General Pentesting

Red & Blue Team Applications

CLI

8dot3-brute

8dot3-brute is a script to brute force Windows 8.3 filenames and directories in web servers.

Albatar

Albatar is a SQLi exploitation framework in Python.

AWS pwn

A collection of AWS penetration testing junk.

BLEAH

A BLE scanner for "smart" devices hacking based on the python bluepy library.

brutesubs

An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker.

Changeme

A default credential scanner.

Docker Onion Nmap

Use nmap to scan hidden "onion" services on the Tor network.

Domain Analyzer

Python script to automate a number recon, enumeration, testing and report generation against a given domain.

Emptynest

A plugin based C2 server framework.

Gobuster

Bruteforce DNS Subdomains and URI's.

GoFetch

GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound.

Inveigh

Inveigh is a PowerShell LLMNR/mDNS/NBNS spoofer and man-in-the-middle tool designed to assist penetration testers/red teamers that find themselves limited to a Windows system.

JudasDNS

Nameserver DNS poisoning attacks made easy.

Koadic

A Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire.

KeychainCracker

macOS keychain cracking tool.

LaZagne

An intelligent password recovery tool.

MassDNS

Just in case you need to scan 100,000.000/hr.

Microsploit

Office Exploitation Tool.

mimipenguin

A tool to dump the login password from the current linux desktop user. Adapted from the idea behind the popular Windows tool mimikatz.

p0wnedShell

PowerShell Runspace Post Exploitation Toolkit.

PavssivDNS

A network sniffer that logs all DNS server replies for use in a passive DNS setup.

parameth

This tool can be used to brute discover GET and POST parameters

PRET

PRinter Exploitation Toolkit.

PSAttack

A portable console aimed at making pentesting with PowerShell a little easier.

pydictor

A powerful and useful hacker dictionary builder for a brute-force attack.

Red Hawk

An all in one tool for information gathering, SQL vuln scanning and crawling.

Recon-ng

Responder

A LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

RouterSploit

MetaSploit Framework for routers.

Ruler

A tool for ~~interacting with~~ abusing Exchange Servers remotely.

Scantastic

GetSploit

Python script used to search for (and download) exploits across Exploit-DB, Metasploit, Packetstorm and others. It has a autorun feature that sounds kinda not smart.

SessionGopher

Sn1per

ss7MAPer

SS7 MAP (pen-)testing toolkit built on the Osmocom SS7 stack.

TAP

trevorc2

A legitimate website (browsable) that tunnels client/server communications for covert command execution.

tplmap

Code and Server-Side Template Injection Detection and Exploitation Tool.

WMImplant

A PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported is translated into a WMI-equivalent for use on a network/remote machine.

WPForce

A suite of Wordpress attack tools.

WPFX: The Wordpress Exploit Framework

WPSeku

A simple WordPress Security Scanner

WindowsExploits

A collection of pre-compiled exploits for different versions of Windows.

Wuzz

zmap

GUI

AWS Extender

A BurpSuite extension to identify and test S3 buckets as well as Google Storage buckets and Azure Storage containers for common misconfiguration issues using the boto/boto3 SDK library.

ANGRYPUPPY

A tool for the Cobalt Strike framework, designed to automatically parse and execute BloodHound attack paths.

backslash-powered-scanner

An extension to compliment Burp's active scanner by unknown classes of injection vulnerabilities.

Bloodhound

BloodHound Owned

Plugins for BloodHound.

burp-vulners-scanner

Vulnerability scanner based on vulners.com search API.

Death Star

Domain Admin with a push of a button

Decoder Improved

An improved decoder for Burp Suite.

[HUNT])https://github.com/bugcrowdlabs/HUNT

A Burp extension to identify common parameters vulnerable to certain vulnerability classes and organize testing methodologies inside Burp Suite.

IVRE

J2EEScan

J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.

JWT Burp Extension

Multi-Browser Highlighting

A simple burp plugin that highlights the Proxy history to differentiate requests made by different browsers. The way this works is that each browser would be assigned one color and the highlights happen automatically.

Miscellaneous

Blackhat Arsenal Tools

Official Black Hat Arsenal Security Tools Repository.

Forensic Email Visualization

An essay and python program to help with email forensics.

JA3

A technique for creating SSL client fingerprints that are easy to produce and can be easily shared for threat intelligence.

lynis

A security auditing and hardening tool, for UNIX-based systems.

Pentesting Scripts

by Chris Truncer.

EyeWitness

EyeWitness is designed to take screenshots of websites, RDP services, and open VNC servers, provide some server header info, and identify default credentials if possible.

mywebappscripts

A collection of all the lists, scripts and techniques that can be used while doing web application penetration tests.

Zeus

A tool for testing AWS EC2 / S3 / CloudTrail / CloudWatch / KMS security and recommending techniques to harden the instance.

NSA Built Tools

EQGRP

decrypted initial dump of eqgrp-auction-file.tar.xz. Mostly outdated *nix exploits.

EQGRP: Lost in Translation

The second dump dealing with Fuzzbunch and some other windows exploits.

Reporting

Vulnreport

OSS pentesting management and automation by Salesforce.

Third Party Sites/Appliances

vFeed

Vulners

Web Apps

Cyphon

An Open Source Incident Management and Response Platform.

Dradis

Fuzzapi

A tool used for REST API pentesting.

Intrigue

Intrigue-core is a framework for attack surface discovery.

A tool that can scan php vulnerabilities automatically using static analysis methods.

Rita

Scumblr

Web framework that allows performing periodic syncs of data sources and performing analysis on the identified results. Made by Netflix.

Theory, Articles & Blogs

Adversarial Tactics, Techniques & Common Knowledge

A threat modeling methodology and suite of models for the various phases of an adversary's lifecycle and platforms that are known to be targeted by cyber threats. ATT&CK models are useful for understanding security risk against known adversary behavior, for planning security improvements, and verifying defenses work as expected.