-
Notifications
You must be signed in to change notification settings - Fork 930
Security Tools
Vex Woo edited this page Sep 8, 2015
·
2 revisions
| Name | Author | Url | Description |
|---|---|---|---|
| 0d1n | CoolerVoid | https://github.com/CoolerVoid/0d1n | Web security tool to make fuzzing at HTTP inputs, made in C with libCurl. |
| 0trace | jonoberheide | https://jon.oberheide.org/0trace/ | 0trace.py is a python port of Michal Zalewski's 0trace hop enumeration tool |
| 3proxy | 3proxy | http://3proxy.ru/ | The free proxy server |
| acccheck | Faisal Dean | http://labs.portcullis.co.uk/application/acccheck | The tool is designed as a password dictionary attack tool that targets windows authentication via the SMB protocol. It is really a wrapper script around the ‘smbclient’ binary, and as a result is dependent on it for its execution. |
| ace-voip | Sipera VIPER Lab | http://ucsniff.sourceforge.net/ace.html | ACE (Automated Corporate Enumerator) is a simple yet powerful VoIP Corporate Directory enumeration tool |
| Amap | van Hauser / DJ RevMoon | https://www.thc.org/thc-amap/ | scanning tool to identify applications |
| Aircrack | Aircrack-ng | http://www.aircrack-ng.org/ | Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. |
| Automater | TekDefense.com | http://www.tekdefense.com/automater/ | Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at making the analysis process easier for intrusion Analysts |
| Backtrack | Offensive-Security | http://www.backtrack-linux.org/ | This excellent bootable live CD Linux distribution comes from the merger of Whax and Auditor. |
| BeEF | beefproject | http://www.beefproject.com/ | The Browser Exploitation Framework, a penetration testing tool that focuses on the web browser. |
| BurpSuite | PortSwigger | http://portswigger.net/burp | Burp Suite is an integrated platform for performing security testing of web applications. |
| Cain and Abel | http://www.oxid.it/cain.html | recover passwords by sniffing the network, cracking encrypted passwords using dictionary, brute-force and cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. | |
| Captipper | omriher | https://github.com/omriher/captipper | CapTipper is a python tool to analyze, explore and revive HTTP malicious traffic. |
| Cewl | https://digi.ninja/projects/cewl.php | CeWL spiders a target site and creates a list of all unique words found on the site, this list can then be used for things such as password brute forcing | |
| Chap2asleap | g0tmi1k | http://blog.g0tmi1k.com/categories/chap2asleap/ | A python script, to automatically generate the arguments for Joshua Wright’s ‘asleap’ program |
| Clusterd | hatRiot | https://github.com/hatRiot/clusterd | clustered attack toolkit - jboss/coldfusion/weblogic/tomcat/railo/axis2/glassfish |
| CMSmap | Dionach | https://github.com/Dionach/CMSmap | CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs. |
| dirs3arch | maurosoria | https://github.com/maurosoria/dirs3arch | dirs3arch is a simple command line tool designed to brute force directories and files in websites. |
| dnsrecon | darkoperator | https://github.com/darkoperator/dnsrecon | DNS Enumeration Script |
| dradisframework | dradis | https://github.com/dradis/dradisframework | Dradis is an open source collaboration framework, tailored to InfoSec teams. |
| dvcs-ripper | kost | https://github.com/kost/dvcs-ripper | Rip web accessible (distributed) version control systems: SVN, GIT, Mercurial/hg, bzr, ... |
| Empire | PowerShellEmpire | https://github.com/PowerShellEmpire/Empire | Empire is a pure PowerShell post-exploitation agent. |
| Exploit-database | Offensive Security | https://github.com/offensive-security/exploit-database | The official Exploit Database repository |
| Fierce | IceShaman | http://ha.ckers.org/fierce/ | A DNS Scanner |
| Freetds | Freetds | http://www.freetds.org | Unix/Linux SQL Server Client |
| Fuzzdb | all3g | https://github/com/all3g/fuzzdb | Web Fuzzing Discovery and Attack Pattern Database |
| Gdbinit | https://github.com/gdbinit/Gdbinit/ | Gdbinit for OS X, iOS and others - x86, x86_64 and ARM | |
| Git-References | git | https://github.com/git/git-reference | Online Git Reference |
| ike-scan | royhills | https://github.com/royhills/ike-scan | The IKE Scanner |
| John the ripper | openwall | http://www.openwall.com/john/ | a fast password cracker |
| joomscan | http://joomscan.sourceforge.net/ | Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site. | |
| Kismet | dragorn | http://www.kismetwireless.net/ | Kismet is a console (ncurses) based 802.11 layer-2 wireless network detector, sniffer, and intrusion detection system. |
