Aircrack-ng

Complete suite to assess WiFi network security (replay attacks, deauth, fakeap and packet injection etc) Cracking: WEP and WPA PSK (WPA 1 and 2)

Androguard

Full python tool to play with Android files DEX, ODEX and APK

AperiSolve

Online platform which performs layer analysis on images also uses zsteg, steghide, outguess, exiftool, binwalk, foremost and strings for deeper steganography analysis

Apktool

Reverse engineering Android apk files

Apple Disk Copy

7z x apple-disk-image.dmg

ASCII <3

man ascii

ASCII ANSI Table

ASCII (American Standard Code for Information Interchange) is a 7-bit character set that contains characters from 0 to 127

Assetnote

Wordlists that are up to date and effective against the most popular technologies on the internet

Audacity

Audio editor for Windows, Mac or Linux

Autopsy

Autopsy is the premier end-to-end open source digital forensics platform

Beef

The Browser Exploitation Framework Project

Bettercap

Framework to perform MITM (Man in the Middle) attacks

Binary Ninja

A New Type of Reversing Platform

Binutils

This is in most linux distributions default, but still it's important to know the tools. So check out the link! This is etc where strings, objdump is from.

Binwalk

Firmware (and arbitrary file) analysis tool

Binwalk (Extract all)

binwalk --dd='.*' <filename>

Bitcoin explorer

Bitcoin explorer - Block viewer, Transaction viewer, Universal search, Raw transaction interpreter, Raw block interpreter

Boomerang

Decompiler x86 (IA-32 only), PPC, ST20 files like ELF, PE, DOS MZ, DOS/4GW LE, Mach-O to high-level language output C

Burp Suite CE

Web application security testing, intercept, replay, inject

Cardpeek

Cardpeek is a Linux/Windows/Mac OS X tool to read the contents of ISO7816 smart cards. It features a GTK GUI to represent card data in a tree view, and is extendable with a scripting language (LUA)

CFF Explorer

Full support for PE32/64, process viewer, .NET, rebuilder, hex, import adder, signature scanner, signature manager, extension support, scripting, disassembler, dependency walker

Cheat-engine

Cheat Engine. A development environment focused on modding. Wont recommend it due to suspicious addsense usage but a good starting point for editing live memory space on windows.

Check dns intercept

dig +short which.opendns.com txt @208.67.220.220

Checksec.sh

Checksec is a bash script to check the properties of executables (like PIE, RELRO, Canaries, ASLR, Fortify Source)

CiLocks

Crack Interface lockscreen, Metasploit and More Android/IOS Hacking

Ciphers & Codes

A page dedicated to simple text manipulation tools, which all can be replicated with just paper and pencil

Ciphey

Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes

Clean email list

sed 's/[ ]*$//' < emails.txt | tr 'A-Z' 'a-z' | sort | uniq > emails-scrubbed.txt

Cmd5

Yet another site to decrypt hashes they also claim to brute force it within 5 days if it's not in their DB?

CMSmap

Python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs

Commix

Commix (short for [comm]and [i]njection e[x]ploiter) is an open source penetration testing tool

CrackStation

Crack known hashes LM, NTLM, md2, md4, md5, md5(md5_hex), md5-half, sha1, sha224, sha256, sha384, sha512, ripeMD160, whirlpool, MySQL 4.1+

Creddump

Python tool to extract various credentials and secrets from Windows registry hives

Cross-Site Scripting

Cross-Site Scripting (XSS) - Good cheat sheet over many options

Crt.sh

Certificate enumeration tool

Cryptii

Web app offering modular conversion, encoding and encryption online. Translations are done in the browser without any server interaction. Very handy CTF tool!

CTFCrackTools

China's first CTFTools framework (Use at your own risk hahah)

Ctf_import

Small library that allows you to run basic functions from stripped binaries cross platform

CyberChef

The best online tool for analysing and decoding data

De4js

JavaScript Deobfuscator and Unpacker

Default-passwords 1

List of default passwords for many vendors. Always use multiple sites to gather default passwords.

