Penetration Testing Distributions
- Kali — GNU/Linux distribution designed for digital forensics and penetration testing Hacking Tools
- ArchStrike — Arch GNU/Linux repository for security professionals and enthusiasts.
- BlackArch — Arch GNU/Linux-based distribution with best Hacking Tools for penetration testers and security researchers.
- Network Security Toolkit (NST) — Fedora-based bootable live operating system designed to provide easy access to best-of-breed open source network security applications.
- Pentoo — Security-focused live CD based on Gentoo.
- BackBox — Ubuntu-based distribution for penetration tests and security assessments.
- Parrot — Distribution similar to Kali, with multiple architectures with 100 of Hacking Tools.
- Buscador — GNU/Linux virtual machine that is pre-configured for online investigators.
- Fedora Security Lab — Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies.
- The Pentesters Framework — Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that eliminates often unused toolchains.
- AttifyOS — GNU/Linux distribution focused on tools useful during Internet of Things (IoT) security assessments.
Docker for Penetration Testing
docker pull kalilinux/kali-linux-dockerofficial Kali Linux
docker pull owasp/zap2docker-stable– official OWASP ZAP
docker pull wpscanteam/wpscan– official WPScan
docker pull citizenstig/dvwa– Damn Vulnerable Web Application (DVWA)
docker pull wpscanteam/vulnerablewordpress– Vulnerable WordPress Installation
docker pull hmlio/vaas-cve-2014-6271– Vulnerability as a service: Shellshock
docker pull hmlio/vaas-cve-2014-0160– Vulnerability as a service: Heartbleed
docker pull opendns/security-ninjas– Security Ninjas
docker pull diogomonica/docker-bench-security– Docker Bench for Security
docker pull ismisepaul/securityshepherd– OWASP Security Shepherd
docker pull danmx/docker-owasp-webgoat– OWASP WebGoat Project docker image
docker-compose build && docker-compose up– OWASP NodeGoat
docker pull citizenstig/nowasp– OWASP Mutillidae II Web Pen-Test Practice Application
docker pull bkimminich/juice-shop– OWASP Juice Shop
docker pull kalilinux/kali-linux-docker– Kali Linux Docker Image
docker pull phocean/msf– docker-metasploit
- Metasploit — post exploitaion Hacking Tools for offensive security teams to help verify vulnerabilities and manage security assessments.
- Armitage — Java-based GUI front-end for the Metasploit Framework.
- Faraday — Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.
- ExploitPack — Graphical tool for automating penetration tests that ships with many pre-packaged exploits.
- Pupy — Cross-platform (Windows, Linux, macOS, Android) remote administration and post-exploitation tool,
- Nexpose — Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
- Nessus — Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable.
- OpenVAS — Free software implementation of the popular Nessus vulnerability assessment system.
- Vuls — Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go.
- Brakeman — Static analysis security vulnerability scanner for Ruby on Rails applications.
- cppcheck — Extensible C/C++ static analyzer focused on finding bugs.
- FindBugs — Free software static analyzer to look for bugs in Java code.
- sobelow — Security-focused static analysis for the Phoenix Framework.
- bandit — Security oriented static analyser for python code.
- Nikto — Noisy but fast black box web server and web application vulnerability scanner.
- Arachni — Scriptable framework for evaluating the security of web applications.
- w3af — Hacking Tools for Web application attack and audit framework.
- Wapiti — Black box web application vulnerability scanner with built-in fuzzer.
- SecApps — In-browser web application security testing suite.
- WebReaver — Commercial, graphical web application vulnerability scanner designed for macOS.
- WPScan — Hacking Tools of Black box WordPress vulnerability scanner.
- cms-explorer — Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
- joomscan — on of the best Hacking Tools for Joomla vulnerability scanner.
- ACSTIS — Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.
- zmap — Open source network scanner that enables researchers to easily perform Internet-wide network studies.
- nmap — Free security scanner for network exploration & security audits.
- pig — one of the Hacking Tools forGNU/Linux packet crafting .
- scanless — Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.
