Recon Toolbox

A curated list of awesome forensic analysis tools and resources

Enumeration, Content Discovery & Vulnerability Scans

Tool Stars Description
AlterX GitHub stars subdomain wordlist generator.
Amass GitHub stars attack surface mapping and asset discovery.
assetfinder GitHub stars Tool for finding assets.
asnmap GitHub stars Maps network ranges using ASN.
boofuzz GitHub stars Advanced fuzzing tool.
burpgpt GitHub stars Burp Suite extension to perform an additional passive scan and traffic-based analysis using ChatGPT.
cariddi GitHub stars Crawls URLs and scans for potential security leaks.
csprecon GitHub stars Content Security Policy discovery
dnsx GitHub stars DNS recon
Domain GitHub stars Combines Recon-ng and Alt-DNS.
domain-analyzer GitHub stars Analyzes domain security.
EndExt GitHub stars Extract all endpoints from JS files.
faraday GitHub stars Open Source Vulnerability Management.
firefly GitHub stars Black box fuzzer for web applications
ffuf GitHub stars Fast web fuzzer.
fsociety GitHub stars Hacking Tools Pack.
gasmask GitHub stars Information gathering.
gau GitHub stars Fetches known URLs.
gobuster GitHub stars Directory/file & DNS busting.
hakcheckurl GitHub stars URL checker.
hak-origin-finder GitHub stars Finds origin hosts
hakrawler GitHub stars Web crawler for endpoint and asset discovery.
httpx GitHub stars HTTP toolkit.
Kiterunner GitHub stars Discover & bruteforce content from various endpoints with style.
legion GitHub stars Semi-automated network testing
mapcidr GitHub stars Tool for mass scanning load distribution.
nuclei GitHub stars YAML-based DSL.
Onion GitHub stars Linux distro for threat hunting.
param spider GitHub stars Parameter analysis.
PentestGPT GitHub stars GPT penetration testing.
probable subdomains GitHub stars Subdomains analysis and generation.
puredns GitHub stars Wildcard subdomains and DNS poisoning.
rapiddns GitHub stars DNS recon .
recog GitHub stars Pattern recognition tool for hosts, services, content.
reconftw GitHub stars Automated recon with all the things.
ReconDog GitHub stars Reconnaissance tool.
Sn1per GitHub stars Automated pentest platform.
source-mapper GitHub stars Extracts JavaScript source trees.
SCRIPT KIDDI3 GitHub stars Recon and initial vulnerability detection tool.
subenum GitHub stars Subdomain enumeration.
subfinder GitHub stars Subdomain discovery tool.
sublist3r GitHub stars Subdomains enumeration tool.
the time machine GitHub stars Uses WaybackUrls for recon and OSINT.
waybackurls GitHub stars URLs from Wayback Machine.
waymore GitHub stars Wayback machine tool.
Web-Heck-Scanner GitHub stars Bug bounty hunting tool.
xnLinkFinder GitHub stars Endpoint and parameter fuzzer
xurlfind3r GitHub stars CLI utility to find domain's known URLs from curated passive online sources.

OSINT

Tool Stars Description
breach-parse GitHub stars A tool for parsing breached passwords.
gitdorkhelper GitHub stars Generate GitHub search links.
OSINT-Browser-Extensions GitHub stars Chrome extensions
recon-ng GitHub stars OSINT gathering multi-tool.
Th3Inspector GitHub stars "Best Tool For Information Gathering".

OSCP (Offensive Security Certified Professional)

Active Directory

Tool Description
BloodHound/SharpHound Visualizes AD environment privilege relationships.
ADExplorer Offline AD exploration.
ldapdomaindump Comprehensive AD data dumping.
impacket Network protocols manipulation and exploitation.
go-windapsearch LDAP query execution in Go.
PowerView Advanced AD enumeration.
ADRecon Gathers a huge amount of information from AD for analysis.
MANSPIDER Spidering network file systems.
ADACLScanner Scans AD ACLs for potentially vulnerable permissions.
ADModule Microsoft-signed ActiveDirectory PowerShell module.
adPEAS Automates Active Directory enumeration with this PowerShell tool.
msLDAPDump LDAP enumeration tool implemented in Python3.
PowerHuntShares PowerShell script to audit AD domains for file shares.
Rubeus For Kerberos ticket attacks.
Certify For AD certificate services exploitation.
secretsdump.py Extracts credentials from AD databases.
DonPAPI Extracts various credentials and secrets.
PrivescCheck Identifies Windows privilege escalation vectors.
Locksmith Checks for misconfigurations and vulnerabilities.
HiveNightmare/SeriousSAM Exploits ACL misconfigurations on registry hives.
GodPotato For Windows Server 2012 - Windows Server 2022 Windows 8 - Windows 11 exploitation.
Spray-Passwords Custom tool for password spraying.
kerbrute For Kerberos brute-forcing and enumeration.
ASREPRoast Finds users vulnerable to AS-REP roasting.
targetedKerberoast.py Selective Kerberoasting.
msprobe Finding Microsoft resources for password spraying and enumeration.
NetExec Remote command execution.
SharpSCCM Exploits System Center Configuration Manager.
Inveigh Windows MitM tool.
AMSI Bypass/CLMBypass For bypassing AMSI and CLM.
Mimikatz For credential dumping and creating Golden Tickets.

