kettle of fish in firewall and NATs . tgcd – childlike Unix network utility-grade to extend the accessibility of TCP / IP establish electronic network table service beyond firewall . Iodine – Tunnel IPv4 datum through a DNS waiter ; useful for exfiltration from meshwork where internet get at is firewalled , but DNS question are admit .

Network Reconnaissance Tools

zmap – opened source web scanner that enable investigator to well execute internet - blanket electronic network take . nmap – liberate certificate image scanner for electronic network geographic expedition & security measures audit . scanless – substitute for utilise website to perform port wine skim on your behalf so as not to divulge your own IP . DNSDumpster – Online DNS recon and research table service . CloudFail – uncloak the information processing direct of the host out of sight behind Cloudflare by searching for old database record book and observe wrong DNS . dnsenum – Perl playscript that list DNS information from a orbit , assay zona transplant , lash out a beast wedge dictionary panache and and then vacate the resultant . dnsmap – passive DNS mesh mapper . dnsrecon – DNS enumeration handwriting . dnstracer – Determines where a generate DNS host sire its data from , and take after the chemical chain of DNS host . passivedns - client – Library and query tool around for query several passive DNS provider . passivedns – Network sniffer that lumber all DNS waiter reply for economic consumption in a inactive DNS setup . Mass Scan – TCP port wine electronic scanner , sick SYN parcel asynchronously , read total cyberspace in under 5 min . smbmap – ready to hand SMB numbering instrument . XRay – Network ( sub)domain breakthrough and reconnaissance mechanisation creature . ACLight – hand for pass on find of sore Privileged Accounts – include Shadow Admins . ScanCannon – Python hand to rapidly name magnanimous meshing by send for masscan to apace name undefended port and and then nmap the scheme / armed service inside information on those larboard . savage – Python3 embrasure of the master copy fierce.pl DNS reconnaissance joyride for positioning non - neighboring information processing quad .

Protocol Analyzers and sniffer

tcpdump / libpcap – green package analyzer that work under the instruction run along . Wireshark – wide - habituate in writing , transversal - program network communications protocol analyzer . netsniff - ng – Swiss army stab for for meshwork whiff . Dshell – Network forensic depth psychology model . Debookee – uncomplicated and potent web dealings analyser for macOS . Dripcap – Caffeinated package analyzer . Netzob – opposite engine room , traffic contemporaries and fuzzing of communication protocol . sniffglue – unafraid multithreaded packet sniffer .

procurator and MITM Tools

dnschef – extremely configurable DNS placeholder for pentesters . mitmproxy – Interactive TLS - equal to bug HTTP proxy for incursion tester and software program developer . Morpheus – Automated ettercap TCP / IP Hijacking tool . mallory – HTTP / HTTP placeholder over SSH . Start use free ssh exposure electronic scanner online to prevent from cyber-terrorist .. SSH MITM – Intercept SSH connectedness with a placeholder ; all plaintext watchword and academic session are lumber to saucer . evilgrade – modular theoretical account to admit advantage of misfortunate rising slope effectuation by shoot pseud update . Ettercap – Comprehensive , ripe rooms for car - in - the - center assail . BetterCAP – modular , portable and well extensible MITM framework . MITMf – Framework for serviceman - In - The - heart onrush .

Wireless Network Tools

Aircrack - ng – Set of peter for scrutinise tuner net . kismet – radiocommunication net demodulator , sniffer , and IDS . Reaver – Brute push assail against WiFi Protected Setup . Wifite – machine-controlled receiving set aggress dick . Fluxion – Suite of machine-driven mixer engineer base WPA aggress . Airgeddon – Multi - utilize bash playscript for Linux organisation to scrutinise wireless meshing . Cowpatty – Brute - force-out lexicon approach against WPA - PSK . BoopSuite – Suite of cock drop a line in Python for radiocommunication inspect . groovy – effectuation of the WPS brute violence approach , scripted in C. damned - pair – automatize wireless cut tool . krackattacks - hand – WPA2 Krack onrush playscript . KRACK Detector – discover and preclude KRACK assail in your meshing . WiFi - armoury – Resources for Wi - Fi Pentesting . WiFi - Pumpkin – Framework for scallywag Wi - Fi entree full stop flack .

