L00king for a tool / link / command? Find it here ... by {THUGS}

Tool name Tags Description

Aircrack-ng

Complete suite to assess WiFi network security (replay attacks, deauth, fakeap and packet injection etc) Cracking: WEP and WPA PSK (WPA 1 and 2)

LINK

Androguard

Full python tool to play with Android files DEX, ODEX and APK

LINK

AperiSolve

Online platform which performs layer analysis on images also uses zsteg, steghide, outguess, exiftool, binwalk, foremost and strings for deeper steganography analysis

LINK

Apktool

Reverse engineering Android apk files

LINK

Apple Disk Copy

7z x apple-disk-image.dmg

ASCII <3

man ascii

ASCII ANSI Table

ASCII (American Standard Code for Information Interchange) is a 7-bit character set that contains characters from 0 to 127

LINK

Assetnote

Wordlists that are up to date and effective against the most popular technologies on the internet

LINK

Audacity

Audio editor for Windows, Mac or Linux

LINK

Autopsy

Autopsy is the premier end-to-end open source digital forensics platform

LINK

Beef

The Browser Exploitation Framework Project

LINK

Bettercap

Framework to perform MITM (Man in the Middle) attacks

LINK

Binary Ninja

A New Type of Reversing Platform

LINK

Binutils

This is in most linux distributions default, but still it's important to know the tools. So check out the link! This is etc where strings, objdump is from.

LINK

Binwalk

Firmware (and arbitrary file) analysis tool

LINK

Binwalk (Extract all)

binwalk --dd='.*' <filename>

Bitcoin explorer

Bitcoin explorer - Block viewer, Transaction viewer, Universal search, Raw transaction interpreter, Raw block interpreter

LINK

Boomerang

Decompiler x86 (IA-32 only), PPC, ST20 files like ELF, PE, DOS MZ, DOS/4GW LE, Mach-O to high-level language output C

LINK

Burp Suite CE

Web application security testing, intercept, replay, inject

LINK

Cardpeek

Cardpeek is a Linux/Windows/Mac OS X tool to read the contents of ISO7816 smart cards. It features a GTK GUI to represent card data in a tree view, and is extendable with a scripting language (LUA)

LINK

CFF Explorer

Full support for PE32/64, process viewer, .NET, rebuilder, hex, import adder, signature scanner, signature manager, extension support, scripting, disassembler, dependency walker

LINK

Cheat-engine

Cheat Engine. A development environment focused on modding. Wont recommend it due to suspicious addsense usage but a good starting point for editing live memory space on windows.

LINK

Check dns intercept

dig +short which.opendns.com txt @208.67.220.220

Checksec.sh

Checksec is a bash script to check the properties of executables (like PIE, RELRO, Canaries, ASLR, Fortify Source)

LINK

CiLocks

Crack Interface lockscreen, Metasploit and More Android/IOS Hacking

LINK

Ciphers & Codes

A page dedicated to simple text manipulation tools, which all can be replicated with just paper and pencil

LINK

Ciphey

Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes

LINK

Clean email list

sed 's/[ ]*$//' < emails.txt | tr 'A-Z' 'a-z' | sort | uniq > emails-scrubbed.txt

Cmd5

Yet another site to decrypt hashes they also claim to brute force it within 5 days if it's not in their DB?

LINK

CMSmap

Python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs

LINK

Commix

Commix (short for [comm]and [i]njection e[x]ploiter) is an open source penetration testing tool

LINK

CrackStation

Crack known hashes LM, NTLM, md2, md4, md5, md5(md5_hex), md5-half, sha1, sha224, sha256, sha384, sha512, ripeMD160, whirlpool, MySQL 4.1+

LINK

Creddump

Python tool to extract various credentials and secrets from Windows registry hives

LINK

Cross-Site Scripting

Cross-Site Scripting (XSS) - Good cheat sheet over many options

LINK

Crt.sh

Certificate enumeration tool

LINK

Cryptii

Web app offering modular conversion, encoding and encryption online. Translations are done in the browser without any server interaction. Very handy CTF tool!

LINK

CTFCrackTools

China's first CTFTools framework (Use at your own risk hahah)

LINK

Ctf_import

Small library that allows you to run basic functions from stripped binaries cross platform

LINK

CyberChef

The best online tool for analysing and decoding data

LINK

De4js

JavaScript Deobfuscator and Unpacker

LINK

Default-passwords 1

List of default passwords for many vendors. Always use multiple sites to gather default passwords.

LINK

Default-passwords 2

Default Passwords cheatsheet by CIRT

LINK

DefaultCreds

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password

LINK

Dex2jar

Android decompiler dex and class files from apk

LINK

Dirb

DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects

LINK

Dirbuster

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers

LINK

Dirsearch

Web path scanner

LINK

Dirstalk

Dirstalk is a multi threaded application designed to brute force paths on web servers

LINK

Dirtycow

Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the Linux Kernel (Old exploit) 2.6.22 and below

LINK

DKScan

Danish frequencies for all known services and bands. This might be outdated and also TXT document. You can refer to their site, this is just a backup. www.dkscan.dk

LINK

Dllinjector

Implement various DLL injection techniques that work across multiple Windows versions

LINK

Dns-black-cat

Multi platform toolkit for an interactive DNS shell commands exfiltration

LINK

DNSSec Analyzer

Enter a domain name to be tested for dnssec virification

LINK

Docker

Docker Engine is the industry’s de facto container runtime that runs on various Linux (CentOS, Debian, Fedora, Oracle Linux, RHEL, SUSE, and Ubuntu) and Windows Server operating systems images

LINK

Dsniff

Dsniff is a collection of tools for network auditing and penetration testing

LINK

DumpIt

Windows Utility is used to generate a physical memory dump of Windows machines. It works with both x86 (32-bits) and x64 (64-bits) machines.

LINK

Dumpzilla

Dumpzilla application is developed in Python 3.x and has as purpose extract all forensic interesting information of Firefox, Iceweasel and Seamonkey browsers to be analyzed.

LINK

Dvcs-ripper

Rip web accessible (distributed) version control systems: SVN, GIT, Mercurial/hg, bzr etc.

LINK

EML Header Analyzer

E-Mail (EML) Header Analyzer can analyze e-mail header lines and print out the Received lines separately and clearly

LINK

ETH-block-by-date

Get Ethereum block number by a given date. Or blocks by a given period duration. Works well with Web3 node js.

LINK

Etherblob-explorer

Search and extract blob files on the Ethereum Blockchain network

LINK

Ettercap

Ettercap is a comprehensive suite for man in the middle attacks

LINK

Exiftool

reading, writing and editing meta information in a wide variety of files

LINK

Exploit-db

Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software

LINK

Extundelete

Utility that can recover deleted files from an ext3 or ext4 partition

LINK

FCC Freq Alloc

FCC Online table of Frequency Allocations. This is a PDF. HAndy way to see whats allocated to what in the USA. Only gives an idea of the range not the direct frequency.

LINK

Fcrackzip

A braindead program for cracking encrypted ZIP archives

LINK

Featherduster

For breaking crypto; It tries to make the process of identifying and exploiting weak cryptosystems as easy as possible

LINK

Ffmpeg

A complete, cross-platform solution to analyse, record, convert and stream audio and video

LINK

Ffuf

Fast web fuzzer written in Go

LINK

File

Attempt to classify any file

LINK

Files >500M <1G

find / -type f -size +500M -size -1G

FireEye Redline

Redline, FireEye's premier free endpoint security tool, provides host investigative capabilities to users to find signs of malicious activity through physical raw memory dump and file analysis

LINK

Foremost

Finds stuff in binary files and recover it

LINK

FTK Imager

Obtaining forensic images of computer data, without making changes to the original evidence. Works with many file systems and virtual image types

LINK

GDB

GDB, the GNU Project debugger, allows you to see what is going on `inside' another program while it executes

LINK

GEF

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers

LINK

GHDB

Google Hacking Database (GHDB) is a compendium of Google hacking search terms that have been found to reveal sensitive data exposed by vulnerable servers and web applications

LINK

Ghidra

A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission

LINK

GIMP

The Free & Open Source Image Editor

LINK

GNU Radio

GNU Radio is a free & open-source software development toolkit that provides signal processing blocks to implement software radios. (HackRF, BladeRF, USRP, RTL-SDR)

LINK

Go-ethereum

Official Go implementation of the Ethereum protocol. Quick way to download block data via geth.

LINK

Gobuster

tool used to brute-force URIs, DNS, Virtual Host, Open Amazon S3 buckets

LINK

Gobuster dir+session

gobuster dir -u http://<ip_host> -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php -c PHPSESSID=<session_value>

Gps-sdr-sim

Software-Defined GPS Signal Simulator

LINK

Gqrx SDR

Gqrx is an open source software defined radio receiver (SDR) Airspy, Funcube Dongles, rtl-sdr, HackRF and USRP devices

LINK

Gqrx-scanner

A frequency scanner for Gqrx Software Defined Radio receiver. Scan ranges, bookmarks, filter on tags as well. Very handy tool to remote control your gqrx software.

LINK

Grep

Print lines that match patterns

LINK

Grep (PNG offset)

grep -oba PNG <binary file>

Grep ext <3

grep -r -i --include=\*.{php,cpp,txt} "search string" .

Hackingtool

ALL IN ONE Hacking Tool For Hackers (It's okay and works but i would use it just a yey an option for a tool)

LINK

Hashcat

World’s fastest and most advanced password recovery tool. CPU/GPU brute forcing

LINK

Hashes.com

Decrypt MD5, SHA1, MySQL, NTLM, SHA256, SHA512 hashes

LINK

Hash_extender

Hash length extension attack

LINK

Haveibeenpwned

Useful for breach enumeraton

LINK

Hetty

Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community

LINK

Hopper

Hopper Disassembler, the reverse engineering tool that lets you disassemble, decompile and debug your applications

LINK

Hunter.io

Email enumeration tool

LINK

HxD

Fast hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size

LINK

Hydra

Parallelized login cracker which supports numerous protocols to attack

LINK

IDA Pro

A powerful disassembler and a versatile debugger

LINK

ILSpy

ILSpy is the open-source .NET assembly browser and decompiler

LINK

Imagemagick

Create, edit, compose, or convert digital image

LINK

IPED

Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence

LINK

Ipleak

Quick way to detect if your VPN is WebRTC or DNS leaking

LINK

JD-GUI

Standalone graphical utility that displays Java source codes of “.class” files. Java class files.

LINK

John

Enhanced, "jumbo" version of John the Ripper supports hundreds of hash and cipher types

LINK

Jpexs

Opensource flash SWF decompiler and editor. Extract resources, convert SWF to FLA

LINK

Jsdetox

Javascript malware analysis tool using static analysis / deobfuscation techniques

LINK

Jsnice

Online tool to make even obfuscated JavaScript code readable

LINK

JStillery

Advanced JS Deobfuscation via Partial Evaluation

LINK

Kali Linux

Open-source, Debian-based Linux distribution geared towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering

LINK

Kali Wordlists

These are some of the included wordlists in Kali for easy access

LINK

King-phisher

Phishing Campaign Toolkit

LINK

Kismet

Kismet is a wireless network and device detector, sniffer, wardriving tool, and WIDS (wireless intrusion detection) framework

LINK

Knock

Simple python port knocking client

LINK

Krakatau

Java decompiler, assembler, and disassembler

LINK

Last 30 changed files

find /search/path -type f -printf '%TY-%Tm-%Td %TT %p\n'|sort|tail -n 30

LibNFC

NFC tools that you need in order to read many known rfid cards

LINK

LinEnum

Best scripted local Linux enumeration & privilege escalation checks

LINK

LINQPad

LINQPad is not just for LINQ queries, but any C#/F#/VB expression, statement block or program

LINK

Lynis

Security tool for systems running Linux, macOS, or Unix-based system. Performs an extensive health scan of your systems to support system hardening and compliance testing

LINK

MalConfScan

Volatility plugin for extracts configuration data of known malware

LINK

MalShare

A free Malware repository providing researchers access to samples, malicious feeds, and Yara results

LINK

Maltego CE

Comprehensive tool for graphical link analyses (OSINT) that offers real-time data mining and information gathering, as well as the representation of this information on a node-based graph

LINK

Malzilla

Explore malicious webpages and view their code with Malzilla

LINK

Masscan

Internet-scale port scanner. It can scan the entire Internet in under 5 minutes, transmitting 10 million packets per second, from a single machine

LINK

Mdadm

mdadm is used to handle software raids on Linux. You can use this tool to create, build, assemble, rebuild, monitor any raid type on Linux. Dont forget the order of the disks is important when trying to assemble an already created raid array etc.

LINK

Mdadm create

mdadm --create /dev/md0 --level=5 --raid-devices=3 /dev/disk2 missing /dev/disk1

Mdadm loop

losetup loop1 raid-disk1.img

Metasploit

World’s most used penetration testing framework

LINK

Metasploit help

Somewhat extensive metasploit cheat sheet

LINK

Mfcuk

MiFare Classic Universal toolKit (MFCUK)

LINK

Mfoc

Mifare Classic Offline Cracker

LINK

Mitre - D3fend

A knowledge graph of cybersecurity countermeasures

LINK

Mitre - Groups

Groups are mapped to publicly reported technique use and original references are included. The information provided does not represent all possible technique use by Groups.

LINK

Mitre - Software

Software is a generic term for custom or commercial code, operating system utilities, open-source software, or other tools used to conduct behavior modeled in attacks

LINK

MP3Stego

Hide information in MP3 files during the compression process

LINK

Name-That-Hash

Don't know what type of hash it is? Name That Hash will name that hash type! Identify MD5, SHA256 and 300+ other hashes

LINK

Ncat

Ncat is a feature-packed networking utility which reads and writes data across networks from the command line. Ncat was written for the Nmap Project

LINK

Nessus Essentials

Vulnerability assessment solution for security practitioners. Scan, detect, report, fix exploits, EOL, Risks etc. Utilizing over 65000 CVEs in it's scans. Free version allow 16 ip's to be scanned as much as you want every 90 days.

LINK

Netcat

netcat (often abbreviated to nc) is a computer networking utility for reading from and writing to network connections using TCP or UDP

LINK

Netdiscover

Great tool to discover assets on your network active/passive ARP reconnaissance tool

LINK

NetworkMiner

Network Forensic Analysis Tool (NFAT) for Windows (but also works in Linux / Mac OS X / FreeBSD)

LINK

Nfc-list

nfc-list is part of libnfc and is a basic tool to detect rfid/nfc

LINK

Nikto

Nikto is not designed as a stealthy tool. It will test a web server in the quickest time possible, and is obvious in log files or to an IPS/IDS. 6700 potentially dangerous files/programs + more

LINK

Nipe

Easy way to make Tor your default Gateway, don't forget DNS leaking is still a thing

LINK

Nmap

Network Mapper is a utility for network discovery and security auditing

LINK

Nmap (Full scan/info)

nmap -sC -sV -T4 -oA initial <ip or host>

Nmap Cheatsheet

Reference guide for scanning networks with Nmap

LINK

One Time Pad

Online tool for playing with one-time pad ciphers

LINK

OneGadget

The best tool for finding one gadget RCE in libc.so.6

LINK

Onlinehashcrack

Cloud Password Recovery Services assisting cyber security experts. WPA / Office / iTunes / Archive / PDF / Password / Hashes

LINK

Open conn per IP

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

OpenSSL

OpenSSL is a robust, commercial-grade, full-featured Open Source Toolkit for the Transport Layer Security (TLS) protocol

LINK

OpenStego

Free steganography solution, providing both watermarking and hiding

LINK

OpenVAS Scanner

OpenVAS is a vulnerability scanner that was developed in response to the commercialization of Nessus

LINK

Ophcrack

Free Windows password cracker based on rainbow tables

LINK

OP_RETURN - PHP

BTC (Bitcoin) - Simple PHP commands and library for using bitcoin OP_RETURNs.

LINK

OP_RETURN - Py

BTC (Bitcoin) - Simple Python commands and library for using bitcoin OP_RETURNs

LINK

OSINT Framework

The OSINT Framework is a collection of ways to gather information on specific topics

LINK

Outguess

Universal steganographic tool

LINK

OWASP Cheat Sheets

OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics

LINK

Patchelf

A small utility to modify the dynamic linker and RPATH of ELF executables

LINK

PE Explorer

Open, view and edit a variety of different 32-bit Windows executable file types

LINK

PHP Obfuscator

Ever needed to obfuscate your php code to either compress it or hide it etc. This is a good online site for that.

LINK

PkCrack

Breaking PkZip-encryption ciphers

LINK

Pngcheck

Verifies the integrity of PNG, JNG and MNG files, optionally dump almost all of the chunk-level information in human-readable form

LINK

Postman

Postman is an API platform for building, testing and using APIs

LINK

Pupy

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

LINK

Pwninit

pwninit - automate starting binary exploit challenges.

LINK

Pwntools

CTF framework and exploit development library. Written in Python

LINK

QEMU

QEmu is a powerful generic and open source machine emulator and virtualizer. Can read raw images, img, iso, vmdk, vdi, vhdx, vpc, vm ware images and qcow + qcow2 + coop

LINK

Qemu-img

qemu-img allows you to create, convert and modify images offline. It can handle all image formats supported by QEMU. Raw images, img, iso, vmdk, vdi, vhdx, vpc, vm ware images and qcow + qcow2 + coop.

LINK

Qira

Competitor to strace and gdb

LINK

Quick web server

python -m SimpleHTTPServer

Quipqiup

An online tool for breaking substitution ciphers or vigenere ciphers (without key)

LINK

Raccoon

Offensive Security Tool for Reconnaissance and Information Gathering

LINK

Radare2

A free/libre toolchain for easing several low level tasks like forensics, software reverse engineering, exploiting, debugging, ...

LINK

Radio Spectrum

The radio spectrum is the part of the electromagnetic spectrum with frequencies from 30 Hz to 300 GHz. (Wiki page/link)

LINK

Rapidtables

RapidTables contains quick reference information and tools from conversion tables to calculations to text, web, electronic conversion tables. Very useful

LINK

Recon

Small little RCON suite by me!

LINK

Recon-cheatsheet

A okay nice cheatsheet for doing recon, found on DEF CON - 9221 twitter now hosted locally for keepsake :)

LINK

Recon-ct

CTRECON - Certificate Transparency Reconnaissance

LINK

Recon-ntoo

NTOORECON - Number To Operator Reconnaissance

LINK

Reconnoitre

A reconnaissance tool made for the OSCP labs to automate information gathering and service enumeration whilst creating a directory structure to store results, findings and exploits used for each host

LINK

Red-kube

Red Kube is a collection of kubectl commands written to evaluate the security posture of Kubernetes clusters from the attacker's perspective

LINK

Regex101

One of the best online regular expression test websites

LINK

ReNgine

reNgine is an automated reconnaissance framework for web applications it makes is easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

LINK

ResourcesExtract

Small utility that scans dll/ocx/exe files and extract all resources (bitmaps, icons, cursors, AVI movies, HTML files, and more...)

LINK

Reverse Shell

Payloads All The Things- Reverse Shell Cheatsheet

LINK

Reverse Shell #2

d4t4s3c - Reverse Shell Cheat Sheet

LINK

Robtex

Robtex is used for various kinds of research of IP numbers, Domain names, etc

LINK

Rootend

A *nix Enumerator & Auto Privilege Escalation tool

LINK

RsaCtfTool

RSA multi attacks tool : uncipher data from weak public key and try to recover private key

LINK

Rsatool

Calculates RSA (p, q, n, d, e) and RSA-CRT (dP, dQ, qInv) parameters given either two primes (p, q) or modulus and private exponent (n, d)

LINK

SDRSharp

SDR software for Airspy and RTL-SDR dongles and HackRF/AirSpy/USRP! The best Windows SDR software out there

LINK

Searchcode

Find real life code examples

LINK

Searchsploit

Command line search tool for Exploit-DB that also allows you to take a copy of Exploit Database with you, everywhere you go

LINK

Security-tools

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff

LINK

See desktop via ssh

xloadimage <(ssh USER@HOSTNAME DISPLAY=:0.0 import -window root png:-)

Shell ruler func

ruler() { for s in '....^....|' '1234567890'; do w=${#s}; str=$( for (( i=1; $i<=$(( ($COLUMNS + $w) / $w )) ; i=$i+1 )); do echo -n $s; done ); str=$( echo $str | cut -c -$COLUMNS) ; echo $str; done; }

Shellbags

Cross-platform, open-source shellbag parser of raw Windows Registry hive

LINK

Sherlock

Hunt down social media accounts by username and email across social networks

LINK

Shodan

Search Engine for the Internet of Everything. Very cool way to find services or hosts/devices of interest

LINK

Sift-workstation

Collection of free and open-source incident response and forensic tools designed to perform detailed digital forensic examinations in a variety of settings. It can match any current incident response and forensic tool suite

LINK

SigDigger

Qt-based digital signal analyzer, using Suscan core and Sigutils DSP library for hackrf and other sdr-rtl dongles

LINK

SigintOS

SigintOS as the name suggests, SIGINT is an improved Linux distribution for Signal Intelligence. (HackRF, BladeRF, USRP, RTL-SDR)

LINK

Silenteye

Cross-platform application design for an easy use of steganography, in this case hiding messages into pictures or sounds (JPEG, BMP, WAVE)

LINK

Skipfish

Web application security scanner created by lcamtuf for google

LINK

Skullsecurity

Password dictionaries and Leaked passwords

LINK

SmartDeblur

Tool for restoring defocused and blurred images

LINK

Sniffit

SniffIt is a Distribted Sniffer System, which allows users to capture network traffic from an unique machine using a graphical client application

LINK

Snow

Whitespace Steganography Tool

LINK

Social-analyzer

API, CLI & Web App for analysing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)

LINK

Spiderfoot

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

LINK

SQL Injections

Somewhat good SQL injections cheatsheet

LINK

Sqlmap

Open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws

LINK

Srihash

Generate SRI hashes for your script tags. Protect your web sites

LINK

Steganabara

Steganabara is a tool for stegano analysis (steganalysis). Steganabara has now matured and is very effective on visual steganos

LINK

Stegbreak

Launches brute-force dictionary attacks on JPG image

LINK

Stegdetect

Stegdetect is an automated tool for detecting steganographic content in images

LINK

Stegextract

Bash script to extract hidden files and strings from images

LINK

Steghide

A steganography program that is able to hide data in various kinds of image- and audio-files (JPEG, BMP, WAV and AU files)

LINK

Stego-toolkit

Collection of steganography tools - helps with CTF challenges

LINK

Stegseek

Lightning fast steghide cracker that can be used to extract hidden data from files

LINK

Strace

strace is a diagnostic, debugging and instructional userspace utility for Linux

LINK

Strings

Easy way to find sequences of printable characters in files

LINK

Sublist3r

Python tool designed to enumerate subdomains of websites using OSINT

LINK

Tcpdump

Powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture

LINK

Text Converter

Text Converter converts text to other encodings or other formats. Supported formats include Base64, Quoted-Printable, URL encoding, HTML encoding, various types of text conversion and formatting, as well as hash calculations

LINK

TheHarvester

Tool designed to be used in the early stages of penetration test or red team engagement. Use it for open source intelligence (OSINT) gathering (email/asn/dns/users/poeple/services)

LINK

Thor

SSH login brute force cracker

LINK

Tor Browser

Protect yourself against tracking, surveillance, and censorship. Always have the Tor browser installed, it's just a must :)

LINK

TrID

Utility designed to identify file types from their binary signatures

LINK

Truecrack

TrueCrack is a brute-force password cracker for TrueCrypt (Copyrigth) volumes (GPU support)

LINK

Tshark

World’s foremost and widely-used network protocol analyzer Wireshark (command-line)

LINK

Uncompyle2

A Python 2.7 byte-code decompiler, written in Python 2.7

LINK

Undocker

Go library and command line tool for decomposing docker images.

LINK

Unfurl

Unfurl takes a URL and expands ("unfurls") it into a directed graph, extracting every bit of information from the URL and exposing the obscured

LINK

Unicode Table

Unicode, formally the Unicode Standard, is an information technology standard for the consistent encoding, representation, and handling of text expressed in most of the world's writing systems

LINK

Unshadow

Tool combines the passwd and shadow files so John can use them

LINK

UPX

UPX - the Ultimate Packer for eXecutables

LINK

URH

Universal Radio Hacker (URH) is a complete suite for wireless protocol investigation with native support for many common Software Defined Radios

LINK

URLsniffer

Simple URL sniffer using Python and Scapy

LINK

Usbrip

Simple forensics tool with command line interface that lets you keep track of USB device artifacts

LINK

V0lt

(outdated) Security CTF, Python style. Making CFT scripting easy in python

LINK

Vbox-img

vbox-img allows you to create, convert and modify images offline. It can handle all image formats supported by QEMU. Raw images, img, iso, vmdk, vdi, vhdx, vpc, vm ware images and qcow + qcow2 + coop.

LINK

Vigenere

online tool breaks Vigenere ciphers without knowing the key

LINK

VIM Cheatsheet

Very nice and cool vIM cheatsheet :)

LINK

VIM Cheatsheet 2

Just another vIM cheatsheet, this one is easier to read on your eyes :)

LINK

VirtualBox

VirtualBox is a powerful x86 and AMD64/Intel64 virtualization product for enterprise as well as home use. Can read raw images, img, iso, vmdk, vdi, vhdx, vpc, vm ware images and qemu qcow - qcow2

LINK

VirusTotal

Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community

LINK

Volatility

Volatility Framework (python2) - Volatile raw physical memory dump and sample extraction utility framework for volatile storage (RAM)

LINK

Volatility3

Volatility3 (python3) is the world's most widely used framework for extracting digital artifacts from volatile raw physical memory (RAM) dump and samples. The extraction techniques are performed completely independent of the system being investigated

LINK

VS Code

This is properly one of the most advanced editors out there today with great OS support and customization

LINK

W3af

Web application security scanner which helps developers and penetration testers identify and exploit vulnerabilities in their web applications

LINK

W3m <3

apt install w3m w3m-img w3m-el

Walletexplorer

Bitcoin block explorer with address grouping and wallet labeling

LINK

Web3.js

Ethereum JavaScript API.

LINK

Web3.py

A python interface for interacting with the Ethereum blockchain and ecosystem. Based on Web3.js

LINK

Wfuzz

Wfuzz has been created to facilitate the task in web applications assessments and it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload

LINK

WhatWeb

Next generation web scanner. WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices

LINK

WiFi Airodump

airmon-ng check kill && airodump-ng --band abg --gpsd --manufacturer --uptime --wps --write scan-`date +%s` wlan0

Wifiphisher

Wifiphisher is a rogue Access Point framework for conducting red team engagements or Wi-Fi security testing

LINK

WinDbg

The Windows Debugger (WinDbg) can be used to debug kernel-mode and user-mode code, analyze crash dumps, and examine the CPU registers while the code executes

LINK

Wireshark

World’s foremost and widely-used network protocol analyzer

LINK

Wireshark filter #1

frame contains "search for anything"

Wireshark filter #2

smb || nbns || dcerpc || nbss || dns

Wireshark filter #3

http.request or ssl.handshake.type == 1

Wireshark Filters

Wireshark cheatsheet on display filters - part 1

LINK

WL Compendium

WordList-Compendium - Personal compilation of wordlists & dictionaries for everything. Users, passwords, directories, files, vulnerabilities, fuzzing, injections, wordlists of tools, etc.

LINK

Wordpress brute #1

hydra -V -l <wordlist> -p 123 <ip_host> http-post-form '/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log+In:F=Invalid Username'

Wpscan

WordPress security scanner. Written for security professionals and blog maintainers to test the security of their Wordpress

LINK

Xocopy

xocopy is a program that can copy executables with execute, but no read permission. It has been tested on FreeBSD and Linux kernels 2.[246].x

LINK

Xor-files

xor-files -r broken-disk3.img raid-disk1.img raid-disk2.img

XorFiles

Raid 5 - restore disks from other raid disks via XOR operation. Note this is just a simple xor between two files.

LINK

Xortool

XOR analysis, guess the key length or key

LINK

XSSer

Cross Site Scripter (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications

LINK

Xxxswf

Python script for carving, scanning, compressing, decompressing and analyzing Flash SWF files. The script can be used on an individual SWF, single SWF or multiple SWFs embedded in a file stream.

LINK

Yersinia

Attack various protocols on layer 2

LINK

Zmap

An open-source network scanner

LINK

Zsteg

Detect stegano-hidden data in PNG & BMP

LINK