Complete suite of tools for 802.11 WEP and WPA/WPA2 cracking. Includes monitoring (airodump-ng), attacking (aireplay-ng), testing (airmon-ng…

Multi-use bash script for Linux systems for auditing wireless networks. Automates various wireless attacks including handshake capture, evil…

OWASP tool for in-depth DNS enumeration, network mapping, and attack surface discovery. Uses both passive and active techniques to find subd…

Collection of PowerShell AMSI (Antimalware Scan Interface) bypass techniques. Patches AMSI in-memory to prevent PowerShell scripts from bein…

Python binary analysis framework supporting both static and dynamic symbolic execution (concolic execution). Used for automatic exploit gene…

Tool for reverse engineering Android APK files. Decodes resources to their original form, rebuilds decoded resources back to APK. Supports s…

Tool for visual inspection of websites across large numbers of hosts. Takes screenshots of web pages, performs basic HTTP probing, and gener…

HTTP parameter discovery suite. Finds hidden HTTP parameters in web applications by checking 25,000+ parameter names. Supports GET, POST, JS…

Enterprise penetration testing management platform. Manages projects, schedules, findings, evidence, and generates branded reports. Includes…

Digital forensics platform and graphical interface to The Sleuth Kit. Features timeline analysis, keyword search, web artifact extraction, f…

Browser Exploitation Framework. Hooks web browsers via JavaScript and provides extensive command modules for session hijacking, social engin…

Swiss army knife for network attacks and monitoring. Supports ARP spoofing, DNS spoofing, SSL stripping, WiFi attacks, Bluetooth LE, BLE sca…

Commercial reverse engineering platform with an excellent intermediate language (BNIL), Python/C++ API, and collaborative analysis features.…

Firmware analysis tool for searching, extracting, and analyzing binary images. Identifies embedded files and code (file signatures, magic by…

Uses graph theory to reveal hidden and often unintended relationships within Active Directory environments. Attackers use it to find attack …

Scans a disk image, file, or directory and extracts features such as email addresses, URLs, credit card numbers, phone numbers, and other fo…

Leading platform for web application security testing. The Community Edition includes an intercepting proxy, repeater, intruder, and decoder…

Marketplace of extensions for Burp Suite covering active/passive scanning, custom insertion points, logging, authentication testing, and int…

Modern web security auditing tool built as a Rust-based alternative to Burp Suite. Features a clean UI, workflow automation, HTTPQL query la…

Internet-wide scanning platform that indexes the full certificate and banner data for every publicly reachable IP address. Useful for attack…

Offensive tool for Active Directory Certificate Services (AD CS) enumeration and abuse. Finds and exploits ESC1-ESC13 misconfigurations in c…

Custom Word List generator that spiders a target website to build a wordlist based on the site's content. Useful for targeted password attac…

Fast TCP/UDP tunnel transported over HTTP and secured via SSH. Used for port forwarding and pivoting through restrictive firewalls. Single b…

Automated all-in-one OS command injection and exploitation tool. Detects and exploits command injection vulnerabilities in web applications …

Lightweight program to find all known misconfigurations in CORS (Cross-Origin Resource Sharing) implementations. Tests for null origin, pre-…

.NET-based C2 framework with a collaborative web interface. Uses .NET Grunts as implants, supports a rich task library, and integrates with …

Swiss army knife for pentesting Windows/Active Directory environments. Tests credentials at scale, executes commands, dumps credentials, and…

Phishing framework written in Python using Flask and Jinja2 templates. Supports 2FA capture (TOTP/HOTP) and has pre-built modules for Gmail,…

Wordlist generator that creates wordlists based on specified criteria including character sets, patterns, minimum and maximum length. Can ge…

Fast parameter analysis and XSS scanner. Features DOM-based XSS detection, built-in BAC (Blind XSS), custom payloads, headless Chrome suppor…

DNS enumeration script supporting zone transfers, reverse lookups, SRV record enumeration, top-level domain expansion, and brute-force subdo…