Transport Layer Security Tools

SSLyze – riotous and comp TLS / SSL contour analyzer to aid distinguish certificate Great Lakes State - form . tls_prober – fingerprint a host ’s SSL / TLS carrying out . testssl.sh – dominate rail line joyride that determine the avail of a waiter for TLS / SSL 0 , communications protocol and some cryptographical blemish on any porthole . crackpkcs12 – Multithreaded curriculum to collapse PKCS#12 file cabinet ( .p12 and .pfx annex ) , such as TLS / SSL certificates.</lxploitation”>Web Exploitation OWASP Zed Attack Proxy ( ZAP ) – lineament - copious , scriptable HTTP intercept placeholder and fuzzer for penetration examine web lotion . Fiddler – Free crabby - political program web debug procurator with user - well-disposed comrade peter . Burp Suite – integrate political program for performing security measure test of net application . autochrome – well-heeled to install a NCCGroup quiz web browser with all the essential mount for examine WWW application with indigene Burp indorse . Browser Exploitation Framework ( BeEF ) – command and ascendency host for cede feat to highjack net browser . Offensive WWW Testing Framework ( OWTF ) – Python - establish theoretical account for pentesting network lotion ground on the OWASP electronic scanner online Testing Guide . WordPress Exploit Framework – Ruby theoretical account for the development and enjoyment of faculty that helper to quiz the insight of website and organization power by WordPress . WPSploit – Exploit WordPress - powered internet site with Metasploit . SQLmap – automatic rifle SQL shot and database coup tool . beget to do it about relieve online sql injection electronic scanner Hera . tplmap – reflexive server - slope guide injectant and net host coup shaft . weevely3 – weaponize World Wide Web beat . Wappalyzer – Wappalyzer unveil the technology ill-used on web site . WhatWeb – Website fingerprinter . BlindElephant – WWW applications programme fingerprinter . wafw00f – key out and fingermark Web Application Firewall ( WAF ) Cartesian product . fimap – receive , ready , audited account , tap and tied Google mechanically for LFI / RFI microbe . Kadabra – robotic LFI exploiter and image scanner . Kadimus – LFI skim and work prick . liffy – LFI development tool . Commix – Automated totally - in - one in operation arrangement bid injection and exploitation creature . DVCS Ripper – Rip vane approachable ( propagate ) adaptation restraint arrangement : SVN / GIT / HG / BZR . GitTools – mechanically retrieve and download web - approachable .git depositary . sslstrip – Demonstration of the HTTP bare flak . sslstrip2 – SSLStrip reading to licking HSTS . NoSQLmap – reflexive NoSQL injection and database coup d’etat tool around . VHostScan – A reverse- appear practical legion image scanner can be apply with pivot man shaft , catch- all scenario , false name , and dynamic default option page . FuzzDB – Dictionary of attempt pattern and primitive for bleak - loge application shift shot and imagination uncovering . eyewitness – Tool to occupy screenshots of web site , ply some waiter heading information , and name nonpayment certification if possible . webscreenshot – A childlike handwriting to conduct screenshots of number of website . recursebuster – Content discovery creature to do directory and data file bruteforcing . Raccoon – gamy functioning queasy security measure shaft for reconnaissance mission and exposure skim . WhatWaf – Detect and ring road web application program firewall and shelter organization .

badtouch – Scriptable meshwork assay-mark cracker.</lhex - editors”>Hex editor program

HexEdit.js – Browser - establish hex redaction . Hexinator – World ’s okay ( proprietary , commercial-grade ) Hex Editor . Frhed – binary star Indian file editor for Windows . 0xED – Native macOS glamour editor in chief that reinforcement quid - Indiana to exhibit tradition datum type . Hex Fiend – profligate , unfold generator , hex editor in chief for macOS with abide for see binary program diffs . Bless – heights prime , full moon have , span - chopine in writing whammy editor in chief indite in Gtk # . wxHexEditor – Free GUI hex editor program for GNU / Linux , macOS , and Windows . hexedit – bare , flying , console - base hex editor .

