Venom Information Security Collection

The collection of awesome software, tools, libraries, documents, books, resources and cool stuff about information security, penetration testing and offensive cybersecurity.

Information security (or InfoSec), is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized/inappropriate access to data, or the unlawful use, disclosure, disruption, deletion, corruption, modification, inspection, recording, or devaluation of information. It also involves actions intended to reduce the adverse impacts of such incidents. Information security's primary focus is the balanced protection of the data confidentiality, data integrity, and data availability of data while maintaining a focus on efficient policy implementation, all without hampering organization productivity.

Penetration testing (or PenTesting) is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities. The purpose of this simulated attack is to identify any weak spots in a system’s defenses which attackers could take advantage of. This is like a bank hiring someone to dress as a burglar and try to break into their building and gain access to the vault. If the ‘burglar’ succeeds and gets into the bank or the vault, the bank will gain valuable information on how they need to tighten their security measures. Should you discover a vulnerability, please follow this guidance to report it responsibly.

---

Your contributions and suggestions are heartily welcome. Please, check the Guide for more details.

---

Overview

• Venom Information Security Collection
  • Overview
• TOOLS AND RESOURCES
  • Analysis Tools
  • Anonymity / Tor Tools
  • Anti-virus Evasion Tools
  • Cloud Platform Attack Tools
  • Collaboration Tools
  • CTF Tools / Resources / Courses
  • Datastores
  • Emails
  • Endpoint
    • Anti-Virus / Anti-Malware
    • Authentication
    • Configuration Management
    • Mobile / Android / iOS
    • Forensics
  • Exfiltration Tools
  • Exploit Development Tools
  • Hash Cracking Tools
  • Hex Editors
  • Intentionally Vulnerable Systems
  • Multi-paradigm Frameworks
  • Network
    • Anti-Spam
    • DDoS Tools
    • Firewall
    • IDS / IPS / Host IDS / Host IPS
    • IP
    • Honey Pot / Honey Net
    • Monitoring / Logging / Event Management
    • Network Reconnaissance Tools
    • Network Traffic Replay and Editing Tools
    • Network Vulnerability Scanners
    • Protocol Analyzers / Sniffers
    • Proxies and Machine-in-the-Middle (MITM) Tools
    • Transport Layer Security Tools
    • VPN
    • Wireless Network Tools
  • Open Sources Intelligence (OSINT)
    • Dorking tools
    • Email, phone search and analysis tools
    • Metadata harvesting and analysis
    • Network device discovery tools
    • OSINT Online Resources
    • Source code repository searching tools
    • Web application and resource analysis tools
  • Operating Systems
    • Linux
      • Linux Online Resources
    • macOS
    • Windows
    • Operating System Distributions
    • Online Operating Systems Resources
  • Penetration Testing
    • Addintional Penetration Tools
    • Online Penetration Testing Resources
    • Passwords
    • Penetration Testing Report Templates
  • Physical Access Tools
  • Reverse Engineering
  • Samba Enumerating
  • Social Engineering
  • Static Analyzers
  • Steganography Tools
  • Threat Intelligence
  • Vulnerability Databases
  • Web
    • Web Accessible Source Code Ripping Tools
    • Web Application Firewall
    • Web Exploitation
    • Web File Inclusion Tools
    • Web Injection Tools
    • Web Path Discovery / Bruteforcing Tools
    • Web Proxies Intercepting
    • Web Shells / C2 Frameworks
    • Web Subdomains
    • Web Vulnerability Scanners
  • Web Servers
  • Useful Resources
    • Documents / Images
    • Security Awesome Lists
    • Other Lists
  • Other
  • Contributing

---

TOOLS AND RESOURCES

Analysis Tools

^ back to top ^

• CyberChef - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis.
• DocBleach - An open-source Content Disarm & Reconstruct software sanitizing Office, PDF and RTF Documents.
• ExifTool - Platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files.
• Hachoir - Python library to view and edit a binary stream as tree of fields and tools for metadata extraction.
• Kaitai Struct - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
• peepdf - Python tool to explore PDF files in order to find out if the file can be harmful or not.
• Veles - Binary data visualization and analysis tool.

---

Anonymity / Tor Tools

^ back to top ^

• dos-over-tor - Proof of concept denial of service over Tor stress test tool.
• I2P - The Invisible Internet Project.
• kalitorify - Transparent proxy through Tor for Kali Linux OS.
• Metadata Anonymization Toolkit (MAT) - Metadata removal tool, supporting a wide range of commonly used file formats, written in Python3.
• Nipe - Script to redirect all traffic from the machine to the Tor network.
• OnionScan - Tool for investigating the Dark Web by finding operational security issues introduced by Tor hidden service operators.
• Tails - Live operating system aiming to preserve your privacy and anonymity.
• Tor - Free software and onion routed overlay network that helps you defend against traffic analysis.
• What Every Browser Knows About You - Comprehensive detection page to test your own Web browser's configuration for privacy and identity leaks.

---

Anti-virus Evasion Tools

^ back to top ^

• AntiVirus Evasion Tool (AVET) - Post-process exploits containing executable files targeted for Windows machines to avoid being recognized by antivirus software.
• CarbonCopy - Tool that creates a spoofed certificate of any online website and signs an Executable for AV evasion.
• Hyperion - Runtime encryptor for 32-bit portable executables ("PE .exes").
• peCloakCapstone - Multi-platform fork of the peCloak.py automated malware antivirus evasion tool.
• Shellter - Dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.
• UniByAv - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key.
• Veil - Generate metasploit payloads that bypass common anti-virus solutions.

---

Cloud Platform Attack Tools

^ back to top ^

See also HackingThe.cloud.

• Cloud Container Attack Tool (CCAT) - Tool for testing security of container environments.
• CloudHunter - Looks for AWS, Azure and Google cloud storage buckets and lists permissions for vulnerable buckets.
• Cloudsplaining - Identifies violations of least privilege in AWS IAM policies and generates a pretty HTML report with a triage worksheet.
• Endgame - AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account.
• GCPBucketBrute - Script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.

---

Collaboration Tools

^ back to top ^

• Dradis - Open-source reporting and collaboration tool for IT security professionals.
• Lair - Reactive attack collaboration framework and web application built with meteor.
• Pentest Collaboration Framework (PCF) - Open source, cross-platform, and portable toolkit for automating routine pentest processes with a team.
• Reconmap - Open-source collaboration platform for InfoSec professionals that streamlines the pentest process.
• RedELK - Track and alarm about Blue Team activities while providing better usability in long term offensive operations.

---

CTF Tools / Resources / Courses

^ back to top ^

See also Awesome CTF - A curated list of CTF frameworks, libraries, resources and software. See also Awesome Cyber Skills - A curated list of hacking environments where you can train your cyber skills legally and safely.

• Arizona Cyber Warfare Range - 24x7 live fire exercises for beginners through real world operations; capability for upward progression into the real world of cyber warfare.
• Ciphey - Automated decryption tool using artificial intelligence and natural language processing.
• CTF Field Guide - Everything you need to win your next CTF competition.
• Cybrary - Free courses in ethical hacking and advanced penetration testing. Advanced penetration testing courses are based on the book 'Penetration Testing for Highly Secured Environments'.
• Hack The Box - An online cybersecurity training platform allowing IT professionals to advance their ethical hacking skills and be part of a worldwide community.
• Offensive Security Training - Training from BackTrack/Kali developers.
• Open Security Training - Training material for computer security classes.
• OverTheWire War Games - The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games.
• PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
• Roppers Academy Training - Free courses on computing and security fundamentals designed to train a beginner to crush their first CTF.
• RsaCtfTool - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks.
• SANS Security Training - Computer Security Training & Certification.
• shellpop - Easily generate sophisticated reverse or bind shell commands to help you save time during penetration tests.
• TryHackMe - Online platform for learning cyber security, using hands-on exercises and labs.

---

Datastores

^ back to top ^

• acra - Database security suite: proxy for data protection with transparent "on the fly" data encryption, data masking and tokenization, SQL firewall (SQL injections prevention), intrusion detection system.
• aws-vault - Store AWS credentials in the OSX Keychain or an encrypted file
• blackbox - Safely store secrets in a VCS repo using GPG
• chamber - Store secrets using AWS KMS and SSM Parameter Store
• confidant - Stores secrets in AWS DynamoDB, encrypted at rest and integrates with IAM
• credstash - Store secrets using AWS KMS and DynamoDB
• databunker - Databunker is an address book on steroids for storing personal data. GDPR and encryption are out of the box.
• dotgpg - A tool for backing up and versioning your production secrets or shared passwords securely and easily.
• nextcloud - A safe home for all your data.
• LunaSec - Database for PII with automatic encryption/tokenization, sandboxed components for handling data, and centralized authorization controls.
• passbolt - The password manager your team was waiting for. Free, open source, extensible, based on OpenPGP.
• passpie - Multiplatform command-line password manager
• pwndrop - Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.
• redoctober - Server for two-man rule style file encryption and decryption.
• Safe - A Vault CLI that makes reading from and writing to the Vault easier to do.
• Sops - An editor of encrypted files that supports YAML, JSON and BINARY formats and encrypts with AWS KMS and PGP.
• Vault - An encrypted datastore secure enough to hold environment and application secrets.

---

Emails

^ back to top ^

• 10minutemail - Free Temporary Email.
• mail-tester - Test the Spammyness of your Emails.
• dkimvalidator - DKIM, SPF, SpamAssassin Email Validator.
• spf-policy-tester - SPF Policy Tester.
• spf - SPF Record Check - Lookup SPF Records.