- tcpdump/libpcap — Common packet analyzer that runs under the command line.
- Wireshark — Widely-used graphical, cross-platform network protocol analyzer.
- Network-Tools.com — Website offering an interface to numerous basic network utilities like
whois, and more.
- netsniff-ng — Swiss army knife for for network sniffing.
- Intercepter-NG — Multifunctional network toolkit.
- SPARTA — Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.
- dnschef — Highly configurable DNS proxy for pentesters.
- DNSDumpster — one of the Hacking Tools for Online DNS recon and search service.
- CloudFail — Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
- dnsenum — Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
- dnsmap — One of the Hacking Tools for Passive DNS network mapper.
- dnsrecon — One of the Hacking Tools for DNS enumeration script.
- dnstracer — Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
- passivedns-client — Library and query tool for querying several passive DNS providers.
- passivedns — Network sniffer that logs all DNS server replies for use in a passive DNS setup.
- Mass Scan — best Hacking Tools for TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
- Zarp — Network attack tool centered around the exploitation of local networks.
- mitmproxy — Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
- Morpheus — Automated ettercap TCP/IP Hacking Tools .
- mallory — HTTP/HTTPS proxy over SSH.
- SSH MITM — Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.
- Netzob — Reverse engineering, traffic generation and fuzzing of communication protocols.
- DET — Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.
- pwnat — Punches holes in firewalls and NATs.
- dsniff — Collection of tools for network auditing and pentesting.
- tgcd — Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.
- smbmap — Handy SMB enumeration tool.
- scapy — Python-based interactive packet manipulation program & library.
- Dshell — Network forensic analysis framework.
- Debookee — Simple and powerful network traffic analyzer for macOS.
- Dripcap — Caffeinated packet analyzer.
- Printer Exploitation Toolkit (PRET) — Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
- Praeda — Automated multi-function printer data harvester for gathering usable data during security assessments.
- routersploit — Open source exploitation framework similar to Metasploit but dedicated to embedded devices.
- evilgrade — Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
- XRay — Network (sub)domain discovery and reconnaissance automation tool.
- Ettercap — Comprehensive, mature suite for machine-in-the-middle attacks.
- BetterCAP — Modular, portable and easily extensible MITM framework.
- CrackMapExec — A swiss army knife for pentesting networks.
- impacket — A collection of Python classes for working with network protocols.
Wireless Network Hacking Tools
- Aircrack-ng — Set of Penetration testing & Hacking Tools list for auditing wireless networks.
- Kismet — Wireless network detector, sniffer, and IDS.
- Reaver — Brute force attack against WiFi Protected Setup.
- Wifite — Automated wireless attack tool.
- Fluxion — Suite of automated social engineering based WPA attacks.
Transport Layer Security Tools
- SSLyze — Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.
- tls_prober — Fingerprint a server’s SSL/TLS implementation.
- testssl.sh — Command line tool which checks a server’s service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.
- OWASP Zed Attack Proxy (ZAP) — Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
- Fiddler — Free cross-platform web debugging proxy with user-friendly companion tools.
- Burp Suite — One of the Hacking Tools ntegrated platform for performing security testing of web applications.
- autochrome — Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup.
- Browser Exploitation Framework (BeEF) — Command and control server for delivering exploits to commandeered Web browsers.
- Offensive Web Testing Framework (OWTF) — Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
- WordPress Exploit Framework — Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
- WPSploit — Exploit WordPress-powered websites with Metasploit.
- SQLmap — Automatic SQL injection and database takeover tool.
- tplmap — Automatic server-side template injection and Web server takeover Hacking Tools .
- weevely3 — Weaponized web shell.
- Wappalyzer — Wappalyzer uncovers the technologies used on websites.
- WhatWeb — Website fingerprinter.
- BlindElephant — Web application fingerprinter.
- wafw00f — Identifies and fingerprints Web Application Firewall (WAF) products.
- fimap — Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
- Kadabra — Automatic LFI exploiter and scanner.
- Kadimus — LFI scan and exploit tool.
