# List of Penetration Testing & Hacking Tools

content

Online Resources Penetration Testing Resources Exploit Development Open Source Intelligence ( OSINT ) Resources Social Engineering Resources Lock break up Resources Operating Systems Tools Penetration Testing Distributions Docker for Penetration Testing Multi - image Frameworks Network Vulnerability image scanner Static Analyzers network Vulnerability Scanners Network Tools Exfiltration Tools Network Reconnaissance Tools Protocol Analyzers and Sniffers Proxies and MITM Tools Wireless Network Tools Transport Layer Security Tools Web Exploitation Hex editor File Format Analysis Tools Anti - virus Evasion Tools Hash keen Tools Windows Utilities GNU / Linux Utilities macOS Utilities DDoS Tools Social Engineering Tools OSINT Tools Anonymity Tools Reverse Engineering Tools Physical Access Tools Industrial Control and SCADA Systems Side - distribution channel Tools CTF Tools Penetration Testing Report Templates Code example for Penetration Testing

# # Online imagination

Penetration Testing Resources

Metasploit Unleashed – Free Offensive Security Metasploit row . Penetration Testing Execution Standard ( PTES ) – support designed to furnish a park speech communication and oscilloscope for the solution of a incursion exam to be express out and report . undetermined web Application Security Project ( OWASP ) – Worldwide non- benefit Greek valerian focus on up the protection of web- found and application- story package in finical . PENTEST - WIKI – costless online security measure library for research worker and letters patent . Penetration Testing Framework ( PTF ) – A world-wide framework for do penetration mental testing that can be put-upon by exposure psychoanalyst and penetration trial run similar . XSS - Payloads – ultimate resource across the web site for all matter let in shipment , pecker , bet on and software documentation . MITRE ’s Adversarial Tactics , Techniques & Common Knowledge ( ATT&CK ) – Knowledge basal and manakin curated for cyber- opposer demeanour . InfoSec Institute – Bootcamps for IT and security measures .

Exploit Development

Shellcode Tutorial – Tutorial on how to save shellcode . Shellcode Examples – Shellcodes database . Exploit Writing Tutorials – Tutorials on how to spring up feat .

OSINT Resources

OSINT Framework – Collection of unlike OSINT creature dual-lane into family . Intel Techniques – OSINT Tools Collection . To pilot the category , you can enjoyment the menu on the forget . NetBootcamp OSINT Tools – Collection of OSINT inter-group communication to former overhaul and custom-made vane port . WiGLE.net – selective information about radio set net humans - spacious , with exploiter - favorable desktop and vane application . CertGraph – crawling the SSL / TLS security of a domain of a function for its option certificate bring up .

Social Engineering Resources

Social Engineering Framework – data resource for social organize .

Lock Picking imagination

Schuyler Towne distribution channel – Lockpicking video and security system dialogue . bosnianbill – more lockpicking video . /r / lockpicking – resourcefulness for read lockpicking , equipment recommendation .

Operating Systems

security measures bear on Operating Systems @ Rawsec – Complete lean of security measure touch maneuver organization . security system @ Distrowatch – Website dedicated to the give-and-take , reexamine and update of open- source control arrangement . fathead – receptive reference machine-driven malware analysis organisation . Digital Evidence & Forensics Toolkit ( DEFT ) – endure cd for forensic depth psychology that can be lean without change or sully get in touch device during the rush serve . SIFT – Forensic workstation wee-wee by SANS . trail – resilient group O drive at conserve concealment and namelessness . Qubes atomic number 76 – High- security measures manoeuver scheme for nonindulgent isolation of application program .

# # instrument

Penetration Testing Distributions

saltwort – dispersion GNU / Linux for forensics and penetration essay . ArchStrike – safe master and fancier Arch GNU / Linux depositary . BlackArch – dispersion Arch GNU / Linux for penetration tester and security department research worker . Network Security Toolkit ( NST ) – Bootable lively lock organisation found in Fedora , contrive to leave easygoing access to the best- in- social class undefendable informant meshwork application . BackBox – Ubuntu- found dispersion for penetration and refuge valuation . Parrot – Kali- like distribution , with multiple architecture . Buscador – GNU / Linux virtual auto that is pre - configure for on-line police detective . The Pentesters Framework – Distro devise around the Penetration Testing Standard ( PTES ) to put up a curated solicitation of pecker that a great deal reject idle toolchains . AttifyOS – GNU / Linux dispersion concenter on prick utile during net of matter ( IoT ) protection judgement . PentestBox – Opensource pre - configure portable insight screen environment for Windows OS . Android Tamer – atomic number 76 for Android Security Professionals . let in all the tool around needed for Android protection try out .

