additional_tools.md

Additional Cybersecurity Tools

This document contains additional cybersecurity and penetration testing tools that don't fit into specific categories or span multiple categories. These tools have been collected from various sources and represent a comprehensive collection of security testing utilities.

For category-specific tools, please check the tools.md file in each respective directory:

• AI Research Tools
• Car Hacking Tools
• Cloud Resources Tools
• Password Cracking Tools
• Cryptography and PKI Tools
• DFIR Tools
• Exploit Development Tools
• Game Hacking Tools
• Honeypots and Honeynets Tools
• IoT Hacking Tools
• Linux Hardening Tools
• Mobile Security Tools
• Networking Tools
• OSINT Tools
• Post Exploitation Tools
• Reconnaissance Tools
• Reverse Engineering Tools
• Social Engineering Tools
• Threat Intelligence Tools
• Vulnerability Scanners
• Web Application Testing Tools
• Windows Tools
• Wireless Resources Tools

---

General Purpose and Multi-Category Tools

• 3klCon - Automation Recon Tool Which Works With Large And Medium Scope

• 4-ZERO-3 - 403/401 Bypass Methods + Bash Automation

• ADSearch - A Tool To Help Query AD Via The LDAP Protocol

• AF-ShellHunter - Auto Shell Lookup

• AMSITrigger - The Hunt For Malicious Strings

• AVCLASS++ - Yet Another Massive Malware Labeling Tool

• AVIator - Antivirus Evasion Project

• AceLdr - Cobalt Strike UDRL For Memory Scanner Evasion

• Aftermath - A Free macOS IR Framework

• Agente - Distributed Simple And Robust Release Management And Monitoring System

• Anevicon - A High-Performant UDP-based Load Generator

• Anteater - CI/CD Gate Check Framework

• Antispy - A Free But Powerful Anti Virus And Rootkits Toolkit

• ApacheTomcatScanner - A Python Script To Scan For Apache Tomcat Server Vulnerabilities

• ApplicationInspector - A Source Code Analyzer Built For Surfacing Features Of Interest And Other Characteristics To Answer The Question 'What'S In It' Using Static Analysis With A Json Based Rules Engine

• Arsenal - Recon Tool installer

• Asnap - Tool To Render Recon Phase Easier By Providing Updated Data About Which Companies Owns Which Ipv4 Or Ipv6 Addresses

• Atlas - Quick SQLMap Tamper Suggester

• AtomShields Cli - Security Testing Framework For Repositories And Source Code

• Atomic-Operator - A Python Package Is Used To Execute Atomic Red Team Tests (Atomics) Across Multiple Operating System Environments

• Attacker-Group-Predictor - Tool To Predict Attacker Groups From The Techniques And Software Used

• Aura - Python Source Code Auditing And Static Analysis On A Large Scale

• Aura - Python Source Code Auditing And Static Analysis On A Large Scale

• Authcov - Web App Authorisation Coverage Scanning

• Authelia - The Single Sign-On Multi-Factor Portal For Web Apps

• Authz0 - An Automated Authorization Test Tool. Unauthorized Access Can Be Identified Based On URLs And RolesAnd Credentials

• AutoGadgetFS - USB Testing Made Easy

• AutoPentest-DRL - Automated Penetration Testing Using Deep Reinforcement Learning

• AutoRDPwn v4.8 - The Shadow Attack Framework

• AutoRDPwn v5.0 - The Shadow Attack Framework

• AutoRDPwn v5.1 - The Shadow Attack Framework

• AutoSource - Automated Source Code Review Framework Integrated With SonarQube

• Avcleaner - C/C++ Source Obfuscator For Antivirus Bypass

• Axiom - A Dynamic Infrastructure Toolkit For Red Teamers And Bug Bounty Hunters!

• BADlnk - Reverse Shell In Shortcut File (.lnk)

• BADministration - Tool Which Interfaces with Management or Administration Applications from an Offensive Standpoint

• BITB - Browser In The Browser (BITB) Templates

• BSF - Botnet Simulation Framework

• BabyShark - Basic C2 Server

• BackBox Linux 6.0 - Ubuntu-based Linux Distribution Penetration Test and Security Assessment

• Backstab - A Tool To Kill Antimalware Protected Processes

• BadOutlook - (Kinda) Malicious Outlook Reader

• Bandit - Tool Designed To Find Common Security Issues In Python Code

• BaphoDashBoard - Dashboard For Manage And Generate The Baphomet Ransomware

• Baphomet - Basic Concept Of How A Ransomware Works

• Basecrack - Best Decoder Tool For Base Encoding Schemes

• Baserunner - A Tool For Exploring Firebase Datastores

• Bashtop - Linux/OSX/FreeBSD Resource Monitor

• Bastillion - A Web-Based SSH Console That Centrally Manages Administrative Access To Systems

• Bayanay - Python Wardriving Tool

• Bbrecon - Python Library And CLI For The Bug Bounty Recon API

• Bbscope - Scope Gathering Tool For HackerOne, Bugcrowd, And Intigriti!

• BeaconEye - Hunts Out CobaltStrike Beacons And Logs Operator Command Output

• Bearer - Code Security Scanning Tool (SAST) That Discover, Filter And Prioritize Security Risks And Vulnerabilities Leading To Sensitive Data Exposures (PII, PHI, PD)

• BetterBackdoor - A Backdoor With A Multitude Of Features

• Bing-Ip2Hosts - Bingip2Hosts Is A Bing.com Web Scraper That Discovers Websites By IP Address

• BlackArch Linux v2019.09.01 - Penetration Testing Distribution

• BlackStone - Pentesting Reporting Tool

• BlueHound - Tool That Helps Blue Teams Pinpoint The Security Issues That Actually Matter

• Bluewall - A Firewall Framework Designed For Offensive And Defensive Cyber Professionals

• BoNeSi - The DDoS Botnet Simulator

• Boko - Application Hijack Scanner For macOS

• Bomber - Scans Software Bill Of Materials (SBOMs) For Security Vulnerabilities

• Bootlicker - A Generic UEFI Bootkit Used To Achieve Initial Usermode Execution

• Bootlicker - A Generic UEFI Bootkit Used To Achieve Initial Usermode Execution

• Bore - Simple CLI Tool For Making Tunnels To Localhost

• Bpflock - eBPF Driven Security For Locking And Auditing Linux Machines

• Bpytop - Linux/OSX/FreeBSD Resource Monitor

• Browsertunnel - Surreptitiously Exfiltrate Data From The Browser Over DNS

• BruteLoops - Protocol Agnostic Online Password Guessing API

• Brutemap - Tool That Automates Testing Accounts To The Site's Login Page

• Brutto - Easy Brute Forcing To Whatever You Want

• Bughound - Static Code Analysis Tool Based On Elasticsearch

• Bugs-feed - A Local Hosted Portal Where You Can Search For The Latest News, Videos, CVEs, Vulnerabilities...

• ByeIntegrity-UAC - Bypass UAC By Hijacking A DLL Located In The Native Image Cache

• Byp4Xx - Simple Bash Script To Bypass "403 Forbidden" Messages With Well-Known Methods Discussed In #Bugbountytips

• Bypass-403 - A Simple Script Just Made For Self Use For Bypassing 403

• Bypass-Sandbox-Evasion - Bypass Malware Sandbox Evasion Ram Check

• Bypass-Url-Parser - Tool That Tests Many URL Bypasses To Reach A 40X Protected Page

• C2-Hunter - Extract C2 Traffic

• C99Shell-PHP7 - PHP 7 And Safe-Build Update Of The Popular C99 Variant Of PHP Shell

• CIMplant - C# Port Of WMImplant Which Uses Either CIM Or WMI To Query Remote Systems

• COM-Hunter - COM Hijacking VOODOO

• CRLFuzz - A Fast Tool To Scan CRLF Vulnerability Written In Go

• CVE Api - Parse & filter the latest CVEs from cve.mitre.org

• CVE-Tracker - With The Help Of This Automated Script, You Will Never Lose Track Of Recently Released CVEs

• CamPhish - Grab Cam Shots From Target'S Phone Front Camera Or PC Webcam Just Sending A Link.