Default-passwords 2

Default Passwords cheatsheet by CIRT

DefaultCreds

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password

Dex2jar

Android decompiler dex and class files from apk

Dirb

DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects

Dirbuster

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers

Dirsearch

Web path scanner

Dirstalk

Dirstalk is a multi threaded application designed to brute force paths on web servers

Dirtycow

Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the Linux Kernel (Old exploit) 2.6.22 and below

DKScan

Danish frequencies for all known services and bands. This might be outdated and also TXT document. You can refer to their site, this is just a backup. www.dkscan.dk

Dllinjector

Implement various DLL injection techniques that work across multiple Windows versions

Dns-black-cat

Multi platform toolkit for an interactive DNS shell commands exfiltration

DNSSec Analyzer

Enter a domain name to be tested for dnssec virification

Docker

Docker Engine is the industry’s de facto container runtime that runs on various Linux (CentOS, Debian, Fedora, Oracle Linux, RHEL, SUSE, and Ubuntu) and Windows Server operating systems images

Dsniff

Dsniff is a collection of tools for network auditing and penetration testing

DumpIt

Windows Utility is used to generate a physical memory dump of Windows machines. It works with both x86 (32-bits) and x64 (64-bits) machines.

Dumpzilla

Dumpzilla application is developed in Python 3.x and has as purpose extract all forensic interesting information of Firefox, Iceweasel and Seamonkey browsers to be analyzed.

Dvcs-ripper

Rip web accessible (distributed) version control systems: SVN, GIT, Mercurial/hg, bzr etc.

EML Header Analyzer

E-Mail (EML) Header Analyzer can analyze e-mail header lines and print out the Received lines separately and clearly

ETH-block-by-date

Get Ethereum block number by a given date. Or blocks by a given period duration. Works well with Web3 node js.

Etherblob-explorer

Search and extract blob files on the Ethereum Blockchain network

Ettercap

Ettercap is a comprehensive suite for man in the middle attacks

Exiftool

reading, writing and editing meta information in a wide variety of files

Exploit-db

Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software

Extundelete

Utility that can recover deleted files from an ext3 or ext4 partition

FCC Freq Alloc

FCC Online table of Frequency Allocations. This is a PDF. HAndy way to see whats allocated to what in the USA. Only gives an idea of the range not the direct frequency.

Fcrackzip

A braindead program for cracking encrypted ZIP archives

Featherduster

For breaking crypto; It tries to make the process of identifying and exploiting weak cryptosystems as easy as possible

Ffmpeg

A complete, cross-platform solution to analyse, record, convert and stream audio and video

Ffuf

Fast web fuzzer written in Go

File

Attempt to classify any file

Files >500M <1G

find / -type f -size +500M -size -1G

FireEye Redline

Redline, FireEye's premier free endpoint security tool, provides host investigative capabilities to users to find signs of malicious activity through physical raw memory dump and file analysis

Foremost

Finds stuff in binary files and recover it

FTK Imager

Obtaining forensic images of computer data, without making changes to the original evidence. Works with many file systems and virtual image types

GDB

GDB, the GNU Project debugger, allows you to see what is going on `inside' another program while it executes

GEF

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers

GHDB

Google Hacking Database (GHDB) is a compendium of Google hacking search terms that have been found to reveal sensitive data exposed by vulnerable servers and web applications

Ghidra

A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission

GIMP

The Free & Open Source Image Editor

GNU Radio

GNU Radio is a free & open-source software development toolkit that provides signal processing blocks to implement software radios. (HackRF, BladeRF, USRP, RTL-SDR)

Go-ethereum

Official Go implementation of the Ethereum protocol. Quick way to download block data via geth.

Gobuster

tool used to brute-force URIs, DNS, Virtual Host, Open Amazon S3 buckets

Gobuster dir+session

gobuster dir -u http://<ip_host> -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php -c PHPSESSID=<session_value>

Gps-sdr-sim

Software-Defined GPS Signal Simulator

Gqrx SDR

Gqrx is an open source software defined radio receiver (SDR) Airspy, Funcube Dongles, rtl-sdr, HackRF and USRP devices

Gqrx-scanner

A frequency scanner for Gqrx Software Defined Radio receiver. Scan ranges, bookmarks, filter on tags as well. Very handy tool to remote control your gqrx software.

Grep

Print lines that match patterns

Grep (PNG offset)

grep -oba PNG <binary file>

Grep ext <3

grep -r -i --include=\*.{php,cpp,txt} "search string" .

