Hacking tools - readloud.org

Recon Toolbox

A curated list of awesome forensic analysis tools and resources

Enumeration, Content Discovery & Vulnerability Scans

Tool	Stars	Description
AlterX		subdomain wordlist generator.
Amass		attack surface mapping and asset discovery.
assetfinder		Tool for finding assets.
asnmap		Maps network ranges using ASN.
boofuzz		Advanced fuzzing tool.
burpgpt		Burp Suite extension to perform an additional passive scan and traffic-based analysis using ChatGPT.
cariddi		Crawls URLs and scans for potential security leaks.
csprecon		Content Security Policy discovery
dnsx		DNS recon
Domain		Combines Recon-ng and Alt-DNS.
domain-analyzer		Analyzes domain security.
EndExt		Extract all endpoints from JS files.
faraday		Open Source Vulnerability Management.
firefly		Black box fuzzer for web applications
ffuf		Fast web fuzzer.
fsociety		Hacking Tools Pack.
gasmask		Information gathering.
gau		Fetches known URLs.
gobuster		Directory/file & DNS busting.
hakcheckurl		URL checker.
hak-origin-finder		Finds origin hosts
hakrawler		Web crawler for endpoint and asset discovery.
httpx		HTTP toolkit.
Kiterunner		Discover & bruteforce content from various endpoints with style.
legion		Semi-automated network testing
mapcidr		Tool for mass scanning load distribution.
nuclei		YAML-based DSL.
Onion		Linux distro for threat hunting.
param spider		Parameter analysis.
PentestGPT		GPT penetration testing.
probable subdomains		Subdomains analysis and generation.
puredns		Wildcard subdomains and DNS poisoning.
rapiddns		DNS recon .
recog		Pattern recognition tool for hosts, services, content.
reconftw		Automated recon with all the things.
ReconDog		Reconnaissance tool.
Sn1per		Automated pentest platform.
source-mapper		Extracts JavaScript source trees.
SCRIPT KIDDI3		Recon and initial vulnerability detection tool.
subenum		Subdomain enumeration.
subfinder		Subdomain discovery tool.
sublist3r		Subdomains enumeration tool.
the time machine		Uses WaybackUrls for recon and OSINT.
waybackurls		URLs from Wayback Machine.
waymore		Wayback machine tool.
Web-Heck-Scanner		Bug bounty hunting tool.
xnLinkFinder		Endpoint and parameter fuzzer
xurlfind3r		CLI utility to find domain's known URLs from curated passive online sources.

OSINT

Tool	Stars	Description
breach-parse		A tool for parsing breached passwords.
gitdorkhelper		Generate GitHub search links.
OSINT-Browser-Extensions		Chrome extensions
recon-ng		OSINT gathering multi-tool.
Th3Inspector		"Best Tool For Information Gathering".

OSCP (Offensive Security Certified Professional)

Active Directory

Tool	Description
BloodHound/SharpHound	Visualizes AD environment privilege relationships.
ADExplorer	Offline AD exploration.
ldapdomaindump	Comprehensive AD data dumping.
impacket	Network protocols manipulation and exploitation.
go-windapsearch	LDAP query execution in Go.
PowerView	Advanced AD enumeration.
ADRecon	Gathers a huge amount of information from AD for analysis.
MANSPIDER	Spidering network file systems.
ADACLScanner	Scans AD ACLs for potentially vulnerable permissions.
ADModule	Microsoft-signed ActiveDirectory PowerShell module.
adPEAS	Automates Active Directory enumeration with this PowerShell tool.
msLDAPDump	LDAP enumeration tool implemented in Python3.
PowerHuntShares	PowerShell script to audit AD domains for file shares.
Rubeus	For Kerberos ticket attacks.
Certify	For AD certificate services exploitation.
secretsdump.py	Extracts credentials from AD databases.
DonPAPI	Extracts various credentials and secrets.
PrivescCheck	Identifies Windows privilege escalation vectors.
Locksmith	Checks for misconfigurations and vulnerabilities.
HiveNightmare/SeriousSAM	Exploits ACL misconfigurations on registry hives.
GodPotato	For Windows Server 2012 - Windows Server 2022 Windows 8 - Windows 11 exploitation.
Spray-Passwords	Custom tool for password spraying.
kerbrute	For Kerberos brute-forcing and enumeration.
ASREPRoast	Finds users vulnerable to AS-REP roasting.
targetedKerberoast.py	Selective Kerberoasting.
msprobe	Finding Microsoft resources for password spraying and enumeration.
NetExec	Remote command execution.
SharpSCCM	Exploits System Center Configuration Manager.
Inveigh	Windows MitM tool.
AMSI Bypass/CLMBypass	For bypassing AMSI and CLM.
Mimikatz	For credential dumping and creating Golden Tickets.

Extensions & Plugins

Burp Suite Plugins & Tricks

Helper Tools

arsenal Quick inventory, reminder and launcher for pentest commands.
Nuclei AI - Browser Extension) AI & community templates & generation.
offensive-bookmarks Pentest, bounty and more links for Firefox, Chrome & Edge
One-Time-Email Generate Email, Register for anything, Get the OTP/Link.
Regrunch CLI App to generate strings from regular expression.
WhoamiAlternatives Different methods to get current username without using whoami.
xnlreveal Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled elements.

Exploit

Privilege Escalation - Dig a little deeper

Name	Stars	Description
ADModule		Microsoft signed ActiveDirectory PowerShell module.
adPEAS		Automate Active Directory enumeration with this Powershell tool.
Bloodhound		Reveal hidden and unintended relationships within Active Directory or Azure.
GodPotato		For Windows Server 2012 - Windows Server 2022 Windows8 - Windows 11
msprobe		Finding Microsoft resources for password spraying and enumeration.
PipeViewer		Show detailed information about named pipes in Windows.
PowerHuntShares		Audit script Active Directory domains.
PSBits		Useful Windows Exploits
mitmproxy		Interactive TLS-capable intercepting HTTP proxy
msLDAPDump		LDAP enumeration tool implemented in Python3
PEASS-ng		Privilege Escalation Scripts.
PrivKit		Detect Windows OS misconfiguration privEsc.

PostOp

Persistence, Cleanup & C2

Name	Stars	Description
adversarial-robustness-toolbox		Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams.
APTRS		Automated Penetration Testing Reporting System.
DFShell		"The Best Forwarded Shell".
Forensia		Anti Forensics Tool For Erasing Footprints.
pupy		Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C.
ronin		A free and Open Source Ruby toolkit for security research and development.
sliver		Adversary Emulation Framework.
Villain		C2 framework that can handle multiple TCP socket & HoaxShell...

Hardening

DFIR, scans and system tweaks

apt install clamav rkhunter lynis

Name	Stars	Description
aftermath		Aftermath is a free macOS IR framework.
API-Security-Checklist		Checklist of the most important security countermeasures when designing, testing, and releasing your API.
blue-team-wiki		Tools, techniques, cheat sheets, and other resources.
HardeningKitty		Checks and hardens your Windows configuration.
OSSEC		Open Source Host-based Intrusion Detection System that performs log analysis and more.
sandfly-entropyscan		Entropy scanner for Linux to detect packed or encrypted binaries related to malware.
usb-canary		A Linux or OSX tool that uses psutil to monitor devices while your computer is locked.
winutil		Install Programs, Tweaks, Fixes, and Updates.

IoT & Mobile

Tool	Stars	Description
android-backup-extractor		Android backup extractor.
apk.sh		Automates repetitive tasks like pulling, decoding, rebuilding and patching an APK for easier reverse engineering of Android apps.
cameradar		Hacks its way into RTSP videosurveillance cameras.
HomePWN		Swiss Army Knife for Pentesting of IoT Devices.
igoat		OWASP iGoat - A Learning Tool for iOS App Pentesting.
owasp-mastg		The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering.
PhoneSploit-Pro		Exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
QuadraInspect		Android framework that integrates AndroPass, APKUtil, and MobFS.

Wireless & Network

Traffic Analysis

Name	Stars	Description
arkime		A packet capturing, indexing, and database system.
scapy		Scapy: the Python-based interactive packet manipulation program & library.
btlejack		Bluetooth Low Energy Swiss-army knife.
Sniffle		A sniffer for Bluetooth 5 and 4.x LE.
macstealer		Wi-Fi Client Isolation Bypass.
wifite2		Rewrite of the popular wireless network auditor, "wifite".