Extensions & Plugins

Helper Tools

Exploit

Privilege Escalation - Dig a little deeper

Name Stars Description
ADModule GitHub stars Microsoft signed ActiveDirectory PowerShell module.
adPEAS GitHub stars Automate Active Directory enumeration with this Powershell tool.
Bloodhound GitHub stars Reveal hidden and unintended relationships within Active Directory or Azure.
GodPotato GitHub stars For Windows Server 2012 - Windows Server 2022 Windows8 - Windows 11
msprobe GitHub stars Finding Microsoft resources for password spraying and enumeration.
PipeViewer GitHub stars Show detailed information about named pipes in Windows.
PowerHuntShares GitHub stars Audit script Active Directory domains.
PSBits GitHub stars Useful Windows Exploits
mitmproxy GitHub stars Interactive TLS-capable intercepting HTTP proxy
msLDAPDump GitHub stars LDAP enumeration tool implemented in Python3
PEASS-ng GitHub stars Privilege Escalation Scripts.
PrivKit GitHub stars Detect Windows OS misconfiguration privEsc.

PostOp

Persistence, Cleanup & C2

Name Stars Description
adversarial-robustness-toolbox GitHub stars Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams.
APTRS GitHub stars Automated Penetration Testing Reporting System.
DFShell GitHub stars "The Best Forwarded Shell".
Forensia GitHub stars Anti Forensics Tool For Erasing Footprints.
pupy GitHub stars Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C.
ronin GitHub stars A free and Open Source Ruby toolkit for security research and development.
sliver GitHub stars Adversary Emulation Framework.
Villain GitHub stars C2 framework that can handle multiple TCP socket & HoaxShell...

Hardening

DFIR, scans and system tweaks

apt install clamav rkhunter lynis

Name Stars Description
aftermath GitHub stars Aftermath is a free macOS IR framework.
API-Security-Checklist GitHub stars Checklist of the most important security countermeasures when designing, testing, and releasing your API.
blue-team-wiki GitHub stars Tools, techniques, cheat sheets, and other resources.
HardeningKitty GitHub stars Checks and hardens your Windows configuration.
OSSEC GitHub stars Open Source Host-based Intrusion Detection System that performs log analysis and more.
sandfly-entropyscan GitHub stars Entropy scanner for Linux to detect packed or encrypted binaries related to malware.
usb-canary GitHub stars A Linux or OSX tool that uses psutil to monitor devices while your computer is locked.
winutil GitHub stars Install Programs, Tweaks, Fixes, and Updates.

IoT & Mobile

Tool Stars Description
android-backup-extractor GitHub stars Android backup extractor.
apk.sh GitHub stars Automates repetitive tasks like pulling, decoding, rebuilding and patching an APK for easier reverse engineering of Android apps.
cameradar GitHub stars Hacks its way into RTSP videosurveillance cameras.
HomePWN GitHub stars Swiss Army Knife for Pentesting of IoT Devices.
igoat GitHub stars OWASP iGoat - A Learning Tool for iOS App Pentesting.
owasp-mastg GitHub stars The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering.
PhoneSploit-Pro GitHub stars Exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
QuadraInspect GitHub stars Android framework that integrates AndroPass, APKUtil, and MobFS.

Wireless & Network

Traffic Analysis

Name Stars Description
arkime GitHub stars A packet capturing, indexing, and database system.
scapy GitHub stars Scapy: the Python-based interactive packet manipulation program & library.
btlejack GitHub stars Bluetooth Low Energy Swiss-army knife.
Sniffle GitHub stars A sniffer for Bluetooth 5 and 4.x LE.
macstealer GitHub stars Wi-Fi Client Isolation Bypass.
wifite2 GitHub stars Rewrite of the popular wireless network auditor, "wifite".