Hackingtool

ALL IN ONE Hacking Tool For Hackers (It's okay and works but i would use it just a yey an option for a tool)

Hashcat

World’s fastest and most advanced password recovery tool. CPU/GPU brute forcing

Hashes.com

Decrypt MD5, SHA1, MySQL, NTLM, SHA256, SHA512 hashes

Hash_extender

Hash length extension attack

Haveibeenpwned

Useful for breach enumeraton

Hetty

Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community

Hopper

Hopper Disassembler, the reverse engineering tool that lets you disassemble, decompile and debug your applications

Hunter.io

Email enumeration tool

HxD

Fast hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size

Hydra

Parallelized login cracker which supports numerous protocols to attack

IDA Pro

A powerful disassembler and a versatile debugger

ILSpy

ILSpy is the open-source .NET assembly browser and decompiler

Imagemagick

Create, edit, compose, or convert digital image

IPED

Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence

Ipleak

Quick way to detect if your VPN is WebRTC or DNS leaking

JD-GUI

Standalone graphical utility that displays Java source codes of “.class” files. Java class files.

John

Enhanced, "jumbo" version of John the Ripper supports hundreds of hash and cipher types

Jpexs

Opensource flash SWF decompiler and editor. Extract resources, convert SWF to FLA

Jsdetox

Javascript malware analysis tool using static analysis / deobfuscation techniques

Jsnice

Online tool to make even obfuscated JavaScript code readable

JStillery

Advanced JS Deobfuscation via Partial Evaluation

Kali Linux

Open-source, Debian-based Linux distribution geared towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering

Kali Wordlists

These are some of the included wordlists in Kali for easy access

King-phisher

Phishing Campaign Toolkit

Kismet

Kismet is a wireless network and device detector, sniffer, wardriving tool, and WIDS (wireless intrusion detection) framework

Knock

Simple python port knocking client

Krakatau

Java decompiler, assembler, and disassembler

Last 30 changed files

find /search/path -type f -printf '%TY-%Tm-%Td %TT %p\n'|sort|tail -n 30

LibNFC

NFC tools that you need in order to read many known rfid cards

LinEnum

Best scripted local Linux enumeration & privilege escalation checks

LINQPad

LINQPad is not just for LINQ queries, but any C#/F#/VB expression, statement block or program

Lynis

Security tool for systems running Linux, macOS, or Unix-based system. Performs an extensive health scan of your systems to support system hardening and compliance testing

MalConfScan

Volatility plugin for extracts configuration data of known malware

MalShare

A free Malware repository providing researchers access to samples, malicious feeds, and Yara results

Maltego CE

Comprehensive tool for graphical link analyses (OSINT) that offers real-time data mining and information gathering, as well as the representation of this information on a node-based graph

Malzilla

Explore malicious webpages and view their code with Malzilla

Masscan

Internet-scale port scanner. It can scan the entire Internet in under 5 minutes, transmitting 10 million packets per second, from a single machine

Mdadm

mdadm is used to handle software raids on Linux. You can use this tool to create, build, assemble, rebuild, monitor any raid type on Linux. Dont forget the order of the disks is important when trying to assemble an already created raid array etc.

Mdadm create

mdadm --create /dev/md0 --level=5 --raid-devices=3 /dev/disk2 missing /dev/disk1

Mdadm loop

losetup loop1 raid-disk1.img

Metasploit

World’s most used penetration testing framework

Metasploit help

Somewhat extensive metasploit cheat sheet

Mfcuk

MiFare Classic Universal toolKit (MFCUK)

Mfoc

Mifare Classic Offline Cracker

Mitre - D3fend

A knowledge graph of cybersecurity countermeasures

Mitre - Groups

Groups are mapped to publicly reported technique use and original references are included. The information provided does not represent all possible technique use by Groups.

Mitre - Software

Software is a generic term for custom or commercial code, operating system utilities, open-source software, or other tools used to conduct behavior modeled in attacks

MP3Stego

Hide information in MP3 files during the compression process

Name-That-Hash

Don't know what type of hash it is? Name That Hash will name that hash type! Identify MD5, SHA256 and 300+ other hashes

Ncat

Ncat is a feature-packed networking utility which reads and writes data across networks from the command line. Ncat was written for the Nmap Project

Nessus Essentials

Vulnerability assessment solution for security practitioners. Scan, detect, report, fix exploits, EOL, Risks etc. Utilizing over 65000 CVEs in it's scans. Free version allow 16 ip's to be scanned as much as you want every 90 days.