Footprinting and reconnaissance

ARIN whois database search: Locate the network range.
awesome-osint: A curated list of amazingly awesome OSINT.
BuzzSumo: Find the most shared content for a topic, author, or a domain.
Censys: Full view of every server and device exposed.
CeWL: Gathering Wordlist from the Target Website.
DNSRecon: Reverse DNS lookup.
Extract Meta Data: Gather Information from Video Search Engines.
exposing.ai: Check if your Flickr photos were used to build face recognition.
Ghost Eye: It is an information-gathering tool written in Python 3. To run, Ghost Eye only needs a domain or IP.
Iky I Know You: It is a tool that collects information from an email and shows results in a nice visual interface.
NAPALM FTP Indexer: Gather Information from FTP Search Engines.
networkappers: Reverse DNS lookup.
Network Tools by YouGetSignal.com
NSLOOKUP: look up and find IP addresses in the DNS
OSINT_Collection: Maintained collection of OSINT related resources. (All Free & Actionable).
osint-suite-tools: Repository of the toolkit for making OSINT and SOCMINT with Dante's Gates Minimal Version.
ReconSpider: Framework for scanning IP Address, Emails, Websites, Organizations and find out information from different sources.
Reverse IP Lookup: Reverse DNS lookup.
Sherlock.py: Search a vast number of social networking sites for a target username.
Shodan: Search engine for Internet-connected devices.
Social Searcher: Free Social Media Search Engine.
Thingful: A search engine for the Internet of Things.
wafw00f: Allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
Wayback Machine
WhoIsHostingThis: Get information about the web host, IP address, name servers & more.
Sub3 Suite: A suite of tools for intelligence gathering and target mapping.
Sublist3r
Web Data Extractor
HTTrack
Tracing Emails
[Gathering IP and Domain Name info. using Whois Lookup]
Windows: SmartWhois
Kali Linux: whois command
Path Analyzer Pro
Bill Cipher: Information Gathering tool for a Website or IP address
FOCA
Maltego: Maltego is an open source intelligence (OSINT) and graphical link analysis tool for gathering and connecting information for investigative tasks.
OSINT Framework
OSRFramework: The Open Sources Research Framework is a AGPLv3+ project by i3visio focused on providing API and tools to perform more accurate online researches.
Raccoon: A high performance offensive security tool for reconnaissance and vulnerability scanning.
ReconDog: Reconnaissance Swiss Army Knife.
Recon-ng: Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.
Th3Inspector

Competitive Intelligence Gathering

What are the company's plans?

What expert do opinions say about the company?

Enumerate people, emails,...

Contact Out: Get private information from LinkedIn accounts.
';--have i been pwned?: Check if your email address is in a data breach.
hunter.io: Hunter lets you find email addresses in seconds and connect with the people that matter for your business.
Instant People Search: Searching people.
intelius: Searching people.
peekyou: Searching people.
pipl: Searching people.
pwndb: Search for leaked credentials.
Social Catfish: Searching people.
theHarvester: E-mails, subdomains and names Harvester * OSINT.
VerifyEmailAddress.org

Email tracking tools

eMailTrackerPro: Trace an email using the email header.
Infoga: Infoga is a tool gathering email accounts informations (ip,hostname,country,...) from different public source (search engines, pgp key servers and shodan) and check if emails was leaked using haveibeenpwned.com API. Is a really simple tool, but very effective for the early stages of a penetration test or just to know the visibility of your company in the Internet.
Mailtrack: Know when your emails are opened.
PoliteMail
RMail E-Security

Extracting Metadata of Public Documents

Exiftool: ExifTool meta information reader/writer.
Metagoofil: Metadata harvester.
Opanda IExif: It is a professional Exif viewer in Windows / IE / Firefox, From a photographer's eye, It displays the image taken from digital camera and every item of EXIF data in the image from beginning to end.
Web Data Extractor: Web Data Extractor Pro is a web scraping tool specifically designed for mass-gathering of various data types. It can harvest URLs, phone and fax numbers, email addresses, as well as meta tag information and body text. Special feature of WDE Pro is custom extraction of structured data.

Extracting Website Links

Link Extractor: Very simple tool which allows scrapping all the links from any web page in Internet.
Netpeak Spider: Desktop tool for day-to-day SEO audit, fast issue check, comprehensive analysis, and website scraping.
Octoparse: Octoparse is a free, multi-award winning web scraping software to turn websites into structured data without coding.

Find TLD's domains

Search Web by Domain
Sublist3r: Fast subdomains enumeration tool for penetration testers.

IP geolocation lookup

Mirroring entire website

Cyotek: Copy websites locally for offline browsing
HTTrack WebSite Copier: Copy websites to your computer.
NCollector Studio
Social-Engineer Toolkit (SET): It is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly.
ShellPhish: Phishing Tool for Instagram, Facebook, Twitter, Snapchat, Github.napchat, Github.

Monitoring webpages for updates and changes

visualping: Monitor website changes… so you don't have to!
Website-Watcher: Monitor websites for new content and changes.

Monitoring website traffic of target company

Alexa: Find, Reach, and Convert Your Audience.
TeamViewer Web Monitoring: Monitor the web experience (old Monitis).
Web-Stat

Phone number

phoneinfoga: Advanced information gathering & OSINT framework for phone numbers.
Osintgram : It is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname.

Traceroute

IT Management Software & Remote Monitoring Tools | SolarWinds
Path Analyzer Pro: Path Analyzer Pro delivers advanced network route-tracing with performance tests, DNS, whois, and network resolution to investigate network issues. By integrating all these powerful features into one simple graphical interface, Path Analyzer Pro has become a must-have tool for any network, systems, or security professional on Windows and Mac OS X.
VisualRoute

Twitter

#onemilliontweetmap
Creepy: Creepy is a geolocation OSINT tool. Gathers geolocation related information from online sources, and allows for presentation on map, search filtering based on exact location and/or date, export in csv format or kml for further analysis in Google Maps.
First Tweet * Who Said It First on Twitter
foller.me: Twitter analytics application that gives you rich insights about any public Twitter profile. We gather near real-time data about topics, mentions, hashtags, followers, location and more!
Followerwonk: Help to explore and grow one's social graph by digging deeper into Twitter analytics.
Omnisci
tinfoleak: The most complete open-source tool for Twitter intelligence analysis.

Website footprinting

Burp Suite
Find Subdomains Online | Pentest-Tools.com
Wappalyzer: Identifies technologies on websites, including content management systems, ecommerce platforms, JavaScript frameworks, analytics tools and much more.
Website informer: Evaluates authority and popularity of websites you are visiting.
What's that site running? | Netcraft: Find out the infrastructure and technologies used by any site using results from our internet data mining.
Zaproxy: The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications.

Website footprinting spiders

ParseHub: It is a free and powerful web scraping tool. With our advanced web scraper, extracting data is as easy as clicking on the data you need.
SpiderFoot: Automates OSINT collection and helps you find what matters
Web Data Extractor: It is a web scraping tool specifically designed for mass-gathering of various data types. It can harvest URLs, phone and fax numbers, email addresses, as well as meta tag information and body text. Special feature of WDE Pro is custom extraction of structured data.
webscarab-ng: WebScarab-NG is a complete rewrite of the old WebScarab application, with a special focus on making the application more user-friendly.

Networks

Angry IP Scanner: Fast and friendly network scanner
Capsa Portable Network Analyzer: Monitor, Analyze, Troubleshoot your Wired & Wireless Network.
Colasoft Packet Builder: Colasoft Packet Builder enables creating custom network packets; users can use this tool to check their network protection against attacks and intruders. Colasoft Packet Builder includes a very powerful editing feature. Besides common HEX editing raw data, it features a Decoding Editor allowing users to edit specific protocol field values much easier.
hping: hping3 is a network tool able to send custom TCP/IP packets and to display target replies like ping do with ICMP replies. hping3 can handle fragmentation, and almost arbitrary packet size and content, using the command line interface.
HTTPort 3.SNFM: HTTPort allows you to bypass your HTTP proxy, which is blocking you from the Internet. With HTTPort you may use various Internet software from behind the proxy, ex. e-mail, instant messengers, P2P file sharing, ICQ, News, FTP, IRC, etc.
Jaqen: Simple DNS rebinding.
Megaping: MegaPing is the ultimate must-have toolkit that provides essential utilities for Information System specialists, system administrators, IT solution providers or individuals.
Metasploit Framework
Nav: Network Administration Visualized.
netCut: With netCut, you can know who has is or has been on your WIFI, his name, device brand, what time in, what time out.
NetScanTools: NetScanTools Pro is an integrated collection of internet information gathering and network troubleshooting utilities for Network Professionals. Research IPv4 addresses, IPv6 addresses, hostnames, domain names, email addresses and URLs automatically or with manual tools. It is designed for the Windows operating system GUI. Automated tools are started interactively by the user. Include a promiscous detection scanner.
NetSurveyor: It is an 802.11 (WiFi) network discovery tool that gathers information about nearby wireless access points in real time and displays it in useful ways. Similar in purpose to NetStumbler, it includes many more features.
Network Topology Mapper: Network mapping software designed to automatically map your network.
Nmap: The Network Mapper.
Omnipeek Network Protocol Analyzer
Ostinato: Packet/Traffic Generator and Analyzer.
sparta: Network Infrastructure Penetration Testing Tool: NMap + hydra.
SteelCentral Packet Analyzer
Unicornscan
wireshark: Wireshark is a network traffic analyzer, or "sniffer", for Linux, macOS, *BSD and other Unix and Unix-like operating systems and for Windows. It uses Qt, a graphical user interface library, and libpcap and npcap as packet capture and filtering libraries.

