Awesome Hacking

Awesome hacking is a curated list of hacking tools for hackers, pentesters and security researchers. Its goal is to collect, classify and make awesome tools easy to find by humans, creating a toolset you can checkout and update with one command.

You can checkout all the tools with the following command:

git clone --recursive https://github.com/jekil/awesome-hacking.git

Every kind of contribution is really appreciated! Follow the :doc:`contribute`.

If you enjoy this work, please keep it alive contributing or just sharing it! - @jekil

Code Auditing

Static Analysis

• Brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications.

Cryptography

• Xortool - A tool to analyze multi-byte xor cipher.

CTF Tools

• Pwntools - CTF framework and exploit development library.

Docker

• Docker Bench for Security - The Docker Bench for Security checks for all the automatable tests in the CIS Docker 1.6 Benchmark.

  docker pull diogomonica/docker-bench-security

• DVWA - Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable.

  docker pull citizenstig/dvwa

• Kali Linux - This Kali Linux Docker image provides a minimal base install of the latest version of the Kali Linux Rolling Distribution.

  docker pull kalilinux/kali-linux-docker

• Metasploit - Metasploit Framework penetration testing software (unofficial docker).

  docker pull remnux/metasploit

• OWASP Juice Shop - An intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws.

  docker pull bkimminich/juice-shop

• OWASP Mutillidae II - OWASP Mutillidae II Web Pen-Test Practice Application.

  docker pull citizenstig/nowasp

• OWASP NodeGoat - An environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

  git clone https://github.com/OWASP/NodeGoat.git docker-compose build && docker-compose up

• OWASP Railsgoat - A vulnerable version of Rails that follows the OWASP Top 10.

  docker pull owasp/railsgoat

• OWASP Security Shepherd - A web and mobile application security training platform.

  docker pull ismisepaul/securityshepherd

• OWASP WebGoat - A deliberately insecure Web Application.

  docker pull danmx/docker-owasp-webgoat

• OWASP ZAP - Current stable owasp zed attack proxy release in embedded docker container.

  docker pull owasp/zap2docker-stable

• Security Ninjas - An Open Source Application Security Training Program.

  docker pull opendns/security-ninjas

• Vulnerable WordPress Installation - Vulnerable WordPress Installation.

  docker pull wpscanteam/vulnerablewordpress

• Vulnerability as a service: Heartbleed - Vulnerability as a Service: CVE 2014-0160.

  docker pull hmlio/vaas-cve-2014-0160

• Vulnerability as a service: Shellshock - Vulnerability as a Service: CVE 2014-6271.

  docker pull hmlio/vaas-cve-2014-6271

• WPScan - WPScan is a black box WordPress vulnerability scanner.

  docker pull wpscanteam/wpscan

Forensics

File Forensics

• Autopsy - A digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools.
• DFF - A Forensics Framework coming with command line and graphical interfaces. DFF can be used to investigate hard drives and volatile memory and create reports about user and system activities.
• Hadoop_framework - A prototype system that uses Hadoop to process hard drive images.
• Scalpel - An open source data carving tool.
• Sleuthkit - A library and collection of command line digital forensics tools.

Live Analysis

• OS X Auditor - OS X Auditor is a free Mac OS X computer forensics tool.

Memory Forensics

• Rekall - Memory analysis framework developed by Google.
• Volatility - Extract digital artifacts from volatile memory (RAM) samples.

Mobile

• Android Forensic Toolkit - Allows you to extract SMS records, call history, photos, browsing history, and password from an Android phone.

Network Forensics

• Dshell - A network forensic analysis framework.
• Passivedns - A network sniffer that logs all DNS server replies for use in a passive DNS setup.

Misc

• HxD - A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size.

Intelligence

• VIA4CVE - An aggregator of the known vendor vulnerabilities database to support the expansion of information with CVEs.

Library

C

• Libdnet - Provides a simplified, portable interface to several low-level networking routines, including network address manipulation, kernel arp cache and route table lookup and manipulation, network firewalling, network interface lookup and manipulation, IP tunnelling, and raw IP packet and Ethernet frame transmission.