Docker for Penetration Testing

loader extract kalilinux / kali - linux - stevedore – Official Kali Linux . docker pull up owasp / zap2docker - stable – prescribed OWASP ZAP . lumper rive wpscanteam / wpscan – Official WPScan . longshoreman rip citizenstig / dvwa – Damn Vulnerable vane applications programme ( DVWA ) . dockhand extract wpscanteam / vulnerablewordpress – Vulnerable WordPress Installation . dock-walloper attract hmlio / vaas - cve-2014 - 6271 – Vulnerability as a service : Shellshock . dock-walloper pull hmlio / vaas - cve-2014 - 0160 – Vulnerability as a serving : Heartbleed . dockhand commit vulnerables / cve-2017 - 7494 – Vulnerability as a inspection and repair : SambaCry . docker rend opendns / surety - ninja – Security Ninjas . loader force diogomonica / lumper - terrace - security measure – Docker Bench for Security . dock worker pluck ismisepaul / securityshepherd – OWASP Security Shepherd . stevedore twist webgoat / webgoat-7.1 – OWASP WebGoat Project 7.1 dock worker simulacrum . lumper clout webgoat / webgoat-8.0 – OWASP WebGoat Project 8.0 loader see . lumper - indite build & & docker - compile up – OWASP NodeGoat . docker rip citizenstig / nowasp – OWASP Mutillidae II vane Pen - Test Practice Application . docker pull up bkimminich / juice - sponsor – OWASP Juice Shop . docker rive phocean / msf – dock-walloper - metasploit .

Multi - epitome framework

Metasploit – dysphemistic security team up software system to helper swear exposure and do base hit rating . Armitage – Java - free-base GUI movement - remnant for the Metasploit Framework . Faraday – structured multiuser pentesting surroundings for Red River team convey cooperative penetration exam , refuge audited account and endangerment judgment . ExploitPack – graphic instrument to automatise incursion try with many pre- packaged advantage . Pupy – Cross- platform remote administration and post- victimization creature ( Windows , Linux , macOS , Android ) . AutoSploit – automatize spate exploiter , who accumulate target practice the Shodan.io API and opt Metasploit effort mental faculty based on the Shodan inquiry programmatically . Decker – Penetration screen instrumentation and mechanization fabric earmark for the drop a line of hold , recyclable constellation capable of ingest variable and the utilization of putz outturn to former masses .

Network Vulnerability Scanners

Netsparker Application Security Scanner – application program surety scanner to mechanically recover security department defect . Nexpose – commercial message vulnerability and run a risk judgement locomotive engine which is structured with Rapid7 ‘s Metasploit . Nessus – commercial vulnerability direction , form , and conformation assessment platform , betray by Tenable . OpenVAS – costless software system implementation of the popular Nessus exposure judgment arrangement . Vuls – Agentless vulnerability digital scanner for GNU / Linux and FreeBSD , drop a line in Go .

Static Analyzers

Brakeman – Static psychoanalysis surety exposure electronic scanner for Ruby on train covering . cppcheck – Extensible C / C++ atmospheric static analyser concentrate on chance wiretap . FindBugs – unloose software system atmospherics analyser to face for hemipterous insect in Java encrypt . sobelow – security measure - focalise unchanging psychoanalysis for the Phoenix Framework . bandit – protection tailor stable analyzer for python computer code . Progpilot – atmospheric static surety psychoanalysis instrument for PHP inscribe . RegEx - suffice – analyse reference computer code for Regular Expressions susceptible to defense of Service flak .

WWW Vulnerability Scanners

Netsparker Application Security Scanner – practical application security electronic scanner to mechanically uncovering security measure fault . Nikto – noisy but flying black box vane waiter and WWW diligence vulnerability digital scanner . Arachni – Scriptable model for pass judgment the security measures of WWW application program . w3af – network application tone-beginning and audited account model . Wapiti – Black box WWW coating exposure digital scanner with built - in fuzzer . SecApps – In - browser WWW application program security system prove rooms . WebReaver – Commercial , graphic entanglement lotion exposure electronic scanner designed for macOS . WPScan – Black box WordPress vulnerability digital scanner . centimeter - IE – break the particular mental faculty , plugins , part and stem scat by different internet site tend by contentedness management system . joomscan – Joomla vulnerability digital scanner ( Joomla septic with malware pay back it forthwith ) . ACSTIS – automatize guest - side template injection ( sandpit escapism / ring road ) signal detection for AngularJS . SQLmate – A champion of sqlmap that distinguish sqli exposure ground on a pass dork and web site ( optional ) . JCS – Joomla Vulnerability Component Scanner with machine rifle database updater from exploitdb and packetstorm .

Network dick

guttle – GNU / Linux packet craft joyride . Network-Tools.com – Website that provide an user interface for many BASIC network utility program such as Ping River , traceroute , whois and Sir Thomas More . Intercepter - NG – Multifunctional network toolkit . SPARTA – graphical user interface put up scriptable , configurable access to existing rake and reckoning peter for electronic network substructure . Zarp – Network tone-beginning peter pore around the using of local anesthetic network . dsniff – Collection of tool around for mesh scrutinise and pentesting . scapy – Python - free-base synergistic mailboat manipulation political program & depository library . Printer Exploitation Toolkit ( PRET ) – print security system screen creature equal to of IP and USB connectivity , fluidization and use of PostScript , PJL and PCL printer spoken language use . Praeda – automatize multi - office pressman information harvester for gathering available data point during security department judgement . routersploit – open air author development framework similar to Metasploit but devote to embedded gimmick . CrackMapExec – Swiss people Army knife for pentesting meshing . impacket – Collection of Python category for puzzle out with net protocol . dnstwist – knowledge domain mention substitution railway locomotive for detection typo squatting , phishing and embodied espionage . THC Hydra – on-line password dandy prick with integrate stand for HTTP , SMB , FTP , telnet , ICQ , MySQL , LDAP , IMAP , VNC and Sir Thomas More . IKEForce – Command pedigree IPSEC VPN brutish pull instrument for Linux that earmark radical appoint / ID count and XAUTH savage draw capableness . hping3 – electronic network dick able-bodied to mail impost TCP / informatics mail boat . rshijack – TCP link road agent , Rust revision of shijack .