---

Endpoint

Anti-Virus / Anti-Malware

^ back to top ^

See also Awesome Malware Analysis - A curated list of awesome malware analysis tools and resources.

• ClamAv - ClamAV® is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
• Fastfinder - Fast customisable cross-platform suspicious file finder. Supports md5/sha1/sha256 hashs, litteral/wildcard strings, regular expressions and YARA rules. Can easily be packed to be deployed on any windows / linux host.
• Linux Malware Detect - A malware scanner for Linux designed around the threats faced in shared hosted environments.
• LOKI - Simple Indicators of Compromise and Incident Response Scanner.
• rkhunter - A Rootkit Hunter for Linux.

Authentication

^ back to top ^

• google-authenticator - The Google Authenticator project includes implementations of one-time passcode generators for several mobile platforms, as well as a pluggable authentication module (PAM). One-time passcodes are generated using open standards developed by the Initiative for Open Authentication (OATH) (which is unrelated to OAuth). These implementations support the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm specified in RFC 6238. Tutorials: How to set up two-factor authentication for SSH login on Linux
• FreeOTP - A two-factor authentication application for systems utilizing one-time password protocols. Tokens can be added easily by scanning a QR code.
• Stegcloak - Securely assign Digital Authenticity to any written text

Configuration Management

^ back to top ^

• Fleet device management - Fleet is the lightweight, programmable telemetry platform for servers and workstations. Get comprehensive, customizable data from all your devices and operating systems.
• GLPi - Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing.
• Rudder - Rudder is an easy to use, web-driven, role-based solution for IT Infrastructure Automation & Compliance. Automate common system administration tasks (installation, configuration); Enforce configuration over time (configuring once is good, ensuring that configuration is valid and automatically fixing it is better); Inventory of all managed nodes; Web interface to configure and manage nodes and their configuration; Compliance reporting, by configuration and/or by node.

Mobile / Android / iOS

^ back to top ^

See also android-security-awesome - A collection of android security related resources. A lot of work is happening in academia and industry on tools to perform dynamic analysis, static analysis and reverse engineering of android apps. See also Android Exploits - Guide on Android Exploitation and Hacks.

• AMExtractor - AMExtractor can dump out the physical content of your Android device even without kernel source code.
• Android Storage Extractor - A tool to extract local data storage of an Android application in one click.
• Apktool - A tool for reverse engineering Android apk files.
• dotPeek - Free-of-charge standalone tool based on ReSharper's bundled decompiler.
• enjarify - A tool for translating Dalvik bytecode to equivalent Java bytecode.
• frida - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
• hardened_malloc - Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-based platforms. It will gain more portability / integration over time.
• jadx - Command line and GUI tools for produce Java source code from Android Dex and Apk files.
• Mobile Security Wiki - A collection of mobile security resources.
• OSX Security Awesome - A collection of OSX and iOS security resources
• OWASP Mobile Security Testing Guide - A comprehensive manual for mobile app security testing and reverse engineering.
• symbiote - Your target's phone's front and back cameras can be accessed by sending a link.
• Quark-Engine - An Obfuscation-Neglect Android Malware Scoring System.
• reFlutter - Flutter Reverse Engineering Framework.
• SecMobi Wiki - A collection of mobile security resources which including articles, blogs, books, groups, projects, tools and conferences. *
• Themis - High-level multi-platform cryptographic framework for protecting sensitive data: secure messaging with forward secrecy and secure data storage (AES256GCM), suits for building end-to-end encrypted applications.
• UDcide - Android Malware Behavior Editor.

Forensics

^ back to top ^

See also Awesome Forensics - Free (mostly open source) forensic analysis tools and resources.

• grr - GRR Rapid Response is an incident response framework focused on remote live forensics.
• ir-rescue - ir-rescue is a Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
• LiME - Linux Memory Extractor
• Logdissect - CLI utility and Python API for analyzing log files and other data.
• Maigret - Maigret collect a dossier on a person by username only, checking for accounts on a huge number of sites and gathering all the available information from web pages.
• Meerkat - PowerShell-based Windows artifact collection for threat hunting and incident response.
• mig - MIG is a platform to perform investigative surgery on remote endpoints. It enables investigators to obtain information from large numbers of systems in parallel, thus accelerating investigation of incidents and day-to-day operations security.
• Rekall - The Rekall Framework is a completely open collection of tools, implemented in Python under the Apache and GNU General Public License, for the extraction and analysis of digital artifacts computer systems.
• Volatility - Python based memory extraction and analysis framework.
• url-sandbox - Scalable URL Sandbox for analyzing URLs and Domains from phishing attacks.

---

Exfiltration Tools

^ back to top ^

• DET - Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.
• dnscat2 - Tool designed to create an encrypted command and control channel over the DNS protocol, which is an effective tunnel out of almost every network.
• Iodine - Tunnel IPv4 data through a DNS server; useful for exfiltration from networks where Internet access is firewalled, but DNS queries are allowed.
• pwnat - Punches holes in firewalls and NATs.
• QueenSono - Client/Server Binaries for data exfiltration with ICMP. Useful in a network where ICMP protocol is less monitored than others (which is a common case).
• tgcd - Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.
• TrevorC2 - Client/server tool for masking command and control and data exfiltration through a normally browsable website, not typical HTTP POST requests.

---

Exploit Development Tools

^ back to top ^

See also Reverse Engineering.

• Magic Unicorn - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or certutil (using fake certificates).
• peda - Python Exploit Development Assistance for GDB.
• Pwntools - Rapid exploit development framework built for use in CTFs.
• VcenterKit - Vcenter Comprehensive Penetration and Exploitation Toolkit.
• Wordpress Exploit Framework - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.

---

Hash Cracking Tools

^ back to top ^

• BruteForce Wallet - Find the password of an encrypted wallet file (i.e. wallet.dat).
• CeWL - Generates custom wordlists by spidering a target's website and collecting unique words.
• crackstation - Password Hash Cracker.
• duplicut - Quickly remove duplicates, without changing the order, and without getting OOM on huge wordlists.
• GoCrack - Management Web frontend for distributed password cracking sessions using hashcat (or other supported tools) written in Go.
• Hashcat - The more fast hash cracker.
• hate_crack - Tool for automating cracking methodologies through Hashcat.
• John the Ripper - Fast password cracker.
• JWT Cracker - Simple HS256 JSON Web Token (JWT) token brute force cracker.
• pydictor - A powerful and useful hacker dictionary builder for a brute-force attack.
• Rar Crack - RAR bruteforce cracker.

---

Hex Editors

^ back to top ^

• Bless - High quality, full featured, cross-platform graphical hex editor written in Gtk#.
• Frhed - Binary file editor for Windows.
• Hex Fiend - Fast, open source, hex editor for macOS with support for viewing binary diffs.
• HexEdit.js - Browser-based hex editing.
• hexedit - Simple, fast, console-based hex editor.
• Hexinator - World's finest (proprietary, commercial) Hex Editor.
• wxHexEditor - Free GUI hex editor for GNU/Linux, macOS, and Windows.

---

Intentionally Vulnerable Systems

^ back to top ^

• Damn Vulnerable Web Application (DVWA) - docker pull citizenstig/dvwa.
• OWASP Juice Shop - docker pull bkimminich/juice-shop.
• OWASP Mutillidae II Web Pen-Test Practice Application - docker pull citizenstig/nowasp.
• OWASP NodeGoat - docker-compose build && docker-compose up.
• OWASP Security Shepherd - docker pull ismisepaul/securityshepherd.
• OWASP WebGoat Project 7.1 docker image - docker pull webgoat/webgoat-7.1.
• OWASP WebGoat Project 8.0 docker image - docker pull webgoat/webgoat-8.0.
• Vulnerability as a service: Heartbleed - docker pull hmlio/vaas-cve-2014-0160.
• Vulnerability as a service: SambaCry - docker pull vulnerables/cve-2017-7494.
• Vulnerability as a service: Shellshock - docker pull hmlio/vaas-cve-2014-6271.
• Vulnerable WordPress Installation - docker pull wpscanteam/vulnerablewordpress.

---

Multi-paradigm Frameworks

^ back to top ^

• Armitage - Java-based GUI front-end for the Metasploit Framework.
• AutoSploit - Automated mass exploiter, which collects target by employing the Shodan API and programmatically chooses Metasploit exploit modules based on the Shodan query.
• Decker - Penetration testing orchestration and automation framework, which allows writing declarative, reusable configurations capable of ingesting variables and using outputs of tools it has run as inputs to others.
• Faraday - Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.
• Metasploit Framework - A tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research.
• Metasploit - Software for offensive security teams to help verify vulnerabilities and manage security assessments.
• Pupy - Cross-platform (Windows, Linux, macOS, Android) remote administration and post-exploitation tool.

---

Network

• network-segmentation-cheat-sheet - This project was created to publish the best practices for segmentation of the corporate network of any company. In general, the schemes in this project are suitable for any company.