- liffy — LFI exploitation tool.
- Commix — Automated all-in-one operating system command injection and exploitation tool.
- DVCS Ripper — Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.
- GitTools — One of the Hacking Tools that Automatically find and download Web-accessible
- sslstrip —
One of the Hacking Tools Demonstration of the HTTPS stripping attacks.
- sslstrip2 — SSLStrip version to defeat HSTS.
- NoSQLmap — Automatic NoSQL injection and database takeover tool.
- VHostScan — A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
- FuzzDB — Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
- EyeWitness — Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
- webscreenshot — A simple script to take screenshots of list of websites.
- HexEdit.js — Browser-based hex editing.
- Hexinator — World’s finest (proprietary, commercial) Hex Editor.
- Frhed — Binary file editor for Windows.
- 0xED — Native macOS hex editor that supports plug-ins to display custom data types.
File Format Analysis Tools
- Veles — Binary data visualization and analysis tool.
- Hachoir — Python library to view and edit a binary stream as tree of fields and tools for metadata extraction.
Defense Evasion Tools
- Veil — Generate metasploit payloads that bypass common anti-virus solutions.
- shellsploit — Generates custom shellcode, backdoors, injectors, optionally obfuscates every byte via encoders.
- Hyperion — Runtime encryptor for 32-bit portable executables (“PE
- AntiVirus Evasion Tool (AVET) — Post-process exploits containing executable files targeted for Windows machines to avoid being recognized by antivirus software.
- peCloak.py — Automates the process of hiding a malicious Windows executable from antivirus (AV) detection.
- peCloakCapstone — Multi-platform fork of the peCloak.py automated malware antivirus evasion tool.
- UniByAv — Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key.
Hash Cracking Hacking ToolsTools
- John the Ripper — One of the best Hacking Tools for Fast password cracker.
- Hashcat — Another One of the Hacking Tools The more fast hash cracker.
- CeWL — Generates custom wordlists by spidering a target’s website and collecting unique words.
- JWT Cracker — Simple HS256 JWT token brute force cracker.
- Rar Crack — RAR bruteforce cracker.
- BruteForce Wallet — Find the password of an encrypted wallet file (i.e.
- Sysinternals Suite — The Sysinternals Troubleshooting Utilities.
- Windows Credentials Editor — Inspect logon sessions and add, change, list, and delete associated credentials, including Kerberos tickets.
- mimikatz — Credentials extraction tool for Windows operating system.
- PowerSploit — PowerShell Post-Exploitation Framework.
- Windows Exploit Suggester — Detects potential missing patches on the target.
- Responder — LLMNR, NBT-NS and MDNS poisoner.
- Bloodhound — Graphical Active Directory trust relationship explorer.
- Empire — Pure PowerShell post-exploitation agent.
- Fibratus — Tool for exploration and tracing of the Windows kernel.
- wePWNise — Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software.
- redsnarf — Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers.
- Magic Unicorn — Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or
certutil(using fake certificates).
- DeathStar — Python script that uses Empire’s RESTful API to automate gaining Domain Admin rights in Active Directory environments.
- Linux Exploit Suggester — Heuristic reporting on potentially viable exploits for a given GNU/Linux system.
- Bella — Pure Python post-exploitation data mining and remote administration tool for macOS.
- LOIC — Open source network stress tool for Windows.
- SlowLoris — DoS tool that uses low bandwidth on the attacking side.
- HOIC — Updated version of Low Orbit Ion Cannon, has ‘boosters’ to get around common counter measures.
- T50 — Faster network stress tool.
- UFONet — Abuses OSI layer 7 HTTP to create/manage ‘zombies’ and to conduct different attacks using;
POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
Social Engineering Tools
- Social Engineer Toolkit (SET) — Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly.
- King Phisher — One of the Hacking Tools for Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content.
- Evilginx — MITM attack framework used for phishing credentials and session cookies from any Web service.
- wifiphisher — Automated phishing attacks against WiFi networks.
- Catphish — Tool for phishing and corporate espionage written in Ruby.