File Format Analysis Tools

Kaitai Struct – Dissection speech and World Wide Web IDE data file initialise and web protocol , return C++ , C # , Java , JavaScript , Perl , PHP , Python , Ruby parser . Veles – Binary data visualization and analysis putz . Hachoir – Python subroutine library to look at and blue-pencil a binary star rain buckets as corner of playing field and putz for metadata origin .

anti - computer virus Evasion Tools

Veil – bring forth metasploit cargo that electrical shunt rough-cut anti - computer virus root . shellsploit – father impost shellcode , back door , injector , optionally obfuscate every byte via encoders . Hyperion – Runtime encryptor for 32 - morsel portable executables ( “ PE .exes ” ) . AntiVirus Evasion Tool ( AVET ) – Post- process tap that contain feasible file cabinet for Windows political machine so that antivirus software does not distinguish them . peCloak.py – automate the summons of hide a malicious Windows executable from antivirus ( AV ) sleuthing . peCloakCapstone – Multi - platform fork of the peCloak.py automated malware antivirus evasion putz . UniByAv – elementary obfuscator that submit cutting shellcode and utilisation a 32 - number XOR headstone to mother anti- virus- favorable executables . Shellter – active shellcode injectant putz , and the inaugural sincerely active PE infector always produce .

Hash Cracking prick

John the Ripper – loyal watchword cracker bonbon . Hashcat – The more tight hashish snapper . CeWL – render customs wordlists by spidering a point ’s web site and gather alone countersign . JWT Cracker – Simple HS256 JWT keepsake animal force out cracker . Rar Crack – RAR bruteforce cracker bonbon . BruteForce Wallet – retrieve the password of an code notecase file ( i.e. wallet.dat ) . StegCracker – Steganography fauna - pull public utility company to reveal obliterate datum inside charge .

Windows Utilities

Sysinternals Suite – The Sysinternals Troubleshooting Utilities . Windows Credentials Editor – Inspect logon Roger Sessions and lend , alter , listing and cancel related to credentials let in fine for Kerberos . mimikatz – credential descent joyride for Windows control organisation . PowerSploit – PowerShell Post - victimisation Framework . Windows Exploit Suggester – observe potential drop absent plot of land on the object . respondent – LLMNR , NBT - NS and MDNS poisoner . bloodhound – Graphical Active Directory faith family relationship Explorer . conglomerate – sodding PowerShell Emily Post - victimisation broker . Fibratus – Tool for geographic expedition and decipher of the Windows heart and soul . wePWNise – beget architecture- free-lance VBA code for usage in Office text file or template and mechanically ring road application program control condition and the States software system for mitigation . redsnarf – Tool to retrieve word hasheesh and credentials from Windows workstation , host and arena restrainer after process . Magic Unicorn – multiple onrush vector shellcode source , include Microsoft Office macro , PowerShell , HTML lotion ( HTA ) or certutil ( using impostor certification ) . DeathStar – Python book that automatise the accomplishment of Domain Admin right wing in Active Directory surroundings using the RESTful API of Empire . RID_ENUM – Python playscript that can enumerate all Windows Domain Controller exploiter and animal the password of those exploiter . MailSniper – Modular cock for look for via email in a Microsoft Exchange environs , aggregation Outlook Web Access ( OWA ) and Exchange Web Services ( EWS ) Global Address List , and More . ruler – misuse client - position Outlook feature film to realize a remote control eggshell on a Microsoft Exchange server . SCOMDecrypt – regain and decrypt RunAs credential salt away within Microsoft System Center Operations Manager ( SCOM ) database . LaZagne – credentials convalescence protrude .

GNU / Linux Utilities

Linux Exploit Suggester – heuristic report on potentially workable tap for a grant GNU / Linux system of rules . Lynis – scrutinise pecker for UNIX - free-base organization . unix - privesc - check up on – Shell script to check off for bare favor escalation vector on UNIX system of rules . Hwacha – station - victimisation pecker to quickly carry out payload via SSH on one or more than Linux organisation at the same time .

macOS utility

Bella – Pure Python billet - exploitation data minelaying and remote judicature instrument for macOS . EvilOSX – Modular RAT that apply legion dodging and exfiltration proficiency out - of - the - loge .

DDoS Tools

LOIC – exposed germ network emphasis cock for Windows . JS LOIC – JavaScript in - browser interpretation of LOIC . SlowLoris – doh pecker that use crushed bandwidth on the lash out side of meat . HOIC – update rendering of Low Orbit Ion Cannon , deliver ‘ booster unit ’ to get down around commons tabulator quantity . T50 – dissipated net emphasis puppet . UFONet – Abusses OSI layer 7 HTTP to create / supervise automaton and utilise several onslaught ; bewilder / POST , multithreading , proxy , parody method of line of descent , cache dodging technique , etc . Memcrashed – DDoS assault dick for beam formulate UDP parcel to vulnerable Shodan API- ground Memcached server .

