Tools

Free    

Test your browser against tracking and fingerprinting.

Open-source      

Fully-encrypted private network layer

Open-source      

Script to make Tor your default gateway

Open-source      

Onion-routed overlay network

Free    

Test your own Web browser's configuration

Open-source      

Rapid exploit development framework for CTFs

Open-source      

Attack and decrypt RSA tools

Open-source        

Socks4/5 proxy-based multithreading attack

Open-source          

DDOS attack server based on compromised computer systems

Open-source        

LOIC with countermeasure workarounds

Open-source        

Python3 DDoS attack script with 56 methods

Open-source        

DDoS Toolkit with multiple attack protocols

Open-source        

Low bandwidth DDoS tool in Python

Open-source        

Network stress tool

Open-source        

Denial of service toolkit with multifunctionality

Open-source      

Antivirus evasion tools

Open-source      

AWS API Gateway management tool for IP rotation

Free      

Runtime encryptor for 32-bit portable executables ("PE .exes")

Free      

Hides malicious Windows executable from antivirus

Open-source      

Multi-platform fork of peCloak.py

Open-source      

Auto-rotate IP via proxy

Open-source    

GNU/Linux bash-based Bing and Google Dorking Tool

Open-source    

Command line Google dork tool

Free    

Easy dorks with pre-build queries.

Open-source    

Script to perform Google dorks against a domain

Open-source    

Command line Google dorking tool

Open-source    

Scripts to use dorks to gather information

Open-source        

A framework for adversary emulation by MITRE

Commercial        

A Fortra VM & threat emulation framework

Open-source        

Network forensic analysis framework

Open-source        

Post-exploitation adversary emulation framework

Commercial      

Graphical tool with 39,000+ exploits for pentest automation

Commercial   Open-source        

Post-exploitation pentest tools to verify vulnerabilities, manage assessments, and more.

Open-source      

Cross-platform remote administration and post-exploitation tool in Python & C

Open-source    

A web-based reconnaissance framework

Open-source    

Open-source reconnaissance framework

Open-source      

Open-source exploitation framework for embedded devices

Open-source      

Exploit development framework

Open-source    

Ruby framework for WordPress pentesting

Open-source      

Wifi password retrieval with FMS

Open-source      

Wallet password search

Open-source      

Scripts to install various security research tools and deploy to new machines

Open-source      

Hash cracking tool

Open-source      

Password cracker

Open-source      

HS256 JWT token brute force cracker

Open-source      

Brute-force parallel testing password cracker

Free      

Hash cracker using large-scale time-memory technique

Free      

Rainbow table generator with verification

Open-source      

Binary file editor for Windows with partial file loading capabilities

Open-source      

Hexadecimal and ASCII file editor

Open-source      

Hex and binary editor with RAM viewer

Open-source      

Browser-based hex editing

Commercial      

Hex tool with free and premium versions

Open-source      

Hex editor with data mining tools

Open-source      

View, edit, and save hex and source code files

Open-source      

Generate parsers and protocols

Commercial      

Hex and Octal file editor with calculator

Freeware      

Hex viewer and editor

Open-source      

Hex viewer, binary searcher, and octal viewer

Open-source      

Open-source hex editor with color coding

Commercial      

Text, code, and hex editor

Open-source      

Binary data visualization and analysis tool

Open-source      

Data harvester for multi-function printer assessments

Open-source      

USB or network program for printer security mapping & exploitation

Open-source      

Open-source exploitation framework for embedded devices

Open-source      

Arch GNU/Linux repository closely following Linux Standards

Open-source      

GNU/Linux distribution built around IoT pentesting

Free        

Ubuntu-based distribution for penetration tests and security assessments

Open-source      

Arch GNU/Linux-based distribution with 2,500+ tools

Free      

Computer Aided Investigative Environment is a digital forensics and analysis framework

Free      

Test environment for security auditing, forensics, system rescue, etc.

