Awesome-Hacking-Resources/tools.md
Brandon Stewart 0724112b66 Update tools.md
Add NMAP and wireshark to tools section.
2017-10-23 21:32:50 -06:00

4.8 KiB
Raw Blame History

Awesome Hacking Tools

A collection of awesome lists for hackers, pentesters & security researchers.

A curated list of awesome Hacking Tools. Your contributions are always welcome !

Awesome Repositories

Repository Description
fuzzdb Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
HUNT Proxy Extension Identify common parameters vulnerable to certain vulnerability classes (HUNT Scanner, availible for Burp Suite PRO and ZAProxy). Organize testing methodologies (currently avalible only inside of Burp Suite).
SecLists It is a collection of multiple types of lists used during security assessments
Xerosploit Efficient and advanced man in the middle framework
ctf-tools Some setup scripts for security research tools.

Awesome custom projects / Scripts

Name Description
mimikatz A useful tool to play with Windows security including extracting plaintext passwords, kerberos tickets, etc.

Exploitation tools

Name Description
BeEF Browser Exploitation Framework (Beef)
Core Impact Core Impact provides vulnerability assessment and penetration security testing throughout your organization.
Metasploit The worlds most used penetration testing framework

Linux Security Tools

Name Description
DefenseMatrix Full security solution for Linux Servers

Exploit Databases

Name Description
0day Inj3ct0r is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals.
cxsecurity Exploit Database
exploit-db Exploits Database by Offensive Security
iedb Iranian Exploit DataBase
rapid7 Vulnerability & Exploit Database - Rapid7

MITM tools

Name Description
BetterCAP MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sniff for credentials and much more.
Burp Suite GUI based tool for testing Web application security.
Ettercap Ettercap is a comprehensive suite for man in the middle attacks
mitmproxy An interactive console program that allows traffic flows to be intercepted, inspected, modified and replayed

SQL Injection

Name Description
SQLmap Automatic SQL injection and database takeover tool
SQLninja SQL Server injection & takeover tool

Search Engine for Penetration Tester

Name Description
Censys Censys continually monitors every reachable server and device on the Internet, so you can search for and analyze them in real time
Shodan Shodan is the world's first search engine for Internet-connected devices.
Zoomeye search engine for cyberspace that lets the user find specific network components(ip, services, etc.)

Security Information and Event Management (SIEM)

Name Description
OSSIM AlienVaults Open Source Security Information and Event Management (SIEM) product

Network Scanning Tools

Name Description
NMAP The industry standard in network/port scanning. Widely used.
Wireshark A versatile and feature-packed packet sniffing/analysis tool.

Source Code Analysis Tools

Name Description
pyup Automated Security and Dependency Updates
RIPS PHP Security Analysis
Retire.js detecting the use of JavaScript libraries with known vulnerabilities
Snyk find & fix vulnerabilities in dependencies, supports various languages

Binary Analysis Tools

Name Description
BinNavi BinNavi is a binary analysis IDE that allows to inspect, navigate, edit and annotate control flow graphs and call graphs of disassembled code

Collaboration tools

Name Description
Dradis Open-source reporting and collaboration tool for InfoSec professionals