^ back to top ^

• CrackMapExec - Swiss army knife for pentesting networks.
• dnstwist - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage.
• dsniff - Collection of tools for network auditing and pentesting.
• IKEForce - Command line IPSEC VPN brute forcing tool for Linux that allows group name/ID enumeration and XAUTH brute forcing capabilities.
• impacket - Collection of Python classes for working with network protocols.
• Intercepter-NG - Multifunctional network toolkit.
• Legion - Graphical semi-automated discovery and reconnaissance framework based on Python 3 and forked from SPARTA.
• Ncrack - High-speed network authentication cracking tool built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords.
• NetExec - Network service exploitation tool that helps automate assessing the security of large networks.
• Network-Tools.com - Website offering an interface to numerous basic network utilities like ping, traceroute, whois, and more.
• pivotsuite - Portable, platform independent and powerful network pivoting toolkit.
• Praeda - Automated multi-function printer data harvester for gathering usable data during security assessments.
• Printer Exploitation Toolkit (PRET) - Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
• routersploit - Open source exploitation framework similar to Metasploit but dedicated to embedded devices.
• rshijack - TCP connection hijacker, Rust rewrite of shijack.
• SigPloit - Signaling security testing framework dedicated to telecom security for researching vulnerabilites in the signaling protocols used in mobile (cellular phone) operators.
• Smart Install Exploitation Tool (SIET) - Scripts for identifying Cisco Smart Install-enabled switches on a network and then manipulating them.
• SPARTA - Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.
• THC Hydra - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more.
• Tsunami - General purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
• Zarp - Network attack tool centered around the exploitation of local networks.

Anti-Spam

^ back to top ^

• rspamd - Fast, free and open-source spam filtering system.
• Scammer-List - A free open source AI based Scam and Spam Finder with a free API
• Spam Scanner - Anti-Spam Scanning Service and Anti-Spam API.
• SpamAssassin - A powerful and popular email spam filter employing a variety of detection technique.

DDoS Tools

^ back to top ^

• Anevicon - Powerful UDP-based load generator, written in Rust.
• DDoS-Ripper - Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic.
• Ddosify - Effortless Kubernetes Monitoring and Performance Testing. Available on CLI, Self-Hosted, and Cloud.
• D(HE)ater - D(HE)ater sends forged cryptographic handshake messages to enforce the Diffie-Hellman key exchange.
• Finshir - A coroutines-driven Low & Slow traffic generator, written in Rust.
• HOIC - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures.
• Impulse - Modern Denial-of-service ToolKit.
• Low Orbit Ion Canon (LOIC) - Open source network stress tool written for Windows.
• Memcrashed - DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API.
• SlowLoris - DoS tool that uses low bandwidth on the attacking side.
• T50 - Faster network stress tool.
• UFONet - Abuses OSI layer 7 HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.

Firewall

^ back to top ^

• blocklist-ipsets - ipsets dynamically updated with firehol's update-ipsets.sh script.
• fwknop - Protects ports via Single Packet Authorization in your firewall.
• ipset - Framework inside the Linux kernel, which can be administered by the ipset utility. Depending on the type, an IP set may store IP addresses, networks, (TCP/UDP) port numbers, MAC addresses, interface names or combinations of them in a way, which ensures lightning speed when matching an entry against a set.
• OPNsense - is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform. OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources.
• pfSense - Firewall and Router FreeBSD distribution.

IDS / IPS / Host IDS / Host IPS

^ back to top ^

• AIEngine - AIEngine is a next generation interactive/programmable Python/Ruby/Java/Lua packet inspection engine with capabilities of learning without any human intervention, NIDS(Network Intrusion Detection System) functionality, DNS domain classification, network collector, network forensics and many others.
• CrowdSec - CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network. It stacks on Fail2Ban's philosophy but is IPV6 compatible and 60x faster (Go vs Python), uses Grok patterns to parse logs and YAML scenario to identify behaviors. CrowdSec is engineered for modern Cloud / Containers / VM based infrastructures (by decoupling detection and remediation). Once detected, you can remedy threats with various bouncers (firewall block, nginx http 403, Captchas, etc.) while the aggressive IPs can be sent to CrowdSec for curation before being shared among all users to further strengthen the community
• Denyhosts - Thwart SSH dictionary based attacks and brute force attacks.
• Fail2Ban - Scans log files and takes action on IPs that show malicious behavior.
• maltrail - Malicious traffic detection system.
• OSSEC - Comprehensive Open Source HIDS. Not for the faint of heart. Takes a bit to get your head around how it works. Performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, MacOS, Solaris, HP-UX, AIX and Windows. Plenty of reasonable documentation. Sweet spot is medium to large deployments.
• Security Onion - Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It's based on Ubuntu and contains Snort, Suricata, Zeek, OSSEC, Sguil, Squert, Snorby, ELSA, Xplico, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!
• Snort - Snort is a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS)created by Martin Roesch in 1998. Snort is now developed by Sourcefire, of which Roesch is the founder and CTO. In 2009, Snort entered InfoWorld's Open Source Hall of Fame as one of the "greatest [pieces of] open source software of all time".
• ssh-audit - SSH server & client auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc).
• SSHGuard - A software to protect services in addition to SSH, written in C.
• sshwatch - IPS for SSH similar to DenyHosts written in Python. It also can gather information about attacker during the attack in a log.
• Stealth - File integrity checker that leaves virtually no sediment. Controller runs from another machine, which makes it hard for an attacker to know that the file system is being checked at defined pseudo random intervals over SSH. Highly recommended for small to medium deployments.
• Suricata - Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors.
• wazuh - Wazuh is a free and open source XDR platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. Great tool foor all kind of deployments, it includes SIEM capabitilies (indexing + searching + WUI).
• Zeek - Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
  • zeek2es - An open source tool to convert Zeek logs to Elastic/OpenSearch. You can also output pure JSON from Zeek's TSV logs!

IP

^ back to top ^

• abuseipdb - Check an IP Address, Domain Name, or Subnet.
• CloakQuest3r - Uncover the true IP address of websites safeguarded by Cloudflare & Others.
• ifconfig.io - What is my ip address?.
• iknowwhatyoudownload - Use internet connection of other people (Wi Fi, their computers, tablets and smartphones) to know what they download in torrent network.
• ipdeny - All country IP block files are provided in CIDR format.
• myip - Live Whois IP Source.
• subnet-calculator - The CIDR Calculator enables CIDR network calculations using IP address, subnet mask, mask bits, maximum required IP addresses and maximum required subnets.

Honey Pot / Honey Net

^ back to top ^

See also awesome-honeypots - The canonical awesome honeypot list.

• Amun - Amun Python-based low-interaction Honeypot.
• Artillery - Open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods.
• Conpot - ICS/SCADA Honeypot. Conpot is a low interactive server side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. By providing a range of common industrial control protocols we created the basics to build your own system, capable to emulate complex infrastructures to convince an adversary that he just found a huge industrial complex. To improve the deceptive capabilities, we also provided the possibility to server a custom human machine interface to increase the honeypots attack surface. The response times of the services can be artificially delayed to mimic the behaviour of a system under constant load. Because we are providing complete stacks of the protocols, Conpot can be accessed with productive HMI's or extended with real hardware. Conpot is developed under the umbrella of the Honeynet Project and on the shoulders of a couple of very big giants.
• Cuckoo Sandbox - Cuckoo Sandbox is an Open Source software for automating analysis of suspicious files. To do so it makes use of custom components that monitor the behavior of the malicious processes while running in an isolated environment.
• Glastopf - Glastopf is a Honeypot which emulates thousands of vulnerabilities to gather data from attacks targeting web applications. The principle behind it is very simple: Reply the correct response to the attacker exploiting the web application.
• HoneyPy - HoneyPy is a low to medium interaction honeypot. It is intended to be easy to: deploy, extend functionality with plugins, and apply custom configurations.
• HonSSH - HonSSH is a high-interaction Honey Pot solution. HonSSH will sit between an attacker and a honey pot, creating two separate SSH connections between them.
• Kippo - Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.
• Kojoney - Kojoney is a low level interaction honeypot that emulates an SSH server. The daemon is written in Python using the Twisted Conch libraries.

Monitoring / Logging / Event Management

^ back to top ^

• BoxyHQ - Open source API for security and compliance audit logging.
• Falco - The cloud-native runtime security project and de facto Kubernetes threat detection engine now part of the CNCF.
• FIR - Fast Incident Response, a cybersecurity incident management platform.
• httpry - httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the traffic as it is parsed, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications.
• httpx - Fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library. It is designed to maintain result reliability with an increased number of threads.
• justniffer - Justniffer is a network protocol analyzer that captures network traffic and produces logs in a customized way, can emulate Apache web server log files, track response times and extract all "intercepted" files from the HTTP traffic.
• LogESP - Open Source SIEM (Security Information and Event Management system).
• Matano: Open source serverless security lake platform on AWS that lets you ingest, store, and analyze petabytes of security data into an Apache Iceberg data lake and run realtime Python detections as code.
• ngrep - ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.
• Node Security Platform - Similar feature set to Snyk, but free in most cases, and very cheap for others.
• ntopng - Ntopng is a network traffic probe that shows the network usage, similar to what the popular top Unix command does.
• opensnitch - OpenSnitch is a GNU/Linux port of the Little Snitch application firewall.
• openvpn-monitor - Web based OpenVPN monitor, that shows current connection information, such as users, location and data transferred.
• OSSIM - OSSIM provides all of the features that a security professional needs from a SIEM offering – event collection, normalization, and correlation.
• plow - High-performance HTTP benchmarking tool with real-time web UI and terminal displaying.
• Prelude - Prelude is a Universal "Security Information & Event Management" (SIEM) system. Prelude collects, normalizes, sorts, aggregates, correlates and reports all security-related events independently of the product brand or license giving rise to such events; Prelude is "agentless".
• sagan - Sagan uses a 'Snort like' engine and rules to analyze logs (syslog/event log/snmptrap/netflow/etc).
• uptime-kuma - Fancy self-hosted monitoring tool.
• VAST - Open source security data pipeline engine for structured event data, supporting high-volume telemetry ingestion, compaction, and retrieval; purpose-built for security content execution, guided threat hunting, and large-scale investigation.

