Skip to content
/ list-pentest-tools Public

A curated list of network penetration testing tools.

5 stars 48 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

TPLink32/list-pentest-tools

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 

Repository files navigation

Contents

Tools

Penetration Testing OS Distributions

  • Kali - GNU/Linux distribution designed for digital forensics and penetration testing.
  • ArchStrike - Arch GNU/Linux repository for security professionals and enthusiasts.
  • BlackArch - Arch GNU/Linux-based distribution for penetration testers and security researchers.
  • Network Security Toolkit (NST) - Fedora-based bootable live operating system designed to provide easy access to best-of-breed open source network security applications.
  • BackBox - Ubuntu-based distribution for penetration tests and security assessments.
  • Parrot - Distribution similar to Kali, with multiple architecture.
  • Buscador - GNU/Linux virtual machine that is pre-configured for online investigators.
  • Fedora Security Lab - Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies.
  • The Pentesters Framework - Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that eliminates often unused toolchains.
  • AttifyOS - GNU/Linux distribution focused on tools useful during Internet of Things (IoT) security assessments.

Multi-paradigm Frameworks

  • Metasploit - Software for offensive security teams to help verify vulnerabilities and manage security assessments.
  • Armitage - Java-based GUI front-end for the Metasploit Framework.
  • Faraday - Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.
  • ExploitPack - Graphical tool for automating penetration tests that ships with many pre-packaged exploits.
  • Pupy - Cross-platform (Windows, Linux, macOS, Android) remote administration and post-exploitation tool.
  • AutoSploit - Automated mass exploiter, which collects target by employing the Shodan.io API and programmatically chooses Metasploit exploit modules based on the Shodan query.

Network Vulnerability Scanners

  • Netsparker Application Security Scanner - Application security scanner to automatically find security flaws.
  • Nexpose - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
  • Nessus - Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable.
  • OpenVAS - Free software implementation of the popular Nessus vulnerability assessment system.
  • Vuls - Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go.

Static Analyzers

  • Brakeman - Static analysis security vulnerability scanner for Ruby on Rails applications.
  • cppcheck - Extensible C/C++ static analyzer focused on finding bugs.
  • FindBugs - Free software static analyzer to look for bugs in Java code.
  • sobelow - Security-focused static analysis for the Phoenix Framework.
  • bandit - Security oriented static analyser for python code.
  • Progpilot - Static security analysis tool for PHP code.

Web Vulnerability Scanners

  • Netsparker Application Security Scanner - Application security scanner to automatically find security flaws.
  • Nikto - Noisy but fast black box web server and web application vulnerability scanner.
  • Arachni - Scriptable framework for evaluating the security of web applications.
  • w3af - Web application attack and audit framework.
  • Wapiti - Black box web application vulnerability scanner with built-in fuzzer.
  • SecApps - In-browser web application security testing suite.
  • WebReaver - Commercial, graphical web application vulnerability scanner designed for macOS.
  • WPScan - Black box WordPress vulnerability scanner.
  • Zoom - Powerful wordpress username enumerator with infinite scanning.
  • cms-explorer - Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
  • joomscan - Joomla vulnerability scanner.
  • ACSTIS - Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.
  • SQLmate - A friend of sqlmap that identifies sqli vulnerabilities based on a given dork and website (optional).

Network Tools

  • pig - GNU/Linux packet crafting tool.
  • Network-Tools.com - Website offering an interface to numerous basic network utilities like ping, traceroute, whois, and more.
  • Intercepter-NG - Multifunctional network toolkit.
  • SPARTA - Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.
  • Zarp - Network attack tool centered around the exploitation of local networks.
  • dsniff - Collection of tools for network auditing and pentesting.
  • scapy - Python-based interactive packet manipulation program & library.
  • Printer Exploitation Toolkit (PRET) - Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
  • Praeda - Automated multi-function printer data harvester for gathering usable data during security assessments.
  • routersploit - Open source exploitation framework similar to Metasploit but dedicated to embedded devices.
  • CrackMapExec - Swiss army knife for pentesting networks.
  • impacket - Collection of Python classes for working with network protocols.
  • dnstwist - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage.
  • THC Hydra - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more.

