L00king for a tool / link / command? Find it here ... by {THUGS}
| Tool name | Tags | Description | |
|---|---|---|---|
Bettercap |
Framework to perform MITM (Man in the Middle) attacks |
|
|
Yersinia |
Attack various protocols on layer 2 |
|
|
Featherduster |
For breaking crypto; It tries to make the process of identifying and exploiting weak cryptosystems as easy as possible |
|
|
CrackStation |
Crack known hashes LM, NTLM, md2, md4, md5, md5(md5_hex), md5-half, sha1, sha224, sha256, sha384, sha512, ripeMD160, whirlpool, MySQL 4.1+ |
|
|
Hashes.com |
Decrypt MD5, SHA1, MySQL, NTLM, SHA256, SHA512 hashes |
|
|
Hash_extender |
Hash length extension attack |
|
|
PkCrack |
Breaking PkZip-encryption ciphers |
|
|
RsaCtfTool |
RSA multi attacks tool : uncipher data from weak public key and try to recover private key |
|
|
Rsatool |
Calculates RSA (p, q, n, d, e) and RSA-CRT (dP, dQ, qInv) parameters given either two primes (p, q) or modulus and private exponent (n, d) |
|
|
Hashcat |
World’s fastest and most advanced password recovery tool. CPU/GPU brute forcing |
|
|
Metasploit |
World’s most used penetration testing framework |
|
|
Pwntools |
CTF framework and exploit development library. Written in Python |
|
|
Aircrack-ng |
Complete suite to assess WiFi network security (replay attacks, deauth, fakeap and packet injection etc) Cracking: WEP and WPA PSK (WPA 1 and 2) |
|
|
Commix |
Commix (short for [comm]and [i]njection e[x]ploiter) is an open source penetration testing tool |
|
|
Sqlmap |
Open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws |
|
|
W3af |
Web application security scanner which helps developers and penetration testers identify and exploit vulnerabilities in their web applications |
|
|
XSSer |
Cross Site Scripter (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications |
|
|
Reverse Shell |
Payloads All The Things- Reverse Shell Cheatsheet |
|
|
Reverse Shell #2 |
d4t4s3c - Reverse Shell Cheat Sheet |
|
|
Hydra |
Parallelized login cracker which supports numerous protocols to attack |
|
|
Searchsploit |
Command line search tool for Exploit-DB that also allows you to take a copy of Exploit Database with you, everywhere you go |
|
|
Wordpress brute #1 |
hydra -V -l <wordlist> -p 123 <ip_host> http-post-form '/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log+In:F=Invalid Username' |
|
|
Dirtycow |
Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the Linux Kernel (Old exploit) 2.6.22 and below |
|
|
Reconnoitre |
A reconnaissance tool made for the OSCP labs to automate information gathering and service enumeration whilst creating a directory structure to store results, findings and exploits used for each host |
|
|
DefaultCreds |
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password |
|
|
Cross-Site Scripting |
Cross-Site Scripting (XSS) - Good cheat sheet over many options |
|
|
SQL Injections |
Somewhat good SQL injections cheatsheet |
|
|
Default-passwords 2 |
Default Passwords cheatsheet by CIRT |
|
|
Default-passwords 1 |
List of default passwords for many vendors. Always use multiple sites to gather default passwords. |
|
|
CMSmap |
Python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs |
|
|
Recon-ct |
CTRECON - Certificate Transparency Reconnaissance |
|
|
Recon-ntoo |
NTOORECON - Number To Operator Reconnaissance |
|
|
Recon |
Small little RCON suite by me! |
|
|
Beef |
The Browser Exploitation Framework Project |
|
|
Ettercap |
Ettercap is a comprehensive suite for man in the middle attacks |
|
|
Wifiphisher |
Wifiphisher is a rogue Access Point framework for conducting red team engagements or Wi-Fi security testing |
|
|
Rootend |
A *nix Enumerator & Auto Privilege Escalation tool |
|
|
Dns-black-cat |
Multi platform toolkit for an interactive DNS shell commands exfiltration |
|
|
LinEnum |
Best scripted local Linux enumeration & privilege escalation checks |
|
|
CiLocks |
Crack Interface lockscreen, Metasploit and More Android/IOS Hacking |
|
|
Red-kube |
Red Kube is a collection of kubectl commands written to evaluate the security posture of Kubernetes clusters from the attacker's perspective |
|
|
Wpscan |
WordPress security scanner. Written for security professionals and blog maintainers to test the security of their Wordpress |
|
|
Skipfish |
Web application security scanner created by lcamtuf for google |
|
|
King-phisher |
Phishing Campaign Toolkit |
|
|
Truecrack |
TrueCrack is a brute-force password cracker for TrueCrypt (Copyrigth) volumes (GPU support) |
|
|
Exploit-db |
Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software |
|
|
Dsniff |
Dsniff is a collection of tools for network auditing and penetration testing |
|
|
Kismet |
Kismet is a wireless network and device detector, sniffer, wardriving tool, and WIDS (wireless intrusion detection) framework |
|
|
Gps-sdr-sim |
Software-Defined GPS Signal Simulator |
|
|
Hackingtool |
ALL IN ONE Hacking Tool For Hackers (It's okay and works but i would use it just a yey an option for a tool) |
|
|
Nessus Essentials |
Vulnerability assessment solution for security practitioners. Scan, detect, report, fix exploits, EOL, Risks etc. Utilizing over 65000 CVEs in it's scans. Free version allow 16 ip's to be scanned as much as you want every 90 days. |
|
|
Pupy |
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python |
|