• Casper-Fs - A Custom Hidden Linux Kernel Module Generator. Each Module Works In The File System To Protect And Hide Secret Files

• Cat-Nip - Automated Basic Pentest Tool (Designed For Kali Linux)

• Cervantes - Collaborative Platform For Pentesters Or Red Teams Who Want To Save Time To Manage Their Projects, Clients, Vulnerabilities And Reports In One Place

• ChangeTower - Tool To Help You Watch Changes In Webpages And Get Notified Of Any Changes

• Chaya - Advance Image Steganography

• Chepy - A Python Lib/Cli Equivalent Of The Awesome CyberChef Tool.

• Chisel-Strike - A .NET XOR Encrypted Cobalt Strike Aggressor Implementation For Chisel To Utilize Faster Proxy And Advanced Socks5 Capabilities

• Chlonium - Chromium Cookie Import / Export Tool

• ChopChop - ChopChop Is A CLI To Help Developers Scanning Endpoints And Identifying Exposition Of Sensitive Services/Files/Folders

• Chromepass - Hacking Chrome Saved Passwords

• Cirrusgo - A Fast Tool To Scan SAAS, PAAS App Written In Go

• Clash - A Rule-Based Tunnel In Go

• Clash - A Rule-Based Tunnel In Go

• ClearURLs - An Add-On Based On The New WebExtensions Technology And Will Automatically Remove Tracking Elements From URLs To Help Protect Your Privacy

• Clipboardme - Grab And Inject Clipboard Content By Link

• CobaltStrikeParser - Python parser for CobaltStrike Beacon's configuration

• CobaltStrikeScan - Scan Files Or Process Memory For CobaltStrike Beacons And Parse Their Configuration

• CodeAnalysis - Static Code Analysis

• Codecat v0.56 - An Open-Source Tool To Help You Find/Track User Input Sinks And Security Bugs Using Static Code Analysis

• ColdFire - Golang Malware Development Library

• Confused - Tool To Check For Dependency Confusion Vulnerabilities In Multiple Package Management Systems

• Converting MBOX to Outlook Easily

• CorsMe - Cross Origin Resource Sharing MisConfiguration Scanner

• Corsy - CORS Misconfiguration Scanner

• Corsy v1.0 - CORS Misconfiguration Scanner

• Cortex-XDR-Config-Extractor - Cortex XDR Config Extractor

• Covenant - A .NET Command And Control Framework For Red Teamers

• Covert-Tube - Youtube As Covert-Channel - Control Systems Remotely And Execute Commands By Uploading Videos To Youtube

• Cpufetch - Simplistic Yet Fancy CPU Architecture Fetching Tool

• Crescendo - A Swift Based, Real Time Event Viewer For macOS - It Utilizes Apple's Endpoint Security Framework

• Croc - Easily And Securely Send Things From One Computer To Another

• Cspparse - A Tool To Evaluate Content Security Policies

• Ctf-Screenshotter - A CTF Web Challenge About Making Screenshots

• Cuteit v0.2.1 - IP Obfuscator Made To Make A Malicious Ip A Bit Cuter

• DCVC2 - A Golang Discord C2 Unlike Any Other

• DFShell - The Best Forwarded Shell

• DLInjector-GUI - DLL Injector Graphical User Interface

• DLLPasswordFilterImplant - DLL Password Filter Implant With Exfiltration Capabilities

• DNCI - Dot Net Code Injector

• DNS Rebinding Tool - DNS Rebind Tool With Custom Scripts

• DNSrecon-gui - DNSrecon Tool With GUI For Kali Linux

• DNSrr - A Tool Written In Bash, Used To Enumerate All The Juicy Stuff From DNS

• DNSteal v2.0 - DNS Exfiltration Tool For Stealthily Sending Files Over DNS Requests

• DNSx - A Fast And Multi-Purpose DNS Toolkit Allow To Run Multiple DNS Queries Of Your Choice With A List Of User-Supplied Resolvers

• DVS - D(COM) V(ulnerability) S(canner) AKA Devious Swiss Army Knife

• DarkLoadLibrary - LoadLibrary For Offensive Operations

• DcRat - A Simple Remote Tool Written In C#

• Ddoor - Cross Platform Backdoor Using Dns Txt Records

• Ddosify - High-performance Load Testing Tool

• Deadfinder - Find Dead-Links (Broken Links)

• DeathRansom - A Ransomware Developed In Python, With Bypass Technics, For Educational Purposes

• Decker - Declarative Penetration Testing Orchestration Framework

• DefectDojo v1.5.4 - Application Vulnerability Correlation And Security Orchestration Application

• DefenderCheck - Identifies The Bytes That Microsoft Defender Flags On

• Depix - Recovers Passwords From Pixelized Screenshots

• Diaphora - The Most Advanced Free And Open Source Program Diffing Tool

• Diceware-Password-Generator - Python Implementation Of The Diceware Password Generating Algorithm

• DigiTrack - Attacks For $5 Or Less Using Arduino

• DirDar - A Tool That Searches For (403-Forbidden) Directories To Break It And Get Dir Listing On It

• DirSearch - A Go Implementation Of Dirsearch

• Dirstalk - Modern Alternative To Dirbuster/Dirb

• DiscordRAT - Discord Remote Administration Tool Fully Written In Python

• Dismember - Scan Memory For Secrets And More

• Dlinject - Inject A Shared Library (I.E. Arbitrary Code) Into A Live Linux Process, Without Ptrace

• Dnsdmpstr - Unofficial API & Client For Dnsdumpster.Com And Hackertarget.Com

• Dnspeep - Spy On The DNS Queries Your Computer Is Making

• Dnxfirewall - A Pure Python Next Generation Firewall Built On Top Of Linux Kernel/Netfilter

• Doenerium - Fully Undetected Grabber (Grabs Wallets, Passwords, Cookies, Modifies Discord Client Etc.)

• Dolos Cloak - Automated 802.1X Bypass

• DonPAPI - Dumping DPAPI Credz Remotely

• Dontgo403 - Tool To Bypass 40X Response Codes

• Dorkify - Perform Google Dork Search

• DotDumper - An Automatic Unpacker And Logger For DotNet Framework Targeting Files

• DrMITM - Program Designed To Globally Log All Traffic Of A Website

• Driftwood - Private Key Usage Verification

• DroneSploit - Drone Pentesting Framework Console

• Dufflebag - Search Exposed EBS Volumes For Secrets

• DumpTheGit - Searches Through Public Repositories To Find Sensitive Information Uploaded To The Github Repositories

• E9Patch - A Powerful Static Binary Rewriting Tool

• ELFXtract - An Automated Analysis Tool Used For Enumerating ELF Binaries

• Echidna - Ethereum Fuzz Testing Framework

• Ehtools - Framework Of Serious Wi-Fi Penetration Tools

• Electronegativity - Tool To Identify Misconfigurations And Security Anti-Patterns In Electron Applications

• Elemental - An MITRE ATTACK Threat Library

• Elpscrk - An Intelligent Common User-Password Profiler Based On Permutations And Statistics

• Etl-Parser - Event Trace Log File Parser In Pure Python

• Evil Clippy - A Cross-Platform Assistant For Creating Malicious MS Office Documents

• Evil-Winrm - The Ultimate WinRM Shell For Hacking/Pentesting

• EvilDLL - Malicious DLL (Reverse Shell) Generator For DLL Hijacking

• EvilSelenium - A Tool That Weaponizes Selenium To Attack Chromium Based Browsers

• Evilgophish - Evilginx2 + Gophish

• Eviloffice - Inject Macro And DDE Code Into Excel And Word Documents (Reverse Shell)