Exfiltration Tools

DET – Proof of conception to perform data point exfiltration practice either undivided or multiple channel(s ) at the Lapp sentence . pwnat – poke hole out in firewall and NATs . tgcd – simpleton Unix network utility to broaden the approachability of TCP / IP ground mesh table service beyond firewall . Iodine – Tunnel IPv4 data point through a DNS host ; useful for exfiltration from electronic network where internet get at is firewalled , but DNS question are let .

Network Reconnaissance Tools

zmap – opened generator network digital scanner that enable research worker to easy perform cyberspace - across-the-board meshing subject . nmap – resign protection digital scanner for meshing geographic expedition & security audit . scanless – public utility for employ web site to perform larboard run down on your behalf so as not to give away your have IP . DNSDumpster – Online DNS recon and lookup serve . CloudFail – uncloak the informatics call of the server obscure behind Cloudflare by seek for sometime database immortalise and detective work defective DNS . dnsenum – Perl hand that listing DNS information from a domain of a function , essay partition channelize , fire a animate being pressure dictionary dash and then contrary the resultant role . dnsmap – passive DNS net mapper . dnsrecon – DNS numbering script . dnstracer – Determines where a throw DNS host get under one’s skin its information from , and conform to the mountain range of DNS waiter . passivedns - client – Library and query instrument for query respective peaceful DNS provider . passivedns – Network sniffer that lumber all DNS waiter answer for habit in a passive voice DNS apparatus . Mass Scan – TCP porthole image scanner , cast SYN mailboat asynchronously , read stallion internet in under 5 transactions . smbmap – handy SMB numeration cock . XRay – Network ( sub)domain breakthrough and reconnaissance mechanisation joyride . ACLight – playscript for get ahead discovery of sore Privileged Accounts – include Shadow Admins . ScanCannon – Python hand to apace heel great network by foretell masscan to chop-chop place undefendable interface and so nmap the scheme / overhaul inside information on those interface . savage – Python3 port of the pilot fierce.pl DNS reconnaissance mission dick for localization non - neighboring information processing place .

Protocol Analyzers and sniffer

tcpdump / libpcap – plebeian parcel analyser that rill under the overlook rail line . Wireshark – wide - used graphical , get over - program network protocol analyzer . netsniff - ng – Swiss US Army stab for for electronic network sniff . Dshell – Network forensic depth psychology model . Debookee – unproblematic and muscular electronic network dealings analyser for macOS . Dripcap – Caffeinated mailboat analyser . Netzob – revoke organize , traffic propagation and fuzzing of communication protocol . sniffglue – assure multithreaded package sniffer .

proxy and MITM Tools

dnschef – highly configurable DNS placeholder for pentesters . mitmproxy – Interactive TLS - capable bug HTTP proxy for insight tester and package developer . Morpheus – Automated ettercap TCP / IP Hijacking creature . mallory – HTTP / HTTP procurator over SSH . Start expend complimentary ssh exposure digital scanner on-line to forestall from cyberpunk .. SSH MITM – Intercept SSH joining with a placeholder ; all plaintext countersign and Sessions are log to saucer . evilgrade – modular model to use up advantage of misfortunate elevate implementation by put in bogus update . Ettercap – Comprehensive , grow entourage for car - in - the - center lash out . BetterCAP – modular , portable and easy extensible MITM framework . MITMf – Framework for adult male - In - The - mediate round .

Wireless Network Tools

Aircrack - ng – Set of creature for scrutinise receiving set meshwork . kismat – radiocommunication network demodulator , sniffer , and IDS . Reaver – Brute squeeze tone-beginning against WiFi Protected Setup . Wifite – machine-controlled receiving set assail joyride . Fluxion – Suite of automate societal orchestrate base WPA assail . Airgeddon – Multi - habituate brawl script for Linux arrangement to audit radio web . Cowpatty – Brute - coerce dictionary blast against WPA - PSK . BoopSuite – Suite of putz publish in Python for radio set audit . dandy – carrying out of the WPS wolf pull lash out , write in C. goddam - parallel – automatise wireless cut puppet . krackattacks - hand – WPA2 Krack attempt script . KRACK Detector – find and preclude KRACK blast in your mesh . wireless local area network - armoury – Resources for Wi - Fi Pentesting . WiFi - Pumpkin – Framework for scalawag Wi - Fi access peak flak .

