• Penetration Testing OS Distributions
• Multi-paradigm Frameworks
• Network Vulnerability scanners
  • Static Analyzers
  • Web Vulnerability Scanners
• Network Tools
  • Network Reconnaissance Tools
  • Protocol Analyzers and Sniffers
  • Proxies and MITM Tools
• Wireless Network Tools
• Transport Layer Security Tools
• Web Exploitation
• Hex Editors
• Hash Cracking Tools
• Windows Utilities
• GNU/Linux Utilities
• macOS Utilities
• Social Engineering Tools
• OSINT Tools
• Anonymity Tools
• Reverse Engineering Tools
• Side-channel Tools

• Parrot Security OS - Distribution similar to Kali using the same repositories, but with additional features such as Tor and I2P integration.
• Kali - GNU/Linux distribution designed for digital forensics and penetration testing.

• Metasploit - Software for offensive security teams to help verify vulnerabilities and manage security assessments.
• Pentest-tools - Web based platform for several open source reconnaissance and exploitation tools.

• OpenVAS - Open source implementation of the popular Nessus vulnerability assessment system.
• Nexpose - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
• Nessus - Commercial vulnerability assessment tool, sold by Tenable.

• OWASP Dependency Check - Open source static analysis tool that enumerates dependencies used by Java and .NET software code (with experimental support for Python, Ruby, Node.js, C, and C++) and lists security vulnerabilities associated with the dependencies.
• VisualCodeGrepper - Open source static code analysis tool with support for Java, C, C++, C#, PL/SQL, VB, and PHP. VisualCodeGrepper also conforms to OWASP best practices.
• Brakeman - Static analysis security vulnerability scanner for Ruby on Rails applications.
• sobelow - Security-focused static analysis for the Phoenix Framework.
• Progpilot - Static security analysis tool for PHP code.
• ShellCheck - Static code analysis tool for shell script.
• Codebeat (open source) - Open source implementation of commercial static code analysis tool with GitHub integration.
• truffleHog - Git repo scanner.
• SecretScanner - Scans application code for hard coded secrets.
• SecretSearcher - Scans application code for hard coded secrets (includes extended functionality).

• Netsparker Web Application Security Scanner - Commercial web application security scanner to automatically find many different types of security flaws.
• OWASP Zed Attack Proxy (ZAP) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
• Nikto - Noisy but fast black box web server and web application vulnerability scanner.
• WPScan - Black box WordPress vulnerability scanner.
• Log4jCenter - VMWare vCenter Log4Shell exploitation tool.

• Spyse - Web research services that scans the entire internet using OSINT. to simplify the investigation of infrastructure and attack surfaces.

• Spyse.py - Python wrapper for interacting with Spyse API

• pig - GNU/Linux packet crafting tool.
• Network-Tools.com - Website offering an interface to numerous basic network utilities like ping, traceroute, whois, and more.
• Intercepter-NG - Multifunctional network toolkit.
• Legion - Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.
• dsniff - Collection of tools for network auditing and pentesting.
• Printer Exploitation Toolkit (PRET) - Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
• impacket - Collection of Python classes for working with network protocols.
• THC Hydra - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more.
• Ncat - TCP/IP command line utility supporting multiple protocols, included with Nmap.
• Network Detective - White Box tool used for network analysis, enumeration of users, permission, shares, and assets, sold by Rapidfiretools.

• ScoutSuite - Open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments.
• Prowler - Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness.
• PrincipleMapper - Open source AWS IAM vulnerability analysis tool.
• Pacu - AWS exploitation framework.
• CloudSploit - CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts, including: Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI), and GitHub.

• Shodan - Database containing information on all accessible domains on the internet obtained from passive scanning.
  • pyShodan - Python 3 script for interacting with Shodan API (requires valid API key).
• zmap - Open source network scanner that enables researchers to easily perform Internet-wide network studies.
• Amass - network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques, maintained by OWASP.
• nmap - Free security scanner for network exploration & security audits.
• Netdiscover - Simple and quick network scanning tool.
• Mass Scan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
• smbmap - Handy SMB enumeration tool.
• LdapMiner - Multiplatform LDAP enumeration utility.
• ldapsearch - Linux command line utility for querying LDAP servers.
• ACLight - Script for advanced discovery of sensitive Privileged Accounts - includes Shadow Admins.
• Pentest-Tools - Online suite of various different pentest related tools.
• BuiltWith - Technology lookup tool for websites.

• tcpdump/libpcap - Common packet analyzer that runs under the command line.
• Wireshark - Widely-used graphical, cross-platform network protocol analyzer.
• Yersinia - Packet and protocol analyzer with MITM capability.
• netsniff-ng - Swiss army knife for for network sniffing.

