#_ pwnd.dev
Pentest & hacking tools
- Metaspoitwww.metasploit.comThe most famous penetration testing software
- BeEFbeefproject.comThe Browser Exploitation Framework
- XSS Hunterxsshunter.comXSS Hunter is a better way to do Cross-site Scripting
- PTFgithub.com/trustedsec/ptfPenetration Testers Framework
- Bettercapbettercap.orgMITM framework
- Nessuswww.tenable.com/products/nessus-vulnerability-scannerVulnerability scanner
- AutoNessusgithub.com/redteamsecurity/autonessusAuto Nessus
- BDFProxygithub.com/secretsquirrel/bdfproxyPatch Binaries via MITM (BackdoorFactory)
- Xplicowww.xplico.orgNetwork Forensic Analysis Tool (eg. parse pcap file)
- Sqlmapsqlmap.orgAutomatic SQL injection and database takeover tool
- jsql-injectiongithub.com/ron190/jsql-injectionJava application for automatic SQL database injection
- HoneyProxyhoneyproxy.orgMITM
- Gophishgetgophish.comOpen-Source Phishing Framework
- SETgithub.com/trustedsec/social-engineer-toolkitSocial-Engineer Toolkit
- USBRubberDuckyusbrubberducky.comUSB Rubber Ducky
- USB Wifi Duckygithub.com/spacehuhn/wifi_duckyUpload, save and run keystroke injection payloads with an ESP8266 + ATMEGA32U4
- WHIDgithub.com/whid-injector/whidWiFi HID Injector for Fun & Profit - An USB Rubberducky On Steroids.
- SimplyEmailgithub.com/killswitch-gui/simplyemailEmail recon framework
- Tiny-XSS-Payloadsgithub.com/terjanq/tiny-xss-payloadsA collection of tiny XSS Payloads that can be used in different contexts.
- makeMyCSRFgithub.com/nj8/makemycsrfmakeMyCSRF is a tool that can be used to automate auto-submit HTML form creation
- Weemangithub.com/hypsurus/weemanHTTP Server for phishing
- Pwn Phonewww.pwnieexpress.com/mr-robot-pwn-phonePortable pentesting device
- EmPyregithub.com/adaptivethreat/empyreA post-exploitation OS X/Linux agent written in Python 2.7
- Mimikatzgithub.com/gentilkiwi/mimikatzA little tool to play with Windows security (video: https://blog.didierstevens.com/2017/07/15/mimikatz-videos/amp/)
- Acunetixwww.acunetix.comScanner to check for XSS, SQL Injection and other web vulnerabilities
- Burp Suiteportswigger.net/burp/The leading toolkit for web application security testing
- Burp NoPE Proxygithub.com/summitt/burp-non-http-extension/blob/master/readme.mdNon-HTTP Protocol Extension (NoPE) Proxy and DNS for Burp Suite.
- ntopngwww.ntop.orgHigh-speed web-based traffic analysis
- nethogsgithub.com/raboof/nethogsLinux 'net top' tool
- Lynisgithub.com/cisofy/lynisSecurity auditing tool for Linux, macOS, and UNIX-based systems
- Volatilitygithub.com/volatilityfoundation/volatilityAn advanced memory forensics framework
- Radarerada.re/r/portable reversing framework
- Android Fallibleandroid.fallible.coSecrets leak in Android apps
- XssPygithub.com/faizann24/xsspyWeb Application XSS Scanner
- Unicorngithub.com/trustedsec/unicornTool for using a PowerShell downgrade attack and inject shellcode straight into memory
- changemegithub.com/ztgrace/changemeA default credential scanner
- Mercuregithub.com/synhack/mercure/Tool for security managers who want to train their collaborators to phishing
- catphishgithub.com/ring0lab/catphishFor phishing and corporate espionage
- Security Checklistcto-security-checklist.sqreen.ioThe SaaS CTO Security Checklist
- cgPwngithub.com/0xm3r/cgpwnA lightweight VM for hardware hacking, RE (fuzzing, symEx, exploiting etc) and wargaming tasks
- pwlistgithub.com/droope/pwlistPassword lists obtained from strangers attempting to log in to my server
- howmanypeoplearearoundgithub.com/schollz/howmanypeoplearearoundCount the number of people around you by monitoring wifi signals
- xss-listenergithub.com/cagataycali/xss-listenerXSS Listener is a penetration tool for easy to steal data with various XSS
- owasp-mstggithub.com/owasp/owasp-mstgThe Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering
- KeychainCrackergithub.com/macmade/keychaincrackermacOS keychain cracking tool
- Microsploitgithub.com/screetsec/microsploitFast and easy create backdoor office exploitation using module metasploit packet
- InjectProcgithub.com/secrary/injectprocProcess Injection Techniques
- expdevBadCharshowucan.gr/scripts-tools/2198-expdevbadchars-bad-characters-highlighter-for-exploit-developmentBad Characters highlighter for exploit development