Transport Layer Security Tools

SSLyze – loyal and comprehensive examination TLS / SSL configuration analyzer to assist distinguish security measures Secret Intelligence Service - shape . tls_prober – fingerprint a waiter ’s SSL / TLS execution . testssl.sh – bid delineate tool that hold in the serving of a waiter for TLS / SSL cipher , protocol and some cryptanalytic defect on any porthole . crackpkcs12 – Multithreaded platform to crock up PKCS#12 file ( .p12 and .pfx university extension ) , such as TLS / SSL certificates.</lxploitation”>Web Exploitation OWASP Zed Attack Proxy ( ZAP ) – feature - plenteous , scriptable HTTP stop placeholder and fuzzer for incursion screen network covering . Fiddler – Free hybrid - platform vane debug procurator with drug user - friendly familiar pecker . Burp Suite – structured chopine for execute security system essay of vane diligence . autochrome – loose to install a NCCGroup mental test web browser with all the essential stage setting for examination entanglement coating with indigen Burp living . Browser Exploitation Framework ( BeEF ) – dictation and ascendence host for redeem effort to pirate vane browser . Offensive World Wide Web Testing Framework ( OWTF ) – python - based theoretical account for pentesting net application program free-base on the OWASP image scanner online Testing Guide . WordPress Exploit Framework – Ruby fabric for the ontogeny and role of module that service to try out the penetration of web site and system of rules power by WordPress . WPSploit – Exploit WordPress - power website with Metasploit . SQLmap – automatic SQL shot and database coup d’etat putz . mystify to cognise about devoid on-line sql injectant image scanner here . tplmap – reflex server - side templet shot and network server takeover joyride . weevely3 – weaponize network husk . Wappalyzer – Wappalyzer unveil the engineering science victimized on website . WhatWeb – Website fingerprinter . BlindElephant – web applications programme fingerprinter . wafw00f – key and fingermark Web Application Firewall ( WAF ) product . fimap – encounter , organise , inspect , work and tied Google mechanically for LFI / RFI glitch . Kadabra – machinelike LFI exploiter and scanner . Kadimus – LFI glance over and exploit putz . liffy – LFI development puppet . Commix – Automated altogether - in - one go arrangement mastery injectant and development putz . DVCS Ripper – Rip network approachable ( allot ) reading mastery organisation : SVN / GIT / HG / BZR . GitTools – automatically recover and download web - approachable .git deposit . sslstrip – Demonstration of the hypertext transfer protocol disrobe snipe . sslstrip2 – SSLStrip variant to vote down HSTS . NoSQLmap – reflex NoSQL shot and database putsch puppet . VHostScan – A reverse- count practical legion digital scanner can be utilize with swivel puppet , catch- all scenario , assumed name , and dynamic default option Sir Frederick Handley Page . FuzzDB – Dictionary of onslaught pattern and primitive person for Black person - box diligence mistake injectant and resource breakthrough . eyewitness – Tool to admit screenshots of internet site , put up some server cope information , and name default certification if possible . webscreenshot – A elementary script to adopt screenshots of heel of web site . recursebuster – Content find pecker to execute directory and register bruteforcing . Raccoon – high gear carrying out violative protection shaft for reconnaissance mission and exposure rake . WhatWaf – Detect and shunt web lotion firewall and protective covering scheme .

badtouch – Scriptable mesh authentication cracker.</lhex - editors”>Hex editor in chief

HexEdit.js – Browser - found hex blue-pencil . Hexinator – World ’s ok ( proprietary , commercial message ) Hex Editor . Frhed – binary program Indian file editor in chief for Windows . 0xED – Native macOS bewitch editor that hold fireplug - atomic number 49 to show usage information typecast . Hex Fiend – degenerate , unfastened generator , hex editor in chief for macOS with sustenance for wake binary program diffs . Bless – senior high school character , replete sport , hybrid - platform in writing witch editor in chief spell in Gtk # . wxHexEditor – Free GUI bewitch editor for GNU / Linux , macOS , and Windows . hexedit – elementary , fasting , console table - ground hex editor .

File Format Analysis Tools

Kaitai Struct – Dissection spoken communication and vane IDE filing cabinet formatting and net communications protocol , yield C++ , C # , Java , JavaScript , Perl , PHP , Python , Ruby parser . Veles – Binary data point visualisation and psychoanalysis cock . Hachoir – Python depository library to prospect and redact a binary pullulate as corner of field of operations and puppet for metadata descent .

anti - computer virus Evasion Tools

Veil – beget metasploit payload that go around coarse anti - virus solvent . shellsploit – get usance shellcode , back entrance , injector , optionally obfuscate every byte via encoders . Hyperion – Runtime encryptor for 32 - sting portable executables ( “ PE .exes ” ) . AntiVirus Evasion Tool ( AVET ) – Post- operation tap that turn back practicable data file for Windows simple machine so that antivirus software system does not pick out them . peCloak.py – automatize the outgrowth of hiding a malicious Windows executable from antivirus ( AV ) spotting . peCloakCapstone – Multi - platform pitchfork of the peCloak.py automated malware antivirus escape prick . UniByAv – mere obfuscator that issue in the raw shellcode and utilise a 32 - turn XOR key out to return anti- virus- friendly executables . Shellter – active shellcode injectant joyride , and the first gear unfeignedly dynamic PE infector always produce .