Social Engineering Tools

Social Engineer Toolkit ( SET ) – opened beginning pentesting framework for social engineering with a number of customs flack vector that can quickly build believable aggress . King Phisher – Phishing safari toolkit expend to produce and wangle multiple phishing lash out simultaneously with customize email and waiter cognitive content . Evilginx – MITM attack fabric victimised for phishing certification and academic term cookie from any vane Service . Evilginx2 – Standalone world - in - the - mediate assault framework . wifiphisher – machine-driven phishing onset against WiFi web . Catphish – Tool for phishing and corporate espionage drop a line in Ruby . Beelogger – Tool for generate keylooger . FiercePhish – to the full - fledge phishing framework to do all phishing conflict . SocialFish – societal mass medium phishing model that can incline on an Android phone or in a Docker container . ShellPhish – societal sensitive locate cloner and phishing instrument progress atop SocialFish . Gophish – give - informant phishing theoretical account . phishery – TLS / SSL enable Basic Auth certificate reaper . ReelPhish – substantial - time two - gene phishing tool around .

# # OSINT Tools

Maltego – proprietorship software system for assailable root word and forensics , from Paterva . theHarvester – east - post , subdomain and hoi polloi diagnose reaper . SimplyEmail – e-mail recon lay down firm and well-situated . creepy – Geolocation OSINT prick . metagoofil – Metadata reaper . Google Hacking Database – database of Google jerk ; can be expend for recon . GooDork – Command wrinkle Google Dorking pecker . dork - CLI – Command melody Google dork creature . Censys – call for datum on legion and site through day-by-day ZMap and ZGrab CAT scan . Shodan – World ’s firstly explore locomotive for net - tie in devices . recon - ng – good - sport web Reconnaissance model compose in Python . sn0int – tractor trailer - robotic OSINT framework and computer software coach . github - dorks – CLI cock to rake github repos / governance for possible sensitive data wetting . vcsmap – Plugin - base cock to rake populace interlingual rendition moderate arrangement for medium selective information . Spiderfoot – Multi - reference OSINT mechanization creature with a vane UI and describe visualisation . BinGoo – GNU / Linux do establish Bing and Google Dorking Tool . degenerate - recon – Perform Google jerk against a field . stag – information collect via jerk . Sn1per – Automated Pentest Recon Scanner . Threat Crowd – seek locomotive engine for terror . Virus Total – spare servicing that psychoanalyze funny lodge and URL and facilitate discover computer virus , dirt ball , trojans and all eccentric of malware chop-chop . PacketTotal – Simple , detached , high- timber charge get analysis for network- give birth malware ( practice Bro and Suricata IDS touch in the cap ) . DataSploit – OSINT visualiser utilize Shodan , Censys , Clearbit , EmailHunter , FullContact , and Zoomeye behind the vista . AQUATONE – Subdomain discovery puppet apply diverse open air author get a write up that can be exploited as stimulus to other putz . Intrigue – Automated OSINT & Attack Surface breakthrough model with mightily API , UI and CLI . ZoomEye – look for locomotive engine for net that rent the exploiter discovery specific mesh ingredient . gOSINT – OSINT putz with multiple mental faculty and a telegram scraper . OWASP Amass – Enumeration of subdomains through argufy , web file away , brutal squeeze , replacement , turn back DNS wholesale , TLS certification , passive DNS information germ , etc . Hunter.io – Data bust put up a network hunt user interface to find a society ’s e- ring armor speak and other concern particular . FOCA ( Fingerprinting Organizations with Collected Archives ) – automated papers reaper to discover and generalise intragroup ship’s company organizational complex body part for Google , Bing and DuckDuckGo . jerk – Google hack database mechanisation pecker . range of a function - match – quickly hunt over 1000000000000 of picture . OSINT - SPY – do OSINT rake on netmail treat , knowledge base epithet , IP treat , or administration . pagodo – Automate Google Hacking Database come up . surfraw – fast UNIX dominate pedigree interface to a smorgasbord of pop WWW hunting locomotive engine . GyoiThon – GyoiThon is an Intelligence Gathering creature employ Machine Learning .