Java

• Libsignal-service-java - A Java/Android library for communicating with the Signal messaging service.

Python

• Dpkt - Fast, simple packet creation / parsing, with definitions for the basic TCP/IP protocols.
• Pcapy - A Python extension module that interfaces with the libpcap packet capture library. Pcapy enables python scripts to capture packets on the network. Pcapy is highly effective when used in conjunction with a packet-handling package such as Impacket, which is a collection of Python classes for constructing and dissecting network packets.
• PyBFD - Python interface to the GNU Binary File Descriptor (BFD) library.
• Pynids - A python wrapper for libnids, a Network Intrusion Detection System library offering sniffing, IP defragmentation, TCP stream reassembly and TCP port scan detection. Let your own python routines examine network conversations.
• Pypcap - This is a simplified object-oriented Python wrapper for libpcap.
• PyPDF2 - A utility to read and write PDFs with Python.
• Python-ptrace - Python binding of ptrace library.
• Scapy - A python-based interactive packet manipulation program & library.

Ruby

• Secureheaders - Security related headers all in one gem.

Live CD - Distributions

• ArchStrike - An Arch Linux repository for security professionals and enthusiasts.
• BackBox - Ubuntu-based distribution for penetration tests and security assessments.
• BlackArch - Arch Linux-based distribution for penetration testers and security researchers.
• BOSSLive - An Indian GNU/Linux distribution developed by CDAC and is customized to suit Indian's digital environment. It supports most of the Indian languages.
• DEFT Linux - Suite dedicated to incident response and digital forensics.
• Fedora Security Lab - A safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies in universities and other organizations.
• Kali - A Linux distribution designed for digital forensics and penetration testing.
• NST - Network Security Toolkit distribution.
• Ophcrack - A free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.
• Parrot - Security GNU/Linux distribution designed with cloud pentesting and IoT security in mind.
• Pentoo - Security-focused livecd based on Gentoo.
• REMnux - Toolkit for assisting malware analysts with reverse-engineering malicious software.

Malware

Dynamic Analysis

• Androguard - Reverse engineering, Malware and goodware analysis of Android applications.
• Cuckoo Sandbox - An automated dynamic malware analysis system.
• Jsunpack-n - Emulates browser functionality when visiting a URL.
• Malzilla - Web pages that contain exploits often use a series of redirects and obfuscated code to make it more difficult for somebody to follow. MalZilla is a useful program for use in exploring malicious pages. It allows you to choose your own user agent and referrer, and has the ability to use proxies. It shows you the full source of webpages and all the HTTP headers. It gives you various decoders to try and deobfuscate javascript aswell.
• PyEMU - Fully scriptable IA-32 emulator, useful for malware analysis.

Honeypot

• Glutton - All eating honeypot.
• MHN - Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management.
• Phoneyc - Pure Python honeyclient implementation.

Intelligence

• MISP Modules - Modules for expansion services, import and export in MISP.
• Passivedns-client - Provides a library and a query tool for querying several passive DNS providers.
• Rt2jira - Convert RT tickets to JIRA tickets.

Ops

• CapTipper - A python tool to analyze, explore and revive HTTP malicious traffic.
• FakeNet-NG - A next generation dynamic network analysis tool for malware analysts and penetration testers. It is open source and designed for the latest versions of Windows.
• Malboxes - Builds malware analysis Windows VMs so that you don't have to.

Source Code

• Carberp <https://github.com/hzeroo/Carberp> - Carberp leaked source code.
• Mirai - Leaked Mirai Source Code for Research/IoC Development Purposes.