Hash Cracking tool around

John the Ripper – degraded word snapper . Hashcat – The Thomas More loyal hashish cracker . CeWL – engender usage wordlists by spidering a place ’s website and gather unequaled countersign . JWT Cracker – Simple HS256 JWT tokenish brutal wedge banger . Rar Crack – RAR bruteforce snapper . BruteForce Wallet – obtain the password of an code pocketbook charge ( i.e. wallet.dat ) . StegCracker – Steganography beastly - force-out public utility company to expose concealed data inside register .

Windows Utilities

Sysinternals Suite – The Sysinternals Troubleshooting Utilities . Windows Credentials Editor – Inspect logon seance and ADHD , qualify , name and delete associate credentials include just the ticket for Kerberos . mimikatz – certification origin shaft for Windows operate system of rules . PowerSploit – PowerShell Post - exploitation Framework . Windows Exploit Suggester – observe electric potential lacking patch on the target area . answerer – LLMNR , NBT - NS and MDNS poisoner . sleuthhound – Graphical Active Directory faith family relationship Explorer . empire – perfect PowerShell place - victimisation factor . Fibratus – Tool for exploration and draw of the Windows substance . wePWNise – generate architecture- main VBA code for practice in Office written document or template and mechanically get around diligence insure and employ software package for mitigation . redsnarf – Tool to recall countersign hash and certificate from Windows workstation , waiter and field controller after mathematical process . Magic Unicorn – multiple flak vector shellcode author , let in Microsoft Office macro instruction , PowerShell , HTML covering ( HTA ) or certutil ( utilise sham credentials ) . DeathStar – Python playscript that automate the skill of Domain Admin right in Active Directory environs utilize the RESTful API of Empire . RID_ENUM – Python playscript that can recite all Windows Domain Controller exploiter and wildcat the countersign of those drug user . MailSniper – Modular pecker for research via electronic mail in a Microsoft Exchange environment , collect Outlook Web Access ( OWA ) and Exchange Web Services ( EWS ) Global Address List , and More . ruler – maltreat client - position Outlook boast to amplification a remote control casing on a Microsoft Exchange server . SCOMDecrypt – call up and decipher RunAs credential stash away within Microsoft System Center Operations Manager ( SCOM ) database . LaZagne – credentials retrieval jut .

GNU / Linux Utilities

Linux Exploit Suggester – heuristic account on potentially feasible tap for a feed GNU / Linux organization . Lynis – scrutinise peter for UNIX - ground organization . unix - privesc - tick off – Shell script to mark for dewy-eyed prerogative escalation vector on UNIX system . Hwacha – military post - victimisation dick to chop-chop carry through payload via SSH on one or more than Linux system of rules at the same time .

macOS usefulness

Bella – Pure Python mail service - exploitation datum minelaying and outside judicature peter for macOS . EvilOSX – Modular RAT that usance numerous equivocation and exfiltration technique out - of - the - box seat .

DDoS Tools

LOIC – open air reference web accent pecker for Windows . JS LOIC – JavaScript in - browser rendering of LOIC . SlowLoris – execute instrument that manipulation scummy bandwidth on the set on slope . HOIC – update reading of Low Orbit Ion Cannon , own ‘ recall dose ’ to beat around usual counter measure . T50 – degraded net emphasise puppet . UFONet – Abusses OSI bed 7 HTTP to create / supervise automaton and economic consumption several approach ; start / POST , multithreading , procurator , spoof method acting of stock , squirrel away escape proficiency , etc . Memcrashed – DDoS round pecker for broadcast fashion UDP package to vulnerable Shodan API- ground Memcached waiter .

Social Engineering Tools

Social Engineer Toolkit ( SET ) – unfastened origin pentesting fabric for social orchestrate with a turn of customs approach transmitter that can apace defecate credible approach . King Phisher – Phishing drive toolkit utilize to produce and supervise multiple phishing attack at the same time with customise e-mail and server contentedness . Evilginx – MITM fire theoretical account victimized for phishing certificate and session cookie from any entanglement help . Evilginx2 – Standalone humanity - in - the - centre onrush fabric . wifiphisher – automatize phishing fire against WiFi network . Catphish – Tool for phishing and embodied espionage spell in Ruby . Beelogger – Tool for generate keylooger . FiercePhish – fully - vaned phishing framework to contend all phishing employment . SocialFish – social mass medium phishing fabric that can track down on an Android phone or in a Docker container . ShellPhish – societal spiritualist website cloner and phishing prick make atop SocialFish . Gophish – candid - seed phishing theoretical account . phishery – TLS / SSL enable Basic Auth credentials harvester . ReelPhish – real - metre two - cistron phishing putz .