Free      

GNU/Linux distro for digital forensics and pentesting

Free      

A Debian-based distro, boot from CD/USB, filters traffic through TOR and attempts trace cleanup after use

Free      

Fedora-based bootable live operating system

Open-source      

Distro featuring multiple architecture options and 100+ pentest tools

Open-source      

Security-focused live USB-based on Gentoo for 32/64-bit OS

Open-source      

Security-focused Debian-based distro for anonymity and privacy using Tor

Open-source      

Distro is organized around Penetration Testing Execution Standard (PTES)

Free    

A virtual machine bundled with OSINT tools maintained by Trace Labs

Open-source    

Tool for Android ".dex" and Java ".class" files

Open-source    

A mobile app security testing framework

Open-source    

Dynamic instrumentation toolkit

Open-source    

Universal unpinner

Commercial    

Cross-platform Android emulator for developers & QA engineers

Open-source    

Command line and GUI tool for producing Java source code from Android Dex and APK files

Open-source    

Automated mobile app pentesting, malware analysis and security assessment framework with SAST and DAST

Open-source      

Modular, portable man-in-the-middle framework

Open-source        

Suite of tools for network penetration

Open-source      

Highly configurable DNS proxy

Open-source    

Perl script with DNS enumeration, zone transfer, dictionary attack, and reverse lookup functionality

Open-source      

Caffeinated packet analyzer for multiple OS

Open-source      

Recon & infiltration tools for networks

Open-source      

Comprehensive suite for man-in-the-middle attacks

Open-source      

Fake update injection

Open-source      

Network protocol toolset focused on low-impact access

Open-source      

Multifunctional network toolkit for recon & interception

Open-source      

Automated ettercap TCP/IP hijacking tool

Open-source    

Linux packet crafting tool with a library of attack signatures

Open-source    

Punches holes in firewalls/NATs without port or DMZ setup required

Open-source    

A GUI tool with SCAP Scanner and tailoring functionality

Open-source      

Python-based interactive packet manipulation program & library

Open-source    

Command-line packet analyzer tool

Open-source    

A graphic interface surrounding tcpdump / network protocol analyzer

Open-source    

A network tool for 2-layer attacks

Open-source    

Create attack surface maps of subdomains with pre-compiled binaries

Commercial    

Subdomain scanning tool

Commercial   Free    

Threat intelligence and mapping platform

Open-source    

Geolocation gathering via social media platforms

Open-source    

OSINT framework based around corporate espionage

Commercial    

Network traffic interception and analysis for Mac

Open-source    

A graphical network monitor for Unix with graphic network activity display

Commercial    

Open-source intelligence and graphical link analysis tool for gathering and connecting information for intelligence and forensics. (€ 999 per year)

Open-source    

Metadata harvester with email extraction functions

Open-source    

A networking tool for reading and writing data across networks

Commercial    

Network configuration & audit tool for internal teams

Open-source    

Security testing data repository

Commercial   Free    

Search for Internet-connected devices

Open-source    

Harvest E-mail, subdomain and names via OSINT

Open-source    

Recon, mapping, OSINT for public networks

Commercial    

Network component search engine

Commercial    

A pentest management and reporting tool

Commercial    

Multiuser pentesting environment for red teams performing coop tests, security audits, and risk assessments.

Commercial    

A pentest collaboration platform

Free    

Ruby-based open-source report generation tool

Commercial    

Pentest report generation and streamlining tool with Nmap integration

Open-source    

Autofills metadata into reports

Open-source    

Python and Django tool to write markdown reports

Open-source    

Pentest report generation tool

Open-source    

Pentest report automation tool

Open-source    

ASN Information tool

Open-source    

Web application identifier and fingerprinter.