- massExpConsolewww.kitploit.com/2017/05/massexpconsole-collection-of-tools-and.htmlCollection of Tools and Exploits with a CLI UI
- getsploitgithub.com/vulnerscom/getsploitCommand line utility for searching and downloading exploits
- Findsploitgithub.com/1n3/findsploitFind exploits in local and online databases instantly
- vulscangithub.com/scipag/vulscanAdvanced vulnerability scanning with Nmap NSE
- psychoPATHgithub.com/ewilded/psychopatha blind webroot file upload & LFI detection tool
- repo-supervisorgithub.com/auth0/repo-supervisorScan your code for security misconfiguration, search for passwords and secrets
- xssorxssor.ioHack with Javascript (online tool)
- xraygithub.com/evilsocket/xrayXRay is a tool for recon, mapping and OSINT gathering from public networks
- Fridawww.frida.reInject JavaScript to explore native apps on Windows, macOS, Linux, iOS, Android, and QNX
- objectiongithub.com/sensepost/objectionruntime mobile exploration (based on Frida)
- pwnboxgithub.com/superkojiman/pwnboxDocker container with tools for binary reverse engineering and exploitation
- backdoor-apkgithub.com/dana-at-cp/backdoor-apkshell script that simplifies the process of adding a backdoor to any Android APK file
- Attify OSgithub.com/adi0x90/attifyosDistro for pentesting IoT devices
- Zeusgithub.com/denizparlak/zeusAWS Auditing & Hardening Tool
- EvilAbigailgithub.com/gdssecurity/evilabigailAutomated Linux evil maid attack (backdoors initrd)
- mitm-routergithub.com/brannondorsey/mitm-routerMan-in-the-middle wireless access point inside a docker container
- Dracnmapgithub.com/screetsec/dracnmapExploit Network and Gathering Information with Nmap
- RastLeakgithub.com/n4xh4ck5/rastleakTool To Automatic Leak Information Using Hacking With Engine Searches
- pupygithub.com/n1nj4sec/pupyremote administration and post-exploitation tool (python)
- pwndshgithub.com/safebreach-labs/pwndshPost-exploitation framework (bash)
- kwetzagithub.com/sensepost/kwetzaPython script to inject existing Android applications with a Meterpreter payload
- zmapgithub.com/zmap/zmapZMap Internet Scanner
- zgrabgithub.com/zmap/zgrabApplication layer scanner that operates with ZMap
- OpenVASwww.openvas.orgThe world's most advanced Open Source vulnerability scanner and manager
- Vulny-Code-Static-Analysisgithub.com/swisskyrepo/vulny-code-static-analysisBasic script to detect vulnerabilities into a PHP source code
- knockpygithub.com/guelfoweb/knockKnock Subdomain Scan
- BoopSuitegithub.com/misterbianco/boopsuiteA Suite of Tools written in Python for wireless auditing and security testing ([demo] (https://www.kitploit.com/2017/08/boopsuite-suite-of-tools-for-wireless.html))
- DataSploitgithub.com/datasploit/datasploitAn OSINT Framework to perform various recon techniques
- domain_analyzergithub.com/eldraco/domain_analyzerAnalyze the security of any domain by finding all the information possible
- Luckystrikegithub.com/curi0usjack/luckystrikeA PowerShell based utility for the creation of malicious Office macro documents ([demo] (https://www.kitploit.com/2017/09/luckystrike-powershell-based-utility.html?m=1))
- sqlcheckgithub.com/jarulraj/sqlcheckAutomatically identify anti-patterns in SQL queries
- SSRF Testinggithub.com/cujanovic/ssrf-testing/https://github.com/cujanovic/SSRF-Testing/
- XFLTReaTgithub.com/earthquake/xfltreat/Tunnelling Framework ([kitploit] (https://www.kitploit.com/2017/09/xfltreat-tunnelling-framework.html?m=1))
- rudragithub.com/7h3ram/rudraFramework for exhaustive analysis of (PCAP and PE) files
- PenBoxgithub.com/x3omdax/penboxPenetration Testing Framework - The Tool With All The Tools
- post-exploitationgithub.com/mubix/post-exploitationPost Exploitation Collection
- p0wnedShellgithub.com/cn33liz/p0wnedshellPowerShell Runspace Post Exploitation Toolkit
- sshprygithub.com/nopernik/sshprySeamlessly spy on SSH session like it is your tty
- cameradargithub.com/etixlabs/cameradarCameradar hacks its way into RTSP CCTV cameras
- DETgithub.com/sensepost/detData Exfiltration Toolkit
- GhostShellgithub.com/reddyyz/ghostshellMalware indetectable, with AV bypass techniques, anti-disassembly, etc.