Static Analysis

• Androwarn - Detect and warn the user about potential malicious behaviours developped by an Android application.
• ApkAnalyser - A static, virtual analysis tool for examining and validating the development work of your Android app.
• APKinspector A powerful GUI tool for analysts to analyze the Android applications.
• Argus-SAF - Argus static analysis framework.
• DroidLegacy - Static analysis scripts.
• Floss - FireEye Labs Obfuscated String Solver. Automatically extract obfuscated strings from malware.
• Peepdf - A Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks.
• PEfile - Read and work with Portable Executable (aka PE) files.
• PEview - A quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files.
• Pdfminer - A tool for extracting information from PDF documents.
• PScout - Analyzing the Android Permission Specification.
• SmaliSCA - Smali Static Code Analysis.
• Sysinternals Suite - The Sysinternals Troubleshooting Utilities.
• Yara - Identify and classify malware samples.

Network

Analysis

• Bro - A powerful network analysis framework that is much different from the typical IDS you may know.
• Pytbull - A python based flexible IDS/IPS testing framework.
• Sguil - Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil's main component is an intuitive GUI that provides access to realtime events, session data, and raw packet captures.

Fake Services

• DNSChef - DNS proxy for Penetration Testers and Malware Analysts.
• DnsRedir - A small DNS server that will respond to certain queries with addresses provided on the command line.

Packet Manipulation

• Pig - A Linux packet crafting tool.
• Yersinia - A network tool designed to take advantage of some weakeness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems.

Sniffer

• Cloud-pcap - Web PCAP storage and analytics.
• Dnscap - Network capture utility designed specifically for DNS traffic.
• Dripcap - Caffeinated Packet Analyzer.
• Dsniff - A collection of tools for network auditing and pentesting.
• Justniffer - Just A Network TCP Packet Sniffer. Justniffer is a network protocol analyzer that captures network traffic and produces logs in a customized way, can emulate Apache web server log files, track response times and extract all "intercepted" files from the HTTP traffic.
• Moloch - Moloch is a open source large scale full PCAP capturing, indexing and database system.
• Net-creds - Sniffs sensitive data from interface or pcap.
• NetworkMiner - A Network Forensic Analysis Tool (NFAT).
• Netsniff-ng - A Swiss army knife for your daily Linux network plumbing.
• OpenFPC - OpenFPC is a set of scripts that combine to provide a lightweight full-packet network traffic recorder and buffering tool. Its design goal is to allow non-expert users to deploy a distributed network traffic recorder on COTS hardware while integrating into existing alert and log tools.
• PF_RING - PF_RING™ is a Linux kernel module and user-space framework that allows you to process packets at high-rates while providing you a consistent API for packet processing applications.
• WebPcap - A web-based packet analyzer (client/server architecture). Useful for analyzing distributed applications or embedded devices.
• Wireshark - A free and open-source packet analyzer.

Penetration Testing

DoS

• DHCPig - DHCP exhaustion script written in python using scapy network library.
• LOIC - Low Orbit Ion Cannon - An open source network stress tool, written in C#. Based on Praetox's LOIC project.
• Sockstress - Sockstress (TCP DoS) implementation.
• T50 - The more fast network stress tool.
• Torshammer - Tor's hammer. Slow post DDOS tool written in python.
• UFONet - Abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.

Exploiting

• BeEF - The Browser Exploitation Framework Project.
• Commix - Automated All-in-One OS Command Injection and Exploitation Tool.
• ExploitPack - Graphical tool for penetration testing with a bunch of exploits.
• Evilgrade - The update explotation framework.
• Fathomless - A collection of different programs for network red teaming.
• Linux Exploit Suggester - Linux Exploit Suggester; based on operating system release number.
• Metasploit Framework - Exploitation framework.
• Nessus - Vulnerability, configuration, and compliance assessment.
• Nexpose - Vulnerability Management & Risk Management Software.
• OpenVAS - Open Source vulnerability scanner and manager.
• PowerSploit - A PowerShell Post-Exploitation Framework.
• Routersploit - Automated penetration testing software for router.
• Shellsploit - Let's you generate customized shellcodes, backdoors, injectors for various operating system. And let's you obfuscation every byte via encoders.
• SPARTA - Network Infrastructure Penetration Testing Tool.
• Spoodle - A mass subdomain + poodle vulnerability scanner.
• Vuls - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go.
• Windows Exploit Suggester - Detects potential missing patches on the target.
• Zarp - Network Attack Tool.