• Exe_To_Dll - Converts A EXE Into DLL

• ExecuteAssembly - Load/Inject .NET Assemblies

• Exegol - Exegol Is A Kali Light Base With A Few Useful Additional Tools And Some Basic Configuration

• ExtAnalysis - Browser Extension Analysis Framework

• FFM (Freedom Fighting Mode) - Open Source Hacking Harness

• FLASHMINGO - Automatic Analysis Of SWF Files Based On Some Heuristics

• FOCA - Tool To Find Metadata And Hidden Information In The Documents

• FTPBruter - A FTP Server Brute Forcing Tool

• FUSE - A Penetration Testing Tool For Finding File Upload Bugs

• Fake-Sms - A Simple Command Line Tool Using Which You Can Skip Phone Number Based SMS Verification By Using A Temporary Phone Number That Acts Like A Proxy

• FakeDataGen - Full Valid Fake Data Generator

• Faraday - Open Source Vulnerability Management Platform

• Faraday Community - Open Source Penetration Testing and Vulnerability Management Platform

• Faraday presents the latest version of their Security Platform for Vulnerability Management Automation

• Faraday v3.11 - Collaborative Penetration Test and Vulnerability Management Platform

• Faraday v3.12 - Collaborative Penetration Test and Vulnerability Management Platform

• Faraday v3.5 - Collaborative Penetration Test and Vulnerability Management Platform

• Faraday v3.6 - Collaborative Penetration Test and Vulnerability Management Platform

• Faraday v3.7 - Collaborative Penetration Test and Vulnerability Management Platform

• Faraday v3.8 - Collaborative Penetration Test and Vulnerability Management Platform

• Fast-Google-Dorks-Scan - Fast Google Dorks Scan

• Fast-Security-Scanners - Security Checks For Your Researches

• FastNetMon Community - Very Fast DDoS Analyzer With Sflow/Netflow/Mirror Support

• Faxhell - A Bind Shell Using The Fax Service And A DLL Hijack

• Fhex - A Full-Featured HexEditor

• Fiber - Using Fibers To Run In-Memory Code In A Different And Stealthy Way

• FiddleZAP - A Simplified Version Of EKFiddle For OWASP ZAP

• FindObjects-BOF - A Cobalt Strike Beacon Object File (BOF) Project Which Uses Direct System Calls To Enumerate Processes For Specific Loaded Modules Or Process Handles

• Findwall - Check If Your Provider Is Blocking You!

• Finshir - A Coroutines-Driven Low And Slow Traffic Sender, Written In Rust

• Firebase-Extractor - A Tool Written In Python For Scraping Firebase Data

• Flask-Session-Cookie-Manager - Flask Session Cookie Decoder/Encoder

• Flawfinder - A Static Analysis Tool For Finding Vulnerabilities In C/C++ Source Code

• Flux-Keylogger - Modern Javascript Keylogger With Web Panel

• Fnord - Pattern Extractor For Obfuscated Code

• FockCache - Minimalized Test Cache Poisoning

• ForceAdmin - Create Infinite UAC Prompts Forcing A User To Run As Admin

• Free Cynet Threat Assessment for Mid-sized and Large Organizations

• Frp - A Fast Reverse Proxy To Help You Expose A Local Server Behind A NAT Or Firewall To The Internet

• Fsociety - A Modular Penetration Testing Framework

• GC2 - A Command And Control Application That Allows An Attacker To Execute Commands On The Target Machine Using Google Sheet And Exfiltrate Data Using Google Drive

• GDir-Thief - Red Team Tool For Exfiltrating The Target Organization'S Google People Directory That You Have Access To, Via Google's API

• GRAT2 - Command And Control (C2) Project For Learning Purpose

• GRecon - Your Google Recon Is Now Automated

• GUAC - Aggregates Software Security Metadata Into A High Fidelity Graph Database

• GWTMap - Tool to help map the attack surface of Google Web Toolkit

• Game-based learning platform provides full immersion into cybersecurity

• Geacon - Implement CobaltStrike's Beacon In Go

• Genisys - Powerful Telegram Members Scraping And Adding Toolkit

• Get-AppLockerEventlog - Script For Fetching Applocker Event Log By Parsing The Win-Event Log

• Gh-Dork - Github Dorking Tool

• GhostSquadHackers - Encrypt/Encode Your Javascript Code

• Git-Dumper - A Tool To Dump A Git Repository From A Website

• Git-Hound - Find Exposed Keys Across GitHub Using Code Search Keywords

• Git-Hound v1.1 - GitHound Pinpoints Exposed API Keys On GitHub Using Pattern Matching, Commit History Searching, And A Unique Result Scoring System

• Git-Secret - Go Scripts For Finding An API Key / Some Keywords In Repository

• Git-Vuln-Finder - Finding Potential Software Vulnerabilities From Git Commit Messages

• Git-Wild-Hunt - A Tool To Hunt For Credentials In Github Wild AKA Git*Hunt

• GitDorker - A Tool To Scrape Secrets From GitHub Through Usage Of A Large Repository Of Dorks

• GitGot - Semi-automated, Feedback-Driven Tool To Rapidly Search Through Troves Of Public Data On GitHub For Sensitive Secrets

• Gitcolombo - Extract And Analyze Contributors Info From Git Repos

• Gitlab-Watchman - Monitoring GitLab For Sensitive Data Shared Publicly

• GiveMeSecrets - Use Regular Expressions To Get Sensitive Information From A Given Repository (GitHub, Pip Or Npm)

• Go-Dork - The Fastest Dork Scanner Written In Go

• Go365 - An Office365 User Attack Tool

• GoSH - Golang Reverse/Bind Shell Generator

• Gobuster v3.0 - Directory/File, DNS And VHost Busting Tool Written In Go

• Goca Scanner - FOCA fork written in Go

• Gokart - A Static Analysis Tool For Securing Go Code

• Golddigger - Search Files For Gold

• Gosec - Golang Security Checker

• Gowitness - A Golang, Web Screenshot Utility Using Chrome Headless

• Gping - Ping, But With A Graph

• Grawler - Tool Which Comes With A Web Interface That Automates The Task Of Using Google Dorks, Scrapes The Results, And Stores Them In A File

• Grepmarx - A Source Code Static Analysis Platform For AppSec Enthusiasts

• Grouper2 - Find Vulnerabilities In AD Group Policy

• Gtunnel - A Robust Tunelling Solution Written In Golang

• Guardedbox - Online Client-Side Manager For Secure Storage And Secrets Sharing

• Gundog - Guided Hunting In Microsoft 365 Defender

• H2T - Scans A Website And Suggests Security Headers To Apply

• HELK - The Hunting ELK

• HaccTheHub - Open Source Self-Hosted Cyber Security Learning Platform

• HackBrowserData - Decrypt Passwords/Cookies/History/Bookmarks From The Browser

• HackingTool - ALL IN ONE Hacking Tool For Hackers

• Hacktory platform packed with new game-playing features

• Harbian-Audit - Hardened Debian GNU/Linux Distro Auditing

• HardHatC2 - A C# Command And Control Framework

• Hardcodes - Find Hardcoded Strings From Source Code

• Hcltm - Documenting Your Threat Models With HCL

• Heapinspect - Inspect Heap In Python

• Herpaderping - Process Herpaderping Bypasses Security Products By Obscuring The Intentions Of A Process

• Hershell - Multiplatform Reverse Shell Generator

• Hijackthis - A Free Utility That Finds Malware, Adware And Other Security Threats

• HikPwn - A Simple Scanner For Hikvision Devices

• Hmmcookies - Grab Cookies From Firefox, Chrome, Opera Using A Shortcut File (Bypass UAC)

• Horusec - An Open Source Tool That Improves Identification Of Vulnerabilities In Your Project With Just One Command

• Hostintel - A Modular Python Application To Collect Intelligence For Malicious Hosts

• How to Free Recover Deleted Files on Your Mac

• How to Report IP Addresses

• Huan - Encrypted PE Loader Generator

• HybridTestFramework - End To End Testing Of Web, API And Security

• INTERCEPT - Policy As Code Static Analysis Auditing

• IPCDump - Tool For Tracing Interprocess Communication (IPC) On Linux

• IPFinder CLI - The Official Command Line Client For IPFinder

• ImHex - A Hex Editor For Reverse Engineers, Programmers And People That Value Their Eye Sight When Working At 3 AM.