Fast and multi-purpose DNS toolkit from ProjectDiscovery. Resolves domains, performs wildcard filtering, brute-forces subdomains, and extrac…

Generates position-independent shellcode from .NET assemblies, PE files, scripts (VBScript, JScript), and XSL that runs in memory. Used to e…

Collaboration and reporting platform for security assessments. Centralizes findings, enables team collaboration, imports results from Nmap, …

Plugin-based scanner that aids security researchers in identifying issues with Drupal, SilverStripe, and WordPress sites. Detects plugins, t…

Linux alternative to enum.exe for enumerating data from Windows and Samba systems. Extracts usernames, shares, workgroup info, password poli…

Next-generation rewrite of enum4linux with YAML/JSON output, improved reliability, and additional checks for modern Windows environments.

Full-featured WinRM shell for hacking and penetration testing. Supports pass-the-hash, file upload/download, in-memory script loading, and P…

Standalone man-in-the-middle attack framework that bypasses 2FA by proxying authentication sessions and capturing session cookies. Uses phis…

Platform-independent Perl library and command-line tool for reading, writing, and editing metadata in a wide variety of files including phot…

Archive of public exploits and vulnerable software maintained by Offensive Security. SearchSploit provides offline command-line search of th…

Takes screenshots of web pages, RDP, and VNC services. Reports on default credentials and interesting headers. Useful for rapidly assessing …

Integrated multi-user pentest environment for collaborative penetration testing. Aggregates tool output in real-time, manages vulnerabilitie…

Fast, recursive content discovery tool written in Rust. Performs automatic recursive scanning and handles redirects, filters, and parallel s…

Fast web fuzzer written in Go. Supports directory discovery, parameter fuzzing, virtual host discovery, POST data fuzzing, and custom header…

DNS reconnaissance tool for locating non-contiguous IP space and hostnames against specified domains. Performs zone transfers, brute-force, …

Portable multi-tool for hardware hacking. Supports Sub-GHz radio, 125kHz RFID, NFC, Infrared, iButton, Bluetooth, GPIO, and USB. Runs open-s…

Console program to recover files based on their headers, footers, and internal data structures. Useful for recovering deleted images, PDFs, …

Dynamic instrumentation toolkit for developers, reverse engineers, and security researchers. Injects JavaScript or Python into native apps (…

GDB (GNU Debugger) enhanced with pwndbg plugin for exploit development and reverse engineering. Adds heap visualization, stack inspection, R…

NSA-developed software reverse engineering suite. Features a disassembler, decompiler, scripting (Java/Python), graphing, and collaborative …

Django-based engagement management and reporting platform. Tracks infrastructure, manages findings, stores evidence, and generates professio…

SAST tool for detecting hardcoded secrets like passwords, API keys, and tokens in git repositories. Scans commits, branches, and git history…

Tools to download and reconstruct exposed .git repositories from web servers. Includes Gitdumper (download), Extractor (extract commits), an…

Directory/file and DNS busting tool written in Go. Extremely fast. Modes include directory brute-force, DNS subdomain enumeration, virtual h…

Open-source phishing framework designed for business security awareness campaigns. Features a rich web UI, email templates, landing page tem…

InQL is a Burp Suite and standalone GraphQL security scanner. Analyzes introspection queries, generates operations, detects batch query atta…

Curated list of Unix binaries that can be used to bypass local security restrictions. Shows how to abuse sudo, SUID, capabilities, and file …

World's fastest password recovery utility supporting 300+ hash types. Uses GPU acceleration and advanced attack modes including dictionary, …

Identifies different types of hashes used to encrypt data. Supports over 220 hash types and provides the corresponding Hashcat mode ID for d…

Modern C2 framework designed for red teams. Features a sleek GUI, Demon agent with evasion techniques, team server for collaboration, and ex…

Small tool to capture packets from WLAN devices. Captures PMKID and EAPOL handshakes directly without requiring deauthentication. Outputs ca…

