Skip to content

Latest commit

 

History

History
350 lines (305 loc) · 30.7 KB

README.md

File metadata and controls

350 lines (305 loc) · 30.7 KB

🛠️ Hacking-Tools

A curated list of 🕵️‍♂️ penetration testing and ethical hacking tools, organized by category. This collection includes 🐉 Kali Linux tools and other notable utilities.

📜 Table of Contents

🔍 Information Gathering

  • 🛜 Nmap – Network scanning and mapping tool.
  • 📶 Kismet – Wireless network detector, sniffer, and intrusion detection.
  • 🕵️ Maltego – OSINT and data mining tool for information analysis.
  • 📨 theHarvester – Tool to gather emails, subdomains, hosts, and more.
  • 🔗 Recon-ng – Full-featured web reconnaissance framework.
  • 🕵️‍♂️ SpiderFoot – Automate OSINT collection from multiple sources.
  • 🔍 Amass – Network mapping and external asset discovery tool.
  • 🗂️ Sublist3r – Subdomain enumeration using search engines.
  • 🧑‍💻 Assetfinder – Subdomain discovery using various sources.
  • 🌍 crt.sh – SSL certificate transparency log search engine.
  • 🧪 Dnsrecon – Perform DNS enumeration and zone transfers.
  • 📜 Fierce – DNS reconnaissance and attack tool.
  • 📄 WHOIS – Domain registration and ownership lookup.
  • 📬 EmailHarvester – Email enumeration and gathering.
  • 🕸️ Shodan – Search engine for internet-connected devices.
  • 🔥 Censys – Search engine for hosts and networks on the internet.
  • 🌐 OSINT Framework – Collection of OSINT tools and resources.
  • 🧑‍💻 FOCA – Metadata extraction and document analysis.
  • 🛡️ Netcraft – Website profiling and phishing detection.
  • 🏛️ BuiltWith – Website technology lookup and analysis.

🔎 Vulnerability Analysis

  • 🧪 OpenVAS – Open-source vulnerability scanner.
  • 🛡️ Nessus – Commercial vulnerability assessment tool.
  • 🕵️‍♂️ Nikto – Web server scanner for detecting vulnerabilities.
  • 🐺 Wapiti – Web application security scanner.
  • 🧑‍💻 Vega – GUI-based web vulnerability scanner.
  • 🕷️ Arachni – Feature-rich web application security scanner.
  • 🐍 SQLmap – Automated SQL injection detection and exploitation tool.
  • 🕸️ OWASP ZAP – Open-source web application security scanner.
  • 🛜 Nmap Vulners – Nmap NSE script for CVE detection.
  • 🔎 Retire.js – JavaScript library vulnerability scanner.
  • ⚙️ Dependency-Check – Vulnerability analysis for project dependencies.
  • 🧑‍💻 Bandit – Security linter for Python code.
  • 🐞 Vuls – Agentless vulnerability scanner for Linux/FreeBSD servers.
  • 📦 Trivy – Vulnerability scanner for containers and dependencies.
  • 🧑‍💻 Grype – Vulnerability scanner for container images and filesystems.
  • 🧑‍💻 Safety – Python dependency security scanner.
  • 📄 Lychee – Broken link checker with vulnerability detection potential.
  • 📜 GitLeaks – Detect hardcoded secrets and sensitive data.
  • 🧑‍💻 ScoutSuite – Multi-cloud security auditing tool.
  • 🧑‍💻 CloudSploit – AWS security auditing tool.

💥 Exploitation Tools

  • 🎯 Metasploit Framework – Powerful exploit development and penetration testing framework.
  • 🚀 Armitage – GUI front-end for Metasploit to visualize attacks.
  • 🌐 BeEF (Browser Exploitation Framework) – Exploits browser vulnerabilities for client-side attacks.
  • 💻 ExploitDB – Archive of public exploits and proof-of-concept code.
  • 📜 SearchSploit – Offline version of ExploitDB for quick exploit searching.
  • 🐍 sqlmap – Automated SQL injection exploitation tool.
  • 📤 Commix – Automated command injection vulnerability scanner.
  • 🖥️ RouterSploit – Exploits vulnerabilities in routers, IoT, and embedded devices.
  • 📲 SET (Social Engineering Toolkit) – Human hacking via phishing, payloads, and more.
  • 🕵️‍♂️ Empire – Post-exploitation framework for PowerShell agents.
  • 🧑‍💻 Pupy – Cross-platform post-exploitation remote access tool (RAT).
  • 🧨 Sliver – C2 framework for adversary simulation and red teaming.
  • 🐚 Shellter – Dynamic shellcode injector for Windows executables.
  • 🐦 Merlin – Post-exploitation command & control server using HTTP/2.
  • 🧙‍♂️ Covenant – C#-based post-exploitation platform.
  • 🔒 PowerSploit – PowerShell scripts for post-exploitation.
  • 🔎 Windows Exploit Suggester – Suggests exploits based on Windows OS versions.
  • 📦 PayloadsAllTheThings – Collection of payloads for exploits, fuzzing, and pentesting.
  • 🧑‍💻 Fuzzbunch – NSA’s exploit framework (part of the Shadow Brokers leak).
  • 🛠️ CrackMapExec – Swiss army knife for post-exploitation in Windows environments.

📡 Wireless Attacks

  • 📡 Aircrack-ng – WiFi cracking suite
  • 🛠️ Reaver – WPS attack tool
  • 🧑‍💻 Fern WiFi Cracker – Wireless network auditing tool
  • 🔓 Wifite – Automated wireless attack tool
  • 🛡️ Kismet – Wireless network detector & sniffer
  • 🌐 MDK3 – Wireless network attack tool
  • 🎯 PixieWPS – WPS offline attack tool
  • 🧠 WPA2 Wordlist Generator – Generate custom WPA2 wordlists
  • 🕵️‍♂️ Bully – WPS attack tool for brute-forcing
  • 🔄 Evil Twin – Create fake AP for capturing handshakes
  • 🚀 WiFi-Pumpkin – Man-in-the-middle framework for Wi-Fi networks
  • 🧩 Airgeddon – Multi-use bash script for wireless auditing
  • 🧑‍💻 Ghost Phisher – Wireless network attack tool for phishing
  • 🧑‍🔧 NoCatSplash – Captive portal for Wi-Fi networks
  • 🦠 Wifiphisher – Phishing tool for Wi-Fi networks
  • 📡 WLANPi – Wireless attack platform for pen-testers
  • 🛠️ Cowpatty – Tool for offline WPA2 cracking
  • 🌐 Scapy – Python tool for packet manipulation and analysis
  • 📶 NetStumbler – Wi-Fi scanner for Windows
  • 🔒 Wi-Fi Pineapple – Wireless attack platform by Hak5

🧑‍💻 Forensics Tools

  • 🧑‍💻 Autopsy – Digital forensics platform for analyzing hard drives and smartphones.
  • 🧠 Volatility – Memory forensics framework for analyzing RAM dumps.
  • 🗂️ Binwalk – Firmware analysis tool for extracting embedded files.
  • 🔍 Sleuth Kit (TSK) – Command-line tools for disk image investigation.
  • 🧑‍💻 ExifTool – Metadata extractor for images, videos, and documents.
  • 🗃️ TestDisk – Disk recovery tool to restore lost partitions.
  • 🔄 PhotoRec – File recovery software for deleted files from disks.
  • 🧑‍💻 Foremost – File carving tool for data recovery based on headers.
  • 🔑 Hashdeep – File hashing tool with recursive hashing & audit mode.
  • 🧑‍💻 Bulk Extractor – Extracts email, URLs, and other artifacts from raw data.
  • 🗄️ Digital Forensics Framework (DFF) – Open-source platform for digital forensics.
  • 🧑‍💻 Xplico – Network forensics tool to reconstruct network sessions.
  • 🧑‍💻 NetworkMiner – Passive network packet analyzer for network forensics.
  • 🧑‍💻 Pdf-parser – Analyze and extract content from PDF files.
  • 🧑‍💻 RegRipper – Windows registry analysis tool.
  • 🧑‍💻 PEView – Portable executable (PE) file viewer for malware analysis.
  • 🧑‍💻 YARA – Malware pattern-matching tool used by researchers.
  • 🧑‍💻 HxD – Hex editor for raw disk editing and analysis.
  • 🧑‍💻 FTK Imager – Disk imaging and evidence preview tool.
  • 🧑‍💻 Capstone – Disassembly framework for binary analysis.

⏳ Stress Testing

  • 🐌 Slowloris – HTTP DoS tool for keeping many connections open
  • 🛰️ LOIC – Low Orbit Ion Cannon for stress testing
  • 🐻 HULK – HTTP flood tool that makes use of varied requests
  • 🦸 GoldenEye – Python-based HTTP denial-of-service tool
  • 💨 Tsunami – Network stress testing and security evaluation
  • 🛑 R-U-Dead-Yet – Simple DoS testing tool
  • 🧯 DDoS-Sim – DDoS simulation tool
  • 💥 Xerxes – Powerful DDoS attack tool for testing purposes
  • 🎯 Web-Hulk – Web server stress testing tool
  • 🚀 Synful – SYN flood tool for stress testing
  • 💣 LOIC-PowerShell – PowerShell-based LOIC for DDoS testing
  • 🌐 T50 – A powerful stress testing tool that simulates multiple attack vectors
  • 🌪️ RIP-Lite – Lightweight stress testing tool for HTTP and SOCKS
  • 🐉 Stress-ng – A tool that can stress test the CPU, RAM, I/O, and more
  • 🛠️ XDT – DDoS testing tool with multi-protocol support
  • 🥂 Botnet – DDoS botnet attack simulation tool
  • 🔨 DDOS-Exploit – Exploit kit for DDoS stress testing
  • 🛡️ Fudp – A multi-threaded UDP flooder for stress testing
  • BlackHAT – A stress testing framework for web applications

🕵️‍♀️ Sniffing & Spoofing

  • 🌐 Wireshark – Network protocol analyzer
  • 🕵️‍♂️ Ettercap – Man-in-the-middle attack tool
  • BetterCAP – Flexible network attack & monitoring tool
  • 📡 Tcpdump – Command-line packet analyzer
  • 🌍 Nessus – Vulnerability scanner with sniffing capabilities
  • 🐍 Scapy – Python-based interactive packet manipulation program
  • 🌐 MITMf – Man-in-the-middle framework for network attacks
  • 🦊 Fakenet-NG – Fake network traffic generation tool
  • 🐾 Dsniff – Collection of network monitoring tools for penetration testers
  • 🎯 Responder – LLMNR, NBT-NS, and MDNS poisoner for internal network attacks
  • 💻 Ettercap-NG – Enhanced version of Ettercap with additional features
  • 🧑‍💻 Arp-Spoof – Tool to intercept network traffic by sending ARP packets
  • 🌐 WiFi-Pumpkin – WiFi spoofing tool
  • 🎣 Aircrack-ng – Suite for wireless network auditing and cracking WEP/WPA keys
  • 🧩 Xplico – Network forensics tool that extracts applications' data from pcap files
  • 📊 Pry-Fi – A tool to find and exploit vulnerabilities in wireless networks
  • 🕵️‍♀️ Kismet – Wireless network detector, sniffer, and intrusion detection system
  • 🐍 Burp Suite – Web vulnerability scanner and network attack tool with advanced interception features
  • 💻 Snoopy – Sniffing & spoofing tool focused on DNS & HTTP traffic
  • 📡 Snort – Open-source network intrusion detection & prevention system

🔐 Password Attacks

  • 🔥 John the Ripper – Password cracking tool for various password hashes.
  • 🧑‍💻 Hydra – Brute-force tool that supports a wide range of protocols.
  • Hashcat – Advanced password recovery using GPUs.
  • 🐍 Medusa – A speedy, parallelized login brute-forcer.
  • 🌐 Aircrack-ng – WiFi password cracking suite.
  • 🔐 Wifite – Wireless network attack tool focused on WPA/WPA2.
  • 🧠 THC-Hydra – A very fast network login cracker.
  • 🎯 Hash-Toolkit – A tool for password hash cracking.
  • 🛠️ Brutus – An old but reliable password cracker for HTTP, FTP, and more.
  • 🔑 Burp Suite – A popular web vulnerability scanner with password attack features.
  • 🧑‍💻 Ophcrack – A Windows password cracker using rainbow tables.
  • 💻 Cain & Abel – A versatile tool for cracking various password hashes, sniffing networks, and decoding passwords.
  • 🔐 L0phtCrack – Windows password auditing and recovery tool.
  • 🧩 CrackStation – A free online service for cracking password hashes using dictionary attacks.
  • 🔓 RainbowCrack – A tool that utilizes rainbow tables to crack passwords.
  • 🧑‍💻 Medusa – Parallelized login brute-forcer for multiple protocols.
  • 🔥 Patator – A multi-purpose brute-forcing tool that supports numerous protocols.
  • 🛡️ RSMangler – A hash bruteforce tool for creating password dictionaries.
  • 🧑‍💻 CrackMapExec – A post-exploitation tool for automating credential validation.
  • 🕵️‍♀️ SudoKiller – A tool for privilege escalation that can be used for password cracking in Unix-based systems.

🌐 Web Application Analysis

  • 🧑‍💻 Burp Suite – Web security testing toolkit.
  • 🕵️ OWASP ZAP – Open-source web application scanner.
  • 🐍 SQLmap – Automated SQL injection tool.
  • 📜 Wappalyzer – Identify technologies on websites.
  • 🧑‍💻 Dirb – Web content scanner.
  • 📂 Gobuster – Directory and DNS brute-forcing.
  • 🔍 Nikto – Web server vulnerability scanner.
  • 🧑‍💻 Sublist3r – Subdomain enumeration.
  • 🕵️ Amass – Network mapping and subdomain enumeration.
  • 📝 Httpx – Fast HTTP probing.
  • 🌐 FFUF – Fast web fuzzer.
  • 🧑‍💻 WhatWeb – Identify web technologies.
  • 🛠️ Nuclei – Vulnerability scanning and templating.
  • 🧑‍💻 XSStrike – XSS detection and exploitation.
  • 🐞 Commix – Automated command injection.
  • 🔥 WPScan – WordPress security scanner.
  • 🛡️ Cmsmap – CMS detection and exploitation.
  • 🔍 Arachni – Advanced web vulnerability scanner.
  • 🕵️ Waybackurls – Fetch URLs from Wayback Machine.
  • 🧑‍💻 Unfurl – Extract URLs and data from URLs.

🧑‍💻 Reverse Engineering

  • 🧠 Ghidra – Open-source software reverse engineering framework.
  • 🔎 Radare2 – Command-line reverse engineering toolkit.
  • 🛠️ OllyDbg – 32-bit assembler-level debugger for Windows.
  • 🧑‍💻 IDA Pro – Industry-standard interactive disassembler.
  • 🐍 Binary Ninja – Interactive binary analysis platform.
  • 🛡️ x64dbg – Open-source Windows debugger for x64 and x86.
  • 🧬 Cutter – GUI for Radare2 with advanced analysis features.
  • 📝 Hopper – Mac & Linux disassembler with powerful analysis.
  • 🧑‍💻 dnSpy – .NET debugger and assembly editor.
  • 🔄 RetDec – Open-source decompiler for machine code.
  • ⚙️ angr – Python framework for binary analysis.
  • 🧑‍💻 Frida – Dynamic instrumentation toolkit.
  • 🔗 Binary Analysis Toolkit (BAT) – Malware analysis and binary inspection.
  • 🐛 Rizin – Fork of Radare2 with a focus on usability.
  • 🗂️ PEiD – Detect packers, cryptors, and compilers.
  • 🧑‍💻 DiE (Detect It Easy) – Portable executable identifier.
  • 📊 LIEF – Library for parsing and modifying executables.
  • 🔍 Snowman – Native code to C++ decompiler.
  • 🧑‍💻 APKTool – Decompile and rebuild Android APKs.
  • 🔓 JEB Decompiler – Commercial decompiler for Android and other platforms.

📝 Reporting Tools

  • 📄 Dradis – Collaboration and reporting platform for pentesters.
  • 🧑‍💻 Faraday – Multi-user penetration testing IDE.
  • 🌳 MagicTree – Pentesting productivity tool for data aggregation and reporting.
  • 📊 Serpico – Simplifying pentest reporting using templates.
  • 📝 LaTeX – High-quality typesetting system often used for security reports.
  • 📑 reNgine – Automated reconnaissance framework with reporting.
  • 🧑‍💻 ReconNote – Web-based notes manager for recon and reporting.
  • 📝 Pentracker – Pentest reporting and management tool.
  • 📄 Markdown – Lightweight markup language for clean report writing.
  • 📄 Ghostwriter – Reporting and engagement management platform.
  • 📊 VulnReport – Automated vulnerability reporting platform.
  • 📋 Katana Framework – Post-exploitation and reporting utility.
  • 📑 Pentest-Report-Template – Professional pentest report LaTeX template.
  • 📄 ProofSuite – Automated proof of concept and reporting tool.
  • 🧑‍💻 VulnWhisperer – Vulnerability management reporting with Nessus, Qualys, and OpenVAS.
  • 📜 RiskSense – Risk-based vulnerability management and reporting.
  • 📝 Pentestly – Powershell-based post-exploitation and reporting.
  • 📄 SecReport – Report generation tool for pentesters.
  • 📋 PwnDoc – Pentest reporting tool with customizable templates.
  • 🧑‍💻 PenTest-Wiki – Knowledge base for pentesting & reporting references.

🎭 Social Engineering Tools

  • 🧑‍💻 SET (Social-Engineer Toolkit) – Advanced framework for social engineering attacks.
  • 📧 King Phisher – Phishing campaign toolkit for testing and training.
  • 🎣 Phishing Frenzy – Phishing campaign automation platform.
  • 🪤 Gophish – Open-source phishing toolkit for awareness and testing.
  • 📩 Evilginx2 – Phishing toolkit using reverse proxy for capturing credentials & tokens.
  • 🕵️‍♀️ HiddenEye – Modern phishing tool with advanced social engineering features.
  • 🔥 BlackEye – Phishing tool with site cloning capabilities.
  • 🛜 Zphisher – Advanced phishing tool with tunneling support.
  • 📡 SocialFish – Social engineering phishing framework.
  • 🧑‍💻 HiddenEye Reborn – Improved version of HiddenEye for phishing & spoofing.
  • 🧑‍💻 EvilPhish – Social engineering tool for phishing websites.
  • 📬 ShellPhish – Automated phishing tool supporting multiple templates.
  • 🧑‍💻 CamPhish – Webcam phishing attack tool.
  • 🕵️ Weeman – HTTP server-based phishing framework.
  • 📲 QRGen – QR code phishing generator.
  • 🕵️ PyPhisher – Python-based phishing toolkit with multiple site templates.
  • 🕸️ AdvPhishing – Advanced phishing tool with login page cloning.
  • 🎯 SocialBox – Brute-force social media hacking toolkit.
  • 🧑‍💻 XPhisher – Advanced phishing tool with inbuilt tunneling.
  • 🌐 CredSniper – Phishing framework with two-factor authentication bypass support.

🧩 Miscellaneous

  • 🐉 Kali Linux – Advanced penetration testing and security auditing OS.
  • 🦜 Parrot Security OS – Security-focused OS for pentesting and privacy.
  • 🧑‍💻 BackBox – Ubuntu-based Linux distro for penetration testing.
  • 🕵️ BlackArch Linux – Arch-based OS with 2800+ hacking tools.
  • 🔎 Pentoo – Security-focused Gentoo-based Linux.
  • 🧑‍💻 Tails – Privacy and anonymity-focused live OS.
  • 🧪 CAINE – Digital forensics live Linux distro.
  • 🧑‍💻 Bugtraq – Linux distro for pentesting & malware analysis.
  • 🔒 Whonix – Anonymous OS based on Tor.
  • 🧠 DEFT Linux – Digital evidence & forensics toolkit.
  • 🌐 Subgraph OS – Secure Linux distro with hardened kernel.
  • 🧑‍💻 ArchStrike – Arch Linux repository for security tools.
  • 🧑‍💻 Fedora Security Lab – Fedora spin for security auditing.
  • 🧑‍💻 SamuraiWTF – Web application penetration testing environment.
  • 🔎 Cyborg Hawk – Security distro for penetration testing.
  • 🧑‍💻 Matriux Krypton – Debian-based security distribution.
  • 🔥 NodeZero – Ubuntu-based penetration testing OS.
  • 🧑‍💻 GnackTrack – Linux live distribution for penetration testing.
  • 🛡️ SELKS – Suricata-based IDS/IPS platform.
  • 🕵️‍♂️ PentestBox – Penetration testing toolkit for Windows.

🌟 Let's Connect!

Hello, Hacker! 👋 We'd love to stay connected with you. Reach out to us on any of these platforms and let's build something amazing together:

🌐 Website: https://yogsec.github.io/yogsec/
📜 Linktree: https://linktr.ee/yogsec
🔗 GitHub: https://github.com/yogsec
💼 LinkedIn (Company): https://www.linkedin.com/company/yogsec/
📷 Instagram: https://www.instagram.com/yogsec.io/
🐦 Twitter (X): https://x.com/yogsec
👨‍💼 Personal LinkedIn: https://www.linkedin.com/in/cybersecurity-pentester/
📧 Email: [email protected]

☕ Buy Me a Coffee

If you find our work helpful and would like to support us, consider buying us a coffee. Your support keeps us motivated and helps us create more awesome content. ❤️

Support Us Here: https://buymeacoffee.com/yogsec

Thank you for your support! 🚀