Exploits

• Ruby-advisory-db - A database of vulnerable Ruby Gems.
• The Exploit Database - The official Exploit Database repository.
• XiphosResearch Exploits - Miscellaneous proof of concept exploit code written at Xiphos Research for testing purposes.

Info Gathering

• Bundler-audit - Patch-level verification for Bundler.
• Dnsenum - A perl script that enumerates DNS information.
• Dnsmap - Passive DNS network mapper.
• Dnsrecon - DNS Enumeration Script.
• Knock - A python tool designed to enumerate subdomains on a target domain through a wordlist.
• IVRE - An open-source framework for network recon. It relies on open-source well-known tools to gather data (network intelligence), stores it in a database, and provides tools to analyze it.
• Recon-ng - A full-featured Web Reconnaissance framework written in Python.
• SMBMap - A handy SMB enumeration tool.
• SSLMap - TLS/SSL cipher suite scanner.
• Subbrute - A DNS meta-query spider that enumerates DNS records, and subdomains.

Fuzzing

• Construct - Declarative data structures for python that allow symmetric parsing and building.
• Fusil - A Python library used to write fuzzing programs. It helps to start process with a prepared environment (limit memory, environment variables, redirect stdout, etc.), start network client or server, and create mangled files.
• Fuzzbox - A multi-codec media fuzzing tool.
• Netzob - Netzob is an opensource tool for reverse engineering, traffic generation and fuzzing of communication protocols.
• Python-AFL - American fuzzy lop fork server and instrumentation for pure-Python code.
• Sulley - Fuzzer development and fuzz testing framework consisting of multiple extensible components.
• TAOF - The Art of Fuzzing, including ProxyFuzz, a man-in-the-middle non-deterministic network fuzzer.
• Windows IPC Fuzzing Tools - A collection of tools used to attack applications that use Windows Interprocess Communication mechanisms.
• Zulu - A fuzzer designed for rapid prototyping that normally happens on a client engagement where something needs to be fuzzed within tight timescales.

Mobile

• Idb - A tool to simplify some common tasks for iOS pentesting and research.
• Introspy-iOS - Security profiling for blackbox iOS.

MITM

• Dnsspoof - DNS spoofer. Drops DNS responses from the router and replaces it with the spoofed DNS response.
• Ettercap - A comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.
• Bettercap - A powerful, flexible and portable tool created to perform various types of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sniff for credentials and much more.
• Mallory - An extensible TCP/UDP man in the middle proxy that is designed to be run as a gateway. Unlike other tools of its kind, Mallory supports modifying non-standard protocols on the fly.
• MITMf - Framework for Man-In-The-Middle attacks.
• Mitmproxy - An interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface.
• Mitmsocks4j - Man in the Middle SOCKS Proxy for JAVA.
• Responder - A LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

Password Cracking

• BozoCrack - A silly & effective MD5 cracker in Ruby.
• HashCat - World's fastest and most advanced password recovery utility.
• Hob0Rules - Password cracking rules for Hashcat based on statistics and industry patterns.
• John the Ripper - A fast password cracker.
• THC-Hydra - A very fast network logon cracker which support many different services.

Port Scanning

• Angry IP Scanner - Fast and friendly network scanner.
• Masscan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
• Nmap - Free Security Scanner For Network Exploration & Security Audits.
• Zmap - An open-source network scanner that enables researchers to easily perform Internet-wide network studies.

Post Exploitation

• DET - (extensible) Data Exfiltration Toolkit (DET).
• Dnsteal - DNS Exfiltration tool for stealthily sending files over DNS requests.
• Empire - Empire is a pure PowerShell post-exploitation agent.
• Fireaway - Next Generation Firewall Audit and Bypass Tool.
• Iodine - Lets you tunnel IPv4 data through a DNS server.
• Mallory - HTTP/HTTPS proxy over SSH.
• Mimikatz - A little tool to play with Windows security.
• Pwnat - Punches holes in firewalls and NATs allowing any numbers of clients behind NATs to directly connect to a server behind a different NAT.
• Tgcd - A simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.
• WCE - Windows Credentials Editor (WCE) is a security tool to list logon sessions and add, change, list and delete associated credentials.