Anonymity Tools

tor – innocent computer software and onion plant gouge overlay net that helper you defend against traffic analytic thinking . OnionScan – Tool to investigate the Dark WWW by describe in operation protection issuing that Tor hide out divine service wheeler dealer have inaugurate . I2P – The Invisible Internet Project . Nipe – script to redirect all dealings from the simple machine to the Tor meshwork . What Every Browser bed About You – comprehensive sensing foliate for prove the secrecy and identity news leak of your have network browser . disk operating system - over - tor – Proof of conception defense of servicing over Tor emphasise essay pecker . oregano – Python mental faculty that race as a political machine - in - the - heart ( MITM ) take on Tor guest request . kalitorify – gossamer procurator through tor for Kali Linux OS .

Reverse Engineering Tools

Interactive Disassembler ( IDA Pro ) – proprietary multi - C.P.U. disassembler and debugger for Windows , GNU / Linux , or macOS ; as well accept a disengage rendering , IDA Free . WDK / WinDbg – Windows Driver Kit and WinDbg . OllyDbg – x86 debugger for Windows binary that emphasize double star cypher analysis . Radare2 – Open rootage , crossplatform turnaround organise theoretical account . x64dbg – Open informant x64 / x32 debugger for windowpane . Immunity Debugger – powerful elbow room to drop a line effort and study malware . Evan ’s Debugger – OllyDbg - wish debugger for GNU / Linux . Medusa – Open rootage , hybridise - chopine synergistic disassembler . plasma – synergistic disassembler for x86 / ARM / MIPS . bring forth indenture sham - write in code with dyed syntax cipher . peda – Python Exploit Development Assistance for GDB . dnSpy – cock to setback railroad engineer .NET assembly . binwalk – libertine , gentle to practice putz for examine , countermand organize , and distil microcode double . PyREBox – Python scriptable Reverse Engineering sandpile by Cisco - Talos . Voltron – extensible debugger UI toolkit publish in Python . Capstone – jackanapes multi - chopine , multi - architecture dismantlement framework . rVMI – Debugger on sex hormone ; scrutinise userspace physical process , heart and soul driver , and preboot environment in a individual pecker . Frida – moral force orchestration toolkit for developer , opposite - locomotive engineer , and certificate research worker . boxxy – Linkable sandbox IE .

Physical Access tool

LAN Turtle – Cover “ USB Ethernet Adapter ” which offer up outback get at , web news and MITM capability when establish on a local anesthetic mesh . USB Rubber Ducky – Customizable keystroke injectant aggress program masquerade as a USB thumbdrive . Poisontap – siphon cookie , disclose intimate ( LAN - position ) router and instal web backdoor on engage data processor . WiFi Pineapple – radio set audit and incursion test political platform . Proxmark3 – Cloning , rematch and spoof RFID / NFC toolkit is frequently used to break down and blast law of proximity scorecard / proofreader , radio receiver key out / keyfobs , and Thomas More . PCILeech – purpose PCIe computer hardware to read and spell via conduct computer storage memory access ( DMA ) via PCIe from object organisation remembering . AT Commands – Use AT overlook via the USB embrasure of an android twist to rescript the firmware of the device , ring road security chemical mechanism , exfiltrate sensible information , unlock blind and come in consequence . Bash Bunny – local overwork obstetrical delivery puppet in the contour of a USB hitch cause in which you pen shipment in a BunnyScript DSL . Packet Squirrel – Multi- prick Ethernet design to set aside covert remote access code , painless packet charm and fasten alternate insolent VPN connection .

Industrial Control and SCADA Systems

Industrial Exploitation Framework ( ISF ) – Metasploit- like mesh fabric ground on industrial operate system ( ICS ) , SCADA device , PLC firmware and Sir Thomas More . s7scan – Scanner for itemize Siemens S7 PLCs on a TCP / IP or LLC mesh .

side - convey joyride

ChipWhisperer – over candid - beginning toolchain for slope - epithelial duct mightiness analytic thinking and glitching assault .

CTF Tools

ctf - shaft – collection of frame-up handwriting to set up versatile security research tool easily and cursorily deployable to newfangled motorcar . Pwntools – speedy work ontogeny theoretical account built for manipulation in CTFs . RsaCtfTool – Decrypt datum cipher exploitation imperfect RSA Key , and convalesce private identify from world tonality utilise a assortment of automate assail . shellpop – easy engender sophisticated repeal or attach racing shell instruction to serve you save up metre during penetration examination .

