Tools list
Click here to see the lists of tools featured in the latest nightly images.
Error
[August 5th, 2023] - The lists descriptions were mostly AI-generated for this first version of the tools list in order to get the list shipped quickly. Many descriptions are wrong and will be fixed very soon.
Releases
Hint
The lists featured here are automatically generated. Exegol features CI/CD pipelines that build the images. At build, most tools are tested. If at least one test fails, the image doesn’t get published.
Image tag |
Version |
Arch |
Build date |
Tools list |
---|---|---|---|---|
nightly |
e697f10b |
amd64 |
2024-10-31T19:25:33Z |
|
nightly |
e697f10b |
arm64 |
2024-10-31T19:19:45Z |
Image tag |
Version |
Build date |
Tools list |
---|---|---|---|
osint |
3.1.5 |
2024-10-18T11:13:54Z |
|
full |
3.1.5 |
2024-10-18T11:10:19Z |
|
ad |
3.1.5 |
2024-10-18T10:59:04Z |
|
web |
3.1.5 |
2024-10-18T10:42:19Z |
|
light |
3.1.5 |
2024-10-18T10:30:43Z |
|
ad |
3.1.4 |
2024-05-05T22:35:39Z |
|
web |
3.1.4 |
2024-05-05T22:26:58Z |
|
full |
3.1.4 |
2024-05-05T22:17:31Z |
|
light |
3.1.4 |
2024-05-04T21:15:16Z |
|
osint |
3.1.4 |
2024-05-04T20:58:48Z |
|
full |
3.1.3 |
2024-04-14T13:29:00Z |
|
ad |
3.1.3 |
2024-04-14T10:34:36Z |
|
web |
3.1.3 |
2024-04-14T10:43:47Z |
|
osint |
3.1.3 |
2024-04-14T10:46:46Z |
|
light |
3.1.3 |
2024-04-14T08:47:32Z |
|
full |
3.1.2 |
2023-12-22T12:04:26Z |
|
ad |
3.1.2 |
2023-12-22T11:41:22Z |
|
web |
3.1.2 |
2023-12-22T11:46:29Z |
|
light |
3.1.2 |
2023-12-22T00:08:53Z |
|
osint |
3.1.2 |
2023-12-22T00:02:50Z |
|
full |
3.1.1 |
2023-08-18T01:36:37Z |
|
ad |
3.1.1 |
2023-08-18T02:59:03Z |
|
web |
3.1.1 |
2023-08-18T01:35:14Z |
|
osint |
3.1.1 |
2023-08-18T01:34:47Z |
|
light |
3.1.1 |
2023-08-18T01:35:00Z |
|
full |
3.1.0 |
2023-08-09T22:27:20Z |
|
ad |
3.1.0 |
2023-08-10T00:33:47Z |
|
web |
3.1.0 |
2023-08-09T11:12:12Z |
|
osint |
3.1.0 |
2023-08-09T10:50:11Z |
|
light |
3.1.0 |
2023-08-09T02:53:53Z |
Image tag |
Version |
Build date |
Tools list |
---|---|---|---|
osint |
3.1.5 |
2024-10-18T10:57:14Z |
|
full |
3.1.5 |
2024-10-18T10:54:27Z |
|
ad |
3.1.5 |
2024-10-18T10:35:55Z |
|
web |
3.1.5 |
2024-10-18T10:24:27Z |
|
light |
3.1.5 |
2024-10-18T10:18:23Z |
|
ad |
3.1.4 |
2024-05-05T22:24:12Z |
|
web |
3.1.4 |
2024-05-05T21:43:14Z |
|
full |
3.1.4 |
2024-05-05T21:38:02Z |
|
osint |
3.1.4 |
2024-05-05T00:29:32Z |
|
light |
3.1.4 |
2024-05-05T00:27:18Z |
|
full |
3.1.3 |
2024-04-14T14:16:19Z |
|
ad |
3.1.3 |
2024-04-14T11:47:33Z |
|
web |
3.1.3 |
2024-04-14T11:52:28Z |
|
osint |
3.1.3 |
2024-04-14T11:55:04Z |
|
light |
3.1.3 |
2024-04-14T08:38:48Z |
|
full |
3.1.2 |
2023-12-22T12:20:18Z |
|
ad |
3.1.2 |
2023-12-22T12:03:46Z |
|
web |
3.1.2 |
2023-12-22T12:08:45Z |
|
light |
3.1.2 |
2023-12-22T00:48:17Z |
|
osint |
3.1.2 |
2023-12-22T00:43:53Z |
|
full |
3.1.1 |
2023-08-18T01:36:23Z |
|
ad |
3.1.1 |
2023-08-18T02:58:49Z |
|
web |
3.1.1 |
2023-08-18T01:08:44Z |
|
osint |
3.1.1 |
2023-08-18T01:04:50Z |
|
light |
3.1.1 |
2023-08-18T01:05:12Z |
|
full |
3.1.0 |
2023-08-09T09:12:21Z |
|
ad |
3.1.0 |
2023-08-10T00:11:36Z |
|
web |
3.1.0 |
2023-08-09T11:11:33Z |
|
osint |
3.1.0 |
2023-08-09T10:48:56Z |
|
light |
3.1.0 |
2023-08-09T01:50:40Z |
Latest nightly
Below is the list of tools featured in the latest nightly (AMD64) image.