Network Reconnaissance Tools

^ back to top ^

• ACLight - Script for advanced discovery of sensitive Privileged Accounts - includes Shadow Admins.
• AQUATONE - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.
• CloudFail - Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
• dnschecker - Online DNS Check.
• DNSDumpster - Online DNS recon and search service.
• dnsenum - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
• dnsmap - Passive DNS network mapper.
• dnsrecon - DNS enumeration script.
• dnstracer - Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
• fierce - Python3 port of the original fierce.pl DNS reconnaissance tool for locating non-contiguous IP space.
• MAC Address Vendor Lookup - By a given MAC address/OUI/IAB, retrieve OUI vendor information, detect virtual machines, manufacturer, locations, read the information encoded in the MAC, and get our research's results regarding any MAC address, OUI, IAB, IEEE.
• Mass Scan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
• netdiscover - Network address discovery scanner, based on ARP sweeps, developed mainly for those wireless networks without a DHCP server.
• nmap - Free security scanner for network exploration & security audits.
• OWASP Amass - Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc.
• passivedns-client - Library and query tool for querying several passive DNS providers.
• passivedns - Network sniffer that logs all DNS server replies for use in a passive DNS setup.
• RustScan - Lightweight and quick open-source port scanner designed to automatically pipe open ports into Nmap.
• ScanCannon - POSIX-compliant BASH script to quickly enumerate large networks by calling masscan to quickly identify open ports and then nmap to gain details on the systems/services on those ports.
• scanless - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.
• XRay - Network (sub)domain discovery and reconnaissance automation tool.
• zmap - Open source network scanner that enables researchers to easily perform Internet-wide network studies.

Network Traffic Replay and Editing Tools

^ back to top ^

• bittwist - Simple yet powerful libpcap-based Ethernet packet generator useful in simulating networking traffic or scenario, testing firewall, IDS, and IPS, and troubleshooting various network problems.
• hping3 - Network tool able to send custom TCP/IP packets.
• pig - GNU/Linux packet crafting tool.
• scapy - Python-based interactive packet manipulation program and library.
• tcpreplay - Suite of free Open Source utilities for editing and replaying previously captured network traffic.
• TraceWrangler - Network capture file toolkit that can edit and merge pcap or pcapng files with batch editing features.
• WireEdit - Full stack WYSIWYG pcap editor (requires a free license to edit packets).

Network Vulnerability Scanners

^ back to top ^

• Above - Automates the search for network vulnerabilities, designed for pentesters, Red Team operators, and network security engineers.
• Bolt - CSRF Scanner.
• Boofuzz - Fuzzing engine and fuzz testing framework.
• celerystalk - Asynchronous enumeration and vulnerability scanner that "runs all the tools on all the hosts" in a configurable manner.
• CVS - Powerful and customizable vulnerability scanner based on VDSL, which can replace Nessus or Nuclei, etc.
• Deepfence SecretScanner - Find secrets and passwords in container images and file systems.
• Deepfence ThreatMapper - Apache v2, powerful runtime vulnerability scanner for kubernetes, virtual machines and serverless.
• Goby - The new generation of network security technology achieves rapid security emergency through the establishment of a complete asset database for the target.
• kube-hunter - Open-source tool that runs a set of tests ("hunters") for security issues in Kubernetes clusters from either outside ("attacker's view") or inside a cluster.
• log4j-scan - Fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts.
• monsoon - Very flexible and fast interactive HTTP enumeration/fuzzing.
• Nessus - Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable.
• Netsparker Application Security Scanner - Application security scanner to automatically find security flaws.
• Netz- Discover internet-wide misconfigurations, using zgrab2 and others.
• Nexpose - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
• nuclei - Fast and customizable vulnerability scanner based on simple YAML based DSL.
• nuclei-templates - Community curated list of templates for the nuclei engine to find security vulnerabilities.
• Nucleimonst3r - Powerful vulnerability scanner that can help Bug Bounty Hunters find low hanging fruit vulnerabilities for known CVEs and exploits but also gather all the technology running behind them for further investigation for a potential target.
• OpenVAS - Free software implementation of the popular Nessus vulnerability assessment system.
• Pompem - Pompem is an open source tool, which is designed to automate the search for exploits in major databases. Developed in Python, has a system of advanced search, thus facilitating the work of pentesters and ethical hackers. In its current version, performs searches in databases: Exploit-db, 1337day, Packetstorm Security.
• trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more.
• Vuls - Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go.

Protocol Analyzers / Sniffers

^ back to top ^

• Debookee - Simple and powerful network traffic analyzer for macOS.
• Deepfence PacketStreamer - High-performance remote packet capture and collection tool, distributed tcpdump for cloud native environments.
• Dshell - Network forensic analysis framework.
• Live HTTP headers - Live HTTP headers is a free firefox addon to see your browser requests in real time. It shows the entire headers of the requests and can be used to find the security loopholes in implementations.
• Moloch - Moloch is an open source, large scale IPv4 packet capturing (PCAP), indexing and database system. A simple web interface is provided for PCAP browsing, searching, and exporting. APIs are exposed that allow PCAP data and JSON-formatted session data to be downloaded directly. Simple security is implemented by using HTTPS and HTTP digest password support or by using apache in front. Moloch is not meant to replace IDS engines but instead work along side them to store and index all the network traffic in standard PCAP format, providing fast access. Moloch is built to be deployed across many systems and can scale to handle multiple gigabits/sec of traffic.
• netsniff-ng - Swiss army knife for network sniffing.
• Netzob - Reverse engineering, traffic generation and fuzzing of communication protocols.
• OpenFPC - OpenFPC is a set of tools that combine to provide a lightweight full-packet network traffic recorder & buffering system. It's design goal is to allow non-expert users to deploy a distributed network traffic recorder on COTS hardware while integrating into existing alert and log management tools.
• sniffglue - Secure multithreaded packet sniffer.
• stenographer - Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets.
• tcpdump/libpcap - Common packet analyzer that runs under the command line.
• `tcpflow - tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis and debugging. Each TCP flow is stored in its own file. Thus, the typical TCP flow will be stored in two files, one for each direction. tcpflow can also process stored 'tcpdump' packet flows.
• Wireshark - Widely-used graphical, cross-platform network protocol analyzer.
• Xplico - The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).

Proxies and Machine-in-the-Middle (MITM) Tools

^ back to top ^

See also Web Proxies Intercepting.

• BetterCAP - Modular, portable and easily extensible MITM framework.
• dnschef - Highly configurable DNS proxy for pentesters.
• Ettercap - Comprehensive, mature suite for machine-in-the-middle attacks.
• evilgrade - Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
• Habu - Python utility implementing a variety of network attacks, such as ARP poisoning, DHCP starvation, and more.
• Lambda-Proxy - Utility for testing SQL Injection vulnerabilities on AWS Lambda serverless functions.
• mallory - HTTP/HTTPS proxy over SSH.
• MITMf - Framework for Man-In-The-Middle attacks.
• Morpheus - Automated ettercap TCP/IP Hijacking tool.
• oregano - Python module that runs as a machine-in-the-middle (MITM) accepting Tor client requests.
• SSH MITM - Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.
• sylkie - Command line tool and library for testing networks for common address spoofing security vulnerabilities in IPv6 networks using the Neighbor Discovery Protocol.

Transport Layer Security Tools

^ back to top ^

• crackpkcs12 - Multithreaded program to crack PKCS#12 files (.p12 and .pfx extensions), such as TLS/SSL certificates.
• localhost.direct - Localhost with public CA signed SSL certificate.
• mkcert - A simple zero-config tool to make locally trusted development certificates with any names you'd like.
• SSLyze - Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.
• testssl.sh - Command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.
• tls_prober - Fingerprint a server's SSL/TLS implementation.

VPN

^ back to top ^

• Firezone - Open-source VPN server and egress firewall for Linux built on WireGuard that makes it simple to manage secure remote access to your company’s private networks. Firezone is easy to set up (all dependencies are bundled thanks to Chef Omnibus), secure, performant, and self hostable.
• OpenVPN - OpenVPN is an open source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange.

Wireless Network Tools

^ back to top ^

• Aircrack-ng - Set of tools for auditing wireless networks.
• Airgeddon - Multi-use bash script for Linux systems to audit wireless networks.
• BoopSuite - Suite of tools written in Python for wireless auditing.
• Bully - Implementation of the WPS brute force attack, written in C.
• Cowpatty - Brute-force dictionary attack against WPA-PSK.
• Fluxion - Suite of automated social engineering based WPA attacks.
• infernal-twin - Automated wireless hacking tool.
• Kismet - Wireless network detector, sniffer, and IDS.
• KRACK Detector - Detect and prevent KRACK attacks in your network.
• krackattacks-scripts - WPA2 Krack attack scripts.
• PSKracker - Collection of WPA/WPA2/WPS default algorithms, password generators, and PIN generators written in C.
• pwnagotchi - Deep reinforcement learning based AI that learns from the Wi-Fi environment and instruments BetterCAP in order to maximize the WPA key material captured.
• Reaver - Brute force attack against WiFi Protected Setup.
• WiFi Pineapple - Wireless auditing and penetration testing platform.
• Wifite - Automated wireless attack tool.
• wifi-arsenal - Resources for Wi-Fi Pentesting.
• WiFi-Pumpkin - Framework for rogue Wi-Fi access point attack.

---

Open Sources Intelligence (OSINT)

^ back to top ^

See also awesome-osint.