Footprinting and reconnaissance

Competitive Intelligence Gathering

What are the company's plans?

What expert do opinions say about the company?

Enumerate people, emails,...

Email tracking tools

Extracting Metadata of Public Documents

Find TLD's domains

IP geolocation lookup

Mirroring entire website

Monitoring webpages for updates and changes

Monitoring website traffic of target company

Phone number

Traceroute

Twitter

Website footprinting

Website footprinting spiders

Networks

ARP Poisoning

Protection

DHCP starvation attack

Rogue DHCP attack

DoS

Protection

MAC flood attack

MAC Spoofing

Enumeration

Vulnerability Scanning

System hacking

Android

iOS

Privilege Escalation / Post exploitation

Exploit databases

Logs

Password cracking / Login brute-forcer

Databases

Debuggers / Disassemblers

Decompilers

Deobfuscator

Dependencies

Device drivers monitoring

DNS monitoring

File fingerprinting

Files integrity monitoring

Network

Packers

Portable Executable (PE) explorer

Ransomware

RATs

Scanners / Sandbox

Spyware

Virus

Windows registry monitoring

Windows services monitoring

Session hijacking

Hacking web

Whois lookup

DNS interrogation

Scan ports and services running

Web Application Reconnaissance

Web spidering

Detect load balancer

Identify web server directories

Identify web application vulnerabilities

Attack

SQL Injection

Vulnerable web applications

Protection

Disk encryption

E-mail

Firewalls

Honeypots

IDS / IPS

Inventory management

Passwords

Patch

Trackers

Forensics

Social engineering

Phising

Phishing detection

Hacking wireless

Bluetooth

Finding WPS-Enabled APs

MAC spoofing

WPA3

Steganography

Internet of Things (IoT)

Maintain access

Enumeration

Exploit

Google Storage Buckets

Scanners

Salesforce

Javascript

SAST Tools:

Web Archives

Vulnerabilities (CVE)

Malwares

Windows Scanning Tools

AI

Agents and Integrations

Hall of Fame

Name Stars Description
Metasploit GitHub stars The world's most used penetration testing framework
Nmap GitHub stars Network exploration tool and security scanner
Wireshark GitHub stars Network protocol analyzer
Aircrack-ng GitHub stars WiFi security auditing tools suite
John the Ripper GitHub stars Password cracking software
Burp Suite GitHub stars Web vulnerability scanner
sqlmap GitHub stars Automatic SQL injection and database takeover tool
Hydra GitHub stars Parallelized login cracker
Kali Linux GitHub stars Recipes for Kali Linux for use with live-build
ExploitDB GitHub stars The official Exploit Database repository

Reference

Reports, cheatsheets, lists & tips | List | Stars | Description | | :------: | :------: | :------: | | Bug-Bounty-Wordlists | GitHub stars | A repository of important wordlists for bug hunting. | | OneListForAll | GitHub stars | Rockyou for web fuzzing. | | SecLists | GitHub stars | A collection of multiple types of lists for security assessments. |

Quick Reference & Tips

Name Stars Description
Awesome-Hacking GitHub stars Awesome lists for hackers, pentesters, and security researchers.
BlueTeam-Tools GitHub stars Tools and techniques for Blue Team/Incident Response.
bugbounty-cheatsheet GitHub stars Interesting payloads, tips, and tricks for bug bounty hunters.
BugBountyToolkit GitHub stars Multi-platform bug bounty toolkit.
Cheatsheet-God GitHub stars Penetration testing reference bank.
cheatsheets GitHub stars Knowledge collection about information security.
Complete Bug Bounty Cheat Sheet N/A Repos for various exploits.
h4cker GitHub stars Thousands of resources related to ethical hacking.
HackTricks GitHub stars Wiki of hacking tricks/techniques.
HowToHunt GitHub stars Methodology and test case collection for web vulnerabilities.
keyhacks GitHub stars Methods to validate API keys.
KingOfBugBountyTips GitHub stars Tips sharing from renowned bug hunters.
Knowledge Sharing GitHub stars Tips, lists and stories.
MobileApp-Pentest-Cheatsheet GitHub stars High-value info on mobile app penetration testing.
OWASP WebApp Checklist GitHub stars Web application security testing checklist.
paper_collection GitHub stars Academic papers on fuzzing, binary analysis, and exploit dev.
Pentest-Cheat-Sheets GitHub stars Code snippets and commands for easier life.
PENTESTING-BIBLE GitHub stars Learn ethical hacking and pen testing.
PPN GitHub stars Pentester's Promiscuous Notebook.
public-pentesting-reports GitHub stars Public penetration test reports.
Pwdb-Public GitHub stars Data from 1 billion leaked credentials.
RedTeam-Tools GitHub stars 100+ tools and resources for red teaming activities.

