📚resources

Information Gathering

Domain Names

• subDomainsBrute - A fast sub domain brute tool for pentesters

• ksubdomain - Subdomain enumeration tool, asynchronous DNS packets, use pcap to scan 1600,000 subdomains in 1 second

• Sublist3r - Fast subdomains enumeration tool for penetration testers

• OneForAll - 👊 OneForAll is a powerful subdomain integration tool

Google Hacking

• GHDB - Google Hack Database

• SearchDiggity - SearchDiggity 3.1 is the primary attack tool of the Google Hacking Diggity Project

• Katana - A Python Tool For google Hacking

• uDork - uDork is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information in files or directories, find IoT devices, detect versions of web applications, and so on.

• Pagodo - pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching .

Github

• GitHacker - 🕷️ A Git source leak exploit tool that restores the entire Git repository, including data from stash, for white-box auditing and analysis of developers' mind.

• GitGraber - gitGraber is a tool developed in Python3 to monitor GitHub to search and find sensitive data in real time for different online services.

• GitMiner - Tool for advanced mining for content on Github.

• Gitrob - Reconnaissance tool for GitHub organizations.

SVN

• svnExploit - Support for SVN source code disclosure of full version and Dump it.

• SvnHack - SvnHack is a SVN folder disclosure exploit.

Port Scan

• Nmap | Zenmap - Free and open source utility for network discovery and security auditing

• Masscan - TCP port scanner, spews SYN packets asynchronously

• Ports - Common service ports and exploitations

• Goby - Attack surface mapping

• Goscan - Interactive Network Scanner

• NimScan - 🚀 Fast Port Scanner 🚀

• RustScan - 🤖 The Modern Port Scanner 🤖

OSINT

• theHarvester- E-mails, subdomains and names Harvester - OSINT

• SpiderFoot - SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

• FOCA - Tool to find metadata and hidden information in the documents.

• Amass - In-depth Attack Surface Mapping and Asset Discovery

• Censys-subdomain-finder - Perform subdomain enumeration using the certificate transparency logs from Censys.

• EmailHarvester - Email addresses harvester

• Finalrecon - The Last Web Recon Tool You'll Need.

• LittleBrother - Information gathering (OSINT) on a person (EU)

Phishing

• gophish - Open-Source Phishing Toolkit

• AdvPhishing - This is Advance Phishing Tool ! OTP PHISHING

• SocialFish - Educational Phishing Tool & Information Collector

• Zphisher - An automated phishing tool with 30+ templates. This Tool is made for educational purpose only ! Author will not be responsible for any misuse of this toolkit !

• Nexphisher - Advanced Phishing tool for Linux & Termux

Vulnerability Analysis

Fuzzing

Vulnerability Scanner

• Struts-Scan - Struts2 vulnerability detection and utilization tools

• Nikto - Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items

• W3af - Web application attack and audit framework, the open source web vulnerability scanner

• Openvas - The world's most advanced Open Source vulnerability scanner and manager

  • Openvas Docker

• Archery - Open Source Vulnerability Assessment and Management helps developers and pentesters to perform scans and manage vulnerabilities

• Taipan - Web application vulnerability scanner

• Arachni - Web Application Security Scanner Framework

• Nuclei - Fast and customizable vulnerability scanner based on simple YAML based DSL.

• Xray - A passive-vulnerability-scanner Tool.

Web Applications

CMS & Framwork Identification

• AngelSword - CMS vulnerability detection framework

• WhatWeb - Next generation web scanner

• Wappalyzer - Cross-platform utility that uncovers the technologies used on websites

• Whatruns - A free browser extension that helps you identify technologies used on any website at the click of a button (Just for chrome)

• WhatCMS - CMS Detection and Exploit Kit based on Whatcms.org API

• CMSeeK - CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs

Online Tools

• Yunsee - Online website for to find the CMS footprint

• Bugscaner - A simple online fingerprint identification system that supports hundreds of cms source code recognition

• WhatCMS online - CMS Detection and Exploit Kit website Whatcms.org

• Tscan - A online tool to get the informathion of website

• TideFinger - Fingerprinter Tool from TideSec Team

Web Applications Proxies

• Burpsuite - Burpsuite is a graphical tool for testing Web application security

• ZAP One of the world’s most popular free security tools

• Mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

• Broxy - An HTTP/HTTPS intercept proxy written in Go.

web browser extension

• Hack-Tools - The all-in-one Red Team extension for Web Pentester 🛠

Web Crawlers & Directory Brute Force

• Dirbrute - Multi-thread WEB directory blasting tool (with dics inside)

• Dirbuster - DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers

Docker Scanners

• Fuxi-Scanner - open source network security vulnerability scanner, it comes with multiple functions.