Fast and multi-purpose HTTP toolkit from ProjectDiscovery. Probes hosts for live web services, extracts title, status code, content length, …

Fast and flexible online password brute-forcing tool supporting 50+ protocols including FTP, SSH, Telnet, HTTP, SMB, LDAP, MySQL, RDP, IMAP,…

The industry-standard disassembler and decompiler (with Hex-Rays decompiler). Supports the widest range of processor architectures and binar…

Collection of Python classes for working with network protocols. Includes tools for SMB, MSRPC, LDAP, Kerberos, and more. Used for Pass-the-…

Dumps secrets remotely using a variety of techniques including DCSync (without running code on DC), VSS, and SAM dump. Part of the Impacket …

Out-of-band interaction gathering server. Generates unique collaboration URLs for detecting blind vulnerabilities like SSRF, XXE, SSTI, blin…

Dex to Java decompiler. Produces Java source code from Android APK/DEX/AAR/AAB files. Features a GUI with search, deobfuscation, and resourc…

Fast password cracker available for many operating systems. Auto-detects hash types, supports dictionary and incremental attacks, and includ…

OWASP Joomla vulnerability scanner. Detects Joomla version, components, modules, and templates with known vulnerabilities. Checks for common…

Toolkit for testing, tampering, and forging JSON Web Tokens. Tests common JWT vulnerabilities including algorithm confusion (alg:none, RS256…

Kerberos brute-forcing tool for performing user enumeration and password spraying against Active Directory. Does not trigger account lockout…

Fast Kerberos brute-forcing tool written in Go. Performs user enumeration and password spraying against Kerberos pre-authentication. Does no…

Phishing campaign toolkit with client-server architecture. Features rich email templates with Jinja2, credential tracking, geo-location mapp…

Wireless network detector, sniffer, wardriver, and WIDS (Wireless Intrusion Detection System). Supports Wi-Fi, Bluetooth, Zigbee, and other …

Advanced tunneling/pivoting tool that creates a VPN-like tunnel from the agent to the operator without SOCKS proxies. Enables direct routing…

Scripted local Linux enumeration and privilege escalation checks. Collects system information, user data, SUID/SGID binaries, sudo configura…

Living Off The Land Binaries And Scripts — documents Windows native binaries that can be abused for execution, download, bypass, and persist…

Penetration tester productivity tool designed to allow easy data consolidation and report generation. Stores test results in a tree structur…

Interactive data mining tool that renders graphical link charts of relationships between domains, people, companies, IPs, and social media a…

The fastest Internet port scanner. Can scan the entire IPv4 address space in under 6 minutes. Produces output compatible with Nmap.

Speedy, massively parallel, modular login brute-forcer. Supports AFP, CVS, FTP, HTTP, IMAP, MS-SQL, MySQL, NCP, NNTP, PcAnywhere, POP3, REXE…

Information gathering tool that downloads and extracts metadata from public documents (PDF, Word, Excel, PowerPoint) found via Google dork s…

The world's most widely used penetration testing framework. Provides hundreds of exploit modules, payloads, encoders, and post-exploitation …

Metasploit's advanced, dynamically extensible payload. Runs entirely in memory, supports migration, keylogging, screenshot capture, pivoting…

Post-exploitation tool to extract plaintexts passwords, hashes, PIN codes, and Kerberos tickets from memory. Also performs Pass-the-Hash, Pa…

Flexible and powerful reverse HTTP proxy for phishing. Captures credentials and bypasses 2FA by acting as a transparent proxy between the vi…

Metasploit standalone payload generator and encoder. Creates payloads for all platforms with customizable encoders, iterations, and formats …

Feature-packed reimplementation of Netcat from the Nmap project. Adds SSL/TLS support, connection brokering, and scripting capabilities.