• Impost3r - A Linux Password Thief

• Impulse - Impulse Denial-of-service ToolKit

• Inject-Assembly - Inject .NET Assemblies Into An Existing Process

• Instantbox - Get A Clean, Ready-To-Go Linux Box In Seconds

• Interlace - Easily Turn Single Threaded Command Line Applications Into Fast, Multi Threaded Ones With CIDR And Glob Support

• Invoker - Penetration Testing Utility

• Iox - Tool For Port Forward &Amp; Intranet Proxy

• JSFScan.sh - Automation For Javascript Recon In Bug Bounty

• JSMon - JavaScript Change Monitor for BugBounty

• JWT Tool - A Toolkit For Testing, Tweaking And Cracking JSON Web Tokens

• JWTweak - Detects The Algorithm Of Input JWT Token And Provide Options To Generate The New JWT Token Based On The User Selected Algorithm

• Jscythe - Abuse The Node.Js Inspector Mechanism In Order To Force Any Node.Js/Electron/V8 Based Process To Execute Arbitrary Javascript Code

• Jsfinder - Fetches JavaScript Files Quickly And Comprehensively

• Jshole - A JavaScript Components Vulnrability Scanner, Based On RetireJS

• Just-Metadata - Tool That Gathers And Analyzes Metadata About IP Addresses

• Jwtear - Modular Command-Line Tool To Parse, Create And Manipulate JWT Tokens For Hackers

• KICS - Find Security Vulnerabilities, Compliance Issues, And Infrastructure Misconfigurations Early In The Development Cycle Of Your Infrastructure-As-Code

• KITT-Lite - Python-Based Pentesting CLI Tool

• KRF - A Kernelspace Randomized Faulter

• KRIe - Linux Kernel Runtime Integrity With eBPF

• Kaboom - Automatic Pentest

• Kali Linux 2019.2 Release - Penetration Testing and Ethical Hacking Linux Distribution

• Kali Linux 2019.4 Release - Penetration Testing and Ethical Hacking Linux Distribution

• Kali Linux 2020.1 Release - Penetration Testing and Ethical Hacking Linux Distribution

• Kali Linux 2020.2 Release - Penetration Testing and Ethical Hacking Linux Distribution

• Kali Linux 2020.3 Release - Penetration Testing and Ethical Hacking Linux Distribution

• Kali Linux 2020.4 - Penetration Testing and Ethical Hacking Linux Distribution

• Kali Linux 2021.1 - Penetration Testing and Ethical Hacking Linux Distribution

• Kali Linux 2021.3 - Penetration Testing and Ethical Hacking Linux Distribution

• Kali Linux 2022.1 - Penetration Testing and Ethical Hacking Linux Distribution

• Kali Linux 2022.2 - Penetration Testing and Ethical Hacking Linux Distribution

• Kali Linux 2022.3 - Penetration Testing and Ethical Hacking Linux Distribution

• Kali Linux 2022.4 - Penetration Testing and Ethical Hacking Linux Distribution

• Kali Linux 2023.1 - Penetration Testing and Ethical Hacking Linux Distribution

• Kali Linux 2023.2 - Penetration Testing and Ethical Hacking Linux Distribution

• Kali-Linux-Tools-Interface - Graphical Web Interface Developed To Facilitate The Use Of Security Information Tools

• Kali-Whoami - A Privacy Tool Developed To Keep You Anonymous On Kali Linux At The Highest Level

• Kam1n0 - Assembly Analysis Platform

• Karton - Distributed Malware Processing Framework Based On Python, Redis And MinIO

• Katana - A Python Tool For Google Hacking

• Katoolin3 - Get Your Favourite Kali Linux Tools On Debian/Ubuntu/Linux Mint

• KatroLogger - KeyLogger For Linux Systems

• Kconfig-Hardened-Check - A Tool For Checking The Hardening Options In The Linux Kernel Config

• Kerberoast - Kerberoast Attack -Pure Python-

• KnockOutlook - A Little Tool To Play With Outlook

• Kodex - A Privacy And Security Engineering Toolkit: Discover, Understand, Pseudonymize, Anonymize, Encrypt And Securely Share Sensitive And Personal Data: Privacy And Security As Code

• Koh - The Token Stealer

• Kraker - Distributed Password Brute-Force System That Focused On Easy Use

• KsDumper - Dumping Processes Using The Power Of Kernel Space

• LAPSToolkit - Tool To Audit And Attack LAPS Environments

• LAVA - Large-scale Automated Vulnerability Addition

• LDAP shell - AD ACL Abuse

• LDAP-Password-Hunter - Password Hunter In The LDAP Infamous Database

• LDAPmonitor - Monitor Creation, Deletion And Changes To LDAP Objects Live During Your Pentest Or System Administration!

• LKWA - Lesser Known Web Attack Lab

• LNAV - Log File Navigator

• LOLBAS - Living Off The Land Binaries And Scripts (LOLBins And LOLScripts)

• LOLBITS - C# Reverse Shell Using Background Intelligent Transfer Service (BITS) As Communication Protocol

• LOLBins - PyQT5 App For LOLBAS And GTFOBins

• Lazy-RDP - Script For AutomRDPatic Scanning And Brute-Force

• Lazygit - Simple Terminal UI For Git Commands

• Lazymux - A Huge List Of Many Hacking Tools And PEN-TESTING Tools

• Ldsview - Offline search tool for LDAP directory dumps in LDIF format

• Ligolo - Reverse Tunneling Made Easy For Pentesters, By Pentesters

• Ligolo-Ng - An Advanced, Yet Simple, Tunneling/Pivoting Tool That Uses A TUN Interface

• Link - A Command And Control Framework Written In Rust

• LittleCorporal - A C# Automated Maldoc Generator

• LoGiC.NET - A More Advanced Free And Open .NET Obfuscator Using Dnlib

• Locator - Geolocator, Ip Tracker, Device Info By URL (Serveo And Ngrok)

• Lockdoor Framework - A Penetration Testing Framework With Cyber Security Resources

• Log4J-Detect - Script To Detect The "Log4j" Java Library Vulnerability (CVE-2021-44228) For A List Of URLs With Multithreading

• Longtongue - Customized Password/Passphrase List Inputting Target Info

• Lunar - A Lightweight Native DLL Mapping Library That Supports Mapping Directly From Memory

• Lynis 2.7.3 - Security Auditing Tool for Unix/Linux Systems

• Lynis 2.7.5 - Security Auditing Tool for Unix/Linux Systems

• Lynis 3.0.0 - Security Auditing Tool for Unix/Linux Systems

• M365_Groups_Enum - Enumerate Microsoft 365 Groups In A Tenant With Their Metadata

• MHDDoS - DDoS Attack Script With 56 Methods

• MSMAP - Memory WebShell Generator

• MUD-Visualizer - A Tool To Visualize MUD Files

• MUI - A GUI Plugin For Binary Ninja To Easily Interact With And View The Progress Of Manticore

• MZAP - Multiple Target ZAP Scanning

• Maat - Open-source Symbolic Execution Framework

• MacC2 - Mac Command And Control That Uses Internal API Calls Instead Of Command Line Utilities

• Machinae v1.4.8 - Security Intelligence Collector

• Macrome - Excel Macro Document Reader/Writer For Red Teamers And Analysts

• MalSCCM - Tool To Abuse Local Or Remote SCCM Servers To Deploy Malicious Applications