Exfiltration Tools

  • DET - Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.
  • pwnat - Punches holes in firewalls and NATs.
  • tgcd - Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.
  • Iodine - Tunnel IPv4 data through a DNS server; useful for exfiltration from networks where Internet access is firewalled, but DNS queries are allowed.

Network Reconnaissance Tools

  • zmap - Open source network scanner that enables researchers to easily perform Internet-wide network studies.
  • nmap - Free security scanner for network exploration & security audits.
  • scanless - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.
  • DNSDumpster - Online DNS recon and search service.
  • CloudFail - Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
  • dnsenum - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
  • dnsmap - Passive DNS network mapper.
  • dnsrecon - DNS enumeration script.
  • dnstracer - Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
  • passivedns-client - Library and query tool for querying several passive DNS providers.
  • passivedns - Network sniffer that logs all DNS server replies for use in a passive DNS setup.
  • Mass Scan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
  • smbmap - Handy SMB enumeration tool.
  • XRay - Network (sub)domain discovery and reconnaissance automation tool.
  • ACLight - Script for advanced discovery of sensitive Privileged Accounts - includes Shadow Admins.

Protocol Analyzers and Sniffers

  • tcpdump/libpcap - Common packet analyzer that runs under the command line.
  • Wireshark - Widely-used graphical, cross-platform network protocol analyzer.
  • netsniff-ng - Swiss army knife for for network sniffing.
  • Dshell - Network forensic analysis framework.
  • Debookee - Simple and powerful network traffic analyzer for macOS.
  • Dripcap - Caffeinated packet analyzer.
  • Netzob - Reverse engineering, traffic generation and fuzzing of communication protocols.

Proxies and MITM Tools

  • dnschef - Highly configurable DNS proxy for pentesters.
  • mitmproxy - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
  • Morpheus - Automated ettercap TCP/IP Hijacking tool.
  • mallory - HTTP/HTTPS proxy over SSH.
  • SSH MITM - Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.
  • evilgrade - Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
  • Ettercap - Comprehensive, mature suite for machine-in-the-middle attacks.
  • BetterCAP - Modular, portable and easily extensible MITM framework.

Wireless Network Tools

  • Aircrack-ng - Set of tools for auditing wireless networks.
  • Kismet - Wireless network detector, sniffer, and IDS.
  • Reaver - Brute force attack against WiFi Protected Setup.
  • Wifite - Automated wireless attack tool.
  • Fluxion - Suite of automated social engineering based WPA attacks.

Transport Layer Security Tools

  • SSLyze - Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.
  • tls_prober - Fingerprint a server's SSL/TLS implementation.
  • testssl.sh - Command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.
  • crackpkcs12 - Multithreaded program to crack PKCS#12 files (.p12 and .pfx extensions), such as TLS/SSL certificates.

Web Exploitation

  • OWASP Zed Attack Proxy (ZAP) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
  • Fiddler - Free cross-platform web debugging proxy with user-friendly companion tools.
  • Burp Suite - Integrated platform for performing security testing of web applications.
  • autochrome - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup.
  • Browser Exploitation Framework (BeEF) - Command and control server for delivering exploits to commandeered Web browsers.
  • Offensive Web Testing Framework (OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
  • Wordpress Exploit Framework - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
  • WPSploit - Exploit WordPress-powered websites with Metasploit.
  • SQLmap - Automatic SQL injection and database takeover tool.
  • tplmap - Automatic server-side template injection and Web server takeover tool.
  • weevely3 - Weaponized web shell.
  • Wappalyzer - Wappalyzer uncovers the technologies used on websites.
  • WhatWeb - Website fingerprinter.
  • BlindElephant - Web application fingerprinter.
  • wafw00f - Identifies and fingerprints Web Application Firewall (WAF) products.
  • fimap - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
  • Kadabra - Automatic LFI exploiter and scanner.
  • Kadimus - LFI scan and exploit tool.
  • liffy - LFI exploitation tool.
  • Commix - Automated all-in-one operating system command injection and exploitation tool.
  • DVCS Ripper - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.
  • GitTools - Automatically find and download Web-accessible .git repositories.
  • sslstrip - Demonstration of the HTTPS stripping attacks.
  • sslstrip2 - SSLStrip version to defeat HSTS.
  • NoSQLmap - Automatic NoSQL injection and database takeover tool.
  • VHostScan - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
  • FuzzDB - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
  • EyeWitness - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
  • webscreenshot - A simple script to take screenshots of list of websites.