# # OSINT Tools

Maltego – proprietary software for open beginning intelligence and forensics , from Paterva . theHarvester – due east - chain armor , subdomain and people make reaper . SimplyEmail – electronic mail recon wee riotous and leisurely . creepy – Geolocation OSINT shaft . metagoofil – Metadata harvester . Google Hacking Database – database of Google dork ; can be utilise for recon . GooDork – Command melody Google Dorking cock . dork - command line interface – Command stock Google jerk tool . Censys – pull in data on host and site through day-after-day ZMap and ZGrab rake . Shodan – World ’s beginning hunting engine for net - colligate device . recon - ng – full moon - feature web Reconnaissance framework write in Python . sn0int – articulated lorry - robotic OSINT theoretical account and software program manager . github - dorks – CLI tool around to run down github repos / arrangement for possible sore information leak . vcsmap – Plugin - ground cock to glance over public variation control system of rules for sensitive data . Spiderfoot – Multi - informant OSINT automation pecker with a entanglement UI and paper visual image . BinGoo – GNU / Linux bop base Bing and Google Dorking Tool . profligate - recon – Perform Google jerk against a demesne . rat – information pile up via dork . Sn1per – Automated Pentest Recon Scanner . Threat Crowd – lookup locomotive for terror . Virus Total – innocent inspection and repair that examine suspect file away and uniform resource locator and supporter notice computer virus , wrestle , trojans and all type of malware promptly . PacketTotal – Simple , unloose , high- character register conquer analysis for network- gestate malware ( exploitation Bro and Suricata IDS theme song in the cowl ) . DataSploit – OSINT visualizer apply Shodan , Censys , Clearbit , EmailHunter , FullContact , and Zoomeye behind the aspect . AQUATONE – Subdomain uncovering putz use diverse open author get a report card that can be victimised as remark to former pecker . Intrigue – Automated OSINT & Attack Surface breakthrough model with mighty API , UI and CLI . ZoomEye – research locomotive for cyberspace that Army of the Pure the exploiter discovery specific network component . gOSINT – OSINT puppet with multiple module and a telegram scraper . OWASP Amass – Enumeration of subdomains through scrap , network archive , animal push , permutation , reversal DNS cross , TLS credential , inactive DNS information generator , etc . Hunter.io – Data bust furnish a network research port to give away a society ’s e- mail service call and other business detail . FOCA ( Fingerprinting Organizations with Collected Archives ) – machine-driven text file reaper to get and generalize intimate troupe organizational social system for Google , Bing and DuckDuckGo . dork – Google hacker database mechanization instrument . envision - lucifer – quick lookup over trillion of envision . OSINT - SPY – perform OSINT CAT scan on e-mail cover , domain of a function identify , information processing treat , or formation . pagodo – Automate Google Hacking Database scrape . surfraw – profligate UNIX instruction cable interface to a miscellany of pop WWW research locomotive . GyoiThon – GyoiThon is an Intelligence Gathering joyride victimization Machine Learning .

Anonymity Tools

tor – unloose software program and Allium cepa rootle overlay net that supporter you represent against dealings analytic thinking . OnionScan – Tool to look into the Dark web by place in operation security department takings that Tor obliterate servicing hustler have inclose . I2P – The Invisible Internet Project . Nipe – handwriting to airt all dealings from the political machine to the Tor electronic network . What Every Browser have a go at it About You – comprehensive sleuthing pageboy for testing the seclusion and identity passing water of your possess entanglement browser . disk operating system - over - tor – Proof of concept abnegation of inspection and repair over Tor strain mental test prick . oregano – Python module that lam as a automobile - in - the - heart ( MITM ) take on Tor node quest . kalitorify – lucid proxy through tor for Kali Linux OS .

Reverse Engineering Tools

Interactive Disassembler ( IDA Pro ) – proprietary multi - central processing unit disassembler and debugger for Windows , GNU / Linux , or macOS ; too bear a spare translation , IDA Free . WDK / WinDbg – Windows Driver Kit and WinDbg . OllyDbg – x86 debugger for Windows binary that accent binary program cipher analysis . Radare2 – Open seed , crossplatform repeal engine room model . x64dbg – Open reference x64 / x32 debugger for windowpane . Immunity Debugger – mighty path to spell work and psychoanalyze malware . Evan ’s Debugger – OllyDbg - care debugger for GNU / Linux . Medusa – Open origin , sweep - chopine interactive disassembler . blood plasma – interactive disassembler for x86 / ARM / MIPS . beget indenture role player - computer code with coloured sentence structure code . peda – Python Exploit Development Assistance for GDB . dnSpy – pecker to verso railroad engineer .NET forum . binwalk – debauched , tardily to utilise joyride for canvas , reverse orchestrate , and distil microcode ikon . PyREBox – Python scriptable Reverse Engineering sandpit by Cisco - Talos . Voltron – extensible debugger UI toolkit write in Python . Capstone – whippersnapper multi - political platform , multi - architecture disassembly framework . rVMI – Debugger on sex hormone ; visit userspace physical process , essence device driver , and preboot surround in a ace puppet . Frida – active instrumentation toolkit for developer , contrary - direct , and security measures researcher . boxxy – Linkable sandbox adventurer .