Industry-leading vulnerability scanner with 170,000+ plugins. Identifies vulnerabilities, misconfigurations, default passwords, and complian…

The "Swiss army knife" of networking. Reads and writes data across network connections using TCP/UDP. Used for port scanning, banner grabbin…

The maintained fork and successor to CrackMapExec. Network service exploitation Swiss army knife for Active Directory pentesting. Supports S…

Network forensics analysis tool (NFAT) that captures packets and parses them to reconstruct transmitted files, certificates, images, and cre…

Open-source web server scanner that checks for over 6,700 potentially dangerous files, outdated server software, version-specific problems, …

Framework and collection of PowerShell scripts and payloads for offensive security and post-exploitation. Includes reverse shells, privilege…

The industry-standard network scanner. Discovers hosts, open ports, services, OS versions, and runs scriptable vulnerability checks via the …

Automated NoSQL injection and database exploitation tool. Targets MongoDB, CouchDB, Redis, and Cassandra for injection attacks and retrieves…

Creates malicious files (LNK, SCF, PDF, DOCX, etc.) that force a Windows system to authenticate to an attacker's server when the file is acc…

Fast, template-based vulnerability scanner. Thousands of community-maintained YAML templates cover CVEs, misconfigurations, exposed panels, …

Open-source vulnerability assessment framework. Full-featured scanner with a web interface, regularly updated Network Vulnerability Tests (N…

Workflow engine for offensive security reconnaissance. Orchestrates multiple tools (amass, subfinder, nuclei, etc.) in automated pipelines f…

Uses favicon hashes to identify services and technologies on web servers. By comparing favicon hashes with known databases, it can fingerpri…

OWASP's Zed Attack Proxy — one of the world's most popular free web application security scanners. Features active/passive scanning, spideri…

Privilege Escalation Awesome Scripts Suite. Automatically enumerates Windows (WinPEAS) and Linux/Mac (LinPEAS) systems for privilege escalat…

PoC tool to coerce Windows hosts to authenticate to an attacker-controlled machine using MS-EFSRPC (EFS). Used in NTLM relay attacks against…

Fast web crawler designed for OSINT. Extracts URLs, emails, social media accounts, Amazon S3 buckets, Bitcoin wallets, and files from a targ…

Timeline creation and analysis tool. Extracts timestamps from hundreds of artifact types across Windows, Linux, and macOS to create a super-…

Cloud-based pentest management and reporting platform. Features report automation, finding templates, client portal, analytics, and integrat…

Collection of PowerShell modules for post-exploitation. Includes PowerView for AD recon, PowerUp for privilege escalation, Invoke-Mimikatz, …

Wrapper for multiple packers, protectors, obfuscators, and artifact-modifying tools. Automates multi-stage tooling protection pipelines to m…

Swiss army knife for RFID security research. Reads, writes, emulates, sniffs, and brute-forces RFID/NFC tags including HID, EM4100, Mifare C…

Forces any TCP connection made by a given application through proxy servers like SOCKS4, SOCKS5, or HTTP. Essential for pivoting through com…

CTF framework and exploit development library for Python. Simplifies binary exploitation with process/socket interaction, shellcode generati…

Portable reversing framework that includes a hex editor, disassembler, debugger, scripting engine (r2pipe), and graphing. Supports many arch…

A full-featured web reconnaissance framework with a module system similar to Metasploit. Automates OSINT collection from dozens of data sour…

LLMNR, NBT-NS, and mDNS poisoner that captures NTLMv1/v2 hashes. Also runs rogue SMB, HTTP, FTP, and other servers to capture credentials on…

Rogue authentication server and LLMNR/NBT-NS/mDNS poisoner for Windows networks. Captures NTLM challenge-response hashes for offline crackin…

Retargetable machine-code decompiler based on LLVM. Developed by Avast. Decompiles x86, ARM, MIPS, PIC32, and PowerPC binaries to C with met…

Detects the use of JavaScript libraries with known vulnerabilities. Available as a CLI tool, browser extension, Grunt plugin, and Burp Suite…