• bbot - OSINT automation for hackers.
• creepy - Geolocation OSINT tool.
• DataSploit - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes.
• Depix - Tool for recovering passwords from pixelized screenshots (by de-pixelating text).
• Facebook Friend List Scraper - Tool to scrape names and usernames from large friend lists on Facebook, without being rate limited.
• gOSINT - OSINT tool with multiple modules and a telegram scraper.
• GyoiThon - GyoiThon is an Intelligence Gathering tool using Machine Learning.
• Hunter.io - Data broker providing a Web search interface for discovering the email addresses and other organizational details of a company.
• image-match - Quickly search over billions of images.
• Intrigue - Automated OSINT & Attack Surface discovery framework with powerful API, UI and CLI.
• Maltego - Proprietary software for open sources intelligence and forensics.
• PacketTotal - Simple, free, high-quality packet capture file analysis facilitating the quick detection of network-borne malware (using Zeek and Suricata IDS signatures under the hood).
• recon-ng - Full-featured Web Reconnaissance framework written in Python.
• Skiptracer - OSINT scraping framework that utilizes basic Python webscraping (BeautifulSoup) of PII paywall sites to compile passive information on a target on a ramen noodle budget.
• sn0int - Semi-automatic OSINT framework and package manager.
• Sn1per - Automated Pentest Recon Scanner.
• Spiderfoot - Multi-source OSINT automation tool with a Web UI and report visualizations.
• surfraw - Fast UNIX command line interface to a variety of popular WWW search engines.
• Threat Crowd - Search engine for threats.
• z-cam - The First Python Compatible Camera Hacking Tool.

Dorking tools

^ back to top ^

• BinGoo - GNU/Linux bash based Bing and Google Dorking Tool.
• dorkbot - Command-line tool to scan Google (or other) search results for vulnerabilities.
• dorks - Google hack database automation tool.
• dork-cli - Command line Google dork tool.
• fast-recon - Perform Google dorks against a domain.
• github-dorks - CLI tool to scan GitHub repos/organizations for potential sensitive information leaks.
• GooDork - Command line Google dorking tool.
• Google Hacking Database - Database of Google dorks; can be used for recon.
• pagodo - Automate Google Hacking Database scraping.
• snitch - Information gathering via dorks.

Email, phone search and analysis tools

^ back to top ^

• email2phonenumber - OSINT tool to obtain a target's phone number just by having his email address.
• enola - This is Sherlock's sister Enola, Modern shiny CLI tool written with Golang to help you: 🔎 Hunt down social media accounts by username across social networks.
• Moriarty-Project - this tool gives information about the phone number that you entered.
• SimplyEmail - Email recon made fast and easy.
• WhatBreach - Search email addresses and discover all known breaches that this email has been seen in, and download the breached database if it is publicly available.

Metadata harvesting and analysis

^ back to top ^

• FOCA (Fingerprinting Organizations with Collected Archives) - Automated document harvester that searches Google, Bing, and DuckDuckGo to find and extrapolate internal company organizational structures.
• metagoofil - Metadata harvester.
• theHarvester - E-mail, subdomain and people names harvester.

Network device discovery tools

^ back to top ^

• Censys - Collects data on hosts and websites through daily ZMap and ZGrab scans.
• Shodan - World's first search engine for Internet-connected devices.
• ZoomEye - Search engine for cyberspace that lets the user find specific network components.

OSINT Online Resources

^ back to top ^

• bugmenot - Find and share logins, see if the bugmenot community has shared any logins for it.
• CertGraph - Crawls a domain's SSL/TLS certificates for its certificate alternative names.
• Extract Images - Extract Images from any public website by using a virtual browser.
• GhostProject - Searchable database of billions of cleartext passwords, partially visible for free.
• HostHunter - Recon tool for discovering hostnames using OSINT techniques.
• iHUNT Intelligence FRAMEWORK - Focuses on gathering information from free and open-source tools or resources. The intention is to help people find free and open source combined OSINT, GEOINT, SOCMINT and HUMINT resources for research or practice purposes, especially Law Enforcement and Intelligence Officers.
• investigator - Online handy-recon tool.
• NetBootcamp OSINT Tools - Collection of OSINT links and custom Web interfaces to other services.
• OSINT Framework - Collection of various OSINT tools broken out by category.
• whatsmyname - This tool allows you to enumerate usernames across many websites.
• WiGLE.net - Information about wireless networks world-wide, with user-friendly desktop and web applications.

Source code repository searching tools

^ back to top ^

See also Web Accessible Source Code Ripping Tools.

• vcsmap - Plugin-based tool to scan public version control systems for sensitive information.
• Yar - Clone git repositories to search through the whole commit history in order of commit time for secrets, tokens, or passwords.

Web application and resource analysis tools

^ back to top ^

• BlindElephant - Web application fingerprinter.
• EyeWitness - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
• VHostScan - Virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
• wafw00f - Identifies and fingerprints Web Application Firewall (WAF) products.
• Wappalyzer - Wappalyzer uncovers the technologies used on websites.
• webscreenshot - Simple script to take screenshots of websites from a list of sites.
• WhatWaf - Detect and bypass web application firewalls and protection systems.
• WhatWeb - Website fingerprinter.

---

Operating Systems

Linux

^ back to top ^

• Bashark - Aids pentesters and security researchers during the post-exploitation phase of security audit.
• checksec.sh - Shell script designed to test what standard Linux OS and PaX security features are being used.
• Fenrir - Simple IOC scanner bash script.
• GTFOBins - Curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
• GTFONow - Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.
• How-To-Secure-A-Linux-Server - An evolving how-to guide for securing a Linux server.
• Hwacha - Post-exploitation tool to quickly execute payloads via SSH on one or more Linux systems simultaneously.
• LinEnum - Scripted Local Linux Enumeration & Privilege Escalation Checks.
• LinPEAS - LinPEAS is a script that search for possible paths to escalate privileges on Linux/Unix*/MacOS hosts.
• Linux Exploit Suggester - Heuristic reporting on potentially viable exploits for a given GNU/Linux system.
• linuxprivchecker - Linux Privilege Escalation Check Script
• linux-private-i - Linux bash tool for Enumeration & Privilege Escalation.
• Linux-Privilege-Escalation - This cheatsheet is aimed at the OSCP aspirants to help them understand the various methods of Escalating Privilege on Linux based Machines and CTFs with examples.
• linux-smart-enumeration - Linux enumeration tool for pentesting and CTFs with verbosity levels.
• LOLBAS (Living Off The Land Binaries and Scripts) - Documents binaries, scripts, and libraries that can be used for "Living Off The Land" techniques, i.e., binaries that can be used by an attacker to perform actions beyond their original purpose.
• Lynis - Auditing tool for UNIX-based systems.
• Postenum - Shell script used for enumerating possible privilege escalation opportunities on a local GNU/Linux system.
• pyBackdoor - a cross-platform (Windows/Linux/MacOS) yet simple and powerful backdoor/reverse tcp/RAT made in Python3 which contains many features such as multi-client support.
• RecoverPy - Interactively find and recover deleted or overwritten files from your terminal.
• PwnKit - Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation.
• SSH-Harvester - Harvest passwords automatically from OpenSSH server.
• unix-privesc-check - Shell script to check for simple privilege escalation vectors on UNIX systems.

Linux Online Resources

^ back to top ^

• chmod calculator - Chmod calculator allows you to quickly generate permissions in numerical and symbolic formats. All extra options are included (recursive, sticky, etc). You’ll be ready to copy paste your chmod command into your terminal in seconds.
• crontab.guru - The quick and simple editor for cron schedule expressions.
• Data Storage Converter - Popular data storage unit conversions.
• explainshell - Write down a command-line to see the help text that matches each argument.
• LDAP TS Converter - LDAP, Active Directory & Filetime Timestamp Converter.
• Unix TS Converter - Epoch & Unix Timestamp Conversion Tools.

macOS

^ back to top ^

• Bella - Pure Python post-exploitation data mining and remote administration tool for macOS.
• EvilOSX - Modular RAT that uses numerous evasion and exfiltration techniques out-of-the-box.

Windows

^ back to top ^

• Active Directory and Privilege Escalation (ADAPE) - Umbrella script that automates numerous useful PowerShell modules to discover security misconfigurations and attempt privilege escalation against Active Directory.
• Bloodhound - Graphical Active Directory trust relationship explorer.
• Commando VM - Automated installation of over 140 Windows software packages for penetration testing and red teaming.
• Covenant - ASP .NET Core application that serves as a collaborative command and control platform for red teamers.
• ctftool - Interactive Collaborative Translation Framework (CTF) exploration tool capable of launching cross-session edit session attacks.
• DeathStar - Python script that uses Empire's RESTful API to automate gaining Domain Admin rights in Active Directory environments.
• DomainPasswordSpray - Tool written in PowerShell to perform a password spray attack against users of a domain.
• Empire - Pure PowerShell post-exploitation agent.
• Fibratus - Tool for exploration and tracing of the Windows kernel.
• Inveigh - Windows PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer/machine-in-the-middle tool.
• LaZagne - Credentials recovery project.
• MailSniper - Modular tool for searching through email in a Microsoft Exchange environment, gathering the Global Address List from Outlook Web Access (OWA) and Exchange Web Services (EWS), and more.
• mimikatz - Credentials extraction tool for Windows operating system.
• PowerSploit - PowerShell Post-Exploitation Framework.
• redsnarf - Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers.
• Responder - Link-Local Multicast Name Resolution (LLMNR), NBT-NS, and mDNS poisoner.
• RID_ENUM - Python script that can enumerate all users from a Windows Domain Controller and crack those user's passwords using brute-force.
• Rubeus - Toolset for raw Kerberos interaction and abuses.
• Ruler - Abuses client-side Outlook features to gain a remote shell on a Microsoft Exchange server.
• SCOMDecrypt - Retrieve and decrypt RunAs credentials stored within Microsoft System Center Operations Manager (SCOM) databases.
• SprayingToolkit - Scripts to make password spraying attacks against Lync/S4B, Outlook Web Access (OWA) and Office 365 (O365) a lot quicker, less painful and more efficient.
• Sysinternals Suite - The Sysinternals Troubleshooting Utilities.
• ToxicEye - Program for remote control of windows computers via telegram bot. Written in C#.
• wePWNise - Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software.
• Windows Credentials Editor - Inspect logon sessions and add, change, list, and delete associated credentials, including Kerberos tickets.
• Windows Exploit Suggester - Detects potential missing patches on the target.
• WinPwn - Internal penetration test script to perform local and domain reconnaissance, privilege escalation and exploitation.