• Maldev-For-Dummies - A Workshop About Malware Development

• Malice - VirusTotal Wanna Be (Now With 100% More Hipster)

• Malwarescanner - Simple Malware Scanner Written In Python

• Malwinx - Just A Normal Flask Web App To Understand Win32Api With Code Snippets And References

• ManaTI - A Web-Based Tool To Assist The Work Of The Intuitive Threat Analysts

• Master_Librarian - A Simple Tool To Audit Unix/*BSD/Linux System Libraries To Find Public Security Vulnerabilities

• Melting-Cobalt - A Cobalt Strike Scanner That Retrieves Detected Team Server Beacons Into A JSON Object

• MemGuard - Secure Software Enclave For Storage Of Sensitive Information In Memory

• MemProcFS - The Memory Process File System

• MemoryMapper - Lightweight Library Which Allows The Ability To Map Both Native And Managed Assemblies Into Memory

• Metabigor - Command Line Search Engines Without Any API Key

• Metabigor - Intelligence Tool But Without API Key

• Minimalistic-offensive-security-tools - A Repository Of Tools For Pentesting Of Restricted And Isolated Environments

• Mininode - A CLI Tool To Reduce The Attack Surface Of The Node.js Applications By Using Static Analysis

• Mistica - An Open Source Swiss Army Knife For Arbitrary Communication Over Application Protocols

• Modded-Ubuntu - Run Ubuntu GUI On Your Termux With Much Features

• Moriarty-Project - This Tool Gives Information About The Phone Number That You Entered

• Mosca - Manual Search Tool To Find Bugs Like A Grep Unix Command

• MozDef - Mozilla Enterprise Defense Platform

• Msldap - LDAP Library For Auditing MS AD

• Mubeng - An Incredibly Fast Proxy Checker And IP Rotator With Ease

• MultiPotato - Another Potato to get SYSTEM via SeImpersonate privileges

• Multiscanner - Modular File Scanning/Analysis Framework

• MyJWT - A Cli For Cracking, Testing Vulnerabilities On Json Web Token (JWT)

• Mysql-Magic - Dump Mysql Client Password From Memory

• Mythic - A Collaborative, Multi-Platform, Red Teaming Framework

• NashaVM - A Virtual Machine For .NET Files And Its Runtime Was Made In C++/CLI

• NebulousAD - Automated Credential Auditing Tool

• Needle - Instant Access To You Bug Bounty Submission Dashboard On Various Platforms + Publicly Disclosed Reports + #Bugbountytip

• Netdata - Real-time Performance Monitoring

• Neton - Tool For Getting Information From Internet Connected Sandboxes

• Netstat2Neo4J - Create Cypher Create Statements For Neo4J Out Of Netstat Files From Multiple Machines

• Nettacker - Automated Penetration Testing Framework

• Nginxpwner - Tool to look for common Nginx misconfigurations and vulnerabilities

• Nidhogg - All-In-One Simple To Use Rootkit For Red Teams

• NimGetSyscallStub - Get Fresh Syscalls From A Fresh Ntdll.Dll Copy

• NimGetSyscallStub - Get Fresh Syscalls From A Fresh Ntdll.Dll Copy

• NimPlant - A Light-Weight First-Stage C2 Implant Written In Nim

• Nimbo-C2 - Yet Another (Simple And Lightweight) C2 Framework

• Nimbo-C2 - Yet Another (Simple And Lightweight) C2 Framework

• Nimc2 - A C2 Fully Written In Nim

• Nimplant - A Cross-Platform Implant Written In Nim

• Ninja - Open Source C2 Server Created For Stealth Red Team Operations

• Njsscan - A Semantic Aware SAST Tool That Can Find Insecure Code Patterns In Your Node.js Applications

• NodeSecurityShield - A Developer And Security Engineer Friendly Package For Securing NodeJS Applications

• Noseyparker - A Command-Line Program That Finds Secrets And Sensitive Information In Textual Data And Git History

• Notionterm - Embed Reverse Shell In Notion Pages

• Nuages - A Modular C2 Framework

• Nuclearpond - A Utility Leveraging Nuclei To Perform Internet Wide Scans For The Cost Of A Cup Of Coffee

• Nuubi Tools - Information Ghatering, Scanner And Recon

• O365-Attack-Toolkit - A Toolkit To Attack Office365

• O365-Doppelganger - A Quick Handy Script To Harvest Credentials Off Of A User During A Red Team And Get Execution Of A File From The User

• OFRAK - Unpack, Modify, And Repack Binaries

• OKadminFinder - Admin Panel Finder / Admin Login Page Finder

• OSCP-Exam-Report-Template-Markdown - Markdown Templates For Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP Exam Report

• OSFMount - Mount Disk Images & Create RAM Drives

• OSRipper - AV Evading OSX Backdoor And Crypter Framework

• OSSEM - A Tool To Assess Data Quality

• OSSEM - Open Source Security Events Metadata

• OSV - Open Source Vulnerability DB And Triage Service

• OWASP Threat Dragon - Cross-Platform Threat Modeling Application

• Ocr-Recon - Tool To Find A Particular String In A List Of URLs Using Tesseract'S OCR (Optical Character Recognition) Capabilities

• OffensiveNotion - Notion As A Platform For Offensive Operations

• OffensivePipeline - Tool To Download, Compile (Without Visual Studio) And Obfuscate C# Tools For Red Team Exercises

• OffensiveRust - Rust Weaponization For Red Team Engagements

• OffensiveVBA - Code Execution And AV Evasion Methods For Macros In Office Documents

• OhMyQR - Hijack Services That Relies On QR Code Authentication

• Okadminfinder3 - Admin Panel Finder / Admin Login Page Finder

• Onex - A Library Of Hacking Tools For Termux And Other Linux Distributions

• OnionSearch - A Script That Scrapes Urls On Different .Onion Search Engines

• Onionservice - Manage Your Onion Services Via CLI Or TUI On Unix-like Operating System With A POSIX Compliant Shell

• Open Sesame - A Tool Which Runs To Display Random Publicly Disclosed Hackerone Reports When Bored

• Open-Sesame - A Python Tool Which Runs To Display Random Publicly Disclosed Hackerone Reports When Bored

• OpenCVE - CVE Alerting Platform

• Orbitaldump - A Simple Multi-Threaded Distributed SSH Brute-Forcing Tool Written In Python

• Osmedeus - A Workflow Engine For Offensive Security

• Overlord - Red Teaming Infrastructure Automation

• PAKURI - Penetration Test Achieve Knowledge Unite Rapid Interface

• PAnalizer - Pornography Analizer And Face Searching

• PCFG Cracker - Probabilistic Context Free Grammar (PCFG) Password Guess Generator

• PESTO - PE (files) Statistical Tool

• PHP Security Check List

• PHPStan - PHP Static Analysis Tool (Discover Bugs In Your Code Without Running It!)