C# toolset for raw Kerberos interaction and abuse. Performs Kerberoasting, AS-REP Roasting, Pass-the-Ticket, Golden/Silver Ticket attacks, t…

Payload creation framework focused on EDR bypass. Creates loaders using a variety of techniques including side-loading, binary padding, expi…

Penetration testing report generation tool built in Ruby. Stores findings and reusable recommendations, generates Word DOCX reports, and sup…

C# ingestor for BloodHound. Collects Active Directory data including group memberships, ACLs, trust relationships, sessions, and local admin…

Dynamic shellcode injection tool designed to inject shellcode into native Windows applications (PE files). Randomly modifies the PE file's e…

Search engine for internet-connected devices. Finds exposed servers, webcams, ICS/SCADA systems, databases, and more. Offers a CLI and REST …

Collection of command-line tools and C library for analyzing disk images. Supports NTFS, FAT, Ext2/3/4, HFS+, and more. Foundation for Autop…

Open-source C2 framework from BishopFox. Supports mTLS, WireGuard, HTTP/S, and DNS C2 channels. Features implant generation, pivoting, BOF s…

Allows users to enumerate SMB shares across a domain, list share permissions, check drive access, and execute remote commands via authentica…

Open-source penetration testing framework designed for social engineering attacks. Features phishing attacks, credential harvesting, spear-p…

Tool designed to allow quick and effective phishing exercises. Automates target gathering, email generation, website cloning, and credential…

Automated OSINT tool that queries 200+ data sources to gather intelligence on IP addresses, domain names, email addresses, and usernames. In…

Password spraying tool for Active Directory environments. Designed to avoid account lockouts by spraying a single password across many accou…

Automatic SQL injection and database takeover tool. Supports detection and exploitation of all major SQL injection types across MySQL, MSSQL…

Automatic SSRF (Server-Side Request Forgery) fuzzer and exploitation tool. Tests for SSRF vulnerabilities and exploits them to reach interna…

Fast passive subdomain enumeration tool from ProjectDiscovery. Uses passive online sources including certificate transparency logs, DNS data…

Gathers emails, subdomains, hosts, employee names, open ports, and virtual hosts from public sources including Google, Bing, LinkedIn, Shoda…

Comprehensive vulnerability and misconfiguration scanner for containers, Kubernetes, code repositories, and cloud infrastructure. Supports D…

Searches git repositories, S3 buckets, filesystems, and more for high-entropy strings and patterns that indicate secrets such as API keys an…

Simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Works with Metasploit payloads and custom she…

Shell script to check for simple privilege escalation vectors on Unix systems. Checks file permissions, sudo rights, SUID binaries, cron job…

Tool designed to generate Metasploit payloads that bypass common antivirus solutions. Supports multiple programming languages for payload ge…

Framework for extracting digital artifacts from volatile memory (RAM) dumps. Supports Windows, Linux, and macOS memory images. Extracts proc…

Free GUI front-end for Volatility 3 memory forensics framework on Windows. Simplifies memory analysis workflow with dropdown plugin selectio…

Web application fuzzer that replaces any reference to the FUZZ keyword with a payload value. Supports multiple encoders, filters, iterators,…

Web scanner that identifies web technologies including CMS, blogging platforms, analytics packages, JavaScript libraries, server frameworks,…

Automated wireless attack tool that attacks multiple WEP/WPA/WPA2/WPS encrypted networks in sequence. Runs airodump-ng, aireplay-ng, and air…

World's foremost network protocol analyzer. Captures and interactively browses traffic on a computer network. Supports hundreds of protocols…

WordPress security scanner. Enumerates WordPress installations for vulnerable plugins, themes, and configurations. Checks usernames, timthum…

Open-source x64/x32 debugger for Windows. Actively maintained with a plugin ecosystem, scriptable, and designed to replace OllyDbg. Excellen…

Advanced XSS detection and exploitation suite. Features a crawler, fuzzer, a context-aware analysis engine, and a payload generator that cra…