L00king for a tool / link / command? Find it here ... by {THUGS}
| Tool name | Tags | Description | |
|---|---|---|---|
Malzilla |
Explore malicious webpages and view their code with Malzilla |
|
|
Nipe |
Easy way to make Tor your default Gateway, don't forget DNS leaking is still a thing |
|
|
Jsdetox |
Javascript malware analysis tool using static analysis / deobfuscation techniques |
|
|
JStillery |
Advanced JS Deobfuscation via Partial Evaluation |
|
|
De4js |
JavaScript Deobfuscator and Unpacker |
|
|
Burp Suite CE |
Web application security testing, intercept, replay, inject |
|
|
Commix |
Commix (short for [comm]and [i]njection e[x]ploiter) is an open source penetration testing tool |
|
|
Postman |
Postman is an API platform for building, testing and using APIs |
|
|
Raccoon |
Offensive Security Tool for Reconnaissance and Information Gathering |
|
|
Sqlmap |
Open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws |
|
|
W3af |
Web application security scanner which helps developers and penetration testers identify and exploit vulnerabilities in their web applications |
|
|
XSSer |
Cross Site Scripter (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications |
|
|
Hydra |
Parallelized login cracker which supports numerous protocols to attack |
|
|
Dirstalk |
Dirstalk is a multi threaded application designed to brute force paths on web servers |
|
|
Dirb |
DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects |
|
|
Dirbuster |
DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers |
|
|
Wfuzz |
Wfuzz has been created to facilitate the task in web applications assessments and it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload |
|
|
Crt.sh |
Certificate enumeration tool |
|
|
Sublist3r |
Python tool designed to enumerate subdomains of websites using OSINT |
|
|
Gobuster dir+session |
gobuster dir -u http://<ip_host> -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php -c PHPSESSID=<session_value> |
|
|
Jsnice |
Online tool to make even obfuscated JavaScript code readable |
|
|
Reconnoitre |
A reconnaissance tool made for the OSCP labs to automate information gathering and service enumeration whilst creating a directory structure to store results, findings and exploits used for each host |
|
|
Unfurl |
Unfurl takes a URL and expands ("unfurls") it into a directed graph, extracting every bit of information from the URL and exposing the obscured |
|
|
Cross-Site Scripting |
Cross-Site Scripting (XSS) - Good cheat sheet over many options |
|
|
CMSmap |
Python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs |
|
|
Recon-ct |
CTRECON - Certificate Transparency Reconnaissance |
|
|
Recon |
Small little RCON suite by me! |
|
|
Beef |
The Browser Exploitation Framework Project |
|
|
Wpscan |
WordPress security scanner. Written for security professionals and blog maintainers to test the security of their Wordpress |
|
|
Skipfish |
Web application security scanner created by lcamtuf for google |
|
|
King-phisher |
Phishing Campaign Toolkit |
|
|
Tcpdump |
Powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture |
|
|
URLsniffer |
Simple URL sniffer using Python and Scapy |
|
|
Dsniff |
Dsniff is a collection of tools for network auditing and penetration testing |
|
|
Hackingtool |
ALL IN ONE Hacking Tool For Hackers (It's okay and works but i would use it just a yey an option for a tool) |
|
|
Nessus Essentials |
Vulnerability assessment solution for security practitioners. Scan, detect, report, fix exploits, EOL, Risks etc. Utilizing over 65000 CVEs in it's scans. Free version allow 16 ip's to be scanned as much as you want every 90 days. |
|
|
Xxxswf |
Python script for carving, scanning, compressing, decompressing and analyzing Flash SWF files. The script can be used on an individual SWF, single SWF or multiple SWFs embedded in a file stream. |
|
|
Srihash |
Generate SRI hashes for your script tags. Protect your web sites |
|
|
Nikto |
Nikto is not designed as a stealthy tool. It will test a web server in the quickest time possible, and is obvious in log files or to an IPS/IDS. 6700 potentially dangerous files/programs + more |
|
|
CyberChef |
The best online tool for analysing and decoding data |
|
|
Ffuf |
Fast web fuzzer written in Go |
|
|
Dirsearch |
Web path scanner |
|
|
Hetty |
Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community |
|
|
WhatWeb |
Next generation web scanner. WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices |
|
|
ReNgine |
reNgine is an automated reconnaissance framework for web applications it makes is easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless. |
|
|
Dumpzilla |
Dumpzilla application is developed in Python 3.x and has as purpose extract all forensic interesting information of Firefox, Iceweasel and Seamonkey browsers to be analyzed. |
|