Netcat

netcat (often abbreviated to nc) is a computer networking utility for reading from and writing to network connections using TCP or UDP

Netdiscover

Great tool to discover assets on your network active/passive ARP reconnaissance tool

NetworkMiner

Network Forensic Analysis Tool (NFAT) for Windows (but also works in Linux / Mac OS X / FreeBSD)

Nfc-list

nfc-list is part of libnfc and is a basic tool to detect rfid/nfc

Nikto

Nikto is not designed as a stealthy tool. It will test a web server in the quickest time possible, and is obvious in log files or to an IPS/IDS. 6700 potentially dangerous files/programs + more

Nipe

Easy way to make Tor your default Gateway, don't forget DNS leaking is still a thing

Nmap

Network Mapper is a utility for network discovery and security auditing

Nmap (Full scan/info)

nmap -sC -sV -T4 -oA initial <ip or host>

Nmap Cheatsheet

Reference guide for scanning networks with Nmap

One Time Pad

Online tool for playing with one-time pad ciphers

OneGadget

The best tool for finding one gadget RCE in libc.so.6

Onlinehashcrack

Cloud Password Recovery Services assisting cyber security experts. WPA / Office / iTunes / Archive / PDF / Password / Hashes

Open conn per IP

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

OpenSSL

OpenSSL is a robust, commercial-grade, full-featured Open Source Toolkit for the Transport Layer Security (TLS) protocol

OpenStego

Free steganography solution, providing both watermarking and hiding

OpenVAS Scanner

OpenVAS is a vulnerability scanner that was developed in response to the commercialization of Nessus

Ophcrack

Free Windows password cracker based on rainbow tables

OP_RETURN - PHP

BTC (Bitcoin) - Simple PHP commands and library for using bitcoin OP_RETURNs.

OP_RETURN - Py

BTC (Bitcoin) - Simple Python commands and library for using bitcoin OP_RETURNs

OSINT Framework

The OSINT Framework is a collection of ways to gather information on specific topics

Outguess

Universal steganographic tool

OWASP Cheat Sheets

OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics

Patchelf

A small utility to modify the dynamic linker and RPATH of ELF executables

PE Explorer

Open, view and edit a variety of different 32-bit Windows executable file types

PHP Obfuscator

Ever needed to obfuscate your php code to either compress it or hide it etc. This is a good online site for that.

PkCrack

Breaking PkZip-encryption ciphers

Pngcheck

Verifies the integrity of PNG, JNG and MNG files, optionally dump almost all of the chunk-level information in human-readable form

Postman

Postman is an API platform for building, testing and using APIs

Pupy

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

Pwninit

pwninit - automate starting binary exploit challenges.

Pwntools

CTF framework and exploit development library. Written in Python

QEMU

QEmu is a powerful generic and open source machine emulator and virtualizer. Can read raw images, img, iso, vmdk, vdi, vhdx, vpc, vm ware images and qcow + qcow2 + coop

Qemu-img

qemu-img allows you to create, convert and modify images offline. It can handle all image formats supported by QEMU. Raw images, img, iso, vmdk, vdi, vhdx, vpc, vm ware images and qcow + qcow2 + coop.

Qira

Competitor to strace and gdb

Quick web server

python -m SimpleHTTPServer

Quipqiup

An online tool for breaking substitution ciphers or vigenere ciphers (without key)

Raccoon

Offensive Security Tool for Reconnaissance and Information Gathering

Radare2

A free/libre toolchain for easing several low level tasks like forensics, software reverse engineering, exploiting, debugging, ...

Radio Spectrum

The radio spectrum is the part of the electromagnetic spectrum with frequencies from 30 Hz to 300 GHz. (Wiki page/link)

Rapidtables

RapidTables contains quick reference information and tools from conversion tables to calculations to text, web, electronic conversion tables. Very useful

Recon

Small little RCON suite by me!

Recon-cheatsheet

A okay nice cheatsheet for doing recon, found on DEF CON - 9221 twitter now hosted locally for keepsake :)

Recon-ct

CTRECON - Certificate Transparency Reconnaissance

Recon-ntoo

NTOORECON - Number To Operator Reconnaissance

Reconnoitre

A reconnaissance tool made for the OSCP labs to automate information gathering and service enumeration whilst creating a directory structure to store results, findings and exploits used for each host

Red-kube

Red Kube is a collection of kubectl commands written to evaluate the security posture of Kubernetes clusters from the attacker's perspective

Regex101

One of the best online regular expression test websites

ReNgine

reNgine is an automated reconnaissance framework for web applications it makes is easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

ResourcesExtract

Small utility that scans dll/ocx/exe files and extract all resources (bitmaps, icons, cursors, AVI movies, HTML files, and more...)

Reverse Shell

Payloads All The Things- Reverse Shell Cheatsheet

Reverse Shell #2

d4t4s3c - Reverse Shell Cheat Sheet

Robtex

Robtex is used for various kinds of research of IP numbers, Domain names, etc

Rootend

A *nix Enumerator & Auto Privilege Escalation tool

RsaCtfTool

RSA multi attacks tool : uncipher data from weak public key and try to recover private key

Rsatool

Calculates RSA (p, q, n, d, e) and RSA-CRT (dP, dQ, qInv) parameters given either two primes (p, q) or modulus and private exponent (n, d)

SDRSharp

SDR software for Airspy and RTL-SDR dongles and HackRF/AirSpy/USRP! The best Windows SDR software out there

Searchcode

Find real life code examples

Searchsploit

Command line search tool for Exploit-DB that also allows you to take a copy of Exploit Database with you, everywhere you go

Security-tools

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff

See desktop via ssh

xloadimage <(ssh USER@HOSTNAME DISPLAY=:0.0 import -window root png:-)

Shell ruler func

ruler() { for s in '....^....|' '1234567890'; do w=${#s}; str=$( for (( i=1; $i<=$(( ($COLUMNS + $w) / $w )) ; i=$i+1 )); do echo -n $s; done ); str=$( echo $str | cut -c -$COLUMNS) ; echo $str; done; }

Shellbags

Cross-platform, open-source shellbag parser of raw Windows Registry hive

Sherlock

Hunt down social media accounts by username and email across social networks

Shodan

Search Engine for the Internet of Everything. Very cool way to find services or hosts/devices of interest

Sift-workstation

Collection of free and open-source incident response and forensic tools designed to perform detailed digital forensic examinations in a variety of settings. It can match any current incident response and forensic tool suite

SigDigger

Qt-based digital signal analyzer, using Suscan core and Sigutils DSP library for hackrf and other sdr-rtl dongles

SigintOS

SigintOS as the name suggests, SIGINT is an improved Linux distribution for Signal Intelligence. (HackRF, BladeRF, USRP, RTL-SDR)

Silenteye

Cross-platform application design for an easy use of steganography, in this case hiding messages into pictures or sounds (JPEG, BMP, WAVE)

Skipfish

Web application security scanner created by lcamtuf for google

Skullsecurity

Password dictionaries and Leaked passwords

SmartDeblur

Tool for restoring defocused and blurred images

Sniffit

SniffIt is a Distribted Sniffer System, which allows users to capture network traffic from an unique machine using a graphical client application

Snow

Whitespace Steganography Tool

Social-analyzer

API, CLI & Web App for analysing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)

Spiderfoot

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

SQL Injections

Somewhat good SQL injections cheatsheet

Sqlmap

Open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws

Srihash

Generate SRI hashes for your script tags. Protect your web sites

Steganabara

Steganabara is a tool for stegano analysis (steganalysis). Steganabara has now matured and is very effective on visual steganos

Stegbreak

Launches brute-force dictionary attacks on JPG image

Stegdetect

Stegdetect is an automated tool for detecting steganographic content in images

Stegextract

Bash script to extract hidden files and strings from images

Steghide

A steganography program that is able to hide data in various kinds of image- and audio-files (JPEG, BMP, WAV and AU files)

Stego-toolkit

Collection of steganography tools - helps with CTF challenges

Stegseek

Lightning fast steghide cracker that can be used to extract hidden data from files

Strace

strace is a diagnostic, debugging and instructional userspace utility for Linux

Strings

Easy way to find sequences of printable characters in files

Sublist3r

Python tool designed to enumerate subdomains of websites using OSINT

Tcpdump

Powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture

Text Converter

Text Converter converts text to other encodings or other formats. Supported formats include Base64, Quoted-Printable, URL encoding, HTML encoding, various types of text conversion and formatting, as well as hash calculations

TheHarvester

Tool designed to be used in the early stages of penetration test or red team engagement. Use it for open source intelligence (OSINT) gathering (email/asn/dns/users/poeple/services)

Thor

SSH login brute force cracker

Tor Browser

Protect yourself against tracking, surveillance, and censorship. Always have the Tor browser installed, it's just a must :)

TrID

Utility designed to identify file types from their binary signatures

Truecrack

TrueCrack is a brute-force password cracker for TrueCrypt (Copyrigth) volumes (GPU support)

Tshark

World’s foremost and widely-used network protocol analyzer Wireshark (command-line)

Uncompyle2

A Python 2.7 byte-code decompiler, written in Python 2.7

Undocker

Go library and command line tool for decomposing docker images.

Unfurl

Unfurl takes a URL and expands ("unfurls") it into a directed graph, extracting every bit of information from the URL and exposing the obscured

Unicode Table

Unicode, formally the Unicode Standard, is an information technology standard for the consistent encoding, representation, and handling of text expressed in most of the world's writing systems

Unshadow

Tool combines the passwd and shadow files so John can use them

UPX

UPX - the Ultimate Packer for eXecutables

URH

Universal Radio Hacker (URH) is a complete suite for wireless protocol investigation with native support for many common Software Defined Radios

URLsniffer

Simple URL sniffer using Python and Scapy

Usbrip

Simple forensics tool with command line interface that lets you keep track of USB device artifacts

V0lt

(outdated) Security CTF, Python style. Making CFT scripting easy in python

Vbox-img

vbox-img allows you to create, convert and modify images offline. It can handle all image formats supported by QEMU. Raw images, img, iso, vmdk, vdi, vhdx, vpc, vm ware images and qcow + qcow2 + coop.

Vigenere

online tool breaks Vigenere ciphers without knowing the key

VIM Cheatsheet

Very nice and cool vIM cheatsheet :)

VIM Cheatsheet 2

Just another vIM cheatsheet, this one is easier to read on your eyes :)

VirtualBox

VirtualBox is a powerful x86 and AMD64/Intel64 virtualization product for enterprise as well as home use. Can read raw images, img, iso, vmdk, vdi, vhdx, vpc, vm ware images and qemu qcow - qcow2

VirusTotal

Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community

Volatility

Volatility Framework (python2) - Volatile raw physical memory dump and sample extraction utility framework for volatile storage (RAM)

Volatility3

Volatility3 (python3) is the world's most widely used framework for extracting digital artifacts from volatile raw physical memory (RAM) dump and samples. The extraction techniques are performed completely independent of the system being investigated

VS Code

This is properly one of the most advanced editors out there today with great OS support and customization

W3af

Web application security scanner which helps developers and penetration testers identify and exploit vulnerabilities in their web applications

W3m <3

apt install w3m w3m-img w3m-el

Walletexplorer

Bitcoin block explorer with address grouping and wallet labeling

Web3.js

Ethereum JavaScript API.

Web3.py

A python interface for interacting with the Ethereum blockchain and ecosystem. Based on Web3.js

Wfuzz

Wfuzz has been created to facilitate the task in web applications assessments and it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload

WhatWeb

Next generation web scanner. WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices

WiFi Airodump

airmon-ng check kill && airodump-ng --band abg --gpsd --manufacturer --uptime --wps --write scan-`date +%s` wlan0

Wifiphisher

Wifiphisher is a rogue Access Point framework for conducting red team engagements or Wi-Fi security testing

WinDbg

The Windows Debugger (WinDbg) can be used to debug kernel-mode and user-mode code, analyze crash dumps, and examine the CPU registers while the code executes

Wireshark

World’s foremost and widely-used network protocol analyzer

Wireshark filter #1

frame contains "search for anything"

Wireshark filter #2

smb || nbns || dcerpc || nbss || dns

Wireshark filter #3

http.request or ssl.handshake.type == 1

Wireshark Filters

Wireshark cheatsheet on display filters - part 1

WL Compendium

WordList-Compendium - Personal compilation of wordlists & dictionaries for everything. Users, passwords, directories, files, vulnerabilities, fuzzing, injections, wordlists of tools, etc.

Wordpress brute #1

hydra -V -l <wordlist> -p 123 <ip_host> http-post-form '/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log+In:F=Invalid Username'

Wpscan

WordPress security scanner. Written for security professionals and blog maintainers to test the security of their Wordpress

Xocopy

xocopy is a program that can copy executables with execute, but no read permission. It has been tested on FreeBSD and Linux kernels 2.[246].x

Xor-files

xor-files -r broken-disk3.img raid-disk1.img raid-disk2.img

XorFiles

Raid 5 - restore disks from other raid disks via XOR operation. Note this is just a simple xor between two files.

Xortool

XOR analysis, guess the key length or key

XSSer

Cross Site Scripter (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications

Xxxswf

Python script for carving, scanning, compressing, decompressing and analyzing Flash SWF files. The script can be used on an individual SWF, single SWF or multiple SWFs embedded in a file stream.

Yersinia

Attack various protocols on layer 2

Zmap

An open-source network scanner

Zsteg

Detect stegano-hidden data in PNG & BMP