Tools
115 posts
AccessChk
Sysinternals tool to check permissions on files, services, and registry keys for privilege escalation
ADB (Android Debug Bridge)
Android device management and debugging tool for installing apps and accessing device shell
Apktool
Android APK decompilation and recompilation tool for reverse engineering
Autopsy
Digital forensics analysis platform for disk image examination and evidence recovery
AWS CLI
AWS command-line interface for cloud infrastructure enumeration and reconnaissance
Binwalk
Firmware analysis and file extraction tool for finding embedded files and executable code
BloodHound
Active Directory relationship mapping and attack path visualization tool
Cadaver
WebDAV client for uploading and managing files on WebDAV-enabled servers
Certipy
Active Directory Certificate Services enumeration and exploitation tool
CeWL
Custom wordlist generator that spiders websites to create targeted password lists
Checksec
Checks security properties of binaries including NX, RELRO, Stack Canaries, and PIE
Chisel
TCP/UDP tunnel over HTTP for pivoting and port forwarding through firewalls
CrackMapExec
Swiss army knife for pentesting Windows/Active Directory environments
Crunch
Wordlist generator that creates custom character-based password lists
DAVTest
WebDAV exploitation testing tool for checking upload capabilities and file execution
dex2jar
Converts Android DEX files to Java JAR format for decompilation and analysis
Dirsearch
Web path discovery tool for brute-forcing directories and files on web servers
DNSenum
DNS enumeration tool for discovering subdomains, zone transfers, and DNS records
DNSmap
DNS subdomain brute-forcing tool for discovering hidden subdomains
DNSrecon
DNS reconnaissance tool for zone transfers, subdomain enumeration, and record queries
EfsPotato
Windows privilege escalation tool exploiting EFS service for token impersonation
Enum4linux
Linux tool for enumerating Windows/Samba shares, users, and groups via SMB
Evil-WinRM
Windows Remote Management shell for penetration testing with pass-the-hash support
ExifTool
Metadata reader and editor for extracting information from files and images
ffuf
Fast web fuzzer for directory discovery, virtual host enumeration, and parameter fuzzing
Fierce
DNS reconnaissance and brute-force tool for locating non-contiguous IP space
FOCA
Metadata extraction and fingerprinting tool for harvesting information from documents
Foremost
File carving tool for recovering files from disk images based on headers and footers
Frida
Dynamic instrumentation toolkit for mobile and desktop application security testing
FTK Imager
Forensic disk imaging and evidence extraction tool for creating and analyzing disk images
GDB
GNU Debugger for binary exploitation, reverse engineering, and debugging executables
git-dumper
Tool for dumping exposed .git repositories from web servers
Gobuster
Directory and DNS brute-forcing tool for discovering hidden paths and subdomains
GoPhish
Open-source phishing framework for simulating phishing campaigns and security awareness
gpg2john
Extracts password hashes from GPG/PGP encrypted files for cracking with John
Hashcat
GPU-accelerated password recovery tool supporting hundreds of hash types
hping3
TCP/IP packet assembler and analyzer for custom packet crafting and network scanning
Hydra
Network login brute-forcer supporting numerous protocols including SSH, FTP, HTTP, and SMB
impacket-GetNPUsers
AS-REP Roasting tool to extract hashes for accounts with Kerberos pre-auth disabled
impacket-GetUserSPNs
Kerberoasting tool to request and extract service ticket hashes for offline cracking
impacket-lookupsid
SID brute-forcing tool to enumerate domain users and groups via RPC
impacket-mssqlclient
MSSQL client for interacting with Microsoft SQL servers using Windows authentication
impacket-psexec
Remote command execution tool using SMB/RPC for lateral movement in Windows environments
impacket-secretsdump
Extracts credentials and secrets from Windows systems including SAM, LSA, and NTDS.dit
impacket-smbserver
Sets up a quick SMB server for file transfers during penetration testing
impacket-wmiexec
Remote command execution using WMI for stealthy lateral movement without writing to disk
InviShell
Bypasses PowerShell security features like logging and AMSI for stealthy script execution
jadx-gui
Android APK decompiler with GUI that opens APK files directly for source code analysis
JD-GUI
Java decompiler GUI for viewing decompiled Java source from JAR and class files
John the Ripper
Password cracker supporting many hash types with wordlist and rule-based attacks
JuicyPotato
Windows privilege escalation tool exploiting SeImpersonatePrivilege via COM server abuse
keepass2john
Extracts password hashes from KeePass database files for offline cracking
Kerbrute
Kerberos brute-forcing tool for AD username enumeration and password spraying
ldapsearch
LDAP query tool for enumerating Active Directory objects, users, and groups
LinEnum
Linux privilege escalation enumeration script that checks for common misconfigurations
LinPEAS
Linux Privilege Escalation Awesome Script for automated enumeration of escalation vectors
Linux Exploit Suggester
Identifies potential kernel exploits for Linux privilege escalation based on kernel version
ltrace
Library call tracer for tracking shared library function calls in binary analysis
Medusa
Parallel network login brute-forcer supporting multiple protocols and services
Mimikatz
Windows credential extraction tool for dumping passwords, hashes, and Kerberos tickets
Metasploit (msfconsole)
Exploitation framework with modules for scanning, exploitation, and post-exploitation
msfvenom
Payload generator for creating shellcode, reverse shells, and encoded payloads
nbtscan
NetBIOS name scanner for discovering Windows hosts and their NetBIOS information
net rpc
Samba utility for managing Windows remote resources including password changes and group membership
Netcat
Network utility for reading and writing data across TCP/UDP connections and reverse shells
Netsh
Windows network configuration tool used for port forwarding and firewall management
Nmap
Network scanner for port discovery, service detection, OS fingerprinting, and script scanning
Objection
Mobile exploration toolkit powered by Frida for runtime security testing
onesixtyone
Fast SNMP community string brute-forcer for discovering SNMP-enabled devices
OpenSSL
Cryptographic toolkit for SSL/TLS operations, certificate management, and encryption
OpenStego
Steganography tool for hiding and extracting secret data within image files
pfx2john
Extracts password hashes from PFX/PKCS12 certificate files for cracking with John
Plink
PuTTY command-line SSH client for port forwarding and tunneling from Windows
Powercat
PowerShell implementation of netcat for reverse shells and file transfers
PowerUp
PowerShell privilege escalation tool that checks for common Windows misconfigurations
PowerUpSQL
PowerShell toolkit for attacking SQL Server instances in Active Directory environments
PowerView
PowerShell tool for Active Directory enumeration and domain reconnaissance
PrintSpoofer
Windows privilege escalation tool exploiting SeImpersonatePrivilege via print spooler
Proxychains
Forces TCP connections through proxy servers like SOCKS4/5 for pivoting through networks
pwntools
Python CTF framework and exploit development library for binary exploitation
rdesktop
Open-source RDP client for connecting to Windows Remote Desktop services from Linux
Responder
LLMNR/NBT-NS/mDNS poisoner for capturing NTLMv2 hashes on the network
RITA
Real Intelligence Threat Analytics framework for detecting C2 beacons and DNS tunneling
ROPgadget
Searches binary files for ROP gadgets to build Return-Oriented Programming chains
Ropper
ROP gadget finder and chain builder for binary exploitation
rpcclient
Samba RPC client for enumerating users, groups, and shares on Windows systems
Rubeus
C# Kerberos abuse toolkit for AS-REP roasting, Kerberoasting, and ticket manipulation
SearchSploit
Offline exploit database search tool for finding public exploits and shellcodes
SharpHound
BloodHound data collector that gathers Active Directory relationship data
Shellter
Dynamic shellcode injection tool for AV evasion by injecting payloads into legitimate PE files
Showmount
NFS enumeration tool for listing exported shares on remote servers
smbclient
SMB client for accessing and interacting with Windows file shares from Linux
SMBMap
SMB share enumeration tool for listing shares, permissions, and accessing files
snmpwalk
SNMP enumeration tool for querying MIB trees and extracting device information
Socat
Multipurpose relay tool for bidirectional data transfer and port forwarding
SQLMap
Automated SQL injection detection and exploitation tool for database takeover
sshuttle
Transparent proxy VPN over SSH for routing traffic through a pivot host
StegCracker
Steganography brute-force tool for cracking steghide passwords on image files
Steghide
Steganography tool for embedding and extracting hidden data in JPEG and BMP files
strace
System call tracer for analyzing binary behavior and privilege escalation analysis
Suricata
Open-source IDS/IPS for network traffic analysis and threat detection using signatures
Swaks
Swiss Army Knife for SMTP testing and sending crafted emails for phishing assessments
tcpdump
Command-line packet analyzer for capturing and filtering network traffic
unix-privesc-check
Unix privilege escalation checker script that identifies common misconfigurations
Velociraptor
Open-source DFIR platform for endpoint monitoring, collection, and threat hunting
Volatility
Memory forensics framework for analyzing RAM dumps and extracting artifacts
Wfuzz
Web application fuzzer for brute-forcing parameters, directories, and forms
Windows Exploit Suggester
Identifies potential privilege escalation vulnerabilities based on Windows systeminfo output
WinPEAS
Windows Privilege Escalation Awesome Script for automated enumeration of escalation vectors
Wireshark
Network protocol analyzer with GUI for deep inspection of packet captures
WPScan
WordPress security scanner for enumerating plugins, themes, and user accounts
xfreerdp
FreeRDP client for connecting to Windows Remote Desktop with pass-the-hash support
Zeek
Network security monitor that converts packet captures into structured log files
zip2john
Extracts password hashes from encrypted ZIP files for cracking with John the Ripper
zsteg
PNG/BMP steganography detection tool for finding hidden data in image LSB channels