Tool |
Link |
Description |
---|---|---|
abuseACL |
A python script to automatically list vulnerable Windows ACEs/ACLs. |
|
aclpwn |
Tool for testing the security of Active Directory access controls. |
|
AD-miner |
Active Directory audit tool that leverages cypher queries. |
|
adidnsdump |
Active Directory Integrated DNS dump utility |
|
aircrack-ng |
A suite of tools for wireless penetration testing |
|
amass |
A DNS enumeration / attack surface mapping & external assets discovery tool |
|
amber |
Forensic tool to recover browser history / cookies and credentials |
|
androguard |
Reverse engineering and analysis of Android applications |
|
android-tools-adb |
A collection of tools for debugging Android applications |
|
anew |
A simple tool for filtering and manipulating text data / such as log files and other outputs. |
|
angr |
a platform-agnostic binary analysis framework |
|
apksigner |
arguably the most important step to optimize your APK file |
|
apktool |
It is a tool for reverse engineering 3rd party / closed / binary Android apps. |
|
arjun |
HTTP parameter discovery suite. |
|
arsenal |
Powerful weapons for penetration testing. |
|
asdf |
Extendable version manager with support for ruby python go etc |
|
asrepcatcher |
Make your VLAN ASREProastable. |
|
assetfinder |
Tool to find subdomains and IP addresses associated with a domain. |
|
autobloody |
Automatically exploit Active Directory privilege escalation paths shown by BloodHound. |
|
autoconf |
Tool for producing shell scripts to configure source code packages |
|
autorecon |
Multi-threaded network reconnaissance tool which performs automated enumeration of services. |
|
avrdude |
AVRDUDE is a command-line program that allows you to download/upload/manipulate the ROM and EEPROM contents of AVR microcontrollers using the in-system programming technique (ISP). |
|
awscli |
Command-line interface for Amazon Web Services. |
|
azure-cli |
A great cloud needs great tools; we’re excited to introduce Azure CLI our next generation multi-platform command line experience for Azure. |
|
bettercap |
The Swiss Army knife for 802.11 / BLE / and Ethernet networks reconnaissance and MITM attacks. |
|
binwalk |
Binwalk is a tool for analyzing / reverse engineering / and extracting firmware images. |
|
Blackbird |
An OSINT tool to search fast for accounts by username across 581 sites. |
|
bloodhound |
Active Directory security tool for reconnaissance and attacking AD environments. |
|
BloodHound-CE |
Active Directory security tool for reconnaissance and attacking AD environments (Community Edition) |
|
bloodhound-ce.py |
BloodHound-CE ingestor in Python. |
|
bloodhound-import |
Import data into BloodHound for analyzing active directory trust relationships |
|
bloodhound-quickwin |
A tool for BloodHounding on Windows machines without .NET or Powershell installed |
|
bloodhound.py |
BloodHound ingestor in Python. |
|
bloodyAD |
bloodyAD is an Active Directory privilege escalation swiss army knife. |
|
bolt |
Bolt crawls the target website to the specified depth and stores all the HTML forms found in a database for further processing. |
|
bqm |
Tool to deduplicate custom BloudHound queries from different datasets and merge them in one file. |
|
brakeman |
Static analysis tool for Ruby on Rails applications |
|
bruteforce-luks |
A tool to help recover encrypted LUKS2 containers |
|
bully |
bully is a tool for brute-forcing WPS (Wireless Protected Setup) PINs. |
|
burpsuite |
Web application security testing tool. |
|
buster |
Advanced OSINT tool |
|
byp4xx |
A Swiss Army knife for bypassing web application firewalls and filters. |
|
carbon14 |
OSINT tool for estimating when a web page was written. |
|
Censys |
An easy-to-use and lightweight API wrapper for Censys APIs |
|
certipy |
Python tool to create and sign certificates |
|
certsync |
certsync is a tool that helps you synchronize certificates between two directories. |
|
cewl |
Generates custom wordlists by spidering a target’s website and parsing the results |
|
cewler |
CeWL alternative in Python |
|
chainsaw |
Rapidly Search and Hunt through Windows Forensic Artefacts |
|
checksec-py |
Python wrapper script for checksec.sh from paX. |
|
chisel |
Go based TCP tunnel with authentication and encryption support |
|
cloudfail |
a reconnaissance tool for identifying misconfigured CloudFront domains. |
