Tools
Penetration Testing Distributions
Kali - A Linux distribution designed for digital forensics and penetration testing
ArchStrike - An Arch Linux repository for security professionals and enthusiasts
BlackArch - Arch Linux-based distribution for penetration testers and security researchers
NST - Network Security Toolkit distribution
Pentoo - Security-focused livecd based on Gentoo
BackBox - Ubuntu-based distribution for penetration tests and security assessments
Parrot - A distribution similar to Kali, with multiple architecture
Fedora Security Lab - Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies.
Docker for Penetration Testing
docker pull kalilinux/kali-linux-dockerofficial Kali Linuxdocker pull owasp/zap2docker-stable- official OWASP ZAPdocker pull wpscanteam/wpscan- official WPScandocker pull pandrew/metasploit- docker-metasploitdocker pull citizenstig/dvwa- Damn Vulnerable Web Application (DVWA)docker pull wpscanteam/vulnerablewordpress- Vulnerable WordPress Installationdocker pull hmlio/vaas-cve-2014-6271- Vulnerability as a service: Shellshockdocker pull hmlio/vaas-cve-2014-0160- Vulnerability as a service: Heartbleeddocker pull opendns/security-ninjas- Security Ninjasdocker pull diogomonica/docker-bench-security- Docker Bench for Securitydocker pull ismisepaul/securityshepherd- OWASP Security Shepherddocker pull danmx/docker-owasp-webgoat- OWASP WebGoat Project docker imagedocker-compose build && docker-compose up- OWASP NodeGoatdocker pull citizenstig/nowasp- OWASP Mutillidae II Web Pen-Test Practice Applicationdocker pull bkimminich/juice-shop- OWASP Juice Shop
Vulnerability Scanners
Nexpose - Vulnerability Management & Risk Management Software
Nessus - Vulnerability, configuration, and compliance assessment
Nikto - Web application vulnerability scanner
OpenVAS - Open Source vulnerability scanner and manager
OWASP Zed Attack Proxy - Penetration testing tool for web applications
Secapps - Integrated web application security testing environment
w3af - Web application attack and audit framework
Wapiti - Web application vulnerability scanner
WebReaver - Web application vulnerability scanner for Mac OS X
DVCS Ripper - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR
arachni - Web Application Security Scanner Framework
Network Tools
nmap - Free Security Scanner For Network Exploration & Security Audits
pig - A Linux packet crafting tool
tcpdump/libpcap - A common packet analyzer that runs under the command line
Wireshark - A network protocol analyzer for Unix and Windows
Network Tools - Different network tools: ping, lookup, whois, etc
netsniff-ng - A Swiss army knife for for network sniffing
Intercepter-NG - a multifunctional network toolkit
SPARTA - Network Infrastructure Penetration Testing Tool
dnschef - A highly configurable DNS proxy for pentesters
DNSDumpster - Online DNS recon and search service
dnsenum - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results
dnsmap - Passive DNS network mapper
dnsrecon - DNS Enumeration Script
dnstracer - Determines where a given DNS server gets its information from, and follows the chain of DNS servers
passivedns-client - Provides a library and a query tool for querying several passive DNS providers
passivedns - A network sniffer that logs all DNS server replies for use in a passive DNS setup
Mass Scan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
Zarp - Zarp is a network attack tool centered around the exploitation of local networks
mitmproxy - An interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers
mallory - HTTP/HTTPS proxy over SSH
Netzob - Reverse engineering, traffic generation and fuzzing of communication protocols
DET - DET is a proof of concept to perform Data Exfiltration using either single or multiple channel(s) at the same time
pwnat - punches holes in firewalls and NATs
dsniff - a collection of tools for network auditing and pentesting
tgcd - a simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls
smbmap - a handy SMB enumeration tool
scapy - a python-based interactive packet manipulation program & library
Dshell - Network forensic analysis framework
Debookee (MAC OS X) - Intercept traffic from any device on your network
Dripcap - Caffeinated packet analyzer
SSL Analysis Tools
SSLyze - SSL configuration scanner
sslstrip - a demonstration of the HTTPS stripping attacks
sslstrip2 - SSLStrip version to defeat HSTS
tls_prober - fingerprint a server's SSL/TLS implementation
Web exploitation
WPScan - Black box WordPress vulnerability scanner
SQLmap - Automatic SQL injection and database takeover tool
weevely3 - Weaponized web shell
Wappalyzer - Wappalyzer uncovers the technologies used on websites
cms-explorer - CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.
joomscan - Joomla CMS scanner
WhatWeb - Website Fingerprinter
BlindElephant - Web Application Fingerprinter
fimap - Find, prepare, audit, exploit and even google automatically for LFI/RFI bugs
Kadabra - Automatic LFI exploiter and scanner
Kadimus - LFI scan and exploit tool
liffy - LFI exploitation tool
Vulnerability Databases
NVD - US National Vulnerability Database
CERT - US Computer Emergency Readiness Team
OSVDB - Open Sourced Vulnerability Database
Bugtraq - Symantec SecurityFocus
Exploit-DB - Offensive Security Exploit Database
Fulldisclosure - Full Disclosure Mailing List
MS Bulletin - Microsoft Security Bulletin
MS Advisory - Microsoft Security Advisories
Inj3ct0r - Inj3ct0r Exploit Database
Packet Storm - Packet Storm Global Security Resource
SecuriTeam - Securiteam Vulnerability Information
CXSecurity - CSSecurity Bugtraq List
Vulnerability Laboratory - Vulnerability Research Laboratory
ZDI - Zero Day Initiative
Vulners - Security database of software vulnerabilities
Hex Editors
HexEdit.js - Browser-based hex editing
Hexinator (commercial) - World's finest Hex Editor
Crackers
John the Ripper - Fast password cracker
Online MD5 cracker - Online MD5 hash Cracker
Hashcat - The more fast hash cracker
THC Hydra - Another Great Password Cracker
Windows Utils
Sysinternals Suite - The Sysinternals Troubleshooting Utilities
Windows Credentials Editor - security tool to list logon sessions and add, change, list and delete associated credentials
mimikatz - Credentials extraction tool for Windows OS
PowerSploit - A PowerShell Post-Exploitation Framework
Windows Exploit Suggester - Detects potential missing patches on the target
Responder - A LLMNR, NBT-NS and MDNS poisoner
Bloodhound - A graphical Active Directory trust relationship explorer
Empire - Empire is a pure PowerShell post-exploitation agent
Fibratus - Tool for exploration and tracing of the Windows kernel
Reverse Engineering Tools
IDA Pro - A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
IDA Free - The freeware version of IDA v5.0
WDK/WinDbg - Windows Driver Kit and WinDbg
OllyDbg - An x86 debugger that emphasizes binary code analysis
Radare2 - Opensource, crossplatform reverse engineering framework
x64_dbg - An open-source x64/x32 debugger for windows
Immunity Debugger - A powerful new way to write exploits and analyze malware
Evan's Debugger - OllyDbg-like debugger for Linux
Medusa disassembler - An open source interactive disassembler
plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code
peda - Python Exploit Development Assistance for GDB
dnSpy - dnSpy is a tool to reverse engineer .NET assemblies
Last updated