Introduction: Here is a great list of hacking tools available for hackers, penetration testers, and security researchers. The goal is to collect and categorize tools, making it easier for you to find the tools you want, creating a toolkit that you can check and update with one click.
Here is a great list of hacking tools available for hackers, penetration testers, and security researchers. The goal is to collect and categorize tools, making it easier for you to find the tools you want, creating a toolkit that you can check and update with one click.
You can check all the tools with the following command:
git clone --recursive https://github.com/jekil/awesome-hacking.gitAll contributions are valuable! You can follow the guide below.
Code Auditing
Static Analysis
Brakeman: A static security vulnerability scanning tool for Ruby on Rails applications.
Cryptography
Xortool: A tool for analyzing multi-byte XOR ciphers.
CTF Tools
Pwntools: CTF framework and EXP development library.
Docker
Docker Bench for Security – basic security checks for all automated tests in the CIS Docker 1.6 benchmark.
docker pull diogomonica/docker-bench-security
DVWA – Vulnerable Web Application Platform (DVWA) is a PHP/MySQL website application with many vulnerabilities.
docker pull citizenstig/dvwa
Kali Linux – This Kali Linux Docker image provides a minimal installation of the latest version of the Kali Linux distribution.
docker pull kalilinux/kali-linux-docker
OWASP Juice Shop – A deliberately insecure web application for security training, fully developed in Javascript, containing all OWASP Top 10 vulnerabilities and other high-risk vulnerabilities.
docker pull bkimminich/juice-shop
OWASP Mutillidae II – OWASP Mutillidae II web penetration testing practice system.
docker pull citizenstig/nowasp
OWASP NodeGoat – A learning environment to learn how OWASP Top 10 security threats apply to web security, developed with Node.js, and how to effectively utilize them.
git clone https://github.com/OWASP/NodeGoat.git docker-compose build && docker-compose up
OWASP Railsgoat – Rails vulnerability version based on OWASP Top 10.
docker pull owasp/railsgoat
OWASP Security Shepherd – A training platform for web and mobile security applications.
docker pull ismisepaul/securityshepherd
OWASP WebGoat – A deliberately insecure web application.
docker pull danmx/docker-owasp-webgoat
OWASP ZAP – OWASP Zed Attack Proxy stable version embedded in a docker container.
docker pull owasp/zap2docker-stable
Security Ninjas – An open-source application security training program.
docker pull opendns/security-ninjas
Vulnerability as a service: Heartbleed – Vulnerability as a service: CVE 2014-0160.
docker pull hmlio/vaas-cve-2014-0160
Vulnerability as a service: Shellshock – Vulnerability as a service: CVE 2014-6271.
docker pull hmlio/vaas-cve-2014-6271
WPScan – WPScan is a black-box WordPress vulnerability scanning tool.
docker pull wpscanteam/wpscan
Forensics
File Forensics
Autopsy – A digital forensics platform and graphical interface for reconnaissance tools and other digital forensics tools.
DFF – A forensics framework with both command line and graphical interface. DFF can examine hard drives and volatile memory and then generate reports on user system activity.
Hadoop_framework – A prototype system developed with Hadoop for processing hard drive images.
Scalpel – An open-source data carving tool.
Sleuthkit – A library and command-line collection for digital forensics.
Online Analysis
OS X Auditor – OS X Auditor is a free Mac OS X computer forensics tool.
Memory Forensics
Rekall – Memory analysis framework developed by Google.
Volatility – Extracts samples from volatile memory (RAM).
Mobile
Android Forensic Toolkit – Allows you to extract SMS records, call logs, photos, browsing history, and passwords from Android phones.
Network Forensics
Dshell – A network forensics analysis framework.
Passivedns – A network sniffing tool that can record all DNS responses and passive DNS.
Others
HxD – A hex editor tool that can modify arbitrary size hard drive binary data, memory, file handles.
Threat Intelligence
VIA4CVE – A collection of known vulnerability databases supporting extended information for CVEs.