|
cloudmapper |
CloudMapper helps you analyze your Amazon Web Services (AWS) environments. |
|
cloudsplaining |
AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report. |
|
cloudsploit |
Cloud Security Posture Management |
|
clusterd |
A tool to distribute and remotely manage Hacking Team’s RCS agents. |
|
cmsmap |
Tool for security audit of web content management systems. |
|
coercer |
DFS-R target coercion tool |
|
conpass |
Python tool for continuous password spraying taking into account the password policy. |
|
constellation |
Find and exploit vulnerabilities in mobile applications. |
|
corscanner |
a Python script for finding CORS misconfigurations. |
|
cowpatty |
cowpatty is a tool for offline dictionary attacks against WPA-PSK (Pre-Shared Key) networks. |
|
crackhound |
A fast WPA/WPA2/WPA3 WiFi Handshake capture / password recovery and analysis tool |
|
creds |
One place for all the default credentials to assist pentesters during an engagement. This document has several products default login/password gathered from multiple sources. |
|
crunch |
A wordlist generator where you can specify a standard character set or a character set you specify. |
|
cupp |
Cupp is a tool used to generate personalized password lists based on target information. |
|
CyberChef |
The Cyber Swiss Army Knife |
|
cyperoth |
Automated extensible toolset that runs cypher queries against Bloodhound’s Neo4j backend and saves output to spreadsheets. |
|
darkarmour |
a tool to detect and evade common antivirus products |
|
dex2jar |
A tool to convert Android’s dex files to Java’s jar files |
|
dfscoerce |
DFS-R target coercion tool |
|
dirb |
Web Content Scanner |
|
dirsearch |
Tool for searching files and directories on a web site. |
|
divideandscan |
Advanced subdomain scanner |
|
dns2tcp |
dns2tcp is a tool for relaying TCP connections over DNS. |
|
dnschef |
Tool for DNS MITM attacks |
|
dnsenum |
dnsenum is a tool for enumerating DNS information about a domain. |
|
dnsx |
A tool for DNS reconnaissance that can help identify subdomains and other related domains. |
|
donpapi |
Dumping revelant information on compromised targets without AV detection |
|
dploot |
dploot is Python rewrite of SharpDPAPI written un C#. |
|
droopescan |
Scan Drupal websites for vulnerabilities. |
|
drupwn |
Drupal security scanner. |
|
eaphammer |
EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. |
|
empire |
post-exploitation and adversary emulation framework |
|
enum4linux-ng |
Tool for enumerating information from Windows and Samba systems. |
|
enyx |
Framework for building offensive security tools. |
|
evilwinrm |
Tool to connect to a remote Windows system with WinRM. |
|
exif |
Utility to read / write and edit metadata in image / audio and video files |
|
exifprobe |
Exifprobe is a command-line tool to parse EXIF data from image files. |
|
exiftool |
ExifTool is a Perl library and command-line tool for reading / writing and editing meta information in image / audio and video files. |
|
exiv2 |
Image metadata library and toolset |
|
ExtractBitlockerKeys |
A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain. |
|
eyewitness |
a tool to take screenshots of websites / provide some server header info / and identify default credentials if possible. |
|
fcrackzip |
Password cracker for zip archives. |
|
fdisk |
Collection of basic system utilities / including fdisk partitioning tool |
|
feroxbuster |
Simple / fast and recursive content discovery tool |
|
ffuf |
Fast web fuzzer written in Go. |
|
fierce |
A DNS reconnaissance tool for locating non-contiguous IP space |
|
finalrecon |
A web reconnaissance tool that gathers information about web pages |
|
findomain |
The fastest and cross-platform subdomain enumerator. |
|
finduncommonshares |
Script that can help identify shares that are not commonly found on a Windows system. |
|
firefox |
A web browser |
|
foremost |
Foremost is a forensic tool for recovering files based on their headers / footers / and internal data structures. |
|
freeipscanner |
A simple bash script to enumerate stale ADIDNS entries |
|
freerdp2-x11 |
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP) released under the Apache license. |
|
frida |
Dynamic instrumentation toolkit |
|
fuxploider |