Operating System Distributions

^ back to top ^

• Android Tamer - Distribution built for Android security professionals that includes tools required for Android security testing.
• ArchStrike - Arch GNU/Linux repository for security professionals and enthusiasts.
• AttifyOS - GNU/Linux distribution focused on tools useful during Internet of Things (IoT) security assessments.
• BlackArch - Arch GNU/Linux-based distribution for penetration testers and security researchers.
• Buscador - GNU/Linux virtual machine that is pre-configured for online investigators.
• Kali - Rolling Debian-based GNU/Linux distribution designed for penetration testing and digital forensics.
• Network Security Toolkit (NST) - Fedora-based GNU/Linux bootable live Operating System designed to provide easy access to best-of-breed open source network security applications.
• Parrot - Distribution similar to Kali, with support for multiple hardware architectures.
• PentestBox - Open source pre-configured portable penetration testing environment for the Windows Operating System.
• Qubes OS - Qubes OS is a free and open-source security-oriented operating system meant for single-user desktop computing.
• Tails OS - Tails is a portable operating system that protects against surveillance and censorship.
• The Pentesters Framework - Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that omits less frequently used utilities.
• tsurugi - heavily customized Linux distribution that designed to support DFIR investigations, malware analysis and OSINT activities.
• Whonix - Operating System designed for anonymity.

Online Operating Systems Resources

^ back to top ^

• DistroWatch.com's Security Category - Website dedicated to talking about, reviewing, and keeping up to date with open source operating systems.

---

Penetration Testing

^ back to top ^

See also Awesome Pentest - Collection of awesome penetration testing resources, tools and other shiny things.

See also Awesome Pentest Cheat Sheets - Collection of the cheat sheets useful for pentesting.

See also our Penetration Testing Collection - Out custom collection of the cheat sheets useful for pentesting.

Addintional Penetration Tools

^ back to top ^

• arsenal - is just a quick inventory, reminder and launcher for pentest commands.
• rsg - A tool to generate various ways to do a reverse shell.
• SSH-Snake - Self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.

Online Penetration Testing Resources

^ back to top ^

• offsec.tools - A vast collection of security tools for bug bounty, pentest and red teaming.
• MITRE's Adversarial Tactics, Techniques & Common Knowledge (ATT&CK) - Curated knowledge base and model for cyber adversary behavior.
• Metasploit Unleashed - Free Offensive Security Metasploit course.
• Open Web Application Security Project (OWASP) - Worldwide not-for-profit charitable organization focused on improving the security of especially Web-based and Application-layer software.
• pentest-book - This book contains a bunch of info, scripts and knowledge used during pentests.
• PENTEST-WIKI - Free online security knowledge library for pentesters and researchers.
• Penetration Testing Execution Standard (PTES) - Documentation designed to provide a common language and scope for performing and reporting the results of a penetration test.
• Penetration Testing Framework (PTF) - Outline for performing penetration tests compiled as a general framework usable by vulnerability analysts and penetration testers alike.
• XSS-Payloads - Resource dedicated to all things XSS (cross-site), including payloads, tools, games, and documentation.

Passwords

^ back to top ^

• Hive Systems Password Table - Checking, Are Your Passwords in the Green?
• weakpass - For any kind of bruteforce find wordlists.

Penetration Testing Report Templates

^ back to top ^

• OffSec-Reporting - Offensive Security OSCP, OSWP, OSEP, OSWA, OSWE, OSED, OSMR, OSEE, OSDA Exam and Lab Reporting / Note-Taking Tool.
• Public Pentesting Reports - Curated list of public penetration test reports released by several consulting firms and academic security groups.
• T&VS Pentesting Report Template - Pentest report template provided by Test and Verification Services, Ltd.
• Web Application Security Assessment Report Template - Sample Web application security assessment reporting template provided by Lucideus.

---

Physical Access Tools

^ back to top ^

• AT Commands - Use AT commands over an Android device's USB port to rewrite device firmware, bypass security mechanisms, exfiltrate sensitive information, perform screen unlocks, and inject touch events.
• Bash Bunny - Local exploit delivery tool in the form of a USB thumbdrive in which you write payloads in a DSL called BunnyScript.
• LAN Turtle - Covert "USB Ethernet Adapter" that provides remote access, network intelligence gathering, and MITM capabilities when installed in a local network.
• Packet Squirrel - Ethernet multi-tool designed to enable covert remote access, painless packet captures, and secure VPN connections with the flip of a switch.
• PCILeech - Uses PCIe hardware devices to read and write from the target system memory via Direct Memory Access (DMA) over PCIe.
• Poisontap - Siphons cookies, exposes internal (LAN-side) router and installs web backdoor on locked computers.
• Proxmark3 - RFID/NFC cloning, replay, and spoofing toolkit often used for analyzing and attacking proximity cards/readers, wireless keys/keyfobs, and more.
• Thunderclap - Open source I/O security research platform for auditing physical DMA-enabled hardware peripheral ports.
• USB Rubber Ducky - Customizable keystroke injection attack platform masquerading as a USB thumbdrive.

---

Reverse Engineering

^ back to top ^

• angr - Platform-agnostic binary analysis framework.
• binwalk - Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
• boxxy - Linkable sandbox explorer.
• Capstone - Lightweight multi-platform, multi-architecture disassembly framework.
• Detect It Easy(DiE) - Program for determining types of files for Windows, Linux and MacOS.
• dnSpy - Tool to reverse engineer .NET assemblies.
• Evan's Debugger - OllyDbg-like debugger for GNU/Linux.
• Fridax - Read variables and intercept/hook functions in Xamarin/Mono JIT and AOT compiled iOS/Android applications.
• Frida - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
• Ghidra - Suite of free software reverse engineering tools developed by NSA's Research Directorate originally exposed in WikiLeaks's "Vault 7" publication and now maintained as open source software.
• Immunity Debugger - Powerful way to write exploits and analyze malware.
• Interactive Disassembler (IDA Pro) - Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, IDA Free.
• Medusa - Open source, cross-platform interactive disassembler.
• OllyDbg - x86 debugger for Windows binaries that emphasizes binary code analysis.
• plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
• pwndbg - GDB plug-in that eases debugging with GDB, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers, and exploit developers.
• PyREBox - Python scriptable Reverse Engineering sandbox by Cisco-Talos.
• Radare2 - Open source, crossplatform reverse engineering framework.
• rVMI - Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool.
• UEFITool - UEFI firmware image viewer and editor.
• Voltron - Extensible debugger UI toolkit written in Python.
• WDK/WinDbg - Windows Driver Kit and WinDbg.
• x64dbg - Open source x64/x32 debugger for windows.

---

Samba Enumerating

^ back to top ^

• enum4linux-ng - Checking public resources for specified ranges on the local network.
• MANSPIDER - Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported.
• smbmap - Checking public resources for specified ranges on the local network.
• SMBSR - Lookup for interesting stuff in SMB shares.

---

Social Engineering

^ back to top ^

See also awesome-social-engineering.

• Beelogger - Tool for generating keylooger.
• Catphish - Tool for phishing and corporate espionage written in Ruby.
• Evilginx2 - Standalone Machine-in-the-Middle (MitM) reverse proxy attack framework for setting up phishing pages capable of defeating most forms of 2FA security schemes.
• fakeinfo - Generate Fake Info.
• fake-telegram-chat-generator - Generate your very own fake Telegram Messanger Chat.
• FiercePhish - Full-fledged phishing framework to manage all phishing engagements.
• Gophish - Open-source phishing framework.
• King Phisher - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content.
• Modlishka - Flexible and powerful reverse proxy with real-time two-factor authentication.
• phishery - TLS/SSL enabled Basic Auth credential harvester.
• ReelPhish - Real-time two-factor phishing tool.
• Social Engineer Toolkit (SET) - Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly.
• Social Engineering Framework - Information resource for social engineers.
• SocialFish - Social media phishing framework that can run on an Android phone or in a Docker container.
• wifiphisher - Automated phishing attacks against WiFi networks.
• zeoob - Create Fake Instagram, Twitter & Facebook Posts.

---

Static Analyzers

^ back to top ^

• bandit - Security oriented static analyser for Python code.
• Brakeman - Static analysis security vulnerability scanner for Ruby on Rails applications.
• cppcheck - Extensible C/C++ static analyzer focused on finding bugs.
• cwe_checker - Suite of tools built atop the Binary Analysis Platform (BAP) to heuristically detect CWEs in compiled binaries and firmware.
• FindBugs - Free software static analyzer to look for bugs in Java code.
• Pixee - Pixeebot finds security and code quality issues in your code and creates merge-ready pull requests with recommended fixes.
• Progpilot - Static security analysis tool for PHP code.
• RegEx-DoS - Analyzes source code for Regular Expressions susceptible to Denial of Service attacks.
• sobelow - Security-focused static analysis for the Phoenix Framework.