• Xunfeng - The patrol is a rapid emergency response and cruise scanning system for enterprise intranets

• WebMap - Nmap Web Dashboard and Reporting

Database Assessment

Password Attacks

• Hydra - Hydra is a parallelized login cracker which supports numerous protocols to attack

• Medusa - Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer

• Sparta: Document - Network Infrastructure Penetration Testing Tool

• Hashcat - World's fastest and most advanced password recovery utility

• Patator - Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

• HackBrowserDat - Decrypt passwords/cookies/history/bookmarks from the browser

Wireless Attacks

Wireless Tools

• Fern Wifi cracker - Fern-Wifi-Cracker is designed to be used in testing and discovering flaws in ones own network with the aim of fixing the flaws detected

Reverse Engineering

• Ollydbg - OllyDbg is a 32-bit assembler level analysing debugger for Microsoft Windows

Exploitation Tools

Vulnerability Search

• SPLOITUS - Sploitus is а convenient central place for identifying the newest exploits and finding attacks that exploit known vulnerabilities

• SearchSploit - The official Exploit Database repository

• Getsploit - Command line utility for searching and downloading exploits

Cross-site Scripting（XSS）

• BeeF - The Browser Exploitation Framework Project

• BlueLotus_XSSReceiver - XSS Receiver platform without SQL

• xssor2 - XSS'OR - Hack with JavaScript.

• Xsser-Varbaek - From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 + Extras

• Xsser-Epsylon - Cross Site "Scripter" (aka XSSer) is an automatic framework to detect, exploit and report XSS vulnerabilities in web-based applications.

• Xenotix - An advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework

Sql Injection

• Sqlmap - Automatic SQL injection and database takeover tool

• Sqlmate - A friend of SQLmap which will do what you always expected from SQLmap

• SQLiScanner - Automatic SQL injection with Charles and sqlmap api

Command Injection

• Commix - Automated All-in-One OS command injection and exploitation tool

File Include

• LFIsuite - Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner

• Kadimus - Kadimus is a tool to check sites to lfi vulnerability , and also exploit it

• Shellfire - Exploitation shell for exploiting LFI, RFI, and command injection vulnerabilities

• LFIter2 - LFIter2 Local File Include (LFI) Tool - Auto File Extractor & Username Bruteforcer

• FDsploit - File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

File Upload vulnerability

• Fuxploider - File upload vulnerability scanner and exploitation tool

XML External Entity Attack（XXE）

• XXEinjector - Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods

• Oxml_xxe - A tool for embedding XXE/XML exploits into different filetypes

Cross-site request forgery （CSRF）

• Deemon - Deemon is a tool to detect CSRF in web application

Exploit Framework

• POC-T - Pentest Over Concurrent Toolkit

• Pocsuite - Pocsuite is an open-sourced remote vulnerability testing framework developed by the Knownsec Security Team

• Metasploit - The world’s most used penetration testing framework

• Venom - Shellcode generator/compiler/handler (metasploit)

• Empire - Empire is a PowerShell and Python post-exploitation agent

• Koadic - Koadic C3 COM Command & Control - JScript RAT

• Viper - metasploit-framework UI manager Tools

• MSFvenom-gui - gui tool to create normal payload by msfvenom

Machine Learning

• DeepExploit - Fully automatic penetration test tool using Machine Learning

• GyoiThon - GyoiThon is a growing penetration test tool using Machine Learning

• Generator - Fully automatically generate numerous injection codes for web application assessment

Automate

• AutoSploit - Automated Mass Exploiter

• WinPwn - Automation for internal Windows Penetrationtest / AD-Security

Sniffing & Spoofng

• WireShark - Wireshark is a network traffic analyzer, or "sniffer", for Unix and Unix-like operating systems.

• Cain & able - Cain & Abel is a password recovery tool for Microsoft Operating Systems.

Maintaining Access

Shell

• Goshell - Generate reverse shells in command line with Go !

• Print-My-Shell - Python script wrote to automate the process of generating various reverse shells.

• Girsh - Automatically spawn a reverse shell fully interactive for Linux or Windows victim

• Blueshell - Generate a reverse shells for RedTeam

• Clink - Powerful Bash-style command line editing for cmd.exe

Web Shell

• Novahot - A webshell framework for penetration testers.

• Awsome-Webshells - Collection of reverse shells

PHP

• B374K - PHP Webshell with handy features

• DAws - Advanced Web Shell

• Weevely3 - Weaponized web shell

Chopper kind Webshell

• Chopper

Tips: The tool comes from the network, no backdoor verification, please choose it on yourself......