Libraries
C
Libdnet – Provides a simplified portable low-level network routing interface, including network address manipulation, kernel ARP cache, routing table queries and operations, network firewall, network interface query operations, IP tunneling, binary IP packets, and Ethernet transmission frames.
Java
Libsignal-service-java – A Java/Android library for communicating with the Signal sending service.
Python
Dpkt – A fast and simple packet creation/parsing tool based on TCP/IP protocol definition.
Pcapy – A Python extension module providing libpcap packet capture library interface. Pcapy allows Python scripts to capture packets on the network. Pcapy is highly efficient when used with Impacket, providing a series of Python classes to parse and construct network packets.
PyBFD – Python interface to the GNU Binary File Descriptor (BFD) library.
Pynids – Python encapsulation of an intrusion detection development kit, a network intrusion detection system library providing sniffing, IP reassembly, TCP stream reassembly, and TCP port scan detection. Allows you to detect your network session routing using Python.
Pypcap – This is the simplest libpcap object-oriented Python encapsulation.
PyPDF2 – A Python tool for reading and writing PDFs.
Python-ptrace – Python bindings for the ptrace library.
Scapy – A Python-based interactive packet processing tool and library.
Ruby
Secureheaders – Security-related headers in the same gem.
Distributions
ArchStrike – An Arch Linux repository for security professionals and enthusiasts.
BackBox – An Ubuntu-based penetration testing and security auditing distribution.
BlackArch – A penetration testing and security research distribution based on Arch Linux.
BOSSLive – A GNU/Linux distribution developed by CDAC in India, customized for the Indian language environment, supporting most Indian languages.
DEFT Linux – A system for emergency response and digital forensics.
Fedora Security Lab – A secure environment for security auditing, forensics, system repair, and security education, popular in universities and other organizations.
Kali – A Linux distribution for penetration testing and digital forensics.
NST – A network security tool distribution.
Ophcrack – A free Windows password cracking tool based on rainbow tables. Efficient implementation based on rainbow tables, supports multiple platforms and has a graphical interface.
Parrot – A security distribution of GNU/Linux for cloud penetration and industrial control security.
Pentoo – A security version based on Gentoo.
REMnux – A toolbox for analyzing and reverse-engineering malware.
Malware
Dynamic Analysis
Androguard – Reverse analysis and malware analysis for Android applications.
Cuckoo Sandbox – An automated dynamic malware analysis system.
Jsunpack-n – Simulates browser access to URLs.
Malzilla – A tool to detect malicious pages that often use a series of redirects and obfuscation code to evade tracking. MalZilla allows you to choose proxies and references. It will show you all the webpage source code and HTTP headers. It provides several decoders for de-obfuscation.
PyEMU – A scriptable IA-32 emulator commonly used for malware analysis.
Honeypots
Glutton – A honeypot that can be fed.
MHN – Manages multiple snort and honeypot sensors, using virtual machine networks, small SNORT installations for fingerprinting, stealth capturing, and centralized management.
Phoneyc – A honeypot entirely implemented in Python.
Threat Intelligence
MISP Modules – Extended services for importing and exporting MISP.
Passivedns-client – Provides libraries and request tools to request information from several passive DNS sources.
Rt2jira – Converts RT credentials to JIRA credentials.
Ops
CapTipper – A Python tool for analyzing, exploring, and replaying HTTP traffic.
FakeNet-NG – Next-generation dynamic network analysis tool for malware analysis and penetration testing. Open-source and provides the latest Windows version.
Malboxes – Establishes Windows virtual machines for malware analysis.
Source Code
Carberp
Mirai – Leaked Mirai source code for IOC development and research.
Static Analysis
Androwarn – An Android application that detects and alerts users to potential malicious behavior.
ApkAnalyser – A static virtual analysis tool for detecting and verifying Android applications.
APKinspector – A powerful graphical interface tool for analyzing Android applications.
Argus-SAF – Argus static analysis framework.
DroidLegacy – Static analysis scripts.
Floss – FireEye Labs’ obfuscated string parser, automatically extracts obfuscated strings from malware.
Peepdf – A Python tool for detecting malicious PDF files. This tool aims to provide all components to avoid security researchers from using 3 to 4 tools.