Hex Editors

  • HexEdit.js - Browser-based hex editing.
  • Hexinator - World's finest (proprietary, commercial) Hex Editor.
  • Frhed - Binary file editor for Windows.
  • 0xED - Native macOS hex editor that supports plug-ins to display custom data types.
  • Hex Fiend - Fast, open source, hex editor for macOS with support for viewing binary diffs.

File Format Analysis Tools

  • Kaitai Struct - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
  • Veles - Binary data visualization and analysis tool.
  • Hachoir - Python library to view and edit a binary stream as tree of fields and tools for metadata extraction.

Anti-virus Evasion Tools

  • Veil - Generate metasploit payloads that bypass common anti-virus solutions.
  • shellsploit - Generates custom shellcode, backdoors, injectors, optionally obfuscates every byte via encoders.
  • Hyperion - Runtime encryptor for 32-bit portable executables ("PE .exes").
  • AntiVirus Evasion Tool (AVET) - Post-process exploits containing executable files targeted for Windows machines to avoid being recognized by antivirus software.
  • peCloak.py - Automates the process of hiding a malicious Windows executable from antivirus (AV) detection.
  • peCloakCapstone - Multi-platform fork of the peCloak.py automated malware antivirus evasion tool.
  • UniByAv - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key.
  • Shellter - Dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.

Hash Cracking Tools

  • John the Ripper - Fast password cracker.
  • Hashcat - The more fast hash cracker.
  • CeWL - Generates custom wordlists by spidering a target's website and collecting unique words.
  • JWT Cracker - Simple HS256 JWT token brute force cracker.
  • Rar Crack - RAR bruteforce cracker.
  • BruteForce Wallet - Find the password of an encrypted wallet file (i.e. wallet.dat).

Windows Utilities

  • Sysinternals Suite - The Sysinternals Troubleshooting Utilities.
  • Windows Credentials Editor - Inspect logon sessions and add, change, list, and delete associated credentials, including Kerberos tickets.
  • mimikatz - Credentials extraction tool for Windows operating system.
  • PowerSploit - PowerShell Post-Exploitation Framework.
  • Windows Exploit Suggester - Detects potential missing patches on the target.
  • Responder - LLMNR, NBT-NS and MDNS poisoner.
  • Bloodhound - Graphical Active Directory trust relationship explorer.
  • Empire - Pure PowerShell post-exploitation agent.
  • Fibratus - Tool for exploration and tracing of the Windows kernel.
  • wePWNise - Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software.
  • redsnarf - Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers.
  • Magic Unicorn - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or certutil (using fake certificates).
  • DeathStar - Python script that uses Empire's RESTful API to automate gaining Domain Admin rights in Active Directory environments.

GNU/Linux Utilities

macOS Utilities

  • Bella - Pure Python post-exploitation data mining and remote administration tool for macOS.

DDoS Tools

  • LOIC - Open source network stress tool for Windows.
  • JS LOIC - JavaScript in-browser version of LOIC.
  • SlowLoris - DoS tool that uses low bandwidth on the attacking side.
  • HOIC - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures.
  • T50 - Faster network stress tool.
  • UFONet - Abuses OSI layer 7 HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
  • Memcrashed - DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API.

