Skip to content
/ Hacking-Tools Public
forked from yogsec/Hacking-Tools

A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.

linktr.ee/yogsec

License

MIT license
0 stars 72 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

justdsn/Hacking-Tools

BranchesTags
Β 
Β 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

13 Commits
.github
.github
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 

Repository files navigation

πŸ› οΈ Hacking-Tools

A curated list of πŸ•΅οΈβ€β™‚οΈ penetration testing and ethical hacking tools, organized by category. This collection includes πŸ‰ Kali Linux tools and other notable utilities.

πŸ“œ Table of Contents

πŸ” Information Gathering

  • πŸ›œ Nmap – Network scanning and mapping tool.
  • πŸ“Ά Kismet – Wireless network detector, sniffer, and intrusion detection.
  • πŸ•΅οΈ Maltego – OSINT and data mining tool for information analysis.
  • πŸ“¨ theHarvester – Tool to gather emails, subdomains, hosts, and more.
  • πŸ”— Recon-ng – Full-featured web reconnaissance framework.
  • πŸ•΅οΈβ€β™‚οΈ SpiderFoot – Automate OSINT collection from multiple sources.
  • πŸ” Amass – Network mapping and external asset discovery tool.
  • πŸ—‚οΈ Sublist3r – Subdomain enumeration using search engines.
  • πŸ§‘β€πŸ’» Assetfinder – Subdomain discovery using various sources.
  • 🌍 crt.sh – SSL certificate transparency log search engine.
  • πŸ§ͺ Dnsrecon – Perform DNS enumeration and zone transfers.
  • πŸ“œ Fierce – DNS reconnaissance and attack tool.
  • πŸ“„ WHOIS – Domain registration and ownership lookup.
  • πŸ“¬ EmailHarvester – Email enumeration and gathering.
  • πŸ•ΈοΈ Shodan – Search engine for internet-connected devices.
  • πŸ”₯ Censys – Search engine for hosts and networks on the internet.
  • 🌐 OSINT Framework – Collection of OSINT tools and resources.
  • πŸ§‘β€πŸ’» FOCA – Metadata extraction and document analysis.
  • πŸ›‘οΈ Netcraft – Website profiling and phishing detection.
  • πŸ›οΈ BuiltWith – Website technology lookup and analysis.

πŸ”Ž Vulnerability Analysis

  • πŸ§ͺ OpenVAS – Open-source vulnerability scanner.
  • πŸ›‘οΈ Nessus – Commercial vulnerability assessment tool.
  • πŸ•΅οΈβ€β™‚οΈ Nikto – Web server scanner for detecting vulnerabilities.
  • 🐺 Wapiti – Web application security scanner.
  • πŸ§‘β€πŸ’» Vega – GUI-based web vulnerability scanner.
  • πŸ•·οΈ Arachni – Feature-rich web application security scanner.
  • 🐍 SQLmap – Automated SQL injection detection and exploitation tool.
  • πŸ•ΈοΈ OWASP ZAP – Open-source web application security scanner.
  • πŸ›œ Nmap Vulners – Nmap NSE script for CVE detection.
  • πŸ”Ž Retire.js – JavaScript library vulnerability scanner.
  • βš™οΈ Dependency-Check – Vulnerability analysis for project dependencies.
  • πŸ§‘β€πŸ’» Bandit – Security linter for Python code.
  • 🐞 Vuls – Agentless vulnerability scanner for Linux/FreeBSD servers.
  • πŸ“¦ Trivy – Vulnerability scanner for containers and dependencies.
  • πŸ§‘β€πŸ’» Grype – Vulnerability scanner for container images and filesystems.
  • πŸ§‘β€πŸ’» Safety – Python dependency security scanner.
  • πŸ“„ Lychee – Broken link checker with vulnerability detection potential.
  • πŸ“œ GitLeaks – Detect hardcoded secrets and sensitive data.
  • πŸ§‘β€πŸ’» ScoutSuite – Multi-cloud security auditing tool.
  • πŸ§‘β€πŸ’» CloudSploit – AWS security auditing tool.