a Python tool for finding and exploiting file upload forms/directories. |
|
fzf |
🌸 A command-line fuzzy finder |
|
gau |
Fast tool for fetching URLs |
|
genusernames |
GenUsername is a Python tool for generating a list of usernames based on a name or email address. |
|
GeoPincer |
GeoPincer is a script that leverages OpenStreetMap’s Overpass API in order to search for locations. |
|
geowordlists |
tool to generate wordlists of passwords containing cities at a defined distance around the client city. |
|
gf |
A wrapper around grep to avoid typing common patterns |
|
ghidra |
Software reverse engineering suite of tools. |
|
git-dumper |
Small script to dump a Git repository from a website. |
|
githubemail |
a command-line tool to retrieve a user’s email from Github. |
|
gittools |
A collection of Git tools including a powerful Dumper for dumping Git repositories. |
|
gmsadumper |
A tool for extracting credentials and other information from a Microsoft Active Directory domain. |
|
gobuster |
Tool to discover hidden files and directories. |
|
goldencopy |
Copy the properties and groups of a user from neo4j (bloodhound) to create an identical golden ticket |
|
GoMapEnum |
Nothing new but existing techniques are brought together in one tool. |
|
gopherus |
Gopherus is a simple command line tool for exploiting vulnerable Gopher servers. |
|
gosecretsdump |
Implements NTLMSSP network authentication protocol in Go |
|
goshs |
Goshs is a replacement for Python’s SimpleHTTPServer. It allows uploading and downloading via HTTP/S with either self-signed certificate or user provided certificate and you can use HTTP basic auth. |
|
gowitness |
A website screenshot utility written in Golang. |
|
GPOddity |
Aiming at automating GPO attack vectors through NTLM relaying (and more) |
|
gpp-decrypt |
A tool to decrypt Group Policy Preferences passwords |
|
gqrx |
Software defined radio receiver powered by GNU Radio and Qt |
|
gron |
Make JSON greppable! |
|
h2csmuggler |
HTTP Request Smuggling tool using H2C upgrade |
|
h8mail |
Email OSINT and breach hunting. |
|
hackrf |
Low cost software defined radio platform |
|
haiti |
haiti is a A CLI tool (and library) to identify hash types (hash type identifier). |
|
hakrawler |
a fast web crawler for gathering URLs and other information from websites |
|
hakrevdns |
Reverse DNS lookup utility that can help with discovering subdomains and other information. |
|
hashcat |
A tool for advanced password recovery |
|
hashonymize |
This small tool is aimed at anonymizing hashes files for offline but online cracking like Google Collab for instance (see https://github.com/ShutdownRepo/google-colab-hashcat). |
|
Havoc |
Command & Control Framework |
|
hcxdumptool |
Small tool to capture packets from wlan devices. |
|
hcxtools |
Tools for capturing and analyzing packets from WLAN devices. |
|
hexedit |
View and edit binary files |
|
holehe |
mail osint tool finding out if it is used on websites. |
|
hping3 |
A network tool able to send custom TCP/IP packets |
|
httpmethods |
Tool for exploiting HTTP methods (e.g. PUT / DELETE / etc.) |
|
httprobe |
A simple utility for enumerating HTTP and HTTPS servers. |
|
httpx |
A tool for identifying web technologies and vulnerabilities / including outdated software versions and weak encryption protocols. |
|
hydra |
Hydra is a parallelized login cracker which supports numerous protocols to attack. |
|
ida |
Interactive disassembler for software analysis. |
|
ignorant |
holehe but for phone numbers. |
|
imagemagick |
ImageMagick is a free and open-source image manipulation tool used to create / edit / compose / or convert bitmap images. |
|
impacket |
Set of tools for working with network protocols (ThePorgs version). |
|
ipinfo |
Get information about an IP address or hostname. |
|
iptables |
Userspace command line tool for configuring kernel firewall |
|
jackit |
Exploit to take over a wireless mouse and keyboard |
|
jadx |
Java decompiler |
|
jd-gui |
A standalone Java Decompiler GUI |
|
jdwp |
This exploitation script is meant to be used by pentesters against active JDWP service / in order to gain Remote Code Execution. |
|
john |
John the Ripper password cracker. |
|
joomscan |
A tool to enumerate Joomla-based websites |
|
jsluice |
Extract URLs / paths / secrets and other interesting data from JavaScript source code. |
|
jwt |