PEfile – Reads PE files.
PEview – A fast and simple PE and COFF file reader that can read the structure and content of 32-bit files.
Pdfminer – A tool for extracting information from PDF documents.
PScout – Analyzes Android permissions.
SmaliSCA – Smali static code analysis.
Sysinternals Suite – Troubleshooting tools.
Yara – Identifies and classifies malware samples.
Network
Analysis
Bro – A powerful network analysis framework, very different from known IDS.
Pytbull – A flexible IDS/IPS testing framework based on Python.
Sguil – Sguil (pronounced sgweel) is used for network security analysis. The main component of Sguil is an intuitive GUI that provides real-time events, session data, and binary packet capture.
Service Forgery
DNSChef – DNS proxy provided for penetration testers and malware analysts.
DnsRedir – A small DNS service that responds to command-line requests for specific addresses.
Packet Tampering
Pig – Linux packet crafting tool.
Yersinia – A network tool used to exploit vulnerabilities in different network protocols. It impersonates fixed frameworks to analyze and test deployed networks and systems.
Sniffing
Cloud-pcap – Network PCAP storage and analysis.
Dnscap – A network capture tool specifically for DNS traffic.
Dripcap – Caffeinated (for MAC) packet analysis.
Dsniff – A toolkit for network auditing and penetration testing.
Justniffer – TCP packet sniffing tool. Justniffer captures network traffic and can customize logging, simulating Apache web service log files, tracking response times, and extracting all “intercepted files” from HTTP traffic.
Moloch – Moloch is an open-source complete large-scale PCAP capture, indexing, and database system.
Net-creds – Sniff sensitive data from interfaces or pcap.
NetworkMiner – A network forensics analysis tool (NFAT).
Netsniff-ng – The Swiss army knife for your daily Linux network exploration.
OpenFPC – OpenFPC is a collection of scripts that together provide lightweight network traffic recording and caching tools. It is used to deploy a distributed network traffic recording system on COTS hardware for non-expert users when there are already alert and logging tools.
PF_RING – PF_RING™ is a Linux kernel module and user-space framework that allows you to handle high-frequency packets while providing a unified API and packet processing.
WebPcap – A network packet analysis tool (CS architecture) for analyzing distributed applications or embedded devices.
Wireshark – A free and open-source packet analysis tool.
Penetration Testing
Denial of Service
DHCPig – A DHCP exhaustion script written in Python’s scapy library.
LOIC – Low Orbit Ion Cannon – Open-source network stress testing tool developed in C#. Based on Praetox’s LOIC project.
Sockstress – Sockstress (TCP DoS) implementation.
T50 – A faster network stress testing tool.
Torshammer – Tor’s hammer. A slow post DDOST tool written in Python.
UFONet – Abuse OSI application layer 7-HTTP to create and manage ‘zombie hosts’ for different attacks; GET/POST, multithreading, proxies, source spoofing methods, cache evasion techniques, etc.
Exploitation
BeEF – Browser exploitation framework.
Commix – Foolproof system command injection and exploitation tool.
ExploitPack – A graphical interface tool used for penetration testing.
Evilgrade – Exploitation framework for updates.
Fathomless – A collection of red team network tools.
Linux Exploit Suggester – Based on operating system version numbers.
Metasploit Framework – Exploitation framework.
Nessus – Vulnerability, configuration, and standard assessment.
Nexpose – Vulnerability management and risk management software.
OpenVAS – Open-source vulnerability scanning and management.
PowerSploit – PowerShell post-exploitation framework.
Routersploit – Router automatic penetration testing software.
Shellsploit – Allows you to generate custom shellcodes, backdoors, system injections, and obfuscate every byte.
SPARTA – Network infrastructure penetration testing tool.
Spoodle – Subdomain + poodle vulnerability scanning.
Vuls – Vulnerability scanning tool for Linux/FreeBSD, written in Go, agentless.
Windows Exploit Suggester – Discovers potential vulnerabilities on the target host.
Zarp – Network attack tool.
Exploitation Database
Ruby-advisory-db – Ruby Gems vulnerability database.
The Exploit Database – Official exploitation database.
XiphosResearch Exploits – Various POC codes written for research and testing.
Information Gathering
Bundler-audit – Bundler patch verification.
Dnsenum – A Perl script for enumerating DNS information.
Dnsmap – Passive DNS network mapping.
Dnsrecon – DNS enumeration script.
Knock – A subdomain enumeration tool written in Python.
IVRE – An open-source network reconnaissance framework. It relies on well-known open-source tools to generate data, store it in a database, and provide tools for analysis.
Recon-ng – A full-featured web reconnaissance framework written in Python.
SMBMap – A convenient SMB enumeration tool.
SSLMap – TLS/SSL cipher scanning tool.
Subbrute – A DNS request crawler capable of enumerating DNS records and subdomains.
Fuzz Testing
Construct – A Python library for writing formatted data that can be symmetrically parsed and constructed.
Fusil – A Python library for writing fuzz testing programs. It can start processes in predefined environments (limited memory, environment variables, redirect output streams, etc.), open network clients and servers, and create corrupted files.
Fuzzbox – A multi-decoding media fuzz testing tool.
Netzob – Netzob is an open-source reverse-engineering tool for traffic generation and communication protocol fuzz testing.
Python-AFL – A sub-service tool for American fuzzy lop written in pure Python.
Sulley – A fuzz testing development and fuzz testing framework that includes multiple extensible components.
TAOF – The Art of Fuzzing, includes ProxyFuzz, man-in-the-middle network fuzz testing.
Windows IPC Fuzzing Tools – A series of attack tools that utilize Windows process communication mechanisms.
Zulu – A fast prototyping fuzz testing tool, often used on timelines that interact with clients.
Mobile
Idb – A tool that simplifies iOS penetration testing and research.
Introspy-iOS – Black-box iOS security configuration.
Man-in-the-Middle Attacks
Dnsspoof – DNS spoofer. Replaces router DNS responses with spoofed DNS responses.
Ettercap – A comprehensive man-in-the-middle attack tool. Its features include sniffing active links, content filtering, and many other interesting tricks. It supports both active and passive parsing of many protocols and includes many network and host analysis features.
Bettercap – A powerful, flexible, and convenient tool for various types of man-in-the-middle attacks, tampering with HTTP, HTTPS, and TCP real-time traffic, sniffing certificates, and other sensitive information.
Mallory – An extensible TCP/UDP man-in-the-middle proxy that simulates a gateway. Unlike other tools, Mallory supports modifying non-standard protocols in clear text.
MITMf – Man-in-the-middle attack framework.
Mitmproxy – An interactive, SSL-capable HTTP man-in-the-middle proxy with a console interface.
Mitmsocks4j – A Java man-in-the-middle SOCKS proxy.
Responder – A LLMNR, NBT-NS, and MDNS poisoner, with fixed HTTP/SMB/MSSQL/FTP/LDAP fraud authentication servers, supporting NTLMv1/NTLMv2/LMv2, extended security NTLMSSP, and basic HTTP authentication.
Password Cracking
BozoCrack – A foolproof efficient MD5 cracker.
HashCat – The world’s fastest and most advanced password recovery tool.
Hob0Rules – Password cracking rules based on statistics and industrial models.
John the Ripper – Fast password cracker.
THC-Hydra – A very fast network login cracker that supports multiple services.
Port Scanning
Angry IP Scanner – A fast, friendly network scanning tool.
Masscan – TCP port scanner that uses asynchronous SYN packets and can scan an entire network in 5 minutes.
Nmap – A free security scanning tool for network discovery and security auditing.
Zmap – An open-source network scanning tool that makes it easy for researchers to learn about networks.
Post-Exploitation
DET – (Extensible) Data Leakage Toolbox (DET).
Dnsteal – A DNS leakage tool that stealthily transmits data out through DNS requests.
Empire – Empire is a pure PowerShell post-exploitation agent.
Fireaway – Next-generation firewall auditing and bypass tool.
Iodine – Establishes IPv4 data tunnels using DNS services.
Mallory – An HTTP/HTTPS proxy on SSH.
Mimikatz – A small tool related to Windows security.
Pwnat – Punches holes in firewalls and NATs, allowing any number of clients to connect directly to servers.Tgcd – A simple Unix network tool for extending reachable TCP/IP-based network services.
WCE – Windows Credential Editor (WCE) is a security tool that can list login sessions, add, modify, and delete related credentials.
Reporting
Dradis – Security team assistance and report generation.
Faraday – A platform for assisting penetration testing and vulnerability management.
Services
Sslstrip – HTTPS stripping attack demonstration.
Sslstrip2 – SSLStrip version designed to defeat HSTS.
SSLyze – SSL configuration scanner.
Tls_prober – Fingerprinting of the SSL/TLS implementation of servers.
Training
DVWA – Vulnerable Web Application Platform (DVWA) is a PHP/MySQL website application with many vulnerabilities.
OWASP Juice Shop – A deliberately insecure web application for security training, fully developed in Javascript, containing all OWASP Top 10 vulnerabilities and other high-risk vulnerabilities.
OWASP NodeGoat – A learning environment to learn how OWASP Top 10 security threats apply to web security, developed with Node.js, and how to effectively utilize them.
OWASP Railsgoat – Rails vulnerability version based on OWASP Top 10.
OWASP Security Shepherd – A training platform for web and mobile security applications.
OWASP WebGoat – A deliberately insecure web application.
RopeyTasks – A deliberately designed vulnerable web application.
Web
Arachni – Web application security scanning framework.
BlindElephant – Web application fingerprinting.
Burp Suite – An integrated platform for web application penetration testing.
Cms-explorer – CMS Explorer designed to find specific modules, plugins, components, themes, and many CMS-related vulnerabilities.
Dvcs-ripper – Rip web entry (distributed) version control systems.
Fimap – Discover, prepare, audit, exploit, and even automatically google LFI/RFI vulnerabilities.
Joomscan – Joomla CMS scanner.
Kadabra – Automated LFI exploitation and scanning, written in C++ with some external modules written in Python.
Kadimus – LFI scanning and exploitation tool.
Liffy – LFI exploitation tool.
Netsparker – Web application security scanning.
Nikto2 – Web application vulnerability scanning tool.
NoSQLMap – Automated Mongo database and NoSQL web application exploitation tool.
OWASP Xenotix – XSS exploitation framework is a Cross-Site Scripting (XSS) vulnerability detection and exploitation framework.
Paros – A JAVA-based HTTP/HTTPS proxy for assessing web application vulnerabilities.
Ratproxy – A semi-automated web application security auditing tool that can accurately detect and annotate potential issues.
Scout2 – A security auditing tool for AWS environments.
Skipfish – An active web application security probing tool. It provides an interactive site map of the target site through recursive crawling of the target website.
SQLMap – Automated SQL injection and database takeover tool.
SQLNinja – SQL Server injection and takeover tool.
TPLMap – Automated server-side template injection detection and exploitation tool.
Yasuo – A ruby script that scans and exploits vulnerabilities in third-party web applications.
W3af – Web application attack and auditing framework.
Wapiti – Web application vulnerability scanning.
Weevely3 – Weaponized web shell.
WhatWeb – Website fingerprinting.
WPScan – WPScan is a black-box WordPress vulnerability scanning tool.
WPSploit – Attacking WordPress using Metasploit.
WS-Attacker – A modular framework for web service penetration testing.
Zed Attack Proxy (ZAP) – OWASP ZAP core project.
Wireless
Aircrack-ng – A 802.11 WEP and WPA-PSK key cracking program.
Kismet – Wireless network detection, sniffing, and IDS.
LANs.py – Code injection, jam wifi, track wifi users.
Mass-deauth – 802.11 authentication de-authentication script.
Reaver – Bruteforcing Wifi protection settings.
Wifikill – A Python program that kicks users off wifi.
Wifijammer – Continuously jams all wifi clients and routers.
Wifite – Automated wireless attack tool.
Wifiphisher – Automated phishing attack through Wi-Fi networks.
Security
Endpoint Security
AIDE – Advanced Intrusion Detection Environment is a file and directory integrity checker.
Duckhunt – Keyboard injection attacks.
Privacy
I2P – Invisible Internet Project.
SecureDrop – An open-source anonymous submission system that can securely receive documents from anonymous sources.
Tor – Free software to access the onion network.
Reverse Engineering
BinText – A small, fast, powerful text extractor.
Bytecode_graph – A modular design to modify Python bytecode. It can insert or delete instructions in Python bytecode strings.
Capstone – A lightweight, multi-platform, multi-architecture disassembly framework, bound to Python.
CHIPSEC – A platform security assessment framework.
Coda – Coredump analysis.
Edb – A cross-platform x86/x86-64 debugger.
Dex2jar – A tool to convert Android’s .dex files to .java class files.
Distorm – A powerful disassembly library for x86/AMD64.
DotPeek – JetBrains’ free .NET decoder.
Fibratus – A Windows kernel tracing and exploration tool.
Flare-ida – FLARE team’s IDA Pro tools.
Hopper – A disassembler/decompiler for OS X and Linux, supporting 32/64-bit Windows/Mac/Linux/iOS executable files.
Idaemu – An IDA Pro plugin for simulating code in IDA Pro.
IDA Free – IDA free version.
IDA Patcher – IDA Patcher is a plugin that allows Hex-Ray’s IDA Pro disassembler to patch binary files and memory.
IDA Pomidor – IDA Pomidor is a plugin that helps you stay focused and progress over long periods of disassembly in Hex-Ray’s IDA Pro disassembler.
IDA Pro – A multi-processor disassembly tool and debugger hosted on Windows, Linux, and Mac OS X.
IDA Sploiter – IDA Sploiter is a plugin for Hex-Ray’s IDA Pro disassembler used for EXP development and vulnerability research.
IDAPython – An IDA plugin that allows IDA to execute scripts written in Python.
Immunity Debugger – A powerful new way to write EXPs and analyze malware.
JAD – JAD Java decoder.
JD-GUI – A tool for disassembling and analyzing Java 5 “bytecode” and later versions.
Keystone Engine – A lightweight, multi-platform, multi-architecture assembly framework.
Mona.py – PyCommand for Immunity Debugger used to replace and improve pvefindaddr.
Medusa – A modular and interactive disassembly tool.
OllyDbg – An x86 debugger focused on binary code analysis.
Paimei – A reverse engineering framework that includes PyDBG, PIDA, pGRAPH.
PEDA – Python development assistance for GDB.
Plasma – An interactive disassembly tool that supports x86/ARM/MIPS. It can generate colored pseudo-code.
Procyon – A modern open-source Java decompiler.
Pyew – A command-line hex editor and disassembler mainly used for malware analysis.
Radare2 – An open-source, cross-platform reverse engineering framework.
Toolbag – IDA Toolbag is a plugin that provides supplementary features for Hex-Rays IDA Pro disassembler.
Unicorn Engine – A lightweight, multi-platform, multi-architecture CPU emulation framework based on QEMU.
Voltron – An extensible UI debugging tool written in Python. The goal is to enhance the user debugging experience (LLDB, GDB, VDB, and WinDbg) by displaying the debugging process and data in the interface.
WinDbg – Windows driver tools and WinDbg.
WinHex – A hex editor for computer forensics, data recovery, low-level data processing, and IT security.
Unlinker – Unlinker can separate functions from binary files compiled with Visual C++ and COFF object files.
UPX – The Ultimate Packer for executable files (a packer tool).
X64_dbg – An open-source x64/x32 debugger for Windows.
Social Engineering
Framework
SET – Credibility Security Social Engineering Toolkit.
Harvester
Creepy – A location-based OSINT tool.
Github-dorks – CLI tool for scanning GitHub repositories/organizations for potential sensitive information leaks.
Maltego – Open-source intelligence and forensics software provided by Paterva.
Metagoofil – Metadata harvester.
TheHarvester – Emails, subdomains, and person names.
Phishing
Whatsapp-phishing – POC for executing phishing attacks on the Whatsapp web client.