A curated list of active directory exploitation tools


(Attention the script maybe out of date)

Tools
ADACLScanner Kerberoast SessionGopher
ASREPRoast LaZagne Set-AD-ACL
Adduser-c Mimikatz Set-DCShadow
AmsiScanBufferBypass Mssqli-RID-Bruteforcing Set-PS-WMI
BeRoot NetCease SharpHound
DAMP-master Nc-Putty SharpWeb
Deploy-Deception-master Nishang SysinternalsSuite
Find-PS-WMI PEASS web-backdoors
GhostPack pi-pwnbox-rogueap x2john
HFS PowerSploit Ysoserial.net
HeidiSQL Powercat
Invoke-ACLPwn Powerless
Invoke-CradleCrafter Powermad
Invoke-DomainPasswordSpray PowerUpSQL
Invoke-Obfuscation Privesc-master
Invoke-PowerShellTcpOneLine PsTools
Invoke-SDPropagator Python-pty-shells
Invoke-WmiCommand RSAT
JAWS Responder
Kekeo RottenPotatoNG
Kekeo_old SeBackupPrivilege

Others

automation exfil exploits recon
AppendToNotion --> shell lil-doc-snatcher --> shell ctypes --> shell ipsweep --> shell
AutoSubdominer --> shell python-injection --> shell smb-scan --> shell
CyberRecon--> shell veil-venom-shells --> pdf System-filescan --> shell
DomainWatchdog --> shell vuln_code --> C tool-heavy --> shell
stack_overflows --> C maxrecon --> shell
shellcode --> python subrecon --> shell
traverserhunt --> python theEnumerator --> shell
buffer_jump --> python portscanner --> python
escalatemytools --> python
minishare --> python
sracktest--> C
substonotion --> python
cleandir --> python
f0ne --> shell
cyberdegrees --> org
propesia--> shell
substosql --> python
trendywordlister --> python
zip_cracking --> shell
heaptest --> C
security detection security hardening utilities
linux_mal_scanner --> shell LinuxSecure --> shell 23077 --> perl
macos_malscan --> shell LinuxServerSecure --> shell domainextractor --> python
MacSecure --> shell WinSecure --> cmd
createpng --> shell
jump --> shell
Script
23077.pl heap-overflows.zip root.jsp
adware_simulation.java heapbufferoverflow.c sc.sh
b374k-2.8.php heaptest.c secret_python_webcam_malware.py
backdoor.php hidefile.vbs selectall.vbs
baudrate.py javascript_keylogger_example.js sha 256 checksum
botnet_worm_malware.cpp javascript_keylogger_obfuscated.js shell.php
check.sh kmc_script.sh shellcode.zip
configscript.nse linux-heap-not-vuln.c shellshock.py
cookie.py linux-heap.c showfile.vbs
crash.py linux-stack-fptr.c simple.asm
crash2.py linux-stack.c simple32.asm
crash3.py mac-heap.c sracktest.c
ddos_attack_malware.py stack-buffer-overflows.zip
drupalharden.sh mac-stack.c stack_overflows
enc.sh mailer.py stackbof.c
exploit.py massnmap.sh stackbufferoverflow.c
exploit.spk minishare.py test.lua
f0ne.sh mona.py vuln_code.c
fix.bat php_rat_malware.php vulnerable_code
fodhelperbypassuac.ps1 polymorphic_runtime_malware.c vulnserver.rb
format-string.zip portscanner.py vulnserver.zip
formatstring.c propesia.sh walllocation.vbs
fuzz.pl proxyshell-enumerate.py webshell_php
fuzz.py pydirb.py xss-cookie-stealer.py
google.py python_to_pull_malware_from_image.py zip_cracking.sh

We would like to express our appreciation to the creators of these invaluable repositories for their outstanding contributions to the field of cybersecurity. Any links here point to the authoritative source repo.