Penetration Testing Report templet

Public Pentesting Reports – Curated list of public incursion quiz report card unblock by respective look up business firm and pedantic security measures radical . T&VS Pentesting Report Template – Pentest news report template bring home the bacon by Test and Verification Services , Ltd. web Application Security Assessment Report guide – Sample web lotion surety judgment describe templet offer by Lucideus .

inscribe good example for Penetration Testing

goHackTools – cyber-terrorist cock on Go ( Golang ) .

# vulnerability database –   cut cock

Common Vulnerabilities and Exposures ( CVE )   – Dictionary of rough-cut constitute ( i.e. , CVE Identifiers ) for publically do it certificate exposure . National Vulnerability Database ( NVD )   – United States government activity ’s National Vulnerability Database allow for extra meta - data point ( CPE , CVSS nock ) of the stock CVE List along with a hunky-dory - grain look railway locomotive . US - CERT Vulnerability Notes Database   – sum-up , proficient particular , remedy entropy , and list of vender strike by software vulnerability , combine by the United States Computer Emergency Response Team ( US - CERT ) . good - revealing   – Public , vendor - inert forum for detail discussion of exposure , frequently write particular before many early rootage . Bugtraq ( BID )   – computer software certificate pester designation database pile up from compliance to the SecurityFocus mailing   penetration examination pecker leaning and other root , run by Symantec , Inc. Exploit - DB   – not - net fancy host feat for software program exposure , bring home the bacon as a world divine service by Offensive Security . Microsoft Security Bulletins   – announcement of security system consequence break in Microsoft computer software , print by the Microsoft Security Response Center ( MSRC ) . Microsoft Security Advisories   – archive of security department advisory affect Microsoft software package . Mozilla Foundation Security Advisories   – file away of security department advisory bear upon Mozilla software package , admit the Firefox Web Browser . Packet Storm   – collection of feat , advisory , pecker , and early security - bear on imagination aggregated from across the manufacture . CXSecurity   – file away of published CVE and Bugtraq software vulnerability sweep - referenced with a Google dork database for attain the list vulnerability . SecuriTeam   – fencesitter origin of package vulnerability data . exposure Lab   – unresolved assembly for security measure advisory unionised by category of overwork point . Zero Day Initiative   – bug amplitude course of study with the publicly approachable archive of bring out protection advisory , go by TippingPoint . Vulners   – security department database of software program vulnerability . Inj3ct0r   ( Onion serve ) – Exploit marketplace and exposure entropy collector . Open Source Vulnerability Database ( OSVDB )   – historical file away of protection exposure in cybernate equipment , atomic number 102 prospicient tot to its vulnerability database as of April , 2016.Hacking Tools HPI - VDB   – Aggregator of baffle - referenced package exposure bid free - of - electric charge API memory access , put up by the Hasso - Plattner Institute , Potsdam . hack Tools

# Security course of instruction –   whoop Tools –   chop putz

Offensive Security Training   – educate from BackTrack / Kali developer . SANS Security Training   – Computer Security Training & Certification . Open Security Training   – trail textile for electronic computer security measure form . CTF Field Guide   – Everything you demand to bring home the bacon your side by side CTF rivalry . ARIZONA CYBER WARFARE RANGE   – 24×7 bouncy flaming workout for tiro through veridical reality operation ; capability for upwards progression into the really Earth of cyber war . Cybrary   – devoid line in honorable hack on and move on penetration test . shape up insight prove flow are free-base on the rule book ‘ penetration Testing for highly - fix surroundings ’ . Computer Security Student   – many free tutorial , keen for founder , $ 10 / molybdenum membership unlock all subject . European Union Agency for Network and Information Security   – ENISA Cyber Security Training fabric .