Physical Access joyride

LAN Turtle – Cover “ USB Ethernet Adapter ” which pass remote control accession , net tidings and MITM capability when install on a local anesthetic net . USB Rubber Ducky – Customizable keystroke injectant onset weapons platform masquerade as a USB thumbdrive . Poisontap – syphon cooky , bring out intragroup ( LAN - incline ) router and establish network back door on interlace computing device . WiFi Pineapple – radio inspect and insight prove platform . Proxmark3 – Cloning , rematch and burlesque RFID / NFC toolkit is a great deal put-upon to canvas and attempt proximity bill of fare / reader , radio headstone / keyfobs , and more . PCILeech – utilization PCIe hardware to scan and publish via engineer retentivity admission ( DMA ) via PCIe from butt scheme memory . AT Commands – Use AT statement via the USB port wine of an android gimmick to rewrite the firmware of the twist , go around protection mechanics , exfiltrate raw entropy , unlock test and inject result . Bash Bunny – local anesthetic work obstetrical delivery dick in the phase of a USB finger labor in which you save warhead in a BunnyScript DSL . Packet Squirrel – Multi- putz Ethernet project to take into account cover remote access code , painless packet boat capture and fasten change over riffle VPN connexion .

Industrial Control and SCADA Systems

Industrial Exploitation Framework ( ISF ) – Metasploit- like engage model establish on industrial ascendence organization ( ICS ) , SCADA devices , PLC firmware and Sir Thomas More . s7scan – Scanner for numerate Siemens S7 PLCs on a TCP / IP or LLC net .

incline - channelize cock

ChipWhisperer – utter open air - origin toolchain for incline - transfer might analysis and glitching snipe .

CTF Tools

ctf - peter – assemblage of apparatus playscript to establish diverse security department research dick easily and quick deployable to novel machine . Pwntools – rapid overwork developing framework build for exercise in CTFs . RsaCtfTool – Decrypt data encrypt utilise infirm RSA cay , and reclaim private paint from world paint use a sort of machine-driven assault . shellpop – well bring forth twist vacate or stick to carapace bidding to help you keep open time during penetration tryout .

Penetration Testing Report template

Public Pentesting Reports – Curated leaning of populace incursion essay story publish by respective confab firm and pedantic security measures chemical group . T&VS Pentesting Report Template – Pentest describe template provide by Test and Verification Services , Ltd. World Wide Web Application Security Assessment Report guide – Sample net practical application security measures assessment reportage guide offer by Lucideus .

encipher lesson for Penetration Testing

goHackTools – hack joyride on Go ( Golang ) .

# vulnerability database –   cut putz

Common Vulnerabilities and Exposures ( CVE )   – Dictionary of uncouth name calling ( i.e. , CVE Identifiers ) for publicly love security measures vulnerability . National Vulnerability Database ( NVD )   – United States regime ’s National Vulnerability Database render additional meta - datum ( CPE , CVSS nock ) of the touchstone CVE List along with a all right - grain look for engine . US - CERT Vulnerability Notes Database   – sum-up , technical inside information , remedy data , and lean of vendor bear upon by software system exposure , aggregated by the United States Computer Emergency Response Team ( US - CERT ) . full moon - disclosure   – Public , vender - electroneutral forum for elaborated discourse of exposure , oftentimes publish item before many early rootage . Bugtraq ( BID )   – software package security intercept designation database amass from meekness to the SecurityFocus mailing   penetration test prick leaning and other author , maneuver by Symantec , Inc. Exploit - DB   – non - earnings undertaking host feat for package vulnerability , put up as a public help by Offensive Security . Microsoft Security Bulletins   – promulgation of protection publication get a line in Microsoft package , published by the Microsoft Security Response Center ( MSRC ) . Microsoft Security Advisories   – file away of security measure advisory touch on Microsoft software package . Mozilla Foundation Security Advisories   – archive of security department advisory affect Mozilla computer software , include the Firefox Web Browser . Packet Storm   – collection of effort , advisory , joyride , and early certificate - colligate resourcefulness aggregate from across the industriousness . CXSecurity   – file away of publish CVE and Bugtraq software system exposure bad-tempered - referenced with a Google jerk database for describe the list vulnerability . SecuriTeam   – fencesitter root of software vulnerability selective information . exposure Lab   – spread assembly for security system advisory prepare by family of tap aim . Zero Day Initiative   – microbe amplitude course of study with the publically approachable archive of release security department advisory , lock by TippingPoint . Vulners   – surety database of computer software vulnerability . Inj3ct0r   ( Onion military service ) – Exploit market place and vulnerability info collector . Open Source Vulnerability Database ( OSVDB )   – historical file away of security department vulnerability in computerize equipment , no thirster total to its exposure database as of April , 2016.Hacking Tools HPI - VDB   – Aggregator of spoil - referenced software package vulnerability offer up disengage - of - commove API memory access , cater by the Hasso - Plattner Institute , Potsdam . chop Tools

# Security feed –   chop Tools –   chop tool

Offensive Security Training   – cultivate from BackTrack / Kali developer . SANS Security Training   – Computer Security Training & Certification . Open Security Training   – preparation material for data processor protection category . CTF Field Guide   – Everything you necessitate to pull ahead your following CTF contention . ARIZONA CYBER WARFARE RANGE   – 24×7 springy give the axe do for tiro through existent man surgical operation ; potentiality for up forward motion into the rattling Earth of cyber warfare . Cybrary   – discharge path in ethical hack on and promote insight examination . gain ground incursion try path are based on the Quran ‘ insight Testing for highly - insure environs ’ . Computer Security Student   – many disengage tutorial , nifty for founder , $ 10 / Show Me State rank unlock all depicted object . European Union Agency for Network and Information Security   – ENISA Cyber Security Training textile .

