#_ pwnd.dev

The most famous penetration testing software

The Browser Exploitation Framework

XSS Hunter is a better way to do Cross-site Scripting

Penetration Testers Framework

MITM framework

Vulnerability scanner

Auto Nessus

Patch Binaries via MITM (BackdoorFactory)

Network Forensic Analysis Tool (eg. parse pcap file)

Automatic SQL injection and database takeover tool

Java application for automatic SQL database injection

MITM

Open-Source Phishing Framework

Social-Engineer Toolkit

USB Rubber Ducky

Upload, save and run keystroke injection payloads with an ESP8266 + ATMEGA32U4

WiFi HID Injector for Fun & Profit - An USB Rubberducky On Steroids.

Email recon framework

A collection of tiny XSS Payloads that can be used in different contexts.

makeMyCSRF is a tool that can be used to automate auto-submit HTML form creation

HTTP Server for phishing

Portable pentesting device

A post-exploitation OS X/Linux agent written in Python 2.7

A little tool to play with Windows security (video: https://blog.didierstevens.com/2017/07/15/mimikatz-videos/amp/)

Scanner to check for XSS, SQL Injection and other web vulnerabilities

The leading toolkit for web application security testing

Non-HTTP Protocol Extension (NoPE) Proxy and DNS for Burp Suite.

High-speed web-based traffic analysis

Linux 'net top' tool

Security auditing tool for Linux, macOS, and UNIX-based systems

An advanced memory forensics framework

portable reversing framework

Secrets leak in Android apps

Web Application XSS Scanner

Tool for using a PowerShell downgrade attack and inject shellcode straight into memory

A default credential scanner

Tool for security managers who want to train their collaborators to phishing

For phishing and corporate espionage

The SaaS CTO Security Checklist

A lightweight VM for hardware hacking, RE (fuzzing, symEx, exploiting etc) and wargaming tasks

Password lists obtained from strangers attempting to log in to my server

Count the number of people around you by monitoring wifi signals

XSS Listener is a penetration tool for easy to steal data with various XSS

The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering

macOS keychain cracking tool

Fast and easy create backdoor office exploitation using module metasploit packet

Process Injection Techniques

Bad Characters highlighter for exploit development

Collection of Tools and Exploits with a CLI UI

Command line utility for searching and downloading exploits

Find exploits in local and online databases instantly

Advanced vulnerability scanning with Nmap NSE

a blind webroot file upload & LFI detection tool

Scan your code for security misconfiguration, search for passwords and secrets

Hack with Javascript (online tool)

XRay is a tool for recon, mapping and OSINT gathering from public networks

Inject JavaScript to explore native apps on Windows, macOS, Linux, iOS, Android, and QNX

runtime mobile exploration (based on Frida)

Docker container with tools for binary reverse engineering and exploitation

shell script that simplifies the process of adding a backdoor to any Android APK file

Distro for pentesting IoT devices

AWS Auditing & Hardening Tool

Automated Linux evil maid attack (backdoors initrd)

Man-in-the-middle wireless access point inside a docker container

Exploit Network and Gathering Information with Nmap

Tool To Automatic Leak Information Using Hacking With Engine Searches

remote administration and post-exploitation tool (python)

Post-exploitation framework (bash)

Python script to inject existing Android applications with a Meterpreter payload

ZMap Internet Scanner

Application layer scanner that operates with ZMap

The world's most advanced Open Source vulnerability scanner and manager

Basic script to detect vulnerabilities into a PHP source code

Knock Subdomain Scan

A Suite of Tools written in Python for wireless auditing and security testing ([demo] (https://www.kitploit.com/2017/08/boopsuite-suite-of-tools-for-wireless.html))

An OSINT Framework to perform various recon techniques

Analyze the security of any domain by finding all the information possible

A PowerShell based utility for the creation of malicious Office macro documents ([demo] (https://www.kitploit.com/2017/09/luckystrike-powershell-based-utility.html?m=1))

Automatically identify anti-patterns in SQL queries

https://github.com/cujanovic/SSRF-Testing/

Tunnelling Framework ([kitploit] (https://www.kitploit.com/2017/09/xfltreat-tunnelling-framework.html?m=1))

Framework for exhaustive analysis of (PCAP and PE) files

Penetration Testing Framework - The Tool With All The Tools

Post Exploitation Collection

PowerShell Runspace Post Exploitation Toolkit

Seamlessly spy on SSH session like it is your tty

Cameradar hacks its way into RTSP CCTV cameras

Data Exfiltration Toolkit

Malware indetectable, with AV bypass techniques, anti-disassembly, etc.

Android Remote Administration Tool

tool to perform local searches for known vulnerabilities

kernel privilege escalation enumeration and exploitation framework ([kitsploit.com] (https://www.kitploit.com/2017/11/kernelpop-kernel-privilege-escalation.html))

Hostile Subdomain Takeover tool ([blog] (https://cody.su/blog/hostile-subdomain-takeovers/))

NSE script based on Vulners.com API

full-featured Web Reconnaissance framework

A LinkedIn enumeration tool

The Router Exploitation Framework

Advanced reconnaissance utility

BtleJuice Bluetooth Smart (LE) Man-in-the-Middle framework

Perform subdomain enumeration using the certificate transparency logs from Censys

Striker is an offensive information and vulnerability scanner

Linux bash script automation for metasploit

Abusing Certificate Transparency logs for getting HTTPS websites subdomains.

Automated mass exploitation of remote hosts using Shodan and Metasploit

take advantage of poor upgrade implementations by injecting fake updates

Certificate Search (eg. [%.cambridgeanalytica.org] (https://crt.sh/?q=%25.cambridgeanalytica.org))

application for identifying, investigating, and reporting on USB storage devices that have been connected to a Windows system

Web Application Audit Framework

XSS Scanner equipped with powerful fuzzing engine & intelligent payload generator

Free online fake mailer with attachments, encryption, HTML editor and advanced settings…

Toolkit for Playing with Wi-Fi Probe Requests

Rewrite of the popular wireless network auditor, wifite, for auditing wireless networks

Extract endpoints from apk files

Free web-application vulnerability and version scanner

tool supporting network and system reconnaissance using the massive Nmap engine

Reconnaissance tool for GitHub organizations

mitm attack framework used for phishing login credentials

Reverse Proxy. Phishing NG

People tracker on the Internet: OSINT analysis and research tool

Modern Phishing Tool With Advanced Functionality And Multiple Tunnelling Services

Find domains and subdomains related to a given domain

Fetch all the URLs that the Wayback Machine knows about for a domain

Very Advanced (web) Fuzzer

SSRF search vulnerabilities exploitation extended.

A platform for developer-first advanced security

Default agent for Prelude Operator

Security-Focused Static Analysis for Android and Java Applications

Free open source vulnerability scanning

Open source web app audit and attack framework

Penetration testing tool