---

Steganography Tools

^ back to top ^

• Cloakify - Textual steganography toolkit that converts any filetype into lists of everyday strings.
• StegCracker - Steganography brute-force utility to uncover hidden data inside files.
• StegOnline - Web-based, enhanced, and open-source port of StegSolve.

---

Threat Intelligence

^ back to top ^

See also Awesome Threat Detection and Hunting - A curated list of awesome threat detection and hunting resources. See also Awesome Threat Intelligence - A curated list of threat intelligence resources. See also Awesome Threat Modeling - A curated list of Threat Modeling resources.

• abuse.ch - ZeuS Tracker / SpyEye Tracker / Palevo Tracker / Feodo Tracker tracks Command&Control servers (hosts) around the world and provides you a domain- and an IP-blocklist.
• AlienVault Open Threat Exchange - AlienVault Open Threat Exchange (OTX), to help you secure your networks from data loss, service disruption and system compromise caused by malicious IP addresses.
• AutoShun - AutoShun is a Snort plugin that allows you to send your Snort IDS logs to a centralized server that will correlate attacks from your sensor logs with other snort sensors, honeypots, and mail filters from around the world.
• CIFv2 - CIF is a cyber threat intelligence management system. CIF allows you to combine known malicious threat information from many sources and use that information for identification (incident response), detection (IDS) and mitigation (null route).
• Cyberowl - A daily updated summary of the most frequent types of security incidents currently being reported from different sources.
• Cyware Threat Intelligence Feeds - Cyware’s Threat Intelligence feeds brings to you the valuable threat data from a wide range of open and trusted sources to deliver a consolidated stream of valuable and actionable threat intelligence. Our threat intel feeds are fully compatible with STIX 1.x and 2.0, giving you the latest information on malicious malware hashes, IPs and domains uncovered across the globe in real-time.
• DNS-BH - The DNS-BH project creates and maintains a listing of domains that are known to be used to propagate malware and spyware. This project creates the Bind and Windows zone files required to serve fake replies to localhost for any requests to these, thus preventing many spyware installs and reporting.
• Emerging Threats - Open Source - Emerging Threats began 10 years ago as an open source community for collecting Suricata and SNORT® rules, firewall rules, and other IDS rulesets. The open source community still plays an active role in Internet security, with more than 200,000 active users downloading the ruleset daily. The ETOpen Ruleset is open to any user or organization, as long as you follow some basic guidelines. Our ETOpen Ruleset is available for download any time.
• FireEye OpenIOCs - FireEye Publicly Shared Indicators of Compromise (IOCs)
• IntelMQ - IntelMQ is a solution for CERTs for collecting and processing security feeds, pastebins, tweets using a message queue protocol. It's a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs. ENSIA Homepage.
• Internet Storm Center - The ISC was created in 2001 following the successful detection, analysis, and widespread warning of the Li0n worm. Today, the ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers.
• leakedin.com - The primary purpose of leakedin.com is to make visitors aware about the risks of loosing data. This blog just compiles samples of data lost or disclosed on sites like pastebin.com.
• MISP - Open Source Threat Intelligence Platform - MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators. A threat intelligence platform for gathering, sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information. The MISP project includes software, common libraries (taxonomies, threat-actors and various malware), an extensive data model to share new information using objects and default feeds.
• OpenVAS NVT Feed - The public feed of Network Vulnerability Tests (NVTs). It contains more than 35,000 NVTs (as of April 2014), growing on a daily basis. This feed is configured as the default for OpenVAS.
• PhishStats - Phishing Statistics with search for IP, domain and website title.
• PhishTank - PhishTank is a collaborative clearing house for data and information about phishing on the Internet. Also, PhishTank provides an open API for developers and researchers to integrate anti-phishing data into their applications at no charge.
• Project Honey Pot - Project Honey Pot is the first and only distributed system for identifying spammers and the spambots they use to scrape addresses from your website. Using the Project Honey Pot system you can install addresses that are custom-tagged to the time and IP address of a visitor to your site. If one of these addresses begins receiving email we not only can tell that the messages are spam, but also the exact moment when the address was harvested and the IP address that gathered it.
• SBL / XBL / PBL / DBL / DROP / ROKSO - The Spamhaus Project is an international nonprofit organization whose mission is to track the Internet's spam operations and sources, to provide dependable realtime anti-spam protection for Internet networks, to work with Law Enforcement Agencies to identify and pursue spam and malware gangs worldwide, and to lobby governments for effective anti-spam legislation.
• Threat Jammer - REST API service that allows developers, security engineers, and other IT professionals to access curated threat intelligence data from a variety of sources.
• Tor Bulk Exit List - CollecTor, your friendly data-collecting service in the Tor network. CollecTor fetches data from various nodes and services in the public Tor network and makes it available to the world. If you're doing research on the Tor network, or if you're developing an application that uses Tor network data, this is your place to start. TOR Node List / DNS Blacklists / Tor Node List
• virustotal - VirusTotal, a subsidiary of Google, is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. At the same time, it may be used as a means to detect false positives, i.e. innocuous resources detected as malicious by one or more scanners.

---

Vulnerability Databases

^ back to top ^

• Bugtraq (BID) - Software security bug identification database compiled from submissions to the SecurityFocus mailing list and other sources, operated by Symantec, Inc.
• China National Vulnerability Database (CNNVD) - Chinese government-run vulnerability database analoguous to the United States's CVE database hosted by Mitre Corporation.
• Common Vulnerabilities and Exposures (CVE) - Dictionary of common names (i.e., CVE Identifiers) for publicly known security vulnerabilities.
• CXSecurity - Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a Google dork database for discovering the listed vulnerability.
• Exploit-DB - Non-profit project hosting exploits for software vulnerabilities, provided as a public service by Offensive Security.
• Full-Disclosure - Public, vendor-neutral forum for detailed discussion of vulnerabilities, often publishes details before many other sources.
• GitHub Advisories - Public vulnerability advisories published by or affecting codebases hosted by GitHub, including open source projects.
• HPI-VDB - Aggregator of cross-referenced software vulnerabilities offering free-of-charge API access, provided by the Hasso-Plattner Institute, Potsdam.
• Inj3ct0r - Exploit marketplace and vulnerability information aggregator. (Onion service.)
• Microsoft Security Advisories and Bulletins - Archive and announcements of security advisories impacting Microsoft software, published by the Microsoft Security Response Center (MSRC).
• Mozilla Foundation Security Advisories - Archive of security advisories impacting Mozilla software, including the Firefox Web Browser.
• National Vulnerability Database (NVD) - United States government's National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine.
• Open Source Vulnerabilities (OSV) - Database of vulnerabilities affecting open source software, queryable by project, Git commit, or version.
• Packet Storm - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
• Rapid7 - Vulnerability & Exploit Database.
• SecuriTeam - Independent source of software vulnerability information.
• Snyk Vulnerability DB - Detailed information and remediation guidance for vulnerabilities known by Snyk.
• Sploitus - Convenient central place for identifying the newest exploits and finding attacks that exploit known vulnerabilities.
• US-CERT Vulnerability Notes Database - Summaries, technical details, remediation information, and lists of vendors affected by software vulnerabilities, aggregated by the United States Computer Emergency Response Team (US-CERT).
• VulDB - Independent vulnerability database with user community, exploit details, and additional meta data (e.g. CPE, CVSS, CWE)
• Vulmon - Vulnerability search engine with vulnerability intelligence features that conducts full text searches in its database.
• Vulnerability Lab - Open forum for security advisories organized by category of exploit target.
• Vulners - Security database of software vulnerabilities.
• Zero Day Initiative - Bug bounty program with publicly accessible archive of published security advisories, operated by TippingPoint.

---

Web

^ back to top ^

See also Awesome Web Hacking - This list is for anyone wishing to learn about web application security but do not have a starting point.

• OWASP - The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software.
• Portswigger - PortSwigger offers tools for web application security, testing & scanning. Choose from a wide range of security tools & identify the very latest vulnerabilities.

Web Accessible Source Code Ripping Tools

^ back to top ^

• DVCS Ripper - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.
• GitTools - Automatically find and download Web-accessible .git repositories.
• git-dumper - Tool to dump a git repository from a website.
• git-scanner - Tool for bug hunting or pentesting websites that have open .git repositories available in public.

Web Application Firewall

^ back to top ^

• Curiefense - Curiefense adds a broad set of automated web security tools, including a WAF to Envoy Proxy.
• ironbee - IronBee is an open source project to build a universal web application security sensor. IronBee as a framework for developing a system for securing web applications - a framework for building a web application firewall (WAF).
• ModSecurity - ModSecurity is a toolkit for real-time web application monitoring, logging, and access control.
• NAXSI - NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX, NAXSI means Nginx Anti Xss & Sql Injection.
• sql_firewall SQL Firewall Extension for PostgreSQL.

Web Exploitation

^ back to top ^

• autochrome - Chrome browser profile preconfigured with appropriate settings needed for web application testing.
• badtouch - Scriptable network authentication cracker.
• corschecker - Java Script for performing CORS security test.
• FuzzDB - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
• gobuster - Lean multipurpose brute force search/fuzzing tool for Web (and DNS) reconnaissance.
• h2t - HTTP Hardening Tool for scans a website and suggests security headers to apply.
• Offensive Web Testing Framework (OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
• Parth - Heuristic Vulnerable Parameter Scanner.
• PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
• Raccoon - High performance offensive security tool for reconnaissance and vulnerability scanning.
• sslstrip2 - SSLStrip version to defeat HSTS.
• sslstrip - Demonstration of the HTTPS stripping attacks.
• WPSploit - Exploit WordPress-powered websites with Metasploit.