Reporting

• Dradis - Colllaboration and reporting for IT Security teams.
• Faraday - Collaborative Penetration Test and Vulnerability Management Platform.

Services

• Sslstrip - A demonstration of the HTTPS stripping attacks.
• Sslstrip2 - SSLStrip version to defeat HSTS.
• SSLyze - SSL configuration scanner.
• Tls_prober - Fingerprint a server's SSL/TLS implementation.

Training

• DVWA - Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable.
• OWASP Juice Shop - An intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws.
• OWASP NodeGoat - An environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
• OWASP Railsgoat - A vulnerable version of Rails that follows the OWASP Top 10.
• OWASP Security Shepherd - A web and mobile application security training platform.
• OWASP WebGoat - A deliberately insecure Web Application.
• RopeyTasks - Deliberately vulnerable web application.

Web

• Arachni - Web Application Security Scanner Framework.
• BlindElephant - Web Application Fingerprinter.
• Burp Suite - An integrated platform for performing security testing of web applications.
• Cms-explorer - CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.
• Dvcs-ripper - Rip web accessible (distributed) version control systems.
• Fimap - Find, prepare, audit, exploit and even google automatically for LFI/RFI bugs.
• Joomscan - Joomla CMS scanner.
• Kadabra - Automatic LFI Exploiter and Scanner, written in C++ and a couple extern module in Python.
• Kadimus - LFI scan and exploit tool.
• Liffy - LFI exploitation tool.
• Netsparker - Web Application Security Scanner.
• Nikto2 - Web application vulnerability scanner.
• NoSQLMap - Automated Mongo database and NoSQL web application exploitation tool.
• OWASP Xenotix - XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework.
• Paros - A Java based HTTP/HTTPS proxy for assessing web application vulnerability.
• Ratproxy - A semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems.
• Scout2 - Security auditing tool for AWS environments.
• Skipfish - An active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes.
• SQLMap - Automatic SQL injection and database takeover tool.
• SQLNinja - SQL Server injection & takeover tool.
• TPLMap - Automatic Server-Side Template Injection Detection and Exploitation Tool.
• Yasuo - A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network.
• W3af - Web application attack and audit framework.
• Wapiti - Web application vulnerability scanner.
• Weevely3 - Weaponized web shell.
• WhatWeb - Website Fingerprinter.
• WPScan - WPScan is a black box WordPress vulnerability scanner.
• WPSploit - Exploiting Wordpress With Metasploit.
• WS-Attacker - A modular framework for web services penetration testing.
• Zed Attack Proxy (ZAP) - The OWASP ZAP core project.

Wireless

• Aircrack-ng - An 802.11 WEP and WPA-PSK keys cracking program.
• Kismet - Wireless network detector, sniffer, and IDS.
• LANs.py - Inject code, jam wifi, and spy on wifi users.
• Mass-deauth - A script for 802.11 mass-deauthentication.
• Reaver - Brute force attack against Wifi Protected Setup.
• Wifikill - A python program to kick people off of wifi.
• Wifijammer - Continuously jam all wifi clients/routers.
• Wifite - Automated wireless attack tool.
• Wifiphisher - Automated phishing attacks against Wi-Fi networks.

Security

Endpoint Security

• AIDE - Advanced Intrusion Detection Environment is a file and directory integrity checker.
• Duckhunt - Prevent RubberDucky (or other keystroke injection) attacks.

Privacy

• I2P - The Invisible Internet Project.
• Nipe - A script to make Tor Network your default gateway.
• SecureDrop - Open-source whistleblower submission system that media organizations can use to securely accept documents from and communicate with anonymous sources.
• Tor - The free software for enabling onion routing online anonymity.