Link: https://pan.baidu.com/s/1VnXkoQU-srSllG6JaY0nTA Password: v71d

• AntSword : Document - AntSword is a cross-platform website management toolkit

• CKnife - The cross platform webshell tool in java

Tips: The tool comes from the network, no backdoor verification, please choose it on yourself......

Link: https://pan.baidu.com/s/1QZrnWU7DUuJhiXl7u1kELw Password: hjrh

• Altman - The cross platform webshell tool in .NET

• Behinder - dynamic binary encryption webshell management client

• Godzilla - a Java tool to encrypt network traffic

Privilege Escalation Auxiliary

• windows-exploit-suggester - This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target

• Windows-kernel-exploits - windows-kernel-exploits

• linux-exploit-suggester-2 - Next-Generation Linux Kernel Exploit Suggester

• Linux-kernel-exploits - linux-kernel-exploits Linux

• BeRoot - Privilege Escalation Project - Windows / Linux / Mac

• PE-Linux - Linux Privilege Escalation Tool By WazeHell

• Portia - Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised.

C2

• DeimosC2 - DeimosC2 is a Golang command and control framework for post-exploitation.

• Sliver - Implant framework

• PHPSploit - Full-featured C2 framework which silently persists on webserver via evil PHP oneliner 😈

• Shad0w - A post exploitation framework designed to operate covertly on heavily monitored environments (Win8、Win10)

• Covenant - Covenant is a collaborative .NET C2 framework for red teamers.

• Emp3r0r - linux post-exploitation framework made by linux user

Golang Sec Tools

Tips: Golang is a excellent cross platform language for security.

• Naabu - A fast port scanner written in go with focus on reliability and simplicity.

• ServerScan - A high concurrency network scanning and service detection tool developed by golang.

Reporting & Collaboration

• Vulnreport - Open-source pentesting management and automation platform by Salesforce Product Security

• Pentest-Collaboration-Framework - Opensource, cross-platform and portable toolkit for automating routine processes when carrying out various works for testing!

Social Engineering

System Services

Code Audit

• Cloc - cloc counts blank lines, comment lines, and physical lines of source code in many programming languages

• Cobra - Source Code Security Audit

• Cobra-W - Cobra for white hat

• Graudit - Grep rough audit - source code auditing tool

• Rips - A static source code analyser for vulnerabilities in PHP scripts

Port Forwarding & Proxies

• EarthWorm - Tool for tunnel

• Termite - Tool for tunnel (Version 2)

• Frp - A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet

• Nps - A lightweight, high-performance, powerful intranet penetration proxy server, with a powerful web management terminal.

• Goproxy - A high-performance, full-featured, cross platform proxy server

• ReGeorg - The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn

• Venom - A Multi-hop Proxy for Penetration Testers

• Stowaway - 👻 Stowaway -- Multi-hop Proxy Tool for pentesters

• rport - Manage remote systems with ease.

DevSecOps

RootKit

• Beurk - BEURK Experimental Unix RootKit

• Bedevil - LD_PRELOAD Linux rootkit (x86 & ARM)

Audit Tools

• DevAudit - Open-source, cross-platform, multi-purpose security auditing tool

Cyber Range

Vulnerability application

• DVWA - Damn Vulnerable Web Application (DVWA)

• WebGoat - WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons

• DSVW - DSVW is a deliberately vulnerable web application written in under 100 lines of code, created for educational purposes

• DVWS - Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities

• XVWA - XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security

• BWAPP - A buggy web application whit more than 100 vulnerabilities

• Sqli-lab - SQLI labs to test error based, Blind boolean based, Time based

• HackMe-SQL-Injection-Challenges - Hack your friend's online MMORPG game - specific focus, sql injection opportunities

• XSS-labs - Small set of scripts to practice exploit XSS and CSRF vulnerabilities

• SSRF-lab - Lab for exploring SSRF vulnerabilities

• SSRF_Vulnerable_Lab - This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

• LFI-labs - Small set of PHP scripts to practice exploiting LFI, RFI and CMD injection vulns

• Commix-testbed - A collection of web pages, vulnerable to command injection flaws

• File-Upload-Lab - Damn Vulnerable File Upload V 1.1

• Upload-labs - A summary of all types of uploading vulnerabilities for you

• XXE-Lab - A XXE vulnerability Demo containing language versions such as PHP, Java, python, C#, etc

Simulation Range

• Fopnp - A Network Playground for 《Foundations of Python Network Programming》

• CyberRange - The Open-Source AWS Cyber Range