Web File Inclusion Tools

^ back to top ^

• fimap - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
• Kadimus - LFI scan and exploit tool.
• LFISuite - Automatic LFI scanner and exploiter.
• liffy - LFI exploitation tool.

Web Injection Tools

^ back to top ^

• Commix - Automated all-in-one operating system command injection and exploitation tool.
• NoSQLmap - Automatic NoSQL injection and database takeover tool.
• SQLmap - Automatic SQL injection and database takeover tool.
• tplmap - Automatic server-side template injection and Web server takeover tool.

Web Path Discovery / Bruteforcing Tools

^ back to top ^

• dirhunt - Find web directories without bruteforce.
• dirsearch - Web path scanner.
• DotDotPwn - Directory traversal fuzzer.
• GooFuzz - Tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).
• lulzbuster - Search files and folders on web-sites.
• recursebuster - Content discovery tool to perform directory and file bruteforcing.

Web Proxies Intercepting

^ back to top ^

See also Proxies and Machine-in-the-Middle (MITM) Tools.

• Burp Suite - Integrated platform for performing security testing of web applications.
• Fiddler - Free cross-platform web debugging proxy with user-friendly companion tools.
• mitmproxy - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
• OWASP Zed Attack Proxy (ZAP) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.

Web Shells / C2 Frameworks

^ back to top ^

• Browser Exploitation Framework (BeEF) - Command and control server for delivering exploits to commandeered Web browsers.
• DAws - Advanced Web shell.
• Merlin - Cross-platform post-exploitation HTTP/2 Command and Control server and agent written in Golang.
• PhpSploit - Full-featured C2 framework which silently persists on webserver via evil PHP oneliner.
• SharPyShell - Tiny and obfuscated ASP.NET webshell for C# web applications.
• weevely3 - Weaponized PHP-based web shell.

Web Subdomains

^ back to top ^

• Dome - Subdomain enumeration tool, fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.
• knock - Python3 tool designed to quickly enumerate subdomains on a target domain through dictionary attack.
• subbrute - DNS meta-query spider that enumerates DNS records, and subdomains.
• subDomainsBrute - Fast sub domain brute tool for pentesters.
• subfinder - Subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
• Sublist3r - Fast subdomains enumeration tool for penetration testers.

Web Vulnerability Scanners

^ back to top ^

• ACSTIS - Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.
• Arachni - Scriptable framework for evaluating the security of web applications.
• cms-explorer - Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
• Cyclops - The Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink.
• is-website-vulnerable - finds publicly known security vulnerabilities in a website's frontend JavaScript libraries.
• JCS - Joomla Vulnerability Component Scanner with automatic database updater from exploitdb and packetstorm.
• joomscan - Joomla vulnerability scanner.
• katana - A next-generation crawling and spidering framework.
• Keyscope - Keyscope is an extensible key and secret validation for checking active secrets against multiple SaaS vendors built in Rust.
• Nikto - Noisy but fast black box web server and web application vulnerability scanner.
• Recon-ng - Recon-ng is a full-featured Web Reconnaissance framework written in Python. Recon-ng has a look and feel similar to the Metasploit Framework.
• recon - a fast Rust based CLI that uses SQL to query over files, code, or malware with content classification and processing for security experts.
• reconFTW - A tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities.
• Scanmycode CE (Community Edition) - Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report. Currently supports: PHP, Java, Scala, Python, Ruby, Javascript, GO, Secret Scanning, Dependency Confusion, Trojan Source, Open Source and Proprietary Checks (total ca. 1000 checks)
• SecApps - In-browser web application security testing suite.
• skipfish - Performant and adaptable active web application security reconnaissance tool.
• sqlmap - sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
• SQLmate - Friend of sqlmap that identifies SQLi vulnerabilities based on a given dork and (optional) website.
• urlscan - Website scanner for suspicious and malicious URLs.
• w3af - Web application attack and audit framework.
• Wapiti - Black box web application vulnerability scanner with built-in fuzzer.
• WebReaver - Commercial, graphical web application vulnerability scanner designed for macOS.
• WPScan - Black box WordPress vulnerability scanner.
• ZAP - The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

---

Web Servers

^ back to top ^

• nginx playground - Paste in an nginx config, and then a server starts nginx for you and runs any curl or http command you want against that nginx server.
• nginxpwner - Simple tool to look for common Nginx misconfigurations and vulnerabilities.
• Server Side TLS - help teams with the configuration of TLS.

---

Useful Resources

Documents / Images

^ back to top ^

• documents
• images

Security Awesome Lists

^ back to top ^

• Awesome Anti Forensics - A collection of awesome tools used to counter forensics activities.
• Awesome AppSec - Resources for learning about application security.
• Awesome ARM Exploitation - A curated list of ARM exploitation resources.
• Awesome Blue Team - Awesome resources, tools, and other shiny things for cybersecurity blue teams.
• Awesome Bluetooth Security - A curated list of Bluetooth security resources.
• Awesome Censys Queries - A collection of fascinating and bizarre Censys Search Queries.
• Awesome Container Security - A curated list of awesome resources related to container building and runtime security
• Awesome Crypto Papers - A curated list of cryptography papers, articles, tutorials and howtos.
• Awesome Electron.js Hacking - A curated list of awesome resources about Electron.js (in)security
• Awesome Hacking - A curated list of awesome Hacking tutorials, tools and resources.
• Awesome Incident Response - A curated list of resources for incident response.
• Awesome Industrial Control System Security - A curated list of resources related to Industrial Control System (ICS) security.
• Awesome Infosec - Information security resources for pentesting, forensics, and more.
• Awesome Linux Containers - A curated list of awesome Linux Containers frameworks, libraries and software.
• Awesome Malware - Curated collection of awesome malware, botnets, and other post-exploitation tools.
• Awesome PCAP Tools - A collection of tools developed by other researchers in the Computer Science area to process network traces.
• Awesome Personal Security - A curated list of digital security and privacy tips, with links to further resources.
• Awesome Privacy - A curated list of privacy-respecting software and services.
• Awesome Red Teaming - List of Awesome Red Teaming Resources.
• Awesome Security Hardening - A collection of awesome security hardening guides, best practices, checklists, benchmarks, tools and other resources.
• Awesome Security Newsletters - A curated list of awesome newsletters to keep up to date on security news via e-mail.
• Awesome Security Talks & Videos - A curated list of awesome security talks, organized by year and then conference.
• Awesome Security - Software, libraries, documents, and other resources.
• Awesome Serverless Security - Curated list of awesome serverless security resources such as (e)books, articles, whitepapers, blogs and research papers.
• Awesome Shell Scripting - Command line frameworks, toolkits, guides and gizmos.
• Awesome Shodan Search Queries - A collection of interesting, funny, and depressing search queries to plug into Shodan.
• Awesome SOAR - A curated Cyber "Security Orchestration, Automation and Response (SOAR)" resources list.
• Awesome WebSocket Security - A curated list of WebSocket security resources.
• Awesome YARA - A curated list of awesome YARA rules, tools, and people.
• Security Acronyms - A curated list of security related acronyms and concepts

Other Lists

^ back to top ^

• lists - The definitive list of (awesome) lists curated on GitHub.
• awesome-awesomeness - awesome-* or *-awesome lists.
• Awesome Analytics
• Awesome Self-Hosted
• Awesome Sysadmin
• Azure Security - A practical guide to the native security services of Microsoft Azure.
• DevOps Exercises
• DevOps Roadmap
• InfoSec & Hacking challenges - Comprehensive directory of CTFs, wargames, hacking challenge websites, pentest practice lab exercises, and more.
• Infosec / Hacking videos recorded by cooper - Collection of security conferences recorded by Cooper.
• Kali Linux Tools - List of tools present in Kali Linux.
• Movies For Hacker - A curated list of movies every hacker & cyberpunk must watch.
• Python tools for penetration testers - Lots of pentesting tools are written in Python.
• Rawsec's CyberSecurity Inventory - An open-source inventory of tools, resources, CTF platforms and Operating Systems about CyberSecurity. (Source)
• SecLists - Collection of multiple types of lists used during security assessments.
• SecTools - Top 125 Network Security Tools.
• Securing DevOps - A book on Security techniques for DevOps that reviews state of the art practices used in securing web applications and their infrastructure.
• test-your-sysadmin-skills
• .NET Programming - Software framework for Microsoft Windows platform development.
• C/C++ Programming - One of the main language for open source security tools.
• JavaScript Programming - In-browser development and scripting.
• Node.js Programming by @sindresorhus - Curated list of delightful Node.js packages and resources.
• Ruby Programming by @Sdogruyol - The de-facto language for writing exploits.
• Ruby Programming by @dreikanter - The de-facto language for writing exploits.
• Ruby Programming by @markets - The de-facto language for writing exploits.

---

Other

^ back to top ^

• development/curlconverter - Convert curl commands to Python, JavaScript and more.
• development/Text to ASCII - Text to ASCII Art Generator (TAAG).
• funny/genact - Nonsense activity generator.

---

Contributing

^ back to top ^

Your contributions and suggestions are heartily welcome. Please, check the Guide for more details.

If you want to propose changes, just open an issue or a pull request.

---