- Beelogger — Tool for generating keylooger.
- Maltego — One of the Hacking Tools and Proprietary software for open source intelligence and forensics, from Paterva.
- theHarvester — E-mail, subdomain and people names harvester.
- creepy — Geolocation OSINT tool.
- metagoofil — Metadata harvester.
- Google Hacking Database — Database of Google dorks; can be used for recon.
- Google-dorks — Common Google dorks and others you probably don’t know.
- GooDork — Command line Google dorking tool.
- dork-cli — Command line Google dork tool.
- Censys — Collects data on hosts and websites through daily ZMap and ZGrab scans.
- Shodan — World’s first search engine for Internet-connected devices.
- recon-ng — One of the Hacking Tools Full-featured Web Reconnaissance framework written in Python.
- github-dorks — CLI tool to scan Github repos/organizations for potential sensitive information leak.
- vcsmap — Plugin-based tool to scan public version control systems for sensitive information.
- Spiderfoot — Multi-source OSINT automation tool with a Web UI and report visualizations
- BinGoo — GNU/Linux bash based Bing and Google Dorking Tool.
- fast-recon — Perform Google dorks against a domain.
- snitch — Information gathering via dorks.
- Sn1per — ons of the Hacking Tools for Automated Pentest Recon Scanner.
- Threat Crowd — Search engine for threats.
- Virus Total — VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
- DataSploit — OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes.
- AQUATONE — Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.
- Intrigue — Automated OSINT & Attack Surface discovery framework with powerful API, UI and CLI.
- ZoomEye — Search engine for cyberspace that lets the user find specific network components.
- Tor — Free software and onion routed overlay network that helps you defend against traffic analysis.
- OnionScan — One of the Hacking Tools for investigating the Dark Web by finding operational security issues introduced by Tor hidden service operators.
- I2P — The Invisible Internet Project.
- Nipe — Script to redirect all traffic from the machine to the Tor network.
- What Every Browser Knows About You — Comprehensive detection page to test your own Web browser’s configuration for privacy and identity leaks.
Reverse Engineering Tools
- Interactive Disassembler (IDA Pro) — Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, IDA Free.
- WDK/WinDbg — Windows Driver Kit and WinDbg.
- OllyDbg — x86 debugger for Windows binaries that emphasizes binary code analysis.
- Radare2 — Open source, crossplatform reverse engineering framework.
- x64dbg — Open source x64/x32 debugger for windows.
- Immunity Debugger — Powerful way to write exploits and analyze malware.
- Evan’s Debugger — OllyDbg-like debugger for GNU/Linux.
- Medusa — Open source, cross-platform interactive disassembler.
- plasma — Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
- peda — Python Exploit Development Assistance for GDB.
- dnSpy — one of the Hacking Tools to reverse engineer .NET assemblies.
- binwalk — Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
- PyREBox — Python scriptable Reverse Engineering sandbox by Cisco-Talos.
- Voltron — Extensible debugger UI toolkit written in Python.
- Capstone — Lightweight multi-platform, multi-architecture disassembly framework.
- rVMI — Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool.
- Frida — Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
Physical Access Tools
- LAN Turtle — Covert “USB Ethernet Adapter” that provides remote access, network intelligence gathering, and MITM capabilities when installed in a local network.
- USB Rubber Ducky — Customizable keystroke injection attack platform masquerading as a USB thumbdrive.
- Poisontap — Siphons cookies, exposes internal (LAN-side) router and installs web backdoor on locked computers.
- WiFi Pineapple — Wireless auditing and penetration testing platform.
- Proxmark3 — RFID/NFC cloning, replay, and spoofing toolkit often used for analyzing and attacking proximity cards/readers, wireless keys/keyfobs, and more.
- ChipWhisperer — Complete open-source toolchain for side-channel power analysis and glitching attacks.
- ctf-tools — Collection of setup scripts to install various security research tools easily and quickly deployable to new machines.
- Pwntools — Rapid exploit development framework built for use in CTFs.
- RsaCtfTool — Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks.