|
Reconnaissance
|
|
WHOIS
|
Gets information from public records about domain ownership
|
|
Nslookup
|
Identifies IP addresses belonging to an organization
|
|
theHarvester
|
Finds email addresses, employee names, and infrastructure details of an organization
|
|
Recon-ng
|
Modular web recon framework that organizes and manages OSINT work
|
|
Censys
|
Probes IP addresses across the internet through a search bar
|
|
FOCA
|
Finds metadata in Office docs, PDFs, and other common file formats
|
|
Shodan
|
Search engine for vulnerable IOT devices
|
|
Maltego
|
Commercial product for visualizing OSINT data
|
|
Nmap
|
Most widely used network port scanner
|
|
Sublist3r
|
Linux tool for finding hidden subdomains
|
|
Gobuster
|
Tool for discovering URIs in web servers using Brute Force
|
|
Domain Information Groper (DIG)
|
Tool for DNS zone transfers (AXFR). AXFRs show DNS information through replicated DNS databases
|
|
|
Vulnerability Scanners
|
|
Nessus
|
Commercial vulnerability scanner for a wide variety of devices
|
|
OpenVAS
|
Open-source alternative for vulnerability scans
|
|
Sqlmap
|
Automates SQL injection attacks against web applications with database backends
|
|
Nikto
|
Open-source web application vulnerability scanners (1)
|
|
W3AF
|
Open-source web application vulnerability scanners (2)
|
|
Burp Suite
|
Automated vulnerability scanner for web apps
|
|
Wapiti
|
Web app black-box vulnerability scanner
|
|
XSSer
|
Tests and exploits web app XSS vulnerabilities
|
|
SSLyze
|
Python tool that analyzes SSL/TLS configurations through server connection
|
|
Ubertooth
|
OS Bluetooth monitoring and dev platform for accessing vulnerabilities
|
|
|
Social Engineering
|
|
Social Engineering Toolkit (SET)
|
Framework for automating the social engineering process
|
|
Browser Exploitation Framework (BeEF)
|
Automated social engineering toolkit for accessing victim's browser
|
|
|
Credentialing-Testing
|
|
Hashcat
|
Password cracking tools used to reverse engineer hashed passwords (1)
|
|
John the Ripper
|
Password cracking tools used to reverse engineer hashed passwords (2)
|
|
Hydra
|
Password cracking tools used to reverse engineer hashed passwords (3)
|
|
Medusa
|
Password cracking tools used to reverse engineer hashed passwords (4)
|
|
Patator
|
Password cracking tools used to reverse engineer hashed passwords (5)
|
|
Cain & Abel
|
Password cracking tools used to reverse engineer hashed passwords (6)
|
|
CeWL
|
Custom wordlist generator that searches websites for keywords that can be used in a dictionary attack
|
|
Mimikatz
|
Retrieves sensitive credential information from Windows memory
|
|
DirBuster
|
Brute-force tool used to enumerate files and directories on a web server
|
|
|
Debugging
|
|
Immunity Debugger
|
Supports Penetration Testing and the reverse engineering of malware
|
|
GDB
|
Open-source debugger for Linux
|
|
OllyDbg
|
Windows Debugger for binary code at assembly language level
|
|
WinDbg
|
Windows Debugger created by Microsoft
|
|
IDA
|
Commercial debugging tool that works on Windows, Mac, and Linux
|
|
|
Mobile Device Security
|
|
Drozer
|
Security audit and attack framework for Android devices and apps
|
|
APKX / APK Studio
|
Decompile Android app packages
|
|
|
Software Assurance
|
|
FindBugs
|
Java software testing tools that perform static analysis of code (1)
|
|
find-sec-bugs
|
Java software testing tools that perform static analysis of code (2)
|
|
Peach
|
Fuzzing tools that generate artificial input designed to test apps (1)
|
|
AFL
|
Fuzzing tools that generate artificial input designed to test apps (2)
|
|
SonarQube
|
Open-source inspection tool for continuous software testing
|
|
YASCA
|
Open-source software testing tool that includes scanners for various languages
|
|
|
Network Testing
|
|
Wireshark
|
Protocol analyzer for eavesdropping on and dissecting network traffic
|
|
Hping
|
Command-line tool that allows testers to artificially generate network traffic
|
|
Aircrack-ng
|
Wireless network security testing tool (1)
|
|
WiFite
|
Wireless network security testing tool (2)
|
|
Kismet
|
Wireless network security testing tool (3)
|
|
Ettercap
|
Comprehensive suite for network attacks, including MitM attacks
|
|
Airgeddon
|
Audits wireless networks
|
|
|
Remote Access
|
|
Secure Shell (SSH)
|
Provides secure encrypted connections between systems
|
|
Ncat / NETCAT
|
Easy way to read and write data over network connections
|
|
Proxychains
|
Allows testers to force connections through a proxy server for MITM alteration
|
|
|
Exploitation
|
|
Metasploit
|
Most popular exploitation framework. Supports thousands of plug-ins covering different exploits
|
|
SearchSploit
|
Command-line tool to search database of exploits
|
|
PowerSploit
|
Windows PowerShell scripts used to automate Penetration Testing (1)
|
|
Empire
|
Windows PowerShell scripts used to automate Penetration Testing (2)
|
|
Responder
|
Toolkit used to answer NetBIOS queries from Windows systems on a network
|
|
Impacket
|
Set of network tools that provide low-level access to network protocols
|
|
Yersinia
|
Exploits vulnerabilities in network protocols
|
|
Sqlninja
|
Exploits web apps through SQL injection
|
|
SIPVicious
|
Audits SIP-based VoIP systems
|
|