| Linux Exploit Suggester | PenturaLabs | https://github.com/PenturaLabs/Linux_Exploit_Suggester | Linux Exploit Suggester; based on operating system release number. |
| Metasploit | rapid7 | http://www.metasploit.com/ | It is an advanced open-source platform for developing, testing, and using exploit code. |
| mitmproxy | mitmproxy | https://github.com/mitmproxy/mitmproxy | An interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers |
| mimikatz | gentilkiwi | https://github.com/gentilkiwi/mimikatz | A little tool to play with Windows security |
| msfwiki | pwnwiki | https://github.com/pwnwiki/msfwiki | Metasploit Usage Wiki |
| Nessus | Nessus | http://www.tenable.com/products/nessus-vulnerability-scanner | one of the most popular and capable vulnerability scanners |
| Netcat | GNU | http://netcat.sourceforge.net/ | This simple utility reads and writes data across TCP or UDP network connections. |
| NfSpy | bonsaiviking | https://github.com/bonsaiviking/NfSpy | ID-spoofing NFS client |
| Nikto | sullo | https://github.com/sullo/nikto | Nikto web server scanner |
| NoSQLMap | tcstool | https://github.com/tcstool/NoSQLMap | Automated Mongo database and NoSQL web application exploitation tool |
| Nscan | OffensivePython | https://github.com/OffensivePython/Nscan | Fast internet-wide scanner |
| Paramiko | paramiko | https://github.com/paramiko/paramiko | Native Python SSHv2 protocol library |
| Patator | lanjelot | https://github.com/lanjelot/patator | Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. |
| Peda | longld | https://github.com/longld/peda | PEDA - Python Exploit Development Assistance for GDB |
| Pipal | digininja | https://github.com/digininja/pipal | password analyser |
| PowerTools | PowerShellEmpire | https://github.com/PowerShellEmpire/PowerTools | PowerTools is a collection of PowerShell projects with a focus on offensive operations |
| princeprocessor | jsteube | https://github.com/jsteube/princeprocessor | Standalone password candidate generator using the PRINCE algorithm |
| pwntools | Gallopsled | https://github.com/Gallopsled/pwntools | CTF framework |
| pwnwiki | pwnwiki | https://github.com/pwnwiki/pwnwiki.github.io | PwnWiki - The notes section of the pentesters mind |
| pykek | bidord | https://github.com/bidord/pykek | Exploits MS14-680 vulnerability on an un-patched domain controler of an Active Directory domain to get a Kerberos ticket for an existing domain user account with the privileges of the following domain groups |
| recon-ng | LaNMaSteR53 | https://bitbucket.org/LaNMaSteR53/recon-ng | Recon-ng is a full-featured Web Reconnaissance framework written in Python |
| Responder | SpiderLabs | https://github.com/SpiderLabs/Responder | Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. |
| ruoterpwn | hkm | https://github.com/hkm/routerpwn.com | Compilation of ready to run exploits, advisories, tools and online key generators for embedded devices. |
| scapy | jwiegley | https://github.com/jwiegley/scapy | A powerful interactive packet manipulation program |
| Snort | Snort | http://www.snort.org/ | This network intrusion detection and prevention system excels at traffic analysis and packet logging on IP networks. |
| scrapy | scrapy | https://github.com/scrapy/scrapy | Scrapy, a fast high-level web crawling & scraping framework for Python. |
| SecLists | danielmiessler | https://github.com/danielmiessler/SecLists/ | a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more. |
| sqli-labs | https://github.com/Audi-1/sqli-labs | SQLI labs to test error based, Blind boolean based, Time based. | |
| sqlmap | sqlmapproject | https://github.com/sqlmapproject/sqlmap | Automatic SQL injection and database takeover tool |
| svn_dump | all3g | https://github.com/all3g/svn_dump | svn tree dump tool |
| tcpdump | http://www.tcpdump.org/ | command line network sniffer | |
| theHarvester | laramies | https://github.com/laramies/theHarvester | theHarvester is a tool for gathering e-mail accounts, subdomain names, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers). |
| wafw00f | https://github.com/sandrogauci/wafw00f | WAF fingerprint analysis | |
| weevely | epinna | https://github.com/epinna/weevely3 | Weaponized web shell |
| Windows Exploit Suggester | GDSSecurity | https://github.com/GDSSecurity/Windows-Exploit-Suggester | This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins. |
| Wireshark | Wireshark | http://www.wireshark.org/ | a fantastic open source multi-platform network protocol analyzer |
| WPscan | wpscanteam | https://github.com/wpscanteam/wpscan | WPScan is a black box WordPress vulnerability scanner. |