Interests
Hacking
+ Info
https://www.isecom.org/OSSTMM.3.pdf
https://owasp.org/
https://www.nist.gov/cyberframework
https://www.ncsc.gov.uk/collection/caf/caf-principles-and-guidance
https://sansorg.egnyte.com/dl/bF4I3yCcnt/?
https://osintframework.com/
https://www.wappalyzer.com/
https://dnsdumpster.com/
https://www.shodan.io/
https://gtfobins.github.io/
https://0xffsec.com/
https://gchq.github.io/CyberChef/
Anti Forensics Tools
AudioStego - Audio file steganography. Hides files or text inside audio files and retrieve them automatically
dban - Hard Drive Eraser & Data Clearing Utility
OpenStego - The free steganography solution
srm - srm (secure rm) is a command-line program to delete files securely
Steghide - Steganography program that is able to hide data in various kinds of image- and audio-files
Exploitation Tools
Auto-Root-Exploit - Find exploits on Linux Kernel
AutoSploit - Automated Mass Exploiter
beef - The Browser Exploitation Framework Project
BeeRoot - Find a way to escalate our privilege
Autobuf - Buffer Overflow Exploit Tool
CrackMapExec - A swiss army knife for pentesting networks
DccwBypassUAC - Windows 8.1 and 10 UAC bypass abusing WinSxS in "dccw.exe"
Invoke-PSImage - Embeds a PowerShell script in the pixels of a PNG file
KeeFarce - Extracts passwords from a KeePass 2.x database, directly from memory
koadic - C3 COM Command & Control
meterssh - Inject shellcode into memory and tunnel port over SSH
PowerShell-Suite - Collection of PowerShell utilities
UACME - Defeating Windows User Account Control
WinPwnage - Elevate, UAC bypass, privilege escalation, dll hijack techniques
Forensics Tools
Autopsy - Digital forensics platform
bulk_extractor - Scans a disk image, a file, or a directory of files
Scalpel - Open source data carving too
volatility - Volatile memory extraction utility framework
binwalk - A fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images
Catfish - Versatile file searching tool
dc3dd - A patched version of GNU dd with added features for computer forensics
DumpsterDiver - Analyze big volumes of various file types in search of hardcoded secrets
frida-extract - Based RunPE extraction tool
Image-ExifTool - Read, Write and Edit Exif metadata
PdfParser - A standalone PHP library, provides various tools to extract data from a PDF file
peepdf - Powerful Python tool to analyze PDF documents
whatsapp-viewer - Small tool to display chats from the Android msgstore.db database
Information Gathering
bing-ip2hosts - Enumerate hostnames from Bing
datasploit - OSINT Framework to perform various recon techniques
dnsenum - Perl script that enumerates DNS information
dnsmap - Subdomain brute-forcing
dnsrecon - DNS Enumeration Script
dork-cli - Command-line Google dork tool
dorks - Google hack database automation tool
pagodo - Automate Google Hacking Database scraping
faraday - Collaborative Penetration Test and Vulnerability Management Platform
fierce - DNS Analysis perl script
FOCA - Fingerprinting Organizations with Collected Archives
hping - Network tool able to send custom TCP/IP packets
image-match - Quickly search over billions of images
knock - Subdomain Scan
masscan - Fast TCP port scanner
metagoofil - Document and metadata reconnaissance (updated version)
onioff - An onion url inspector for inspecting deep web links
OSINT-SPY - Performs OSINT scan on email/domain/ip_address/organization
SimplyEmail - Email recon made fast and easy
sniff-paste - Pastebin OSINT Harvester
spiderfoot - OSINT collection and reconnaissance tool
surfraw - a fast UNIX command line interface to a variety of popular WWW search engines
TekDefense-Automater - IP URL and MD5 OSINT Analysis
theHarvester - E-mails, subdomains and names Harvester - OSINT
trape - People tracker on the Internet: OSINT analysis and research tool by Jose Pino
WhatWeb - Web scanner
xray - A tool for recon, mapping and OSINT gathering from public networks
zmap - Fast single packet network scanner
Keyloggers
BeeLogger - Generate Gmail Emailing Keyloggers to Windows
Blackcat-Keylogger - Blackcat Keylogger is 100% invisible keylogger
Keylogger - A simple keylogger for Windows, Linux and Mac
Radium-Keylogger - Python keylogger with multiple features
Maintaining Access
EggShell - iOS/macOS/Linux Remote Administration Tool
EvilOSX - An evil RAT (Remote Administration Tool) for macOS / OS X
Metasploit - The world’s most used penetration testing framework
Parat - Python based Remote Administration Tool(RAT)
pupy - An opensource, cross-platform, multi function RAT
QuasarRAT - Remote Administration Tool for Windows
tgcd - TCP/IP Gender Changer Daemon
TheFatRat - An Easy tool to Generate Backdoor for bypass AV
Veil - Tool designed to generate metasploit payloads that bypass common anti-virus solutions
WMImplant - PowerShell based tool that is designed to act like a RAT
AhMyth - Android RAT
Password Attacks
BEWGor - Bull's Eye Wordlist Generator
bruteforce-wallet - Try to find the password of an encrypted Peercoin (or Bitcoin, Litecoin, etc...) wallet file
chntpw - Utility to reset the password on Windows
chromepass - View passwords stored by Google Chrome Web browser
crowbar - Brute forcing tool
cupp - Common User Passwords Profiler
hashcat - Advanced Password Recovery
John the Ripper - A fast password cracker
LaZagne - Credentials recovery project
mimikatz - A little tool to play with Windows security
passwordfox - Extract the user names/passwords stored in Firefox
fcrackzip - A braindead program for cracking encrypted ZIP archives
SSH-Brute-Forcer - A Simple Multi-Threaded SSH Brute Forcer
thc-hydra - Parallelized login cracker which supports numerous protocols to attack
WCE - Windows Credentials Editor
Reverse Engineering
Explorer Suite - A freeware suite of tools including a PE editor called CFF Explorer and a process viewer
IDA - Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
OllyDBG - A 32-bit assembler level analysing debugger for Microsoft Windows
radare - unix-like reverse engineering framework and commandline tools
Resource Hacker - A freeware resource compiler & decompiler for Windows applications
apktool - A tool for reverse engineering Android apk files
smali - smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation
Sniffing Spoofing
Ettercap - A comprehensive suite for man in the middle attacks
bettercap - The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks
macchanger - Utility that makes the manipulation of MAC addresses of network interfaces easier
mitmproxy - Free and open source interactive HTTPS proxy
mkcert - Make locally trusted development certificates with any names you'd like
sslstrip - SSL/TLS man-in-the-middle attack tool
Wireshark - The world’s foremost and widely-used network protocol analyzer
moloch - An open source, large scale, full packet capturing, indexing, and database system.
Social Engineering
evilginx2 - Standalone man-in-the-middle attack framework
Gophish - Open-Source Phishing Framework
HiidenEye - Modern phishing tool with advanced functionality
king-phisher - Phishing Campaign Toolkit
ReelPhish - A Real-Time Two-Factor Phishing Tool
social-engineer-toolkit - Open-source penetration testing framework designed for social engineering
SocialFish - An Advanced Phishing Tool
Vulnerability Analysis
Am-I-affected-by-Meltdown - Meltdown Exploit - Proof-of-concept
CMSmap - python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs
InSpectre - Examine Windows for Meltdown and Spectre attack
linux-exploit-suggester - Linux privilege escalation auditing tool
Lynis - Auditing tool for Unix-based systems
Nmap - The Network Mapper
sqlmap - Automatic SQL injection and database takeover tool
T50 - The fastest network packet injector
unix-privesc-check - Shell script to check for simple privilege escalation vectors on Unix systems
Wapiti - The web-application vulnerability scanner
wesng - Windows Exploit Suggester - Next Generation
Mobile Security Framework (MobSF) - Mobile Security Framework is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework
Web Applications
Burp Suite - Web vulnerability scanner
CLOUDKiLL3R - Bypasses Cloudflare protection service via TOR Browser using crimeflare !
fuzzdb - Dictionary of attack patterns and primitives
Nikto - Web server scanner
owtf - Offensive Web Testing Framework (OWTF)
wafw00f - Fingerprint Web Application Firewall (WAF)
w3af - Web Application Attack and Audit Framework
Wfuzz - Web application fuzzer
WhatWaf - Detect and bypass web application firewalls and protection systems
WPscan - WordPress vulnerability scanner
Web Shells
weevely3 - Weaponized web shell
b374k - PHP Webshell with handy features
Miyachung - PHP BackConnect Shell
wso-2.8-web-shell - Automatically exported from code.google.com/p/wso-web-shell-2-8
Wireless Attacks
Aircrack-ng - A complete suite of tools to assess WiFi network security
airgeddon - Multi-use bash script for Linux systems to audit wireless networks
Bluelog - A highly configurable Linux Bluetooth scanner
BoopSuite - A Suite of Tools written in Python for wireless auditing
fluxion - Fluxion is a remake of linset by vk496 with less bugs and enhanced functionality
infernal-twin - This is automated wireless hacking tool
kismet - An 802.11 layer2 wireless network detector, sniffer, and intrusion detection system
krackattacks-scripts - WPA2 Krack Attack Scripts
KRACK Detector - Detect and prevent KRACK attacks in your network
Pixiewps - An offline Wi-Fi Protected Setup brute-force utility
RouterSploit - Exploitation Framework for Embedded Devices
wifi-arsenal - Resources for WiFi Pentesting
Wifiphisher - The Rogue Access Point Framework
WiFi-Pumpkin - Framework for Rogue Wi-Fi Access Point Attack