ARP Poisoning

Cain
Ettercap: It is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.

Protection

ARP AntiSpoofer: A utility for detecting and resisting BIDIRECTIONAL ARP spoofing. It can anti-spoof for not only the local host, but also other hosts in the same subnet. It is as well a handy helper for gateways which don't work well with ARP.
ArpON: It is a Host-based solution that make the ARP standardized protocol secure in order to avoid the Man In The Middle (MITM) attack through the ARP spoofing, ARP cache poisoning or ARP poison routing attack.
arpstraw: Arp spoof detection tool.
shARP: An anti-ARP-spoofing application software that use active and passive scanning methods to detect and remove any ARP-spoofer from the network.
XArp – Advanced ARP Spoofing Detection: It is a security application that uses advanced techniques to detect ARP based attacks.

DHCP starvation attack

DHCPig: DHCP exhaustion script written in python using scapy network library.
dhcpstarv: Is tool that implements DHCP starvation attack. It requests DHCP leases on specified interface, save them and renew on regular basis.
Gobbler
Hyenae: It is a highly flexible platform independent network packet generator. It allows you to reproduce several MITM, DoS and DDoS attack scenarios, comes with a clusterable remote daemon and an interactive attack assistant.
yersinia: A framework for layer 2 attacks.

Rogue DHCP attack

Cain

DoS

hping3: hping3 is a network tool able to send custom TCP/IP packets and to display target replies like ping do with ICMP replies. hping3 can handle fragmentation, and almost arbitrary packet size and content, using the command line interface.
High Orbit Ion Cannon (HOIC)
Low Orbit Ion Cannon (LOIC): An open source network stress tool, written in C#. Based on Praetox's LOIC project.

Protection

Anti DDoS Software: Monitors each incoming and outgoing packet in Real-Time. It displays the local address, remote address, and other information of each network flow. Anti DDoS Guardian limits network flow number, client bandwidth, client concurrent TCP connection number, and TCP connection rate. It also limits the UDP bandwidth, UDP connection rate, and UDP packet rate.
DDoS-GUARD
DOSarrest’s DDoS protection service
Cloudflare
ID Ransomware: Upload a ransom note and/or sample encrypted file to identify the ransomware that has encrypted your data.
Imperva Incapsula DDoS Protection

MAC flood attack

macof: Flood a switched LAN with random MAC addresses.
yersinia: A framework for layer 2 attacks.

MAC Spoofing

SMAC: FREE MAC Address Spoofing Tool.
Technitium MAC Address Changer (TMAC): A freeware utility to spoof MAC address instantly.

Enumeration

Active Directory Explorer: It is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database, define favorite locations, view object properties and attributes without having to open dialog boxes, edit permissions, view an object's schema, and execute sophisticated searches that you can save and re-execute.
Advanced IP Scanner: Reliable and free network scanner to analyse LAN. The program shows all network devices, gives you access to shared folders, provides remote control of computers (via RDP and Radmin), and can even remotely switch computers off. It is easy to use and runs as a portable edition. It should be the first choice for every network admin.
Amass: The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.
dig: Network admin tool for querying DNS servers.
dirsearch: Web path scanner.
dnsrecon: DNS Enumeration Script.
dnswalk: A DNS database debugger.
domained: Multi Tool Subdomain Enumeration.
Engineer's Toolset: Network software with over 60 must-have tools.
enum4linux: It is a Linux alternative to enum.exe for enumerating data from Windows and Samba hosts.
EyeWitness: EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
Global Network Inventory: Global Network Inventory is a powerful and flexible software and hardware inventory system that can be used as an audit scanner in an agent-free and zero deployment environments. If used as an audit scanner, it only requires full administrator rights to the remote computers you wish to scan. Global Network Inventory can audit remote computers and even network appliances, including switches, network printers, document centers, etc.
gobuster: Directory/File, DNS and VHost busting tool written in Go.
google-url-extractor.js: Small script that extracts all URLs from a Google search result.
httprobe: Take a list of domains and probe for working HTTP and HTTPS servers.
Hurricane Electric BGP Toolkit
jxplorer: It is a cross platform LDAP browser and editor. It is a standards compliant general purpose LDAP client that can be used to search, read and edit any standard LDAP directory, or any directory service with an LDAP or DSML interface.
Knock: Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for DNS zone transfer and to try to bypass the wildcard DNS record automatically if it is enabled. Now knockpy supports queries to VirusTotal subdomains, you can setting the API_KEY within the config.json file.
LDAP Account Manager
LDAP Admin
LDAP Administrator
massdns: A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration).
NetBIOS Enumerator: This application was suggested to show how to use remote network support and how to deal with some other interesting web technics like SMB.
NetScanTools: NetScanTools Pro is an integrated collection of internet information gathering and network troubleshooting utilities for Network Professionals. Research IPv4 addresses, IPv6 addresses, hostnames, domain names, email addresses and URLs automatically or with manual tools. It is designed for the Windows operating system GUI. Automated tools are started interactively by the user.
Network Browser: NPM uses the SNMP protocol to send requests across your network and receive responses containing key configuration data, including system details and device failures. This is especially beneficial when dealing with large and dynamic networks using equipment from multiple vendors. Just provide a list of IP addresses or subnets along with SNMP credentials, and the NPM Network Sonar Wizard will automatically scan for devices.
Network Performance Monitor: Multi-vendor network monitoring that scales and expands with the needs of your network.
nmap-vulners: Identifies the used software for each found http port and builds CPEs for the identified versions.
nsauditor
nsec3map: A tool to enumerate the resource records of a DNS zone using its DNSSEC NSEC or NSEC3 chain
NSEarch (Nmap Script Engine Search): Minimal script to help find script into the nse database.
PsTools
RPCScan: Tool to communicate with RPC services and check misconfigurations on NFS shares
snmpcheck: Like to snmpwalk, snmpcheck permits to enumerate information via SNMP protocol.
SoftPerfect Network Scanner: Can ping computers, scan ports, discover shared folders and retrieve practically any information about network devices via WMI, SNMP, HTTP, SSH and PowerShell. It also scans for remote services, registry, files and performance counters; offers flexible filtering and display options and exports NetScan results to a variety of formats from XML to JSON.
subbrute: A DNS meta-query spider that enumerates DNS records, and subdomains.
subfinder: Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
Sublist3r: Fast subdomains enumeration tool for penetration testers.
SuperEnum: This script does the basic enumeration of any open port along with screenshots.
SystemTools Hyena: Using the built-in Windows administration tools to manage a medium to large Windows network or Active Directory environment can be a challenge. Add multiple domains, hundreds or thousands of servers, workstations, and users, and before you know it, things can get out of hand. Hyena is designed to both simplify and centralize nearly all of the day-to-day management tasks, while providing new capabilities for system administration. This functionality is provided in a single, centralized, easy to use product. Used today by tens of thousands of system administrators worldwide, Hyena is the one tool that every administrator cannot afford to be without.
waybackurls: Fetch all the URLs that the Wayback Machine knows about for a domain.
wfuzz: Web application fuzzer.

Vulnerability Scanning

GFI LanGuard
Nessus: Scanning for vulnerabilities in various operating systems. It consists of a daemon, nessusd, which performs the scan on the target system, and nessus, the client which displays the progress and reports on the status of the scans.
nikto: Nikto web server scanner.
OpenVAS: It is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low level Internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test.
skipfish: Is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.
Vulnerability Scanning Tools by OWASP

System hacking

charlotte: c++ fully undetected shellcode launcher ;).
DSInternals: The DSInternals project consists of these two parts: 1 * The DSInternals Framework exposes several internal features of Active Directory and can be used from any .NET application. The codebase has already been integrated into several 3rd party commercial products that use it in scenarios like Active Directory disaster recovery, identity management, cross-forest migrations and password strength auditing. 2 * The DSInternals PowerShell Module provides easy-to-use cmdlets that are built on top of the Framework.
EagleShell: EagleShell is a high-quality tool that aims to improve your pentest.
Metasploit Framework
mimikatz: A little tool to play with Windows security.
MSFvenom Payload Creator (MSFPC): A quick way to generate various "basic" Meterpreter payloads via msfvenom (part of the Metasploit framework).
ntdsxtract: Active Directory forensic framework.
PEASS * Privilege Escalation Awesome Scripts SUITE (with colors): Here you will find privilege escalation tools for Windows and Linux/Unix and MacOS. These tools search for possible local privilege escalation paths that you could exploit and print them to you with nice colors so you can recognize the misconfigurations easily.
php-webshells: Common PHP webshells you might need for your Penetration Testing assignments or CTF challenges. Do not host the file(s) on your server!
PowerTools: PowerTools is a collection of PowerShell projects with a focus on offensive operations.
unicorn: It is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.
Veil: It is a tool designed to generate metasploit payloads that bypass common anti-virus solutions.
venom: The script will use msfvenom (metasploit) to generate shellcode in diferent formats ( C * [| python | ruby | dll | msi | hta-psh | docm | apk | macho | elf | deb | mp4 | etc ) injects the shellcode generated into one template (example: python) "the python funtion will execute the shellcode into ram" and uses compilers like gcc (gnu cross compiler) or mingw32 or pyinstaller to build the executable file.
wevtutil: Enables you to retrieve information about event logs and publishers. You can also use this command to install and uninstall event manifests, to run queries, and to export, archive, and clear logs.
WhiteWinterWolf's PHP web shell