Reverse Engineering

• BinText - A small, very fast and powerful text extractor.
• Bytecode_graph - Module designed to modify Python bytecode. Allows instructions to be added or removed from a Python bytecode string.
• Capstone - Lightweight multi-platform, multi-architecture disassembly framework with Python bindings.
• CHIPSEC - Platform Security Assessment Framework.
• Coda - Coredump analyzer.
• Edb - A cross platform x86/x86-64 debugger.
• Dex2jar - Tools to work with android .dex and java .class files.
• Distorm - Powerful Disassembler Library For x86/AMD64.
• DotPeek - A free-of-charge .NET decompiler from JetBrains.
• Fibratus - Tool for exploration and tracing of the Windows kernel.
• Flare-ida - IDA Pro utilities from FLARE team.
• Hopper - A OS X and Linux Disassembler/Decompiler for 32/64 bit Windows/Mac/Linux/iOS executables.
• Idaemu - Is an IDA Pro Plugin, use for emulating code in IDA Pro.
• IDA Free - The freeware version of IDA.
• IDA Patcher - IDA Patcher is a plugin for Hex-Ray's IDA Pro disassembler designed to enhance IDA's ability to patch binary files and memory.
• IDA Pomidor - IDA Pomidor is a plugin for Hex-Ray's IDA Pro disassembler that will help you retain concentration and productivity during long reversing sessions.
• IDA Pro - A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger.
• IDA Sploiter - IDA Sploiter is a plugin for Hex-Ray's IDA Pro disassembler designed to enhance IDA's capabilities as an exploit development and vulnerability research tool.
• IDAPython - An IDA plugin which makes it possible to write scripts for IDA in the Python programming language.
• Immunity Debugger - A powerful new way to write exploits and analyze malware.
• JAD - JAD Java Decompiler.
• JD-GUI - Aims to develop tools in order to decompile and analyze Java 5 “byte code” and the later versions.
• Keystone Engine - A lightweight multi-platform, multi-architecture assembler framework.
• Mona.py - PyCommand for Immunity Debugger that replaces and improves on pvefindaddr.
• Medusa - A disassembler designed to be both modular and interactive.
• OllyDbg - An x86 debugger that emphasizes binary code analysis.
• Paimei - Reverse engineering framework, includes PyDBG, PIDA, pGRAPH.
• PEDA - Python Exploit Development Assistance for GDB.
• Plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
• Procyon - A modern open-source Java decompiler.
• Pyew - Command line hexadecimal editor and disassembler, mainly to analyze malware.
• Radare2 - Opensource, crossplatform reverse engineering framework.
• Toolbag - The IDA Toolbag is a plugin providing supplemental functionality to Hex-Rays IDA Pro disassembler.
• Unicorn Engine - A lightweight, multi-platform, multi-architecture CPU emulator framework based on QEMU.
• Voltron - An extensible debugger UI toolkit written in Python. It aims to improve the user experience of various debuggers (LLDB, GDB, VDB and WinDbg) by enabling the attachment of utility views that can retrieve and display data from the debugger host.
• WinDbg - Windows Driver Kit and WinDbg.
• WinHex - A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security.
• Unlinker - Unlinker is a tool that can rip functions out of Visual C++ compiled binaries and produce Visual C++ COFF object files.
• UPX - The Ultimate Packer for eXecutables.
• X64_dbg - An open-source x64/x32 debugger for windows.

Social Engineering

Framework

• SET - The Social-Engineer Toolkit from TrustedSec.

Harvester

• Creepy - A geolocation OSINT tool.
• Github-dorks - CLI tool to scan github repos/organizations for potential sensitive information leak.
• Maltego - Proprietary software for open source intelligence and forensics, from Paterva.
• Metagoofil - Metadata harvester.
• TheHarvester - E-mail, subdomain and people names harvester.

Phishing

• Whatsapp-phishing - Proof of principle code for running a phishing attack against the official Whatsapp Web client.