Open-source    

Internet-wide asset data for research and recon

Open-source    

Reveal the specific modules, plugins, components, and themes run by CMS websites + associated vulnerabilities

Open-source    

Data exfiltration tool for DLP configuration errors

Open-source    

Screenshot, server header, and default credentials tool

Open-source    

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery

Free    

Service to check if your email or phone number has been compromised in a data breach

Commercial    

OSINT search engine and data archive for email, domain, IP, Bitcoin address, and more

Open-source    

Discover vulnerabilities available through Onion-operated services

Open-source    

Alias creation tool

Open-source    

Browser plugin for finding vulnerable js libraries

Open-source    

An active web-application security reconnaissance tool

Open-source    

SMB enumeration tool

Open-source    

Automated OSINT and data collection

Open-source    

Discover S3 buckets on Amazon's AWS platform.

Open-source    

Browser-based data obscurity detection tool

Open-source    

Virtual host scanner that performs reverse lookups

Open-source    

Enumerate virtual hosts on an IP / HTTP scanner

Open-source    

Identifies and fingerprints Web Application Firewall (WAF)

Open-source    

A browser extension to identify technologies used on websites

Open-source    

Screenshot script

Open-source    

Web scanner and fingerprinter

Open-source    

Open source network scanner with 13+ tools for further research & scans

Open-source          

Script & toolset to simulate the appearance of an APT attack

Open-source          

Library of tests mapped to the MITRE ATT&CK Framework

Open-source          

Automate adversary simulations for red/blue-purple teaming

Commercial          

Adversary simulator with red-team, breach simulation, and purple team capabilities.

Open-source            

A framework for adversary emulation by MITRE

Commercial              

A VM & threat emulation framework for adversary simulation / red teaming

Commercial              

Security posture management platform with red teaming

Open-source          

Menu-driven tool for building distributed security events for red/blue/purple team drills

Commercial              

Security operations platform with red teaming (formerly Threatcare)

Open-source              

Open-source breach and attack simulation platform

Open-source          

Script for automating adversary threats

Commercial              

Security validation and adversary simulation tool in Google Cloud

Commercial          

Attack Simulator offered by Microsoft as part of 365

Open-source          

Open-source tool for network adversarial simulation

Open-source              

Attack simulator based on the MITRE ATT&CK framework

Commercial              

Automate insider & outsider attacks for red-team/purple team exercises

Open-source              

Scripts based on 50+ MITRE ATT&CK tactics for blue teams

Commercial              

Breach and attack simulation platform

Commercial              

Cloud adversary emulation platform for red-team/purple team

Commercial              

Simulated environment for cybersecurity exercises

Open-source              

Cloud and local environment builder for attack simulation

Open-source          

Attack-simulator tool for unauthorized access

Open-source    

Analyze, reverse engineer, and extract firmware images

Open-source    

Lightweight multi-platform, multi-architecture disassembly framework

Open-source    

.Net debugger and assembly tool

Open-source    

Debugger for GNU/Linux

Commercial    

Debugger with exploit and malware capabilities

Commercial    

A multi-processor disassembler and debugger with free/premium versions

Open-source    

Open source, cross-platform interactive disassembler

Open-source    

Python Exploit Development Assistance for GDB

Open-source    

Interactive disassembler for x86/ARM/MIPS

Open-source    

Python scriptable Reverse Engineering sandbox and framework

Open-source    

Toolchain for forensics, software reverse engineering, exploiting, debugging, etc.

Open-source    

Full system analysis via virtual machine introspection

Open-source    

Debugger UK for hackers

Commercial    

Microsoft Windows Driver Kit and WinDbg

Open-source    

Open source x64/x32 debugger

Open-source      

Tool for generating keyloggers for Windows

Open-source    

Ruby phishing toolkit

Open-source      

MITM attack framework used for phishing credentials and session cookies with 2-factor bypass

Open-source      

Powerful, open-source phishing framework to simulate and manage phishing campaigns

Open-source      

Create and manage simultaneous phishing attacks with server and content tools

Open-source      

Social engineering toolkit with framework

Open-source    

Automated phishing attacks against WiFi networks for red teaming or WiFi investigations