Android

Fing
netCut: With netCut, you can know who has is or has been on your WIFI, his name, device brand, what time in, what time out.
Network IP Scanner
Network Scanner
Network Spoofer: Lets you change websites on other people’s computers from an Android phone. After downloading simply log onto a Wifi network, choose a spoof to use and press start.
WHO'S ON MY WIFI * NETWORK SCANNER
PhoneSploit: A tool for remote ADB exploitation in Python3 for all Machines.
Quick Android Review Kit (QARK): Tool to look for several security related Android application vulnerabilities.
Quixxi Vulnerability Scanner
Shellshock Vulnerability Scan: Free, fastest & open Source app to scan for Shellshock vulnerability in Android.
Vulners Scanner: It implements technology of passive vulnerability scanning based on software version fingerprint.
Yaazhini: Free Android APK & API Vulnerability Scanner.
zANTI: It is a mobile penetration testing toolkit that lets security managers assess the risk level of a network with the push of a button. This easy to use mobile toolkit enables IT Security Administrators to simulate an advanced attacker to identify the malicious techniques they use in the wild to compromise the corporate network.
APK Decompilers Online
apkleaks: Scanning APK file for URIs, endpoints & secrets.
apkstudio: Open-source, cross platform Qt based IDE for reverse-engineering Android application packages.
Apktool: A tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications. It also makes working with an app easier because of the project like file structure and automation of some repetitive tasks like building apk, etc.
appium: It is an open source test automation framework for use with native, hybrid and mobile web apps.
Argus-SAF: Argus static analysis framework
BitBar: Testing Intelligence for DevOps.
Bytecode Viewer: A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More).
dexcalibur: Android reverse engineering tool focused on dynamic instrumentation automation. Powered by Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.
drozer: The Leading Security Assessment Framework for Android.
fbinfer: A tool to detect bugs in Java and C/C++/Objective-C code before it ships.
frida.re: Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
Inspeckage: About Android Package Inspector * dynamic analysis with api hooks, start unexported activities and more.
JEB Decompiler: Decompile and debug binary code. Break down and analyze document files. Android Dalvik, Intel x86, ARM, MIPS, Java, WebAssembly & Ethereum Decompilers.
Mobile Security Framework (MobSF): It is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
objection: Runtime mobile exploration.
Quixxi Vulnerability Scanner
SandDroid: An automatic Android application analysis system.
selendroid: Test automation for native or hybrid Android apps and the mobile web with Selendroid.
Sixo Online APK Analyzer: This tool allows you to analyze various details about Android APK files. It can decompile binary xml files and resources.
DroidSheep: It is an open-source Android application made by Corsin Camichel that allows you to intercept unprotected web-browser sessions using WiFi.
DroidSniff: It is an Android app for Security analysis in wireless networks and capturing facebook, twitter, linkedin and other accounts.rotected web-browser sessions using WiFi.
FaceNiff: It is an Android app that allows you to sniff and intercept web session profiles over the WiFi that your mobile is connected to. It is possible to hijack sessions only when WiFi is not using EAP, but it should work over any private networks (Open/WEP/WPA-PSK/WPA2-PSK). It's kind of like Firesheep for android. Maybe a bit easier to use (and it works on WPA2!).

iOS

Trident: This exploits the following two CVEs: CVE-2016-4655, allow an attacker to obtain sensitive information from kernel memory via a crafted app; and CVE-2016-4656, allow an attacker to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Privilege Escalation / Post exploitation

BeRoot: It is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.
linpostexp: ux post exploitation enumeration and exploit checking tools.
meterpreter * getsystem
PowerSploit: A PowerShell Post-Exploitation Framework

Exploit databases

Circl
CVE mitre: The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
cxsecurity
Exploit Database
SecurityFocus
VulDB
Vulners

Logs

auditpol: Displays information about and performs functions to manipulate audit policies.
BleachBit
Clear_Event_Viewer_Logs.bat
DBAN
Log-killer: Clear all your logs in [linux/windows] servers.
Privacy Eraser
Wipe

Brutus Password Cracker
Cain: Password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncover,…
hashcat: Password recovery utility, supporting five unique modes of attack for over 300 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS, and has facilities to help enable distributed password cracking.
John the Ripper jumbo: Advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs.
L0phtCrack Password Auditor: Enforce strong passwords across your enterprise.
medusa: Medusa is a speedy, parallel, and modular, login brute-forcer.
penglab: Abuse of Google Colab for cracking hashes.
RainbowCrack: It is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique. It crack hashes with rainbow tables.
Responder: Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
thc-hydra: Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system.

Databases

ANY.RUN: Registration required.
Contagio Malware Dump: Curated, password required.
CAPE Sandbox: Registration required.
Das Malwerk
Hatching Triage: Registration required.
Hybrid Analysis: Registration required.
InQuest Malware Samples
ios-malware: KeyRaider, OneClick, and XcodeGhost.
KernelMode.info: Registration required.
MalShare: Registration required.
MalwareBazaar: MalwareBazaar is a project from abuse.ch with the goal of sharing malware samples with the infosec community, AV vendors and threat intelligence providers.
MalwareSamples Malware-Feed: Curated.
MalwareSourceCode: About Collection of malware source code for a variety of platforms in an array of different programming languages.
Objective-See Collection: Mac malware.
PacketTotal: Malware inside downloadable PCAP files.
PhishingKitTracker: Phishing sites source code.
PolySwarm: Registration required.
SNDBOX: Registration required.
SoReL-20M: 10M defanged malware samples.
theZoo: A repository of LIVE malwares for your own joy and pleasure.
URLhaus: Links to live sites hosting malware.
VirusBay: Registration required.
VirusShare: Registration required.
VirusSign: Registration required.
Virus and Malware Samples: Includes APT, registration required.
vx-underground
CVE mitre: The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
CWE mitre: It is a community-developed list of software and hardware weakness types. It serves as a common language, a measuring stick for security tools, and as a baseline for weakness identification, mitigation, and prevention efforts.
National Vulnerability Database: The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
Objective-See
SecurityFocus
Talos * Vulnerability Information: Talos investigates software and operating system vulnerabilities in order to discover them before malicious threat actors do. We provide this information to vendors so that they can create patches and protect their customers as soon as possible.

Debuggers / Disassemblers

Fiddler
Immunity Debugger: It is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry's first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.
OllyDbg: OllyDbg is a 32-bit assembler level analysing debugger for Microsoft® Windows®. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable.
WinDbg: Can be used to debug kernel-mode and user-mode code, analyze crash dumps, and examine the CPU registers while the code executes.
x64dbg: An open-source x64/x32 debugger for windows.

Decompilers

binary.ninja: Online decompiler.
cutter: Free and Open Source Reverse Engineering Platform powered by rizin.
Decompiler: Online decompiler.
dnSpy: .NET debugger and assembly editor.
Dotnet IL Editor (dile): Dotnet IL Editor (DILE) allows disassembling and debugging .NET 1.0/1.1/2.0/3.0/3.5/4.0 applications without source code or .pdb files. It can debug even itself or the assemblies of the .NET Framework on IL level.
dotPeek: It is a .NET decompiler from JetBrains, the makers of a wide array of developer productivity tools: ReSharper, dotTrace, and dotCover for .NET developers.
Ghidra Software Reverse Engineering Framework: This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.
IDA Pro
ILSpy: ILSpy is the open-source .NET assembly browser and decompiler.
Online Disassembler
radare2: UNIX-like reverse engineering framework and command-line toolset.
ScyllaHide: ScyllaHide is an advanced open-source x64/x86 user mode Anti-Anti-Debug library. It hooks various functions to hide debugging. This tool is intended to stay in user mode (ring 3).
Snowman: Snowman is a native code to C/C++ decompiler.
Telerik JustDecompile: Open Source Decompilation Engine.
Tenet * A Trace Explorer for Reverse Engineers: Tenet is an IDA Pro plugin for exploring execution traces. The goal of this plugin is to provide more natural, human controls for navigating execution traces against a given binary. The basis of this work stems from the desire to research new or innovative methods to examine and distill complex execution patterns in software.
UtinyRipper: It is a tool for extracting assets from serialized files (CAB-, .assets, .sharedAssets, etc.) and assets bundles (.unity3d, *.assetbundle, etc.) and conveting them into native Engine format.
xAnalyzer: xAnalyzer is a plugin for the x86/x64 x64dbg debugger by @mrexodia. This plugin is based on APIInfo Plugin by @mrfearless, although some improvements and additions have been made. xAnalyzer is capable of doing various types of analysis over the static code of the debugged application to give more extra information to the user. This plugin is going to make an extensive API functions call detections to add functions definitions, arguments and data types as well as any other complementary information, something close at what you get with OllyDbg analysis engine, in order to make it even more comprehensible to the user just before starting the debuggin task.

