Tools
Last updated
Was this helpful?
Last updated
Was this helpful?
Penetration Testing Distributions
- A Linux distribution designed for digital forensics and penetration testing
- An Arch Linux repository for security professionals and enthusiasts
- Arch Linux-based distribution for penetration testers and security researchers
- Network Security Toolkit distribution
- Security-focused livecd based on Gentoo
- Ubuntu-based distribution for penetration tests and security assessments
- A distribution similar to Kali, with multiple architecture
- Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies.
Docker for Penetration Testing
docker pull kalilinux/kali-linux-docker
docker pull owasp/zap2docker-stable -
docker pull wpscanteam/wpscan -
docker pull pandrew/metasploit -
docker pull citizenstig/dvwa -
docker pull wpscanteam/vulnerablewordpress -
docker pull hmlio/vaas-cve-2014-6271 -
docker pull hmlio/vaas-cve-2014-0160 -
docker pull opendns/security-ninjas -
docker pull diogomonica/docker-bench-security -
docker pull ismisepaul/securityshepherd -
docker pull danmx/docker-owasp-webgoat -
docker-compose build && docker-compose up -
docker pull citizenstig/nowasp -
docker pull bkimminich/juice-shop -
Vulnerability Scanners
Network Tools
SSL Analysis Tools
Web exploitation
Hex Editors
Crackers
Windows Utils
Reverse Engineering Tools
- Vulnerability Management & Risk Management Software
- Vulnerability, configuration, and compliance assessment
- Web application vulnerability scanner
- Open Source vulnerability scanner and manager
- Penetration testing tool for web applications
- Integrated web application security testing environment
- Web application attack and audit framework
- Web application vulnerability scanner
- Web application vulnerability scanner for Mac OS X
- Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR
- Web Application Security Scanner Framework
- Free Security Scanner For Network Exploration & Security Audits
- A Linux packet crafting tool
- A common packet analyzer that runs under the command line
- A network protocol analyzer for Unix and Windows
- Different network tools: ping, lookup, whois, etc
- A Swiss army knife for for network sniffing
- a multifunctional network toolkit
- Network Infrastructure Penetration Testing Tool
- A highly configurable DNS proxy for pentesters
- Online DNS recon and search service
- Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results
- Passive DNS network mapper
- DNS Enumeration Script
- Determines where a given DNS server gets its information from, and follows the chain of DNS servers
- Provides a library and a query tool for querying several passive DNS providers
- A network sniffer that logs all DNS server replies for use in a passive DNS setup
- TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
- Zarp is a network attack tool centered around the exploitation of local networks
- An interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers
- HTTP/HTTPS proxy over SSH
- Reverse engineering, traffic generation and fuzzing of communication protocols
- DET is a proof of concept to perform Data Exfiltration using either single or multiple channel(s) at the same time
- punches holes in firewalls and NATs
- a collection of tools for network auditing and pentesting
- a simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls
- a handy SMB enumeration tool
- a python-based interactive packet manipulation program & library
- Network forensic analysis framework
- Intercept traffic from any device on your network
- Caffeinated packet analyzer
- SSL configuration scanner
- a demonstration of the HTTPS stripping attacks
- SSLStrip version to defeat HSTS
- fingerprint a server's SSL/TLS implementation
- Black box WordPress vulnerability scanner
- Automatic SQL injection and database takeover tool
- Weaponized web shell
- Wappalyzer uncovers the technologies used on websites
- CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.
- Joomla CMS scanner
- Website Fingerprinter
- Web Application Fingerprinter
- Find, prepare, audit, exploit and even google automatically for LFI/RFI bugs
- Automatic LFI exploiter and scanner
- LFI scan and exploit tool
- LFI exploitation tool
- US National Vulnerability Database
- US Computer Emergency Readiness Team
- Open Sourced Vulnerability Database
- Symantec SecurityFocus
- Offensive Security Exploit Database
- Full Disclosure Mailing List
- Microsoft Security Bulletin
- Microsoft Security Advisories
- Inj3ct0r Exploit Database
- Packet Storm Global Security Resource
- Securiteam Vulnerability Information
- CSSecurity Bugtraq List
- Vulnerability Research Laboratory
- Zero Day Initiative
- Security database of software vulnerabilities
- Browser-based hex editing
(commercial) - World's finest Hex Editor
- Fast password cracker
- Online MD5 hash Cracker
- The more fast hash cracker
- Another Great Password Cracker
- The Sysinternals Troubleshooting Utilities
- security tool to list logon sessions and add, change, list and delete associated credentials
- Credentials extraction tool for Windows OS
- A PowerShell Post-Exploitation Framework
- Detects potential missing patches on the target
- A LLMNR, NBT-NS and MDNS poisoner
- A graphical Active Directory trust relationship explorer
- Empire is a pure PowerShell post-exploitation agent
- Tool for exploration and tracing of the Windows kernel
- A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
- The freeware version of IDA v5.0
- Windows Driver Kit and WinDbg
- An x86 debugger that emphasizes binary code analysis
- Opensource, crossplatform reverse engineering framework
- An open-source x64/x32 debugger for windows
- A powerful new way to write exploits and analyze malware
- OllyDbg-like debugger for Linux
- An open source interactive disassembler
- Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code
- Python Exploit Development Assistance for GDB
- dnSpy is a tool to reverse engineer .NET assemblies