• PR-DNSd - Passive-Recursive DNS Daemon

• PTF v2.3 - The Penetration Testers Framework Is A Way For Modular Support For Up-To-Date Tools

• PackageDNA - Tool To Analyze Software Packages Of Different Programming Languages That Are Being Or Will Be Used In Their Codes

• Packj - Large-Scale Security Analysis Platform To Detect Malicious/Risky Open-Source Packages

• Padding-Oracle-Attacker - CLI Tool And Library To Execute Padding Oracle Attacks Easily

• Pagodo - Automate Google Hacking Database Scraping And Searching

• Pamspy - Credentials Dumper For Linux Using eBPF

• Paragon - Red Team Engagement Platform With The Goal Of Unifying Offensive Tools Behind A Simple UI

• ParamKit - A Small Library Helping To Parse Commandline Parameters

• Parameth - This Tool Can Be Used To Brute Discover GET And POST Parameters

• PartyLoud - A Simple Tool To Generate Fake Web Browsing And Mitigate Tracking

• PassMute - PassMute - A Multi Featured Password Transmutation/Mutator Tool

• PassMute - PassMute - A Multi Featured Password Transmutation/Mutator Tool

• Password Lense - Reveal Character Types In A Password

• Pastego - Scrape/Parse Pastebin Using GO And Expression Grammar (PEG)

• Pax - CLI Tool For PKCS7 Padding Oracle Attacks

• PeTeReport - An Open-Source Application Vulnerability Reporting Tool

• Peetch - An eBPF Playground

• Penelope - Shell Handler

• Penta - Open Source All-In-One CLI Tool To Automate Pentesting

• Pftriage - Python Tool And Library To Help Analyze Files During Malware Triage And Analysis

• Phonia Toolkit - One Of The Most Advanced Toolkits To Scan Phone Numbers Using Only Free Resources

• Php-Malware-Finder - Detect Potentially Malicious PHP Files

• Php_Code_Analysis - San your PHP code for vulnerabilities

• Phpvuln - Audit Tool To Find Common Vulnerabilities In PHP Source Code

• Pillager - Filesystems For Sensitive Information With Go

• Pinecone - A WLAN Red Team Framework

• Pinecone - A WLAN Red Team Framework

• Pip-Audit - Audits Python Environments And Dependency Trees For Known Vulnerabilities

• Platbox - UEFI And SMM Assessment Tool

• Platbox - UEFI And SMM Assessment Tool

• Platypus - A Modern Multiple Reverse Shell Sessions Manager Written In Go

• Plution - Prototype Pollution Scanner Using Headless Chrome

• PoW-Shield - Project Dedicated To Fight DDoS And Spam With Proof Of Work, Featuring An Additional WA

• PoshC2 - C2 Server and Implants

• Posta - Cross-document Messaging Security Research Tool

• Presshell - Quick And Dirty Wordpress Command Execution Shell

• Print-My-Shell - Tool To Automate The Process Of Generating Various Reverse Shells

• Prithvi - Report Generation Tool

• ProcDump - A Linux Version Of The ProcDump Sysinternals Tool

• Process Hacker - A Free, Powerful, Multi-Purpose Tool That Helps You Monitor System Resources, Debug Software And Detect Malware

• Process_Overwriting - Yet Another Variant Of Process Hollowing

• Project-Black - Pentest/BugBounty Progress Control With Scanning Modules

• Ps-Tools - An Advanced Process Monitoring Toolkit For Offensive Operations

• Pstf2 - Passive Security Tools Fingerprinting Framework

• Pulsar - Data Exfiltration And Covert Communication Tool

• Purify - All-in-one Tool For Managing Vulnerability Reports From AppSec Pipelines

• PwnLnX - An Advanced Multi-Threaded, Multi-Client Python Reverse Shell For Hacking Linux Systems

• Pwncat - Fancy Reverse And Bind Shell Handler

• Pwndoc - Pentest Report Generator

• PyHook - An Offensive API Hooking Tool Written In Python Designed To Catch Various Credentials Within The API Call

• PyShell - Multiplatform Python WebShell

• PyWhatCMS - Unofficial WhatCMS API Package

• Pycrypt - Python Based Crypter That Can Bypass Any Kinds Of Antivirus Products

• Pylane - An Python VM Injector With Debug Tools, Based On GDB

• Pyre-Check - Performant Type-Checking For Python

• Pystinger - Bypass Firewall For Traffic Forwarding Using Webshell

• PythonMemoryModule - Pure-Python Implementation Of MemoryModule Technique To Load Dll And Unmanaged Exe Entirely From Memory

• Pytm - A Pythonic Framework For Threat Modeling

• QRGen - Simple Script For Generating Malformed QRCodes

• Qiling - Advanced Binary Emulation Framework

• QueenSono - Golang Binary For Data Exfiltration With ICMP Protocol

• Quiver - Tool To Manage All Of Your Tools For Bug Bounty Hunting And Penetration Testing

• R4Ven - Track Ip And GPS Location

• RCLocals - Linux Startup Analyzer

• RDPHijack-BOF - Cobalt Strike Beacon Object File (BOF) That Uses WinStationConnect API To Perform Local/Remote RDP Session Hijacking

• REST-Attacker - Designed As A Proof-Of-Concept For The Feasibility Of Testing Generic Real-World REST Implementations

• REW-sploit - Emulate And Dissect MSF And Other Attacks

• RITA - Real Intelligence Threat Analytics

• RS256-2-HS256 - JWT Attack To Change The Algorithm RS256 To HS256

• Rabid - A CLI Tool And Library Allowing To Simply Decode All Kind Of BigIP Cookies

• Ransomware-Simulator - Ransomware Simulator Written In Golang

• RapidRepoPull - Tool To Quickly Pull And Install Repos From A List

• Rbuster - Yet Another Dirbuster

• Rdesktop - Open Source Client for Microsoft's RDP protocol

• Rdpscan - A Quick Scanner For The CVE-2019-0708 "BlueKeep" Vulnerability

• Rebel-Framework - Advanced And Easy To Use Penetration Testing Framework

• Recaf - A Modern Java Bytecode Editor

• Recon Simplified with Spyse

• ReconPal - Leveraging NLP For Infosec

• Reconftw - Simple Script For Full Recon

• RedPeanut - A Small RAT Developed In .Net Core 2 And Its Agent In .Net 3.5/4.0

• RedditC2 - Abusing Reddit API To Host The C2 Traffic, Since Most Of The Blue-Team Members Use Reddit, It Might Be A Great Way To Make The Traffic Look Legit

• Redpill - Assist Reverse Tcp Shells In Post-Exploration Tasks

• Rehex - Reverse Engineers' Hex Editor

• Rekono - Execute Full Pentesting Processes Combining Multiple Hacking Tools Automatically

• Reload.sh - Reinstall, Restore And Wipe Your System Via SSH, Without Rebooting

• Remot3d v2.0 - Tool Created For Large Pentesters As Well As Just For The Pleasure Of Defacers To Control Server By Backdoors

• Reposaur - The Open Source Compliance Tool For Development Platforms

• Reproxy - Simple Edge Server / Reverse Proxy

• Retoolkit - Reverse Engineer's Toolkit

• Reverie - Automated Pentest Tools Designed For Parrot Linux

• Reverse Shell Cheat Sheet

• Reverse_SSH - SSH Based Reverse Shell

• Revshellgen - Reverse Shell Generator Written In Python.

• Rip Raw - Small Tool To Analyse The Memory Of Compromised Linux Systems

• RiskAssessmentFramework - Static Application Security Testing

• RogueAssemblyHunter - Rogue Assembly Hunter Is A Utility For Discovering 'Interesting' .NET CLR Modules In Running Processes

• RottenPotatoNG - A C++ DLL And Standalone C++ Binary - No Need For Meterpreter Or Other Tools

• Rtl_433 - Program To Decode Radio Transmissions From Devices On The ISM Bands (And Other Frequencies)

• Rustcat - Netcat Alternative

• SALT - SLUB ALlocator Tracer For The Linux Kernel

• SCMKit - Source Code Management Attack Toolkit

• SCodeScanner - Stands For Source Code Scanner Where The User Can Scans The Source Code For Finding The Critical Vulnerabilities

• SDomDiscover - A Easy-To-Use Python Tool To Perform DNS Recon

• SEcraper - Search Engine Scraper Tool With BASH Script.