Deobfuscator

de4dot: .NET deobfuscator and unpacker.
XLMMacroDeobfuscator: Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros).

Dependencies

DependencyCheck: OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
Dependency Walker: It is a free utility that scans any 32-bit or 64-bit Windows module (exe, dll, ocx, sys, etc.) and builds a hierarchical tree diagram of all dependent modules. For each module found, it lists all the functions that are exported by that module, and which of those functions are actually being called by other modules. Another view displays the minimum set of required files, along with detailed information about each file including a full path to the file, base address, version numbers, machine type, debug information, and more.
Hakiri: Monitors Ruby apps for dependency and code security vulnerabilities.
RetireJS: There is a plethora of JavaScript libraries for use on the web and in node.js apps out there. This greatly simplifies, but we need to stay update on security fixes. "Using Components with Known Vulnerabilities" is now a part of the OWASP Top 10 and insecure libraries can pose a huge risk for your webapp. The goal of Retire.js is to help you detect use of version with known vulnerabilities.
snyk

Device drivers monitoring

DriverView

DNS monitoring

DNSQuerySniffer: It is a network sniffer utility that shows the DNS queries sent on your system. For every DNS query, the following information is displayed: Host Name, Port Number, Query ID, Request Type (A, AAAA, NS, MX, and so on), Request Time, Response Time, Duration, Response Code, Number of records, and the content of the returned DNS records.

File fingerprinting

HashCalc
HashMyFiles: It is small utility that allows you to calculate the MD5 and SHA1 hashes of one or more files in your system. You can easily copy the MD5/SHA1 hashes list into the clipboard, or save them into text/html/xml file.
HashTab
md5deep and hashdeep
mimikatz: A little tool to play with Windows security.

Files integrity monitoring

CSP File Integrity Checker: FIC delivers a simple yet powerful solution with its file monitoring and reporting capabilities. File monitoring is a critical part of the PCI data security standard to protect confidential (e.g. card-holder) information.
Netwrix Auditor
NNT Change Tracker: Includes context-based File Integrity Monitoring and File Whitelisting to assure all change activity is automatically analyzed and validated.
PA File Sight
Verisys: File integrity monitoring for Windows, Linux and network devices.
Wazuh

Network

Capsa Portable Network Analyzer: Capsa, a portable network performance analysis and diagnostics tool, provides tremendously powerful and comprehensive packet capture and analysis solution with an easy to use interface allowing both veteran and novice users the ability to protect and monitor networks in a critical business environment. Capsa aids in keeping you assessed of threats that may cause significant business outage.
CurrPorts: It is network monitoring software that displays the list of all currently opened TCP/IP and UDP ports on your local computer. For each port in the list, information about the process that opened the port is also displayed, including the process name, full path of the process, version information of the process (product name, file description, and so on), the time that the process was created, and the user that created it.
FakeNet: It is Windows network simulation tool designed for malware analysis. It redirects all traffic leaving a machine to the localhost (including hard-coded IP traffic and DNS traffic) and implements several protocols to ensure that malicious code continues to execute and can be observed by an analyst.
GFI LanGuard
INetSim: It is a software suite for simulating common internet services in a lab environment, e.g. for analyzing the network behaviour of unknown malware samples.
NetFlow Traffic Analyzer
Netfort
Port Monitor
PRTG Network Monitor
TCPView: It is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections.
Wireshark

Packers

.NET Generic Unpacker: This is a program to dump .NET packed applications. Of course no serious .NET protection relies on packing. In fact, this software shows how easily you can unpack a protected assemly. This .NET Generic Unpacker was written in a couple of hours and despite of the fact that it’s very simple, it might turn useful having it: otherwise you have to unpack manually, which is quite easy as well.
ASL: Detect packer , compiler , protector , .NET obfuscator.
ASPack: It is an advanced EXE packer created to compress Win32 executable files and to protect them against non-professional reverse engineering.
https://github.com/horsicq/Detect-It-Easy: Program for determining types of files for Windows, Linux and MacOS.
PEiD: It is an intuitive application that relies on its user-friendly interface to detect packers, cryptors and compilers found in PE executable files – its detection rate is higher than that of other similar tools since the app packs more than 600 different signatures in PE files.
macro_pack: The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.
RDG Packer Detector: It is a detector for packers, ciphers, compilers, packers, encoders, assemblers, installers.
UPX the Ultimate Packer for eXecutables: It is a free, portable, extendable, high-performance executable packer for several executable formats.

Portable Executable (PE) explorer

CFF Explorer: CFF Explorer was designed to make PE editing as easy as possible, but without losing sight on the portable executable’s internal structure.
Detect It Easy (DiE): Determining types of files.
dllcharacteristics.py: A simple Python tool for getting and setting the values of DLL characteristics for PE files.
Exeinfo PE
Lord PE: LordPE is a tool for system programmers/reverse engineers which is able to edit/view many parts of PE (Portable Executable) files, dump them from memory, optimize them, validate, analyze, edit, etc.
PE Explorer: Lets you open, view and edit a variety of different 32-bit Windows executable file types (also called PE files) ranging from the common, such as EXE, DLL and ActiveX Controls, to the less familiar types, such as SCR (Screensavers), CPL (Control Panel Applets), SYS, MSSTYLES, BPL, DPL and more (including executable files that run on MS Windows Mobile platform).
PE-bear: PE-bear is a freeware reversing tool for PE files. Its objective is to deliver fast and flexible “first view” for malware analysts, stable and capable to handle malformed PE files.
pefile: It is a Python module to read and work with PE (Portable Executable) files.
PEframe: It is a open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents.
PeNet: It is a parser for Windows Portable Executable headers. It completely written in C * [and does not rely on any native Windows APIs. Furthermore it supports the creation of Import Hashes (ImpHash), which is a feature often used in malware analysis. You can extract Certificate Revocation List, compute different hash sums and other useful stuff for working with PE files.
PeNet Web: PeNet Web is an online Portable Executable viewer. It displays fields and additional information from uploaded PE files. The project is based on the PeNet library.
pestudio: The goal of pestudio is to spot artifacts of executable files in order to ease and accelerate Malware Initial Assessment. The tool is used by Computer Emergency Response (CERT) teams, Security Operations Centers (SOC) and Labs worldwide.
PeView: Provides a quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files. This PE/COFF file viewer displays header, section, directory, import table, export table, and resource information within EXE, DLL, OBJ, LIB, DBG, and other file types.
PortEx: Java library to analyse Portable Executable files with a special focus on malware analysis and PE malformation robustness.
Portable Executable Scanner (pescan): It is a command line tool to scan portable executable (PE) files to identify how they were constructed.
PPEE (puppy): It is a Professional PE file Explorer for reversers, malware researchers and those who want to statically inspect PE files in more details.
Resource Hacker: It is a resource editor for 32bit and 64bit Windows® applications. It's both a resource compiler (for .rc files), and a decompiler * enabling viewing and editing of resources in executables (.exe; .dll; .scr; etc) and compiled resource libraries (.res, .mui). While Resource Hacker™ is primarily a GUI application, it also provides many options for compiling and decompiling resources from the command-line.

Ransomware

ransomware-sources: Collection of source code of some ransomware on Github.

RATs

RAT-NjRat-0.7d-modded-source-code

Scanners / Sandbox

Cuckoo: You can throw any suspicious file at it and in a matter of minutes Cuckoo will provide a detailed report outlining the behavior of the file when executed inside a realistic but isolated environment.
Hybrid Analysis: This tool allows sending a file to different scanners in parallel: VirusTotal, MetaDefender and CrowdStrike Falcon. Send samples.
jotti: Simple online scanner that returns the scan results of a number of antivirus scanners, as well as some basic information about the file. Send samples.
KIMS: KIMS was the first local and web multi scan of the world which last version came out on 2006 programed by Thor. In 2009 it began being developed to the new version by DSR!.
Malice.IO: VirusTotal Wanna Be * Now with 100% more Hipster.
MalwareAnalysis.co
NoDistribute
Noriben: Portable, Simple, Malware Analysis Sandbox.
thor-av-multiscanner: Static analysis of malware using Docker. This software allows you to scan a file with different antivirus engines. Also, it allows obtaining information from a file; such as imported libraries, PE, hashes, etc.
Valkyrie Sandbox: It is a file verdict system. Different from traditional signature based malware detection techniques Valkyrie conducts several analysis using run-time behavior and hundreds of features from a file and based on analysis results can warn users against malware undetected by classic Anti-Virus products.
VirusTotal: Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community. Displays information on static and dynamic analysis. Send samples.