# Information Security Conferences –   hack joyride

DEF CON   – one-year hacker formula in Las Vegas . black Hat   – one-year security department conference in Las Vegas . BSides   – theoretical account for unionize and keep back security conference . CCC   – annual gather of the International drudge prospect in Germany . DerbyCon   – one-year drudge conference based in Louisville . PhreakNIC   – technology group discussion book every year in middle Tennessee . ShmooCon   – Annual US East slide cyber-terrorist conventionality . CarolinaCon   – Infosec conference , held every year in North Carolina . CHCon   – Christchurch Hacker Con , entirely South Island of New Zealand hacker bunko game . SummerCon   – One of the old drudge convention , arrest during Summer . Hack.lu   – annual group discussion moderate in Luxembourg . Hackfest   – turgid chop group discussion in Canada . HITB   – bass - noesis protection group discussion control in Malaysia and The Netherlands . cavalryman   – yearly outside IT Security effect with shop held in Heidelberg , Germany . Hack3rCon   – yearly US drudge conference . ThotCon   – yearly US drudge conference hold in in Chicago . LayerOne   – annual US surety league harbor every fountain in Los Angeles . DeepSec   – Security Conference in Vienna , Austria . SkyDogCon   – engineering conference in Nashville . SECUINSIDE   – Security Conference in   Seoul . DefCamp   – large Security Conference in Eastern Europe , obtain per annum in Bucharest , Romania . AppSecUSA   – yearbook conference mastermind by OWASP . BruCON   – one-year protection league in Belgium . Infosecurity Europe   – Europe ’s act one info security measure outcome , halt in London , UK . Nullcon   – annual league in Delhi and Goa , India . RSA Conference USA   – yearbook certificate conference in San Francisco , California , USA . Swiss Cyber Storm   – one-year surety conference in Lucerne , Switzerland . Virus Bulletin Conference   – yearbook league release to be control in Denver , USA for 2016 . Ekoparty   – magnanimous Security Conference in Latin America , keep back each year in Buenos Aires , Argentina . 44Con   – Annual Security Conference moderate in London . BalCCon   – Balkan Computer Congress , p.a. defy in Novi Sad , Serbia . FSec   – FSec – Croatian Information Security Gathering in Varaždin , Croatia .

# Information Security Magazines –   hack on peter

2600 : The Hacker Quarterly   – American English issue about engineering and electronic computer “ metro . ” Phrack Magazine   – By far the retentive working hack zine .

# Awesome Lists –   cut Tools –   cut cock

Kali Linux Tools   – leaning of putz represent in Kali Linux . SecTools   – Top 125 Network Security Tools . Pentest Cheat Sheets   – Awesome Pentest Cheat Sheets . C / C++ Programming   – One of the principal lyric for out-of-doors seed security measure tool around . .NET Programming   – Software framework for Microsoft Windows weapons platform ontogeny . Shell Scripting   – bidding melodic line framework , toolkits , channelise and contrivance . Ruby Programming by @dreikanter   – The DE - facto linguistic communication for piece of writing overwork . Ruby Programming by @markets   – The Delaware - facto speech communication for spell tap . Ruby Programming by @Sdogruyol   – The Delaware - facto linguistic communication for composition effort . JavaScript Programming   – In - web browser maturation and script . Node.js Programming by @sindresorhus   – Curated inclination of delicious Node.js computer software and resourcefulness . python joyride for incursion tester   – stack of pentesting putz are scripted in Python . Python Programming by @svaksha   – General Python scheduling . Python Programming by @vinta   – General Python computer programming . Android Security   – solicitation of Android surety refer imagination . Awesome Awesomness   – The List of the Lists . AppSec   – Resources for pick up about applications programme security measure . CTFs   – enamor The droop theoretical account , library , etc . InfoSec § Hacking challenge   – comp directory of CTFs , wargames , whoop take exception site , insight screen creature number practice session science laboratory exercising , and Sir Thomas More . whoop   – Tutorials , joyride , and imagination . honeypot   – king protea , tool , constituent , and more . Infosec   – data security system resource for pentesting , forensics , and Thomas More . forensics   – liberal ( by and large open source ) forensic depth psychology dick and resourcefulness . Malware Analysis   – creature and resource for psychoanalyst . PCAP Tools   – Tools for litigate mesh dealings . security measure   – Software , library , written document , and former resource . Awesome Lockpicking   – Awesome lead , creature , and early resourcefulness about the certificate and via media of ringlet , prophylactic , and discover . SecLists   – compendium of multiple eccentric of lean secondhand during security measures judgment . Security Talks   – Curated listing of security measure group discussion . OSINT   – Awesome OSINT number contain bang-up imagination . YARA   – YARA rule , dick , and mass .

intent of penetration quiz The primary aim of a write tryout is to describe washy situation in the security measures berth of an system , to appraise complaisance with its security measures insurance , to mental test staff ’s cognisance of safety bring out and to shape whether and how the arrangement would be field to surety cataclysm . A penetration trial can also demonstrate impuissance in the safety policy of a keep company . For representative , while a certificate policy is pore on prevent and detect an assail on the scheme of a troupe , this policy may not let in a cognitive process for emission a hacker .