• Responder - Open source NBT-NS, LLMNR, and MDNS poisoner.
• Responder-Windows - Windows version of the above NBT-NS/LLMNR/MDNS poisoner.
• dnschef - Highly configurable DNS proxy for pentesters.
• mitmproxy - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
• SSH MITM - Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.
• evilgrade - Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
• Ettercap - Comprehensive, mature suite for machine-in-the-middle attacks.
• BetterCAP - Modular, portable and easily extensible MITM framework.

• Aircrack-ng - Set of tools for auditing wireless networks.
• BetterCAP - Wifi, Bluetooth LE, and HID reconnaissance and MITM attack framework, written in Go.
• Wifite - Automated wireless attack tool.
• wifi-pickle - Fake access point attacks.

• SSLyze - Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.
• crackpkcs12 - Multithreaded program to crack PKCS#12 files (.p12 and .pfx extensions), such as TLS/SSL certificates.
• SSLScan - Quick command line tool for checking TLS/SSL configuration.

• WPSploit - Exploit WordPress-powered websites with Metasploit.
• SQLmap - Automated SQL injection and database takeover tool.
• tplmap - Automatic server-side template injection and Web server takeover tool.
• wafw00f - Identifies and fingerprints Web Application Firewall (WAF) products.
• IIS-Shortname-Scanner - Command line tool to exploit the Windows IIS tilde information disclosure vulnerability.
• [UUID Decode](https://www.uuidtools.com/decode - Web based tool to extract version and variant information from UUIDs.

• HexEdit.js - Browser-based hex editing.
• Hexinator - World's finest (proprietary, commercial) Hex Editor.
• Frhed - Binary file editor for Windows.
• Cheat Engine - Memory debugger and hex editor for running applications.

• Hashcat - Fast hash cracking utility with support for most known hashes as well as OpenCL and CUDA acceleration.
• John the Ripper - Fast password cracker.
• CeWL - Generates custom wordlists by spidering a target's website and collecting unique words.
• JWT Cracker - Simple HS256 JWT token brute force cracker.
• Rar Crack - RAR bruteforce cracker.
• Mentalist - Graphical tool for custom wordlist generation

• PowerSploit - PowerShell Post-Exploitation Framework.
• Headstart - Lazy man's Windows privilege escalation tool utilizing PowerSploit.
• mimikatz - Credentials extraction tool for Windows operating system.
• Bloodhound - Graphical Active Directory trust relationship explorer.
• Fibratus - Tool for exploration and tracing of the Windows kernel.
• redsnarf - Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers.
• Magic Unicorn - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or certutil (using fake certificates).
• WinPEAS - A series of scripts for Windows Priviledge escalation.
• ldapdomaindump - Active directory domain information dumper

• Linux Exploit Suggester - Heuristic reporting on potentially viable exploits for a given GNU/Linux system.
• Linus - Security auditing tool for Linux and macOS.
• LinPEAS - A series of scripts for Linux priviledge escalation.
• LinEnum - Linex enumeration tool for priviledge escalation.

• Bella - Pure Python post-exploitation data mining and remote administration tool for macOS.
• Linus - Security auditing tool for Linux and macOS.

• GoPhish - Open source phishing toolkit
• Linkedin2username - OSINT Tool: Generate username lists from companies on LinkedIn.
• Modlishka - Flexible reverse proxy tool for phishing engagements.

• Shodan - World's first search engine for Internet-connected devices.
  • • pyShodan - Python 3 script for interacting with Shodan API (requires valid API key).
• Maltego - Proprietary software for open source intelligence and forensics, from Paterva.
• Mxtoolbox - Email domain and DNS lookup.
• recon-ng - Full-featured Web Reconnaissance framework written in Python..
• Virus Total - Free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
• PacketTotal - Simple, free, high-quality packet capture file analysis facilitating the quick detection of network-borne malware (using Bro and Suricata IDS signatures under the hood).
• Amass - Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc.
• TruePeopleSearch - OSINT tool for individual research.
• DNSTwist - Open source phishing domain scanner to identify potentially malicious typosquatted domains.
• AlienVault OTX - The World’s First Truly Open Threat Intelligence Community.
• Criminal IP - Web base OSINT platform that enables rapidly collecting technical data on public facing websites.
• GrayHatWarfare - Web based tool for identifying exposed S3 Buckets or Azure BLOBs.

• VirusTotal - Online malware scanner.
• Hybrid Analysis - Online malware scanner.
• WDK/WinDbg - Windows Driver Kit and WinDbg.
• Radare2 - Open source, crossplatform reverse engineering framework.
• plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
• peda - Python Exploit Development Assistance for GDB.
• dnSpy - Tool to reverse engineer .NET assemblies.
• binwalk - Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
• rVMI - Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool.

This work is licensed under a Creative Commons Attribution 4.0 International License.