Spyware

ACTIVTrack
Spytech SpyAgent: Allows you to monitor and record EVERYTHING users do on your computer * in total stealth. SpyAgent provides an unrivaled set of essential computer monitoring features, as well as website and application content filtering, chat client blocking, real-time activity alerts, and remote delivery of logs via email or FTP.
NetVizor
Power Spy: It is a computer activity monitoring software that allows you to secretly log all users on a PC while they are unaware. After the software is installed on the PC, you can remotely receive log reports on any device via email or FTP. You can check these reports as soon as you receive them or at any convenient time. You can also directly check logs using the log viewer on the monitored PC.
SoftActivity Monitor
Veriato Cerebral

String search

BinText: A small, very fast and powerful text extractor that will be of particular interest to programmers. It can extract text from any kind of file and includes the ability to find plain ASCII text, Unicode (double byte ANSI) text and Resource strings, providing useful information for each item in the optional "advanced" view mode. Its comprehensive filtering helps prevent unwanted text being listed. The gathered list can be searched and saved to a separate file as either a plain text file or in informative tabular format.
FireEye Labs Obfuscated String Solver: Automatically extract obfuscated strings from malware.
Strings
stringsifter: A machine learning tool that ranks strings based on their relevance for malware analysis.

Virus

Windows registry monitoring

Autoruns for Windows: This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and when you start various built-in Windows applications like Internet Explorer, Explorer and media players. These programs and drivers include ones in your startup folder, Run, RunOnce, and other Registry keys. Autoruns reports Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond other autostart utilities.
Registrar Registry Manager: It is an advanced and complete suite of tools that allows you to safely maintain your local registry as well as the registries on the systems of your network. Since many years, Registrar Registry Manager has been the expert's choice in registry management.
Registry Viewer
Reg Organizer: The utility allows you to remove unwanted programs from the system and search for traces of the uninstalled program. If there are “heavy” programs that run automatically on start-up in your Windows operating system, disabling them in an advanced startup manager can in some cases speed up the boot time and operation of your operating system. The disk cleanup feature frees up space on your system disk. And this is only part of features in the utility.
RegScanner: Is a small utility that allows you to scan the Registry, find the desired Registry values that match to the specified search criteria, and display them in one list. After finding the Registry values, you can easily jump to the right value in RegEdit, simply by double-clicking the desired Registry item. You can also export the found Registry values into a .reg file that can be used in RegEdit.
regshot: Regshot is an open-source (LGPL) registry compare utility that allows you to quickly take a snapshot of your registry and then compare it with a second one * done after doing system changes or installing a new software product.

Windows services monitoring

Advanced Windows Service Manager: It is the specialized software for smarter analysis of Windows Services. It offers many powerful and unique features which sets it apart from built-in Service Management Console as well as other similar softwares.
AnVir Task Manager: Control everything running on computer, remove Trojans, speed up computer.
Netwrix Service Monitor: Freeware service monitoring tool that enables you to monitor Windows services on your critical servers.
PA File Sight
Process Hacker
Service+
SrvMan: Windows Service Manager is a small tool that simplifies all common tasks related to Windows services. It can create services (both Win32 and Legacy Driver) without restarting Windows, delete existing services and change service configuration. It has both GUI and Command-line modes. It can also be used to run arbitrary Win32 applications as services (when such service is stopped, main application window is closed automatically).

Session hijacking

Burp Suite
bettercap: The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks.
netool toolki: MitM pentesting opensource toolkit.
OWASP ZAP: It is an integrated penetration testing tool for finding vulnerabilities in web applications. It offers automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. ZAP allows you to see all the requests you make to a web app and all the responses you receive from it. Among other things, it allows you to see AJAX calls that may not otherwise be outright visible. You can also set breakpoints, which allow you to change the requests and responses in real-time.
https://github.com/moxie0/sslstrip: A tool for exploiting Moxie Marlinspike's SSL "stripping" attack.
WebSploit Framework

Hacking web

DirBuster: It is a multi threaded java application designed to brute force directories and files names on web/application servers.
Ghost Eye: It is an information-gathering tool written in Python 3. To run, Ghost Eye only needs a domain or IP.
httprecon: It is a tool for advanced web server fingerprinting. This tool performs banner-grabbing attacks, status code enumeration, and header ordering analysis on its target web server.
ID Serve: It is a simple Internet server identification utility. Following is a list of its capabilities: HTTP server identification, Non-HTTP server identification, Reverse DNS lookup.
skipfish: Is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.

Whois lookup

DNS interrogation

Scan ports and services running

Nmap
WhatWeb

Web Application Reconnaissance

telnet
WhatWeb

Web spidering

OWASP Zed Attack Proxy (ZAP): Integrated penetration testing tool for finding vulnerabilities in web applications. It offers automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

Detect load balancer

dig: Network admin tool for querying DNS servers.
halberd: discovers HTTP load balancers. It is useful for web application security auditing and for load balancer configuration testing.
load balancing detector (lbd): Detects if a given domain uses DNS and/or HTTP Load-Balancing (via Server: and Date: header and diffs between server answers).

Identify web server directories

Gobuster: Directory/File, DNS and VHost busting tool written in Go.
Nmap

Identify web application vulnerabilities

acunetix
appscan
appspider: Web application security testing to close the gaps in your apps.
arachni: Web Application Security Scanner Framework.
nikto: Nikto web server scanner.
OWASP Zed Attack Proxy (ZAP): Integrated penetration testing tool for finding vulnerabilities in web applications. It offers automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
uniscan: Uniscan web vulnerability scanner.
vega: It is a free and open source web security scanner and web security testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.
Vulnerability Scanning Tools by OWASP
WPScan: WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites.

Attack

Burp Suite: Integrated platform for performing security testing of web applications. It has various tools that work together to support the entire testing process from the initial mapping and analysis of an application’s attack surface to finding and exploiting security vulnerabilities. Contains key components such as an intercepting proxy, application-aware spider, advanced web application scanner, intruder tool, repeater tool, and sequencer tool.
HopLa Burp Suite Extender plugin: Adds autocompletion support and useful payloads in Burp Suite.
Metasploit Framework
php-webshells: Common PHP webshells you might need for your Penetration Testing assignments or CTF challenges. Do not host the file(s) on your server!
Weevely: Used to develop a backdoor shell and upload it to a target server in order to gain remote shell access. This tool also helps in performing administrative tasks, maintaining persistence, and spreading backdoors across the target network.

SQL Injection

bbqsql: SQL Injection Exploitation Tool.
blind-sql-bitshifting: A blind SQL injection module that uses bitshfting to calculate characters.
Blisqy: Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).
DSSS * Damn Small SQLi Scanner: It is a fully functional SQL injection vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code.
Havij: It is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software, user can perform back-end database fingerprinting, retrieve DBMS login names and password hashes, dump tables and columns, fetch data from the database, execute SQL statements against the server, and even access the underlying file system and execute operating system shell commands.
Mole: It is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. The Mole uses a command based interface, allowing the user to indicate the action he wants to perform easily. The CLI also provides auto-completion on both commands and command arguments, making the user type as less as possible.
NoSQLMap: Automated NoSQL database enumeration and web application exploitation tool.
sqlmap: Is is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Vulnerable web applications

Damn Vulnerable Web App (DVWA): It is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid both students & teachers to learn about web application security in a controlled class room environment.

Protection

atomic-red-team: Small and highly portable detection tests based on MITRE's ATT&CK.
brave
CaseFile
CODE42
malwarebytes
Splunk
Tor
whoogle-search: A self-hosted, ad-free, privacy-respecting metasearch engine.

Disk encryption

FinalCrypt
Rohos Disk Encryption: It is program creates hidden and protected partitions on a computer, USB flash drive or cloud storage. It protects/locks access to encrypted partitions with a hardware key replacing your password.
VeraCrypt

E-mail

Egress Secure Email and File Transfer: Secure email encryption software that delivers the highest level of security.
Gilisoft Full Disk Encryption
Proofpoint Email Protection
RMail E-Security
Virtru: End to End Encryption for Email and Files.
ZixMail: It is the desktop email encryption solution that provides individuals with a high level of security in their email communications. It’s an easy-to-use service that lets users encrypt and decrypt emails and attachments with a single click.

Firewalls

Honeypots

awesome-honeypots: An awesome list of honeypot resources.
Honeyd Virtual Honeypot: Is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain operating systems. Honeyd enables a single host to claim multiple addresses * I have tested up to 65536 * on a LAN for network simulation. Honeyd improves cyber security by providing mechanisms for threat detection and assessment. It also deters adversaries by hiding real systems in the middle of virtual systems.
KFSensor: Acts as a honeypot, designed to attract and detect hackers and worms by simulating vulnerable system services and trojans.

IDS / IPS

Snort: Open Source Intrusion Prevention System (IPS) in the world. Snort IPS uses a series of rules that help define malicious network activity and uses those rules to find packets that match against them and generates alerts for users.
wazuh: Open source security platform based on OSSEC.

Inventory management

GLPI Project
OCS Inventory: Open computers and software inventory is an assets management solution.
spiceworks

Passwords

1password: Password manager.

Patch

Patch My PC: Simplify third-party patching on your PC.
Windows Server Update Services (WSUS): Enables information technology administrators to deploy the latest Microsoft product updates.

Trackers

ClearURLs: This extension will automatically remove tracking elements from URLs to help protect your privacy when browse through the Internet.
PixelBlock: Blocks people from tracking when you open their emails.
Privacy Badger: Automatically learns to block invisible trackers.
Ugly Email: It is an open-source Gmail extension for identifying and blocking email trackers.

Forensics

Autopsy: Autopsy® is the premier end-to-end open source digital forensics platform. Built by Basis Technology with the core features you expect in commercial forensic tools, Autopsy is a fast, thorough, and efficient hard drive investigation solution that evolves with your needs.
Volatility: An advanced memory forensics framework.

avatarify: Avatars for Zoom, Skype and other video-conferencing apps.
mailtrack": Know when your emails are opened.
Get Facebook account from phone number

Phising

Social-Engineer Toolkit (SET): It is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly.
ShellPhish: Phishing Tool for Instagram, Facebook, Twitter, Snapchat, Github.napchat, Github.
king-phisher: Phishing Campaign Toolkit.
OhPhish

Phishing detection

Hacking wireless

aircrack-ng: It is a complete suite of tools to assess WiFi network security.
kismac-ng: Free and open-source program helps you collect essential information about surrounding WiFi networks. KisMAC WiFi scanner app can detect SSIDs, shows you the logged in clients, allows you to sketch WiFi maps, and more!
Reaver
Pyrit: It allows you to create massive databases of pre-computed WPA/WPA2-PSK authentication phase in a space-time-tradeoff. By using the computational power of Multi-Core CPUs and other platforms through ATI-Stream,Nvidia CUDA and OpenCL, it is currently by far the most powerful attack against one of the world's most used security-protocols.
wepattack: Active dictionary attack on WEP keys in WLAN networks.
wepcrackgui: Gui for aircrack-ng that can crack WEP and WPA networks, automatically scans for available networks, provides fake authentication and injection support.

Bluetooth

bluediving: The Bluetooth penetration testing tool suite.

Finding WPS-Enabled APs

Wash

MAC spoofing

WPA3

dragondrain-and-time: dragondrain tool can be used to test wether, or to which extend, an Access Point is vulnerable to denial-of-service attacks against WPA3's SAE handshake. dragontime is an experimental tool to perform timing attacks against the SAE handshake if MODP group 22, 23, or 24 are supported. Note that most WPA3 implementations by default do not enable these groups.
dragonforce: It is an experimental tool which takes the information recovered from our timing or cache-based attacks, and performs a password partitioning attack. This is similar to a dictionary attack.
dragonslayer: This is an experimental tool to test WPA3's SAE and EAP-pwd implementations for vulnerabilities. We also strongly recommend to perform code inspections to assure all vulnerabilities have been properly addressed.

Steganography

CryptaPix
gifshuffle
OpenStego: It is a steganography application that provides two functionalities: a) Data Hiding: It can hide any data within an image file. b) Watermarking: Watermarking image files with an invisible signature. It can be used to detect unauthorized file copying.
QuickStego
SSuite Picsel
snow: It is used to conceal messages in ASCII text by appending whitespace to the end of lines. Because spaces and tabs are generally not visible in text viewers, the message is effectively hidden from casual observers. And if the built-in encryption is used, the message cannot be read even if it is detected.

Internet of Things (IoT)

Shodan: Search engine for Internet-connected devices.

Maintain access

Firmware Modification Kit: This kit is a collection of scripts and utilities to extract and rebuild linux based firmware images.

Enumeration

Bucket Finder: This is a fairly simple tool to run, all it requires is a wordlist and it will go off and check each word to see if that bucket name exists in the Amazon's S3 system. Any that it finds it will check to see if the bucket is public, private or a redirect.
lazys3: A Ruby script to bruteforce for AWS s3 buckets using different permutations.
s3-buckets-finder: Find aws s3 buckets and extract datas.
s3-inspector: Tool to check AWS S3 bucket permissions.
s3recon: Amazon S3 bucket finder and crawler.
S3Scanner: Scan for open AWS S3 buckets and dump the contents.

Exploit

aws_pwn: A collection of AWS penetration testing junk.

Google Storage Buckets

GCPBucketBrute: A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.

Scanners

clair: Vulnerability Static Analysis for Containers.
dagda: A tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities.
trivy: A Simple and Comprehensive Vulnerability Scanner for Container Images, Git Repositories and Filesystems. Suitable for CI.

Salesforce

CxVSCode: It is an IDE extension that brings the Checkmarx AppSec unique capabilities closer to the developer.

Javascript

RetireJS: There is a plethora of JavaScript libraries for use on the web and in node.js apps out there. This greatly simplifies, but we need to stay update on security fixes. "Using Components with Known Vulnerabilities" is now a part of the OWASP Top 10 and insecure libraries can pose a huge risk for your webapp. The goal of Retire.js is to help you detect use of version with known vulnerabilities.

SAST Tools:

Web Archives

Wayback Machine

Vulnerabilities (CVE)

Malwares

4n4lDetector: It is a tool for analysis of Windows executable files, in order to quickly identify if this is or is not a malware. Most analyzes are based on the extraction of strings "ANSI" and "UNICODE" in disk, but also works with "Memory Dumps".
Advanced AV Evasion Tool For Red Team Ops
Antispy: AntiSpy is a free but powerful anti virus and rootkits toolkit.It offers you the ability with the highest privileges that can detect, analyze and restore various kernel modifications and hooks.With its assistance, you can easily spot and neutralize malware, hidden from normal detectors.
awesome-malware-analysis: A curated list of awesome malware analysis tools and resources.
awesome-yara: A curated list of awesome YARA rules, tools, and people.
Bytehist: A tool for generating byte-usage-histograms for all types of files with a special focus on binary executables in PE-format (Windows).
Cerbero Suite
Disk pulse: It is a real-time disk change monitoring solution allowing one to monitor one or more disks or directories, save reports and disk change monitoring statistics, export detected changes to a centralized SQL database, execute custom commands and send E-Mail notifications when unauthorized changes are detected in critical system files.
EvilClippy: A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
Ghidra-Scripts: Malware analysis scripts for Ghidra.
hijackthis: A free utility that finds malware, adware and other security threats.
Indetectables Toolkit: Fundamental reverse/analysis/cracking toolkit.
MalAPI.io: List of Windows API functions ranked based on their usefulness in malware.
Malicious PDF Generator: Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator.
MalwareAnalysis.co: Collection of malware tool and resources: Windows, macOS, Linux, https://malwareanalysis.co/resources/tools/android/.
M/Monit: Can monitor and manage distributed computer systems, conduct automatic maintenance and repair and execute meaningful causal actions in error situations.
obfuscation_detection: Collection of scripts to pinpoint obfuscated code.
PELock Software Protection & Software License Key System
Phantom-Evasion: It is an antivirus evasion tool written in python (both compatible with python and python3) capable to generate (almost) fully undetectable executable even with the most common x86 msfvenom payload.
Process Explorer: Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.
Process Monitor: It is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity.
ProcDOT: There are plenty of tools for behavioral malware analysis. The defacto standard ones, though, are Sysinternals’s Process Monitor (also known as Procmon) and PCAP generating network sniffers like Windump, Tcpdump, Wireshark, and the like. These “two” tools cover almost everything a malware analyst might be interested in when doing behavioral malware analysis.
ProcDump: It is a command-line utility whose primary purpose is monitoring an application for CPU spikes and generating crash dumps during a spike that an administrator or developer can use to determine the cause of the spike. ProcDump also includes hung window monitoring (using the same definition of a window hang that Windows and Task Manager use), unhandled exception monitoring and can generate dumps based on the values of system performance counters. It also can serve as a general process dump utility that you can embed in other scripts.droid. TheFatRat Provides An Easy way to create Backdoors and Payload which can bypass most anti-virus.
Reflexil: The .NET Assembly Editor.
ResourcesExtract: It is a small utility that scans dll/ocx/exe files and extract all resources (bitmaps, icons, cursors, AVI movies, HTML files, and more...) stored in them into the folder that you specify. You can use ResourcesExtract in user interface mode, or alternatively, in command-line mode without displaying any user interface.
SharpDllLoader: A simple C * [executable that invokes an arbitrary method of an arbitrary C * [DLL.
Shellter: It is a dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.
SysAnalyzer: It is an open source application that was designed to give malcode analysts an automated tool to quickly collect, compare, and report on the actions a binary took while running on the system.
TheFatRat: It is an exploiting tool which compiles a malware with famous payload, and then the compiled malware can be executed on Linux , Windows , Mac and Android. TheFatRat Provides An Easy way to create Backdoors and Payload which can bypass most anti-virus.
Windows Sysinternals
YARA: YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples.
MalShare
MalwareBazaar

Windows Scanning Tools

AI

Agents and Integrations

Awesome GPT Agents Comprehensive list of GPT agents focused on cybersecurity (offensive and defensive), created by the community.
PrivateGPT Interact with your documents using the power of GPT, privately.
Nuclei AI Templates AI template generator & community
PowerShell AI PowerShell AI module for OpenAI GPT-3 and DALL-E
ReconAIzer BurpSuite Plugin
burpgpt Burp Suite extension that integrates OpenAI's GPT traffic-analysis.