a command-line tool for working with JSON Web Tokens (JWTs) |
|
kadimus |
a tool for detecting and exploiting file upload vulnerabilities |
|
katana |
A next-generation crawling and spidering framework. |
|
KeePwn |
KeePwn is a tool that extracts passwords from KeePass 1.x and 2.x databases. |
|
kerbrute |
A tool to perform Kerberos pre-auth bruteforcing |
|
kiterunner |
Tool for operating Active Directory environments. |
|
Kraken |
Kraken is a modular multi-language webshell focused on web post-exploitation and defense evasion. It supports three technologies (PHP / JSP and ASPX) and is core is developed in Python. |
|
krbjack |
A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse. |
|
krbrelayx |
a tool for performing Kerberos relay attacks |
|
kubectl |
Command-line interface for managing Kubernetes clusters. |
|
ldapdomaindump |
A tool for dumping domain data from an LDAP service |
|
ldaprelayscan |
Check Domain Controllers for LDAP server protections regarding the relay of NTLM authentication. |
|
ldapsearch |
Search for and display entries (ldap) |
|
ldapsearch-ad |
LDAP search utility with AD support |
|
LDAPWordlistHarvester |
Generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts |
|
ldeep |
ldeep is a tool to discover hidden paths on Web servers. |
|
legba |
a multiprotocol credentials bruteforcer / password sprayer and enumerator built with Rust |
|
libmspack |
C library for Microsoft compression formats. |
|
libnfc |
Library for Near Field Communication (NFC) devices |
|
libnfc-crypto1-crack |
Implementation of cryptographic attack on Mifare Classic RFID cards |
|
libusb-dev |
Library for USB device access |
|
ligolo-ng |
An advanced yet simple tunneling tool that uses a TUN interface. |
|
linkedin2username |
Generate a list of LinkedIn usernames from a company name. |
|
linkfinder |
a Python script that finds endpoints and their parameters in JavaScript files. |
|
lnkup |
This tool will allow you to generate LNK payloads. Upon rendering or being run they will exfiltrate data. |
|
lsassy |
Windows secrets and passwords extraction tool. |
|
ltrace |
ltrace is a debugging program for Linux and Unix that intercepts and records dynamic library calls that are called by an executed process. |
|
maigret |
Collects information about a target email (or domain) from Google and Bing search results |
|
maltego |
A tool used for open-source intelligence and forensics |
|
manspider |
Manspider will crawl every share on every target system. If provided creds don’t work it will fall back to ‘guest’ then to a null session. |
|
mariadb-client |
MariaDB is a community-developed fork of the MySQL relational database management system. The mariadb-client package includes command-line utilities for interacting with a MariaDB server. |
|
masky |
Masky is a python library providing an alternative way to remotely dump domain users’ credentials thanks to an ADCS. A command line tool has been built on top of this library in order to easily gather PFX or NT hashes and TGT on a larger scope |
|
masscan |
Masscan is an Internet-scale port scanner |
|
mdcat |
Fancy cat for Markdown |
|
metasploit |
A popular penetration testing framework that includes many exploits and payloads |
|
mfcuk |
Implementation of an attack on Mifare Classic and Plus RFID cards |
|
mfdread |
Tool for reading/writing Mifare RFID tags |
|
mfoc |
Implementation of ‘offline nested’ attack by Nethemba |
|
minicom |
Minicom is a text-based serial communication program for Unix-like operating systems. |
|
mitm6 |
Tool to conduct a man-in-the-middle attack against IPv6 protocols. |
|
mitmproxy |
mitmproxy is an interactive SSL/TLS-capable intercepting proxy with a console interface for HTTP/1 HTTP/2 and WebSockets. |
|
mobsf |
Automated and all-in-one mobile application (Android/iOS/Windows) pen-testing malware analysis and security assessment framework |
|
moodlescan |
Scan Moodle sites for information and vulnerabilities. |
|
mousejack |
Exploit to take over a wireless mouse and keyboard |
|
msprobe |
msprobe is a tool to identify Microsoft Windows hosts and servers that are running certain services. |
|
MurMurHash |
This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform. |
|
naabu |
A fast and reliable port scanner that can detect open ports and services. |
|
name-that-hash |
Online tool for identifying hashes. |
|
nasm |
NASM is an 80x86 assembler designed for portability and modularity. |
|
nbtscan |
NBTscan is a program for scanning IP networks for NetBIOS name information. |
|
neo4j |
Database. |
|
neovim |
hyperextensible Vim-based text editor |
|
netdiscover |
netdiscover is an active/passive address reconnaissance tool |
|
netexec |
Network scanner (Crackmapexec updated). |
|
nfct |
Tool for Near Field Communication (NFC) devices |
|
ngrok |
Expose a local server behind a NAT or firewall to the internet |
|
nmap |
The Network Mapper - a powerful network discovery and security auditing tool |
|
nmap-parse-ouptut |
Converts/manipulates/extracts data from a Nmap scan output. |
|
noPac |
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user. |
|
nosqlmap |
a Python tool for testing NoSQL databases for security vulnerabilities. |
|
ntlmv1-multi |
Exploit a vulnerability in Microsoft Windows to gain system-level access. |
|
ntlm_theft |
A tool for generating multiple types of NTLMv2 hash theft files |
|
nuclei |
A fast and customizable vulnerability scanner that can detect a wide range of issues / including XSS / SQL injection / and misconfigured servers. |
|
oaburl |
Find Open redirects and other vulnerabilities. |
|
objection |
Runtime mobile exploration |
|
objectwalker |
A python module to explore the object tree to extract paths to interesting objects in memory. |
|
oneforall |
a powerful subdomain collection tool. |
|
onesixtyone |
onesixtyone is an SNMP scanner which utilizes a sweep technique to achieve very high performance. |
|
osrframework |
Include references to a bunch of different applications related to username checking / DNS lookups / information leaks research / deep web search / regular expressions extraction and many others. |
|
pass |
TODO |
|
PassTheCert |
PassTheCert is a tool to extract Active Directory user password hashes from a domain controller’s local certificate store. |
|
patator |
Login scanner. |
|
pcredz |
PowerShell credential dumper |
|
pcsc |
Middleware for smart card readers |
|
pdfcrack |
A tool for cracking password-protected PDF files |
|
peepdf |
peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. |
|
petitpotam |
Windows machine account manipulation |
|
phoneinfoga |
Information gathering & OSINT framework for phone numbers. |
|
photon |
a fast web crawler which extracts URLs / files / intel & endpoints from a target. |
|
PHP filter chain generator |
A CLI to generate PHP filters chain / get your RCE without uploading a file if you control entirely the parameter passed to a require or an include in PHP! |
|
phpggc |
Exploit generation tool for the PHP platform. |
|
pkcrack |
tool to generate wordlists of passwords containing cities at a defined distance around the client city |
|
pkinittools |
Pkinit support tools |
|
polenum |
Polenum is a Python script which uses the Impacket library to extract user information through the SMB protocol. |
|
postman |
API platform for testing APIs |
|
powershell |
a command-line shell and scripting language designed for system administration and automation |
|
pp-finder |
Prototype pollution finder tool for javascript. pp-finder lets you find prototype pollution candidates in your code. |
|
pre2k |
pre2k is a tool to check if a Windows domain has any pre-2000 Windows 2000 logon names still in use. |
|
pretender |
an mitm tool for helping with relay attacks. |
|
prips |
https://manpages.ubuntu.com/manpages/focal/man1/prips.1.html |
A utility for quickly generating IP ranges or enumerating hosts within a specified range. |
privexchange |
a tool to perform attacks against Microsoft Exchange server using NTLM relay techniques |
|
prowler |
Perform Cloud Security best practices assessments / audits / incident response / compliance / continuous monitoring / hardening and forensics readiness. |
|
proxmark3 |
Open source RFID research toolkit. |
|
proxychains |
Proxy chains - redirect connections through proxy servers. |
|
pst-utils |
pst-utils is a set of tools for working with Outlook PST files. |
|
pth-tools |
A toolkit to perform pass-the-hash attacks |
|
pwncat |
A lightweight and versatile netcat alternative that includes various additional features. |
|
pwndb |
A command-line tool for searching the pwndb database of compromised credentials. |
|
pwndbg |
a GDB plugin that