- AhMyth-Android-RATgithub.com/ahmyth/ahmyth-android-ratAndroid Remote Administration Tool
- cve-searchgithub.com/cve-search/cve-searchtool to perform local searches for known vulnerabilities
- kernelpopgithub.com/spencerdodd/kernelpopkernel privilege escalation enumeration and exploitation framework ([kitsploit.com] (https://www.kitploit.com/2017/11/kernelpop-kernel-privilege-escalation.html))
- subjackgithub.com/haccer/subjackHostile Subdomain Takeover tool ([blog] (https://cody.su/blog/hostile-subdomain-takeovers/))
- nmap-vulnersgithub.com/vulnerscom/nmap-vulnersNSE script based on Vulners.com API
- recon-ngbitbucket.org/lanmaster53/recon-ng/wiki/homefull-featured Web Reconnaissance framework
- InSpygithub.com/gojhonny/inspyA LinkedIn enumeration tool
- routersploitgithub.com/reverse-shell/routersploitThe Router Exploitation Framework
- Zeus-Scannergithub.com/ekultek/zeus-scannerAdvanced reconnaissance utility
- btlejuicegithub.com/digitalsecurity/btlejuiceBtleJuice Bluetooth Smart (LE) Man-in-the-Middle framework
- censys-subdomain-findergithub.com/christophetd/censys-subdomain-finderPerform subdomain enumeration using the certificate transparency logs from Censys
- Strikergithub.com/ultimatehackers/strikerStriker is an offensive information and vulnerability scanner
- ezsploitgithub.com/rand0m1ze/ezsploitLinux bash script automation for metasploit
- ctfrgithub.com/unapibageek/ctfrAbusing Certificate Transparency logs for getting HTTPS websites subdomains.
- autosploitwww.helpnetsecurity.com/2018/02/01/autosploit/Automated mass exploitation of remote hosts using Shodan and Metasploit
- evilgradegithub.com/infobyte/evilgradetake advantage of poor upgrade implementations by injecting fake updates
- crt.shcrt.shCertificate Search (eg. [%.cambridgeanalytica.org] (https://crt.sh/?q=%25.cambridgeanalytica.org))
- usbdetectiveusbdetective.comapplication for identifying, investigating, and reporting on USB storage devices that have been connected to a Windows system
- Galileogithub.com/m4ll0k/galileoWeb Application Audit Framework
- XSStrikegithub.com/s0md3v/xsstrikeXSS Scanner equipped with powerful fuzzing engine & intelligent payload generator
- emkei.czemkei.czFree online fake mailer with attachments, encryption, HTML editor and advanced settingsā¦
- probequestgithub.com/skyplabs/probequestToolkit for Playing with Wi-Fi Probe Requests
- wifite2github.com/derv82/wifite2Rewrite of the popular wireless network auditor, wifite, for auditing wireless networks
- Diggygithub.com/s0md3v/diggyExtract endpoints from apk files
- pyfiscangithub.com/fgeek/pyfiscanFree web-application vulnerability and version scanner
- sandmapgithub.com/trimstray/sandmaptool supporting network and system reconnaissance using the massive Nmap engine
- gitrobgithub.com/michenriksen/gitrobReconnaissance tool for GitHub organizations
- evilginx2github.com/kgretzky/evilginx2mitm attack framework used for phishing login credentials
- Modlishkagithub.com/drk1wi/modlishkaReverse Proxy. Phishing NG
- trapegithub.com/jofpin/trapePeople tracker on the Internet: OSINT analysis and research tool
- HiddenEyegithub.com/darksecdevelopers/hiddeneyeModern Phishing Tool With Advanced Functionality And Multiple Tunnelling Services
- assetfindergithub.com/tomnomnom/assetfinderFind domains and subdomains related to a given domain
- waybackurlsgithub.com/tomnomnom/waybackurlsFetch all the URLs that the Wayback Machine knows about for a domain
- vafgithub.com/d4rckh/vafVery Advanced (web) Fuzzer
- Extended SSRF searchgithub.com/duckstroms/ssrf-searchSSRF search vulnerabilities exploitation extended.
- Prelude Operatorwww.prelude.orgA platform for developer-first advanced security
- Pneumagithub.com/preludeorg/pneumaDefault agent for Prelude Operator
- Mariana Trenchmariana-tren.chSecurity-Focused Static Analysis for Android and Java Applications
- Vegasubgraph.com/vega/Free open source vulnerability scanning
- W3AFw3af.orgOpen source web app audit and attack framework
- Siftersifterapp.com/academy/process/review/Penetration testing tool