Hall of Fame

Name	Stars	Description
Metasploit		The world's most used penetration testing framework
Nmap		Network exploration tool and security scanner
Wireshark		Network protocol analyzer
Aircrack-ng		WiFi security auditing tools suite
John the Ripper		Password cracking software
Burp Suite		Web vulnerability scanner
sqlmap		Automatic SQL injection and database takeover tool
Hydra		Parallelized login cracker
Kali Linux		Recipes for Kali Linux for use with live-build
ExploitDB		The official Exploit Database repository

Reference

Quick Reference & Tips

Name	Stars	Description
Awesome-Hacking		Awesome lists for hackers, pentesters, and security researchers.
BlueTeam-Tools		Tools and techniques for Blue Team/Incident Response.
bugbounty-cheatsheet		Interesting payloads, tips, and tricks for bug bounty hunters.
BugBountyToolkit		Multi-platform bug bounty toolkit.
Cheatsheet-God		Penetration testing reference bank.
cheatsheets		Knowledge collection about information security.
Complete Bug Bounty Cheat Sheet	N/A	Repos for various exploits.
h4cker		Thousands of resources related to ethical hacking.
HackTricks		Wiki of hacking tricks/techniques.
HowToHunt		Methodology and test case collection for web vulnerabilities.
keyhacks		Methods to validate API keys.
KingOfBugBountyTips		Tips sharing from renowned bug hunters.
Knowledge Sharing		Tips, lists and stories.
MobileApp-Pentest-Cheatsheet		High-value info on mobile app penetration testing.
OWASP WebApp Checklist		Web application security testing checklist.
paper_collection		Academic papers on fuzzing, binary analysis, and exploit dev.
Pentest-Cheat-Sheets		Code snippets and commands for easier life.
PENTESTING-BIBLE		Learn ethical hacking and pen testing.
PPN		Pentester's Promiscuous Notebook.
public-pentesting-reports		Public penetration test reports.
Pwdb-Public		Data from 1 billion leaked credentials.
RedTeam-Tools		100+ tools and resources for red teaming activities.

A curated list of active directory exploitation tools

(Attention the script maybe out of date)

Tools
ADACLScanner	Kerberoast	SessionGopher
ASREPRoast	LaZagne	Set-AD-ACL
Adduser-c	Mimikatz	Set-DCShadow
AmsiScanBufferBypass	Mssqli-RID-Bruteforcing	Set-PS-WMI
BeRoot	NetCease	SharpHound
DAMP-master	Nc-Putty	SharpWeb
Deploy-Deception-master	Nishang	SysinternalsSuite
Find-PS-WMI	PEASS	web-backdoors
GhostPack	pi-pwnbox-rogueap	x2john
HFS	PowerSploit	Ysoserial.net
HeidiSQL	Powercat
Invoke-ACLPwn	Powerless
Invoke-CradleCrafter	Powermad
Invoke-DomainPasswordSpray	PowerUpSQL
Invoke-Obfuscation	Privesc-master
Invoke-PowerShellTcpOneLine	PsTools
Invoke-SDPropagator	Python-pty-shells
Invoke-WmiCommand	RSAT
JAWS	Responder
Kekeo	RottenPotatoNG
Kekeo_old	SeBackupPrivilege

Download this files directly from here

Others

automation	exfil	exploits	recon
AppendToNotion --> shell	lil-doc-snatcher --> shell	ctypes --> shell	ipsweep --> shell
AutoSubdominer --> shell		python-injection --> shell	smb-scan --> shell
CyberRecon--> shell		veil-venom-shells --> pdf	System-filescan --> shell
DomainWatchdog --> shell		vuln_code --> C	tool-heavy --> shell
		stack_overflows --> C	maxrecon --> shell
		shellcode --> python	subrecon --> shell
		traverserhunt --> python	theEnumerator --> shell
		buffer_jump --> python	portscanner --> python
		escalatemytools --> python
		minishare --> python
		sracktest--> C
		substonotion --> python
		cleandir --> python
		f0ne --> shell
		cyberdegrees --> org
		propesia--> shell
		substosql --> python
		trendywordlister --> python
		zip_cracking --> shell
		heaptest --> C

security detection	security hardening	utilities
linux_mal_scanner --> shell	LinuxSecure --> shell	23077 --> perl
macos_malscan --> shell	LinuxServerSecure --> shell	domainextractor --> python
	MacSecure --> shell	WinSecure --> cmd
		createpng --> shell
		jump --> shell

Script
23077.pl	heap-overflows.zip	root.jsp
adware_simulation.java	heapbufferoverflow.c	sc.sh
b374k-2.8.php	heaptest.c	secret_python_webcam_malware.py
backdoor.php	hidefile.vbs	selectall.vbs
baudrate.py	javascript_keylogger_example.js	sha 256 checksum
botnet_worm_malware.cpp	javascript_keylogger_obfuscated.js	shell.php
check.sh	kmc_script.sh	shellcode.zip
configscript.nse	linux-heap-not-vuln.c	shellshock.py
cookie.py	linux-heap.c	showfile.vbs
crash.py	linux-stack-fptr.c	simple.asm
crash2.py	linux-stack.c	simple32.asm
crash3.py	mac-heap.c	sracktest.c
ddos_attack_malware.py	stack-buffer-overflows.zip
drupalharden.sh	mac-stack.c	stack_overflows
enc.sh	mailer.py	stackbof.c
exploit.py	massnmap.sh	stackbufferoverflow.c
exploit.spk	minishare.py	test.lua
f0ne.sh	mona.py	vuln_code.c
fix.bat	php_rat_malware.php	vulnerable_code
fodhelperbypassuac.ps1	polymorphic_runtime_malware.c	vulnserver.rb
format-string.zip	portscanner.py	vulnserver.zip
formatstring.c	propesia.sh	walllocation.vbs
fuzz.pl	proxyshell-enumerate.py	webshell_php
fuzz.py	pydirb.py	xss-cookie-stealer.py
google.py	python_to_pull_malware_from_image.py	zip_cracking.sh

Download this files directly from here

We would like to express our appreciation to the creators of these invaluable repositories for their outstanding contributions to the field of cybersecurity. Any links here point to the authoritative source repo.

Recon Toolbox

OSINT

OSCP (Offensive Security Certified Professional)

Active Directory

Extensions & Plugins

Exploit

PostOp

Hardening

IoT & Mobile

Wireless & Network

Footprinting and reconnaissance

Competitive Intelligence Gathering

What are the company's plans?

What expert do opinions say about the company?

Enumerate people, emails,...

Email tracking tools

Extracting Metadata of Public Documents

Extracting Website Links

Find TLD's domains

IP geolocation lookup

Mirroring entire website

Monitoring webpages for updates and changes

Monitoring website traffic of target company

Phone number

Traceroute

Twitter

Website footprinting

Website footprinting spiders

Networks

ARP Poisoning

Protection

DHCP starvation attack

Rogue DHCP attack

DoS

Protection

MAC flood attack

MAC Spoofing

Enumeration

Vulnerability Scanning

System hacking

Android

iOS

Privilege Escalation / Post exploitation

Exploit databases

Logs

Password cracking / Login brute-forcer

Databases

Debuggers / Disassemblers

Decompilers

Deobfuscator

Dependencies

Device drivers monitoring

DNS monitoring

File fingerprinting

Files integrity monitoring

Network

Packers

Portable Executable (PE) explorer

Ransomware

RATs

Scanners / Sandbox

Spyware

String search

Virus

Windows registry monitoring

Windows services monitoring

Session hijacking

Hacking web

Whois lookup

DNS interrogation

Scan ports and services running

Web Application Reconnaissance

Web spidering

Detect load balancer

Identify web server directories

Identify web application vulnerabilities

Attack

SQL Injection

Vulnerable web applications

Protection