• SGN - Encoder Ported Into Go With Several Improvements

• SKA - Simple Karma Attack

• SMB-Session-Spoofing - Tool To Create A Fake SMB Session

• SMBSR - Lookup For Interesting Stuff In SMB Shares

• SMS-Stack - Framework to provided TPC/IP based characteristics to the GSM Short Message Service

• SMTPTester - Tool To Check Common Vulnerabilities In SMTP Servers

• SNIcat - Server Name Indication Concatenator

• SQLFluff - A SQL Linter And Auto-Formatter For Humans

• SSB - A Faster And Simpler Way To Bruteforce SSH Server

• SSHD-Poison - A Tool To Get Creds Of Pam Based SSHD Authentication

• SSHPry v2.0 - Spy and Control os SSH Connected client's TTY

• STEWS - A Security Tool For Enumerating WebSockets

• SWFPFinder - SWF Potential Parameters Finder

• SXDork - A Powerful Tool That Utilizes The Technique Of Google Dorking To Search For Specific Information On The Internet

• Safety - Check Your Installed Dependencies For Known Security Vulnerabilities

• Sak1To-Shell - Multi-threaded C2 Server And Reverse Shell Client Written In Pure C

• Santa - A Binary Whitelisting/Blacklisting System For macOS

• Saycheese - Grab Target'S Webcam Shots By Link

• Scan-For-Webcams - Scan For Webcams In The Internet

• Scanmycode-Ce - Code Scanning/SAST/Static Analysis/Linting Using Many tools/Scanners With One Report - Scanmycode Community Edition (CE)

• Scanner-Cli - A Project Security/Vulnerability/Risk Scanning Tool

• ScoringEngine - Scoring Engine For Red/White/Blue Team Competitions

• Scripthunter - Tool To Find JavaScript Files On Websites

• Scscanner - Tool To Read Website Status Code Response From The Lists

• Sealighter - Easy ETW Tracing for Security Research

• Searpy - Search Engine Tookit

• Seccomp Tools - Provide Powerful Tools For Seccomp Analysis

• Seccubus - Easy Automated Vulnerability Scanning, Reporting And Analysis

• SecretFinder - A Python Script For Find Sensitive Data (Apikeys, Accesstoken, JWT...) And Search Anything On Javascript Files

• SecurityNotFound - 404 Page Not Found Webshell

• SecurityRAT - Tool For Handling Security Requirements In Development

• Sh00T - A Testing Environment for Manual Security Testers

• Sharingan - Offensive Security Recon Tool

• SharpAppLocker - C# Port Of The Get-AppLockerPolicy PS Cmdlet

• SharpChromium - .NET 4.0 CLR Project To Retrieve Chromium Data, Such As Cookies, History And Saved Logins

• SharpCookieMonster - Extracts Cookies From Chrome

• SharpHook - Tool Tath Uses Various API Hooks In Order To Give Us The Desired Credentials

• SharpLAPS - Retrieve LAPS Password From LDAP

• SharpMapExec - A Sharpen Version Of CrackMapExec

• SharpRDP - Remote Desktop Protocol .NET Console Application For Authenticated Command Execution

• SharpSphere - .NET Project For Attacking vCenter

• SharpStat - C# Utility That Uses WMI To Run "cmd.exe /c netstat -n", Save The Output To A File, Then Use SMB To Read And Delete The File Remotely

• Shed - .NET Runtime Inspector

• Shell Backdoor List - PHP / ASP Shell Backdoor List

• ShellGen - Reverse shell generator

• ShellShockHunter - It's A Simple Tool For Test Vulnerability Shellshock

• Shellerator - Simple CLI Tool For The Generation Of Bind And Reverse Shells In Multiple Languages

• Shells - Little Script For Generating Revshells

• Shelly - Simple Backdoor Manager With Python (Based On Weevely)

• Shhgit - Find GitHub Secrets In Real Time

• Shisho - Lightweight Static Analyzer For Several Programming Languages

• Short story about Clubhouse user scraping and social graphs

• ShowStopper - Anti-Debug tricks exploration tool

• Shreder - A Powerful Multi-Threaded SSH Protocol Password Bruteforce Tool

• Sinter - A User-Mode Application Authorization System For MacOS Written In Swift

• Sitedorks - Search Google/Bing/DuckDuckGo/Yandex/Yahoo For A Search Term With Different Websites

• Slackor - A Golang Implant That Uses Slack As A Command And Control Server

• Slither v0.6.7 - Static Analyzer For Solidity

• Sliver - Implant Framework

• Smersh - A Pentest Oriented Collaborative Tool Used To Track The Progress Of Your Company'S Missions

• Sn1per v7.0 - Automated Pentest Framework For Offensive Security Experts

• Snaffler - A Tool For Pentesters To Help Find Delicious Candy

• SnitchDNS - Database Driven DNS Server With A Web UI

• Snuffleupagus - Security Module For Php7 And Php8 - Killing Bugclasses And Virtual-Patching The Rest!

• Snyk - CLI And Build-Time Tool To Find & Fix Known Vulnerabilities In Open-Source Dependencies

• Some-Tools - Install And Keep Up To Date Some Pentesting Tools

• SourceWolf - Amazingly Fast Response Crawler To Find Juicy Stuff In The Source Code!

• Spyeye - Script To Generate Win32 .Exe File To Take Screenshots

• Spyse.Py - Python API Wrapper And Command-Line Client For The Tools Hosted On Spyse.Com

• Spyse: All-In-One Cybersecurity Search Engine

• Ssh-Mitm - Ssh Mitm Server For Security Audits Supporting Public Key Authentication, Session Hijacking And File Manipulation

• Sshprank - A Fast SSH Mass-Scanner, Login Cracker And Banner Grabber Tool Using The Python-Masscan Module

• Sshtunnel - SSH Tunnels To Remote Server

• Sshuttle - Transparent Proxy Server That Works As A Poor Man'S VPN. Forwards Over SSH

• Stacs - Static Token And Credential Scanner

• Steganographer - Hide Files Or Data In Image Files

• Stegbrute - Fast Steganography Bruteforce Tool Written In Rust Useful For CTF's

• Stegseek - Worlds Fastest Steghide Cracker, Chewing Through Millions Of Passwords Per Second

• Stowaway - Multi-hop Proxy Tool For Pentesters

• Strelka - Scanning Files At Scale With Python And ZeroMQ

• Stretcher - Tool Designed To Help Identify Open Elasticsearch Servers That Are Exposing Sensitive Information

• Striker - A Command And Control (C2)

• Sub3Suite - A Free, Open Source, Cross Platform Intelligence Gathering Tool

• SubCrawl - A Modular Framework For Discovering Open Directories, Identifying Unique Content Through Signatures And Organizing The Data With Optional Output Modules, Such As MISP

• Swego - Swiss Army Knife Webserver In Golang

• SysAnalyzer - Automated Malcode Analysis System

• System Informer - A Free, Powerful, Multi-Purpose Tool That Helps You Monitor System Resources, Debug Software And Detect Malware

• T14M4T - Automated Brute-Forcing Attack Tool

• TAS - A Tiny Framework For Easily Manipulate The Tty And Create Fake Binaries

• TEA - Ssh-Client Worm

• TREVORspray - A Featureful Round-Robin SOCKS Proxy And Python O365 Sprayer Based On MSOLSpray Which Uses The Microsoft Graph API

• Tangalanga - The Zoom Conference Scanner Hacking Tool

• Taowu - A CobaltStrike Toolkit

• TeamFiltration - Cross-Platform Framework For Enumerating, Spraying, Exfiltrating, And Backdooring O365 AAD Accounts

• TeleGram-Scraper - Telegram Group Scraper Tool (Fetch All Information About Group Members)

• Telegram C# C2 - A Command and Control Tool for Telegram Bot Communication

• Terminus - A Terminal For A More Modern Age

• Terraguard - Create And Destroy Your Own VPN Service Using WireGuard

• The-Bastion - Authentication, Authorization, Traceability And Auditability For SSH Accesses

• TheCl0n3r - Tool To Download And Manage Your Git Repositories

• ThreadBoat - Program Uses Thread Execution Hijacking To Inject Native Shell-code Into A Standard Win32 Application

• Threagile - Agile Threat Modeling Toolkit

• ThreatBox - A Standard And Controlled Linux Based Attack Platform

• Threatspec - Continuous Threat Modeling, Through Code

• Timewarrior - Commandline Time Reporting

• Tinfoil Chat - Onion-routed, Endpoint Secure Messaging System

• TinkererShell - A Simple Python Reverse Shell Written Just For Fun

• ToRat - A Remote Administation Tool Written In Go Using Tor As A Transport Mechanism And RPC For Communication

• Token-Reverser - Word List Generator To Crack Security Tokens

• Tool-X - A Kali Linux Hacking Tool Installer

• Top 20 Most Popular Hacking Tools in 2019

• Top 20 Most Popular Hacking Tools in 2020

• Top 20 Most Popular Hacking Tools in 2021

• Top 20 Most Popular Hacking Tools in 2022

• Tor Browser v9.0 - Everything you Need to Safely Browse the Internet

• Totp-Ssh-Fluxer - Take Security By Obscurity To The Next Level (This Is A Bad Idea, Don'T Really Use This Please)

• Tourmaline - Telegram Bot Framework For Crystal

• TrelloC2 - Simple C2 Over The Trello API

• TrojanSourceFinder - Help Find Trojan Source Vulnerability In Code

• Trufflehog - Find Credentials All Over The Place

• Tscopy - Tool to parse the NTFS $MFT file to locate and copy specific files

• Ttyd - Share Your Terminal Over The Web

• Tuf - A Framework For Securing Software Update Systems

• Tyton - Linux Kernel-Mode Rootkit Hunter for 4.4.0-31+

• UDdup - Urls De-Duplication Tool For Better Recon

• Uncle Spufus - A Tool That Automates Mac Address Spoofing

• Uncover - Quickly Discover Exposed Hosts On The Internet Using Multiple Search Engine

• Up (Ultimate Plumber) - Tool For Writing Linux Pipes With Instant Live Preview

• Urlhunter - A Recon Tool That Allows Searching On URLs That Are Exposed Via Shortener Services

• Uroboros - A GNU/Linux Monitoring And Profiling Tool Focused On Single Processes

• Usbsas - Tool And Framework For Securely Reading Untrusted USB Mass Storage Devices

• VAST - Visibility Across Space And Time

• VBSmin - VBScript Minifier

• VLANPWN - VLAN Attacks Toolkit

• VMPDump - A Dynamic VMP Dumper And Import Fixer

• Vaas - Verdict-as-a-Service SDKs: Analyze Files For Malicious Content

• Viper - Intranet Pentesting Tool With Webui

• VulnX - CMS And Vulnerabilites Detector And An Intelligent Auto Shell Injector

• VulnX v1.7 - An Intelligent Bot Auto Shell Injector That Detect Vulnerabilities In Multiple Types Of CMS

• Vxscan - Comprehensive Scanning Tool

• WARCannon - High Speed/Low Cost CommonCrawl RegExp In Node.js

• WWWGrep - OWASP Foundation Web Respository

• Wa-Tunnel - Tunneling Internet Traffic Over Whatsapp

• Web-Brutator - Modular Web Interfaces Bruteforcer

• WebView2-Cookie-Stealer - Attacking With WebView2 Applications

• Webtech - Identify Technologies Used On Websites

• Whatfiles - Log What Files Are Accessed By Any Linux Process

• Whispers - Identify Hardcoded Secrets In Static Structured Text

• WhiteBeam - Transparent Endpoint Security

• Whonix v15 - Anonymous Operating System

• WinPmem - The Multi-Platform Memory Acquisition Tool

• Wonitor - Fast, Zero Config Web Endpoint Change Monitor

• Words Scraper - Selenium Based Web Scraper To Generate Passwords List

• Wotop - Web On Top Of Any Protocol

• Wp_Hunter - Static Analysis Of Wordpress Plugins

• Wpbullet - A Static Code Analysis For WordPress (And PHP)

• Wprecon - A Vulnerability Recognition Tool In CMS Wordpress, 100% Developed In Go

• Writehat - A Pentest Reporting Tool Written In Python

• Wrongsecrets - Examples With How To Not Use Secrets

• XLMMacroDeobfuscator - Extract And Deobfuscate XLM Macros (A.K.A Excel 4.0 Macros)

• Xepor - Web Routing Framework For Reverse Engineers And Security Researchers, Brings The Best Of Mitmproxy And Flask

• Xerror - Fully Automated Pentesting Tool

• Xerxes - DoS Tool Enhanced

• Xolo - Tool To Crawl, Visualize And Interact With SQL Server Links In A D3 Graph

• XposedOrNot - Tool To Search An Aggregated Repository Of Xposed Passwords Comprising Of ~850 Million Real Time Passwords

• Zap-Hud - The OWASP ZAP Heads Up Display (HUD)

• Zap-Scripts - Zed Attack Proxy Scripts For Finding CVEs And Secrets

• Zelos - A Comprehensive Binary Emulation Platform

• Zi - A Swiss Army Knife for Zsh - Unix Shell

• ZipExec - A Unique Technique To Execute Binaries From A Password Protected Zip

• Zkar - A Java Serialization Protocol Analysis Tool Implement In Go

• Zphisher-GUI-Back_office - A Zphisher GUI Back-Office Plugin

• Zracker - Zip File Password BruteForcing Utility Tool based on CPU-Power

• aDLL - Adventure of Dinamic Link Library

• box.js - A Tool For Studying JavaScript Malware

• bypass-firewalls-by-DNS-history - Firewall Bypass Script Based On DNS History Records

• crAPI - Completely Ridiculous API

• dnsFookup - DNS Rebinding Toolkit

• dorkX - Pipe Different Tools With Google Dork Scanner

• ezEmu - Simple Execution Of Commands For Defensive Tuning/Research

• fileGPS - A Tool That Help You To Guess How Your Shell Was Renamed After The Server-Side Script Of The File Uploader Saved It

• fireELF - Fileless Linux Malware Framework

• get_Team_Pass - Get Teamviewer's ID And Password From A Remote Computer In The LAN

• githubFind3r - Fast Command Line Repo/User/Commit Search Tool

• goBox - GO Sandbox To Run Untrusted Code

• hardCIDR - Linux Bash Script To Discover The Netblocks, Or Ranges, Owned By The Target Organization

• hardCIDR - Linux Bash Script To Discover The Netblocks, Or Ranges, Owned By The Target Organization

• huskyCI - Performing Security Tests Inside Your CI

• jwtXploiter - A Tool To Test Security Of Json Web Token

• mXtract - Memory Extractor & Analyzer

• mXtract v1.2 - Memory Extractor & Analyzer

• mapCIDR - Small Utility Program To Perform Multiple Operations For A Given subnet/CIDR Ranges

• mongoBuster - Hunt Open MongoDB Instances

• mpDNS - Multi-Purpose DNS Server

• phpMussel - PHP-based Anti-Virus Anti-Trojan Anti-Malware Solution

• pongoOS - A Pre-Boot Execution Environment For Apple Boards

• pyFlipper - Unoffical Flipper Zero Cli Wrapper Written In Python

• rebindMultiA - Tool To Perform a Multiple A Record Rebind Attack

• rebindMultiA - Tool To Perform a Multiple A Record Rebind Attack

• rootOS - macOS Root Helper

• secureCodeBox (SCB) - Continuous Secure Delivery Out Of The Box

• slopShell - The Only Php Webshell You Need

• targetedKerberoast - Kerberoast With ACL Abuse Capabilities

• tsharkVM - Tshark + ELK Analytics Virtual Machine

• uDork - Google Hacking Tool

• xnLinkFinder - A Python Tool Used To Discover Endpoints (And Potential Parameters) For A Given Target

• NullSec Linux - Security-focused distribution with 135+ pentesting tools, cloud/IoT/automotive/forensics editions.