Open-source      

Python code analyzer with a focus on vulnerabilities

Open-source      

Static analysis security vulnerability scanner for Ruby on Rails applications

Commercial        

Full suite of SAST, DAST, and code scanning tools built for internal teams

Commercial      

AI-driven SAST for 40+ programming languages

Free      

Free static analysis solution for open-source projects

Open-source      

Extensible C/C++ static analyzer and bug finder

Free      

Container analysis and vulnerability insights tool from Docker

Open-source      

Free Java static analyzer with a focus on bugs

Commercial      

Web application vulnerability scanner and analyzer

Commercial      

SAST and code analysis for vulnerability management

Commercial      

Compliance-based SAST

Open-source      

Source code analyzer for cross-language SaaS

Commercial      

Vulnerability database and code scanner

Open-source      

Phoenix Framework static analyzer focused on vulnerabilities

Commercial      

Static code analysis for 30+ languages, frameworks, and platforms

Open-source      

Simple and comprehensive vulnerability scanner for containers and other artifacts

Commercial      

Static analysis and vulnerability management

Open-source    

Command line tool to brute force directories and files

Open-source    

This tool generates a combination of domain names from the provided input

Open-source    

Getallurls (gau) fetches known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl

Open-source    

A python script to parse relative URLs from JavaScript files

Open-source    

A subdomain discovery tool that discovers valid subdomains for websites by using passive online sources

Open-source    

Analyze URLs and estimate entropies to find URLs that might be vulnerable to attack

Open-source    

Accept line-delimited domains on stdin, fetch URLs from the Wayback Machine for *.domain and output them on stdout

Open-source    

Active & passive scanning extending basic capabilities

Open-source    

Automated HTTP request repeating

Open-source    

Detect authorization vulnerabilities

Open-source      

Command and control server for delivering exploits

Commercial      

An integrated platform for web-application pentesting (Free edition available)

Open-source    

Web application security hole discovery

Open-source    

SQL mapper, scanner, SAML encoder, JWT decoder, hasher

Open-source    

Command-line injection & exploitation tool

Open-source    

Brute-force over directories and web application server tool with hidden directory search

Open-source    

Python tool to find, prepare, audit, & exploit LFI/RFI bugs.

Open-source    

Logging and history for tools, for troubleshooting

Open-source    

Run Burp Suite's Spider and Scanner tools via command-line

Open-source    

LFI scan and exploit tool.

Open-source    

Ruby script to brute-force for AWS s3 buckets

Open-source    

LFI exploiter and scanner

Open-source    

LFI exploitation tool

Open-source    

A multi-threaded logging extension with filtering

Open-source    

Audit for and automate injection attacks, exploit configuration weaknesses, and clone data

Open-source    

Scriptable HTTP intercepting proxy and fuzzer for web applications

Open-source    

Discover hidden web application parameters

Open-source    

Payloads and bypasses for Web Application Security.

Open-source    

Scan for outdated Javascript libraries

Open-source    

SQL injection detection, exploitation, and takeover tool

Open-source    

An SQL server injection and takeover tool

Open-source    

SSL stripping tool

Open-source    

Server Site Request Forgery tool

Open-source    

Subdomain identification and takeover tool written in Go

Open-source    

Server-side template injection, detection, and takeover tool

Open-source    

Fast and scalable HTTP requests via python scripts

Open-source      

Weaponized web shell for post exploitation

Open-source    

Exploit WordPress websites with Metasploit

Open-source    

Scan target servers for WSDL files

Open-source    

Payload generation tool to exploit unsafe Java serialization

Open-source    

Testing & auditing tools for wireless networks

Open-source    

Suite of automated social engineering-based WPA attacks and analysis

Open-source    

Wireless network detector, sniffer, and WIDS

Open-source    

Brute force attack against WiFi Protected Setup.

Open-source    

Python script to audit wireless networks