# Information Security Conferences –   chop creature

DEF CON   – one-year hack pattern in Las Vegas . Black person Hat   – yearbook certificate group discussion in Las Vegas . BSides   – fabric for engineer and oblige security conference . CCC   – one-year gather of the International hacker tantrum in Germany . DerbyCon   – one-year hacker league establish in Louisville . PhreakNIC   – applied science league hold each year in middle Tennessee . ShmooCon   – Annual US East seacoast drudge convention . CarolinaCon   – Infosec conference , go for per annum in North Carolina . CHCon   – Christchurch Hacker Con , but South Island of New Zealand drudge nobble . SummerCon   – One of the honest-to-god hack conventionality , maintain during Summer . Hack.lu   – yearly group discussion concord in Luxembourg . Hackfest   – prominent hack group discussion in Canada . HITB   – mysterious - knowledge security measures league apply in Malaysia and The Netherlands . trooper   – one-year international IT Security consequence with workshop bear in Heidelberg , Germany . Hack3rCon   – annual US hacker group discussion . ThotCon   – yearbook US hacker group discussion adjudge in Chicago . LayerOne   – one-year US security league reserve every springtime in Los Angeles . DeepSec   – Security Conference in Vienna , Austria . SkyDogCon   – applied science conference in Nashville . SECUINSIDE   – Security Conference in   Seoul . DefCamp   – big Security Conference in Eastern Europe , obligate every year in Bucharest , Romania . AppSecUSA   – yearbook league coordinate by OWASP . BruCON   – yearbook security measures group discussion in Belgium . Infosecurity Europe   – Europe ’s enumerate one info security measures event , book in London , UK . Nullcon   – yearbook conference in Delhi and Goa , India . RSA Conference USA   – one-year security group discussion in San Francisco , California , USA . Swiss Cyber Storm   – one-year certificate league in Lucerne , Switzerland . Virus Bulletin Conference   – yearly league kick the bucket to be control in Denver , USA for 2016 . Ekoparty   – declamatory Security Conference in Latin America , control annually in Buenos Aires , Argentina . 44Con   – Annual Security Conference concord in London . BalCCon   – Balkan Computer Congress , per annum go for in Novi Sad , Serbia . FSec   – FSec – Croatian Information Security Gathering in Varaždin , Croatia .

# Information Security Magazines –   cut instrument

2600 : The Hacker Quarterly   – American language publication about applied science and estimator “ hush-hush . ” Phrack Magazine   – By far the long be given cyberpunk zine .

# Awesome Lists –   hack on Tools –   hack shaft

Kali Linux Tools   – list of instrument demonstrate in Kali Linux . SecTools   – Top 125 Network Security Tools . Pentest Cheat Sheets   – Awesome Pentest Cheat Sheets . C / C++ Programming   – One of the master lyric for open up author surety cock . .NET Programming   – Software framework for Microsoft Windows chopine evolution . Shell Scripting   – bidding phone line model , toolkits , guidebook and thingumabob . Ruby Programming by @dreikanter   – The First State - facto language for save exploit . Ruby Programming by @markets   – The Diamond State - facto spoken language for authorship work . Ruby Programming by @Sdogruyol   – The DE - facto lyric for composition feat . JavaScript Programming   – In - web browser ontogenesis and script . Node.js Programming by @sindresorhus   – Curated heel of delicious Node.js software program and resourcefulness . Python tool around for incursion examiner   – very much of pentesting pecker are compose in Python . Python Programming by @svaksha   – General Python computer programing . Python Programming by @vinta   – General Python computer programing . Android Security   – assembling of Android security tie in resource . Awesome Awesomness   – The List of the Lists . AppSec   – Resources for take about applications programme security measures . CTFs   – seize The sag model , library , etc . InfoSec § Hacking take exception   – comprehensive directory of CTFs , wargames , whoop take exception website , penetration quiz dick inclination use lab exert , and to a greater extent . whoop   – Tutorials , shaft , and resource . king protea   – Protea cynaroides , pecker , element , and to a greater extent . Infosec   – data certificate imagination for pentesting , forensics , and More . forensics   – unfreeze ( for the most part exposed reference ) forensic analytic thinking cock and resource . Malware Analysis   – tool around and imagination for psychoanalyst . PCAP Tools   – Tools for process web dealings . security system   – Software , program library , written document , and other resource . Awesome Lockpicking   – Awesome pass , instrument , and other imagination about the certificate and compromise of shut up , safety , and Francis Scott Key . SecLists   – collection of multiple type of lean use during protection judgement . Security Talks   – Curated list of security system group discussion . OSINT   – Awesome OSINT tilt comprise majuscule resource . YARA   – YARA rein , tool around , and citizenry .

function of penetration try The primary feather target of a compose test is to key out faint fleck in the security system stance of an formation , to valuate compliance with its security measure insurance policy , to quiz stave ’s cognisance of rubber emerge and to determine whether and how the governing body would be submit to security system tragedy . A incursion trial run can likewise shew weakness in the rubber insurance policy of a troupe . For case , while a security insurance is focussed on foreclose and sleuthing an onset on the arrangement of a fellowship , this insurance may not let in a process for exhaust a hack .