Social Engineering Tools

OSINT Tools

  • Maltego - Proprietary software for open source intelligence and forensics, from Paterva.
  • theHarvester - E-mail, subdomain and people names harvester.
  • creepy - Geolocation OSINT tool.
  • metagoofil - Metadata harvester.
  • Google Hacking Database - Database of Google dorks; can be used for recon.
  • Google-dorks - Common Google dorks and others you probably don't know.
  • GooDork - Command line Google dorking tool.
  • dork-cli - Command line Google dork tool.
  • Censys - Collects data on hosts and websites through daily ZMap and ZGrab scans.
  • Shodan - World's first search engine for Internet-connected devices.
  • recon-ng - Full-featured Web Reconnaissance framework written in Python.
  • github-dorks - CLI tool to scan github repos/organizations for potential sensitive information leak.
  • vcsmap - Plugin-based tool to scan public version control systems for sensitive information.
  • Spiderfoot - Multi-source OSINT automation tool with a Web UI and report visualizations
  • BinGoo - GNU/Linux bash based Bing and Google Dorking Tool.
  • fast-recon - Perform Google dorks against a domain.
  • snitch - Information gathering via dorks.
  • Sn1per - Automated Pentest Recon Scanner.
  • Threat Crowd - Search engine for threats.
  • Virus Total - Free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
  • PacketTotal - Simple, free, high-quality packet capture file analysis facilitating the quick detection of network-borne malware (using Bro and Suricata IDS signatures under the hood).
  • DataSploit - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes.
  • AQUATONE - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.
  • Intrigue - Automated OSINT & Attack Surface discovery framework with powerful API, UI and CLI.
  • ZoomEye - Search engine for cyberspace that lets the user find specific network components.
  • gOSINT - OSINT tool with multiple modules and a telegram scraper.
  • Amass - Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc.
  • XRay - XRay is a tool for recon, mapping and OSINT gathering from public networks.
  • Intel Techniques Online Tools - Use the links to the left to access all of the custom search tools.
  • Buscador - A Linux Virtual Machine that is pre-configured for online investigators

Anonymity Tools

  • Tor - Free software and onion routed overlay network that helps you defend against traffic analysis.
  • OnionScan - Tool for investigating the Dark Web by finding operational security issues introduced by Tor hidden service operators.
  • I2P - The Invisible Internet Project.
  • Nipe - Script to redirect all traffic from the machine to the Tor network.
  • What Every Browser Knows About You - Comprehensive detection page to test your own Web browser's configuration for privacy and identity leaks.

Reverse Engineering Tools

  • Interactive Disassembler (IDA Pro) - Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, IDA Free.
  • WDK/WinDbg - Windows Driver Kit and WinDbg.
  • OllyDbg - x86 debugger for Windows binaries that emphasizes binary code analysis.
  • Radare2 - Open source, crossplatform reverse engineering framework.
  • x64dbg - Open source x64/x32 debugger for windows.
  • Immunity Debugger - Powerful way to write exploits and analyze malware.
  • Evan's Debugger - OllyDbg-like debugger for GNU/Linux.
  • Medusa - Open source, cross-platform interactive disassembler.
  • plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
  • peda - Python Exploit Development Assistance for GDB.
  • dnSpy - Tool to reverse engineer .NET assemblies.
  • binwalk - Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
  • PyREBox - Python scriptable Reverse Engineering sandbox by Cisco-Talos.
  • Voltron - Extensible debugger UI toolkit written in Python.
  • Capstone - Lightweight multi-platform, multi-architecture disassembly framework.
  • rVMI - Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool.
  • Frida - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.

Side-channel Tools

  • ChipWhisperer - Complete open-source toolchain for side-channel power analysis and glitching attacks.

CTF Tools

  • ctf-tools - Collection of setup scripts to install various security research tools easily and quickly deployable to new machines.
  • Pwntools - Rapid exploit development framework built for use in CTFs.
  • RsaCtfTool - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks.

License

CC-BY

This work is licensed under a Creative Commons Attribution 4.0 International License.

About

A curated list of network penetration testing tools.

Resources

Readme
Activity

Stars

5 stars

Watchers

1 watching

Forks

48 forks
Report repository

Releases

No releases published

Packages

No packages published