πŸ’₯ Exploitation Tools

  • 🎯 Metasploit Framework – Powerful exploit development and penetration testing framework.
  • πŸš€ Armitage – GUI front-end for Metasploit to visualize attacks.
  • 🌐 BeEF (Browser Exploitation Framework) – Exploits browser vulnerabilities for client-side attacks.
  • πŸ’» ExploitDB – Archive of public exploits and proof-of-concept code.
  • πŸ“œ SearchSploit – Offline version of ExploitDB for quick exploit searching.
  • 🐍 sqlmap – Automated SQL injection exploitation tool.
  • πŸ“€ Commix – Automated command injection vulnerability scanner.
  • πŸ–₯️ RouterSploit – Exploits vulnerabilities in routers, IoT, and embedded devices.
  • πŸ“² SET (Social Engineering Toolkit) – Human hacking via phishing, payloads, and more.
  • πŸ•΅οΈβ€β™‚οΈ Empire – Post-exploitation framework for PowerShell agents.
  • πŸ§‘β€πŸ’» Pupy – Cross-platform post-exploitation remote access tool (RAT).
  • 🧨 Sliver – C2 framework for adversary simulation and red teaming.
  • 🐚 Shellter – Dynamic shellcode injector for Windows executables.
  • 🐦 Merlin – Post-exploitation command & control server using HTTP/2.
  • πŸ§™β€β™‚οΈ Covenant – C#-based post-exploitation platform.
  • πŸ”’ PowerSploit – PowerShell scripts for post-exploitation.
  • πŸ”Ž Windows Exploit Suggester – Suggests exploits based on Windows OS versions.
  • πŸ“¦ PayloadsAllTheThings – Collection of payloads for exploits, fuzzing, and pentesting.
  • πŸ§‘β€πŸ’» Fuzzbunch – NSA’s exploit framework (part of the Shadow Brokers leak).
  • πŸ› οΈ CrackMapExec – Swiss army knife for post-exploitation in Windows environments.

πŸ“‘ Wireless Attacks

  • πŸ“‘ Aircrack-ng – WiFi cracking suite
  • πŸ› οΈ Reaver – WPS attack tool
  • πŸ§‘β€πŸ’» Fern WiFi Cracker – Wireless network auditing tool
  • πŸ”“ Wifite – Automated wireless attack tool
  • πŸ›‘οΈ Kismet – Wireless network detector & sniffer
  • 🌐 MDK3 – Wireless network attack tool
  • 🎯 PixieWPS – WPS offline attack tool
  • 🧠 WPA2 Wordlist Generator – Generate custom WPA2 wordlists
  • πŸ•΅οΈβ€β™‚οΈ Bully – WPS attack tool for brute-forcing
  • πŸ”„ Evil Twin – Create fake AP for capturing handshakes
  • πŸš€ WiFi-Pumpkin – Man-in-the-middle framework for Wi-Fi networks
  • 🧩 Airgeddon – Multi-use bash script for wireless auditing
  • πŸ§‘β€πŸ’» Ghost Phisher – Wireless network attack tool for phishing
  • πŸ§‘β€πŸ”§ NoCatSplash – Captive portal for Wi-Fi networks
  • 🦠 Wifiphisher – Phishing tool for Wi-Fi networks
  • πŸ“‘ WLANPi – Wireless attack platform for pen-testers
  • πŸ› οΈ Cowpatty – Tool for offline WPA2 cracking
  • 🌐 Scapy – Python tool for packet manipulation and analysis
  • πŸ“Ά NetStumbler – Wi-Fi scanner for Windows
  • πŸ”’ Wi-Fi Pineapple – Wireless attack platform by Hak5

πŸ§‘β€πŸ’» Forensics Tools

  • πŸ§‘β€πŸ’» Autopsy – Digital forensics platform for analyzing hard drives and smartphones.
  • 🧠 Volatility – Memory forensics framework for analyzing RAM dumps.
  • πŸ—‚οΈ Binwalk – Firmware analysis tool for extracting embedded files.
  • πŸ” Sleuth Kit (TSK) – Command-line tools for disk image investigation.
  • πŸ§‘β€πŸ’» ExifTool – Metadata extractor for images, videos, and documents.
  • πŸ—ƒοΈ TestDisk – Disk recovery tool to restore lost partitions.
  • πŸ”„ PhotoRec – File recovery software for deleted files from disks.
  • πŸ§‘β€πŸ’» Foremost – File carving tool for data recovery based on headers.
  • πŸ”‘ Hashdeep – File hashing tool with recursive hashing & audit mode.
  • πŸ§‘β€πŸ’» Bulk Extractor – Extracts email, URLs, and other artifacts from raw data.
  • πŸ—„οΈ Digital Forensics Framework (DFF) – Open-source platform for digital forensics.
  • πŸ§‘β€πŸ’» Xplico – Network forensics tool to reconstruct network sessions.
  • πŸ§‘β€πŸ’» NetworkMiner – Passive network packet analyzer for network forensics.
  • πŸ§‘β€πŸ’» Pdf-parser – Analyze and extract content from PDF files.
  • πŸ§‘β€πŸ’» RegRipper – Windows registry analysis tool.
  • πŸ§‘β€πŸ’» PEView – Portable executable (PE) file viewer for malware analysis.
  • πŸ§‘β€πŸ’» YARA – Malware pattern-matching tool used by researchers.
  • πŸ§‘β€πŸ’» HxD – Hex editor for raw disk editing and analysis.
  • πŸ§‘β€πŸ’» FTK Imager – Disk imaging and evidence preview tool.
  • πŸ§‘β€πŸ’» Capstone – Disassembly framework for binary analysis.

⏳ Stress Testing

  • 🐌 Slowloris – HTTP DoS tool for keeping many connections open
  • πŸ›°οΈ LOIC – Low Orbit Ion Cannon for stress testing
  • 🐻 HULK – HTTP flood tool that makes use of varied requests
  • 🦸 GoldenEye – Python-based HTTP denial-of-service tool
  • πŸ’¨ Tsunami – Network stress testing and security evaluation
  • πŸ›‘ R-U-Dead-Yet – Simple DoS testing tool
  • 🧯 DDoS-Sim – DDoS simulation tool
  • πŸ’₯ Xerxes – Powerful DDoS attack tool for testing purposes
  • 🎯 Web-Hulk – Web server stress testing tool
  • πŸš€ Synful – SYN flood tool for stress testing
  • πŸ’£ LOIC-PowerShell – PowerShell-based LOIC for DDoS testing
  • 🌐 T50 – A powerful stress testing tool that simulates multiple attack vectors
  • πŸŒͺ️ RIP-Lite – Lightweight stress testing tool for HTTP and SOCKS
  • πŸ‰ Stress-ng – A tool that can stress test the CPU, RAM, I/O, and more
  • πŸ› οΈ XDT – DDoS testing tool with multi-protocol support
  • πŸ₯‚ Botnet – DDoS botnet attack simulation tool
  • πŸ”¨ DDOS-Exploit – Exploit kit for DDoS stress testing
  • πŸ›‘οΈ Fudp – A multi-threaded UDP flooder for stress testing
  • ⚑ BlackHAT – A stress testing framework for web applications

πŸ•΅οΈβ€β™€οΈ Sniffing & Spoofing

  • 🌐 Wireshark – Network protocol analyzer
  • πŸ•΅οΈβ€β™‚οΈ Ettercap – Man-in-the-middle attack tool
  • ⚑ BetterCAP – Flexible network attack & monitoring tool
  • πŸ“‘ Tcpdump – Command-line packet analyzer
  • 🌍 Nessus – Vulnerability scanner with sniffing capabilities
  • 🐍 Scapy – Python-based interactive packet manipulation program
  • 🌐 MITMf – Man-in-the-middle framework for network attacks
  • 🦊 Fakenet-NG – Fake network traffic generation tool
  • 🐾 Dsniff – Collection of network monitoring tools for penetration testers
  • 🎯 Responder – LLMNR, NBT-NS, and MDNS poisoner for internal network attacks
  • πŸ’» Ettercap-NG – Enhanced version of Ettercap with additional features
  • πŸ§‘β€πŸ’» Arp-Spoof – Tool to intercept network traffic by sending ARP packets
  • 🌐 WiFi-Pumpkin – WiFi spoofing tool
  • 🎣 Aircrack-ng – Suite for wireless network auditing and cracking WEP/WPA keys
  • 🧩 Xplico – Network forensics tool that extracts applications' data from pcap files
  • πŸ“Š Pry-Fi – A tool to find and exploit vulnerabilities in wireless networks
  • πŸ•΅οΈβ€β™€οΈ Kismet – Wireless network detector, sniffer, and intrusion detection system
  • 🐍 Burp Suite – Web vulnerability scanner and network attack tool with advanced interception features
  • πŸ’» Snoopy – Sniffing & spoofing tool focused on DNS & HTTP traffic
  • πŸ“‘ Snort – Open-source network intrusion detection & prevention system

πŸ” Password Attacks

  • πŸ”₯ John the Ripper – Password cracking tool for various password hashes.
  • πŸ§‘β€πŸ’» Hydra – Brute-force tool that supports a wide range of protocols.
  • ⚑ Hashcat – Advanced password recovery using GPUs.
  • 🐍 Medusa – A speedy, parallelized login brute-forcer.
  • 🌐 Aircrack-ng – WiFi password cracking suite.
  • πŸ” Wifite – Wireless network attack tool focused on WPA/WPA2.
  • 🧠 THC-Hydra – A very fast network login cracker.
  • 🎯 Hash-Toolkit – A tool for password hash cracking.
  • πŸ› οΈ Brutus – An old but reliable password cracker for HTTP, FTP, and more.
  • πŸ”‘ Burp Suite – A popular web vulnerability scanner with password attack features.
  • πŸ§‘β€πŸ’» Ophcrack – A Windows password cracker using rainbow tables.
  • πŸ’» Cain & Abel – A versatile tool for cracking various password hashes, sniffing networks, and decoding passwords.
  • πŸ” L0phtCrack – Windows password auditing and recovery tool.
  • 🧩 CrackStation – A free online service for cracking password hashes using dictionary attacks.
  • πŸ”“ RainbowCrack – A tool that utilizes rainbow tables to crack passwords.
  • πŸ§‘β€πŸ’» Medusa – Parallelized login brute-forcer for multiple protocols.
  • πŸ”₯ Patator – A multi-purpose brute-forcing tool that supports numerous protocols.
  • πŸ›‘οΈ RSMangler – A hash bruteforce tool for creating password dictionaries.
  • πŸ§‘β€πŸ’» CrackMapExec – A post-exploitation tool for automating credential validation.
  • πŸ•΅οΈβ€β™€οΈ SudoKiller – A tool for privilege escalation that can be used for password cracking in Unix-based systems.

🌐 Web Application Analysis

  • πŸ§‘β€πŸ’» Burp Suite – Web security testing toolkit.
  • πŸ•΅οΈ OWASP ZAP – Open-source web application scanner.
  • 🐍 SQLmap – Automated SQL injection tool.
  • πŸ“œ Wappalyzer – Identify technologies on websites.
  • πŸ§‘β€πŸ’» Dirb – Web content scanner.
  • πŸ“‚ Gobuster – Directory and DNS brute-forcing.
  • πŸ” Nikto – Web server vulnerability scanner.
  • πŸ§‘β€πŸ’» Sublist3r – Subdomain enumeration.
  • πŸ•΅οΈ Amass – Network mapping and subdomain enumeration.
  • πŸ“ Httpx – Fast HTTP probing.
  • 🌐 FFUF – Fast web fuzzer.
  • πŸ§‘β€πŸ’» WhatWeb – Identify web technologies.
  • πŸ› οΈ Nuclei – Vulnerability scanning and templating.
  • πŸ§‘β€πŸ’» XSStrike – XSS detection and exploitation.
  • 🐞 Commix – Automated command injection.
  • πŸ”₯ WPScan – WordPress security scanner.
  • πŸ›‘οΈ Cmsmap – CMS detection and exploitation.
  • πŸ” Arachni – Advanced web vulnerability scanner.
  • πŸ•΅οΈ Waybackurls – Fetch URLs from Wayback Machine.
  • πŸ§‘β€πŸ’» Unfurl – Extract URLs and data from URLs.

πŸ§‘β€πŸ’» Reverse Engineering

  • 🧠 Ghidra – Open-source software reverse engineering framework.
  • πŸ”Ž Radare2 – Command-line reverse engineering toolkit.
  • πŸ› οΈ OllyDbg – 32-bit assembler-level debugger for Windows.
  • πŸ§‘β€πŸ’» IDA Pro – Industry-standard interactive disassembler.
  • 🐍 Binary Ninja – Interactive binary analysis platform.
  • πŸ›‘οΈ x64dbg – Open-source Windows debugger for x64 and x86.
  • 🧬 Cutter – GUI for Radare2 with advanced analysis features.
  • πŸ“ Hopper – Mac & Linux disassembler with powerful analysis.
  • πŸ§‘β€πŸ’» dnSpy – .NET debugger and assembly editor.
  • πŸ”„ RetDec – Open-source decompiler for machine code.
  • βš™οΈ angr – Python framework for binary analysis.
  • πŸ§‘β€πŸ’» Frida – Dynamic instrumentation toolkit.
  • πŸ”— Binary Analysis Toolkit (BAT) – Malware analysis and binary inspection.
  • πŸ› Rizin – Fork of Radare2 with a focus on usability.
  • πŸ—‚οΈ PEiD – Detect packers, cryptors, and compilers.
  • πŸ§‘β€πŸ’» DiE (Detect It Easy) – Portable executable identifier.
  • πŸ“Š LIEF – Library for parsing and modifying executables.
  • πŸ” Snowman – Native code to C++ decompiler.
  • πŸ§‘β€πŸ’» APKTool – Decompile and rebuild Android APKs.
  • πŸ”“ JEB Decompiler – Commercial decompiler for Android and other platforms.

πŸ“ Reporting Tools

  • πŸ“„ Dradis – Collaboration and reporting platform for pentesters.
  • πŸ§‘β€πŸ’» Faraday – Multi-user penetration testing IDE.
  • 🌳 MagicTree – Pentesting productivity tool for data aggregation and reporting.
  • πŸ“Š Serpico – Simplifying pentest reporting using templates.
  • πŸ“ LaTeX – High-quality typesetting system often used for security reports.
  • πŸ“‘ reNgine – Automated reconnaissance framework with reporting.
  • πŸ§‘β€πŸ’» ReconNote – Web-based notes manager for recon and reporting.
  • πŸ“ Pentracker – Pentest reporting and management tool.
  • πŸ“„ Markdown – Lightweight markup language for clean report writing.
  • πŸ“„ Ghostwriter – Reporting and engagement management platform.
  • πŸ“Š VulnReport – Automated vulnerability reporting platform.
  • πŸ“‹ Katana Framework – Post-exploitation and reporting utility.
  • πŸ“‘ Pentest-Report-Template – Professional pentest report LaTeX template.
  • πŸ“„ ProofSuite – Automated proof of concept and reporting tool.
  • πŸ§‘β€πŸ’» VulnWhisperer – Vulnerability management reporting with Nessus, Qualys, and OpenVAS.
  • πŸ“œ RiskSense – Risk-based vulnerability management and reporting.
  • πŸ“ Pentestly – Powershell-based post-exploitation and reporting.
  • πŸ“„ SecReport – Report generation tool for pentesters.
  • πŸ“‹ PwnDoc – Pentest reporting tool with customizable templates.
  • πŸ§‘β€πŸ’» PenTest-Wiki – Knowledge base for pentesting & reporting references.

🎭 Social Engineering Tools

  • πŸ§‘β€πŸ’» SET (Social-Engineer Toolkit) – Advanced framework for social engineering attacks.
  • πŸ“§ King Phisher – Phishing campaign toolkit for testing and training.
  • 🎣 Phishing Frenzy – Phishing campaign automation platform.
  • πŸͺ€ Gophish – Open-source phishing toolkit for awareness and testing.
  • πŸ“© Evilginx2 – Phishing toolkit using reverse proxy for capturing credentials & tokens.
  • πŸ•΅οΈβ€β™€οΈ HiddenEye – Modern phishing tool with advanced social engineering features.
  • πŸ”₯ BlackEye – Phishing tool with site cloning capabilities.
  • πŸ›œ Zphisher – Advanced phishing tool with tunneling support.
  • πŸ“‘ SocialFish – Social engineering phishing framework.
  • πŸ§‘β€πŸ’» HiddenEye Reborn – Improved version of HiddenEye for phishing & spoofing.
  • πŸ§‘β€πŸ’» EvilPhish – Social engineering tool for phishing websites.
  • πŸ“¬ ShellPhish – Automated phishing tool supporting multiple templates.
  • πŸ§‘β€πŸ’» CamPhish – Webcam phishing attack tool.
  • πŸ•΅οΈ Weeman – HTTP server-based phishing framework.
  • πŸ“² QRGen – QR code phishing generator.
  • πŸ•΅οΈ PyPhisher – Python-based phishing toolkit with multiple site templates.
  • πŸ•ΈοΈ AdvPhishing – Advanced phishing tool with login page cloning.
  • 🎯 SocialBox – Brute-force social media hacking toolkit.
  • πŸ§‘β€πŸ’» XPhisher – Advanced phishing tool with inbuilt tunneling.
  • 🌐 CredSniper – Phishing framework with two-factor authentication bypass support.

🧩 Miscellaneous

  • πŸ‰ Kali Linux – Advanced penetration testing and security auditing OS.
  • 🦜 Parrot Security OS – Security-focused OS for pentesting and privacy.
  • πŸ§‘β€πŸ’» BackBox – Ubuntu-based Linux distro for penetration testing.
  • πŸ•΅οΈ BlackArch Linux – Arch-based OS with 2800+ hacking tools.
  • πŸ”Ž Pentoo – Security-focused Gentoo-based Linux.
  • πŸ§‘β€πŸ’» Tails – Privacy and anonymity-focused live OS.
  • πŸ§ͺ CAINE – Digital forensics live Linux distro.
  • πŸ§‘β€πŸ’» Bugtraq – Linux distro for pentesting & malware analysis.
  • πŸ”’ Whonix – Anonymous OS based on Tor.
  • 🧠 DEFT Linux – Digital evidence & forensics toolkit.
  • 🌐 Subgraph OS – Secure Linux distro with hardened kernel.
  • πŸ§‘β€πŸ’» ArchStrike – Arch Linux repository for security tools.
  • πŸ§‘β€πŸ’» Fedora Security Lab – Fedora spin for security auditing.
  • πŸ§‘β€πŸ’» SamuraiWTF – Web application penetration testing environment.
  • πŸ”Ž Cyborg Hawk – Security distro for penetration testing.
  • πŸ§‘β€πŸ’» Matriux Krypton – Debian-based security distribution.
  • πŸ”₯ NodeZero – Ubuntu-based penetration testing OS.
  • πŸ§‘β€πŸ’» GnackTrack – Linux live distribution for penetration testing.
  • πŸ›‘οΈ SELKS – Suricata-based IDS/IPS platform.
  • πŸ•΅οΈβ€β™‚οΈ PentestBox – Penetration testing toolkit for Windows.

🌟 Let's Connect!

Hello, Hacker! πŸ‘‹ We'd love to stay connected with you. Reach out to us on any of these platforms and let's build something amazing together:

🌐 Website: https://yogsec.github.io/yogsec/
πŸ“œ Linktree: https://linktr.ee/yogsec
πŸ”— GitHub: https://github.com/yogsec
πŸ’Ό LinkedIn (Company): https://www.linkedin.com/company/yogsec/
πŸ“· Instagram: https://www.instagram.com/yogsec.io/
🐦 Twitter (X): https://x.com/yogsec
πŸ‘¨β€πŸ’Ό Personal LinkedIn: https://www.linkedin.com/in/cybersecurity-pentester/
πŸ“§ Email: [email protected]

β˜• Buy Me a Coffee

If you find our work helpful and would like to support us, consider buying us a coffee. Your support keeps us motivated and helps us create more awesome content. ❀️

β˜• Support Us Here: https://buymeacoffee.com/yogsec

Thank you for your support! πŸš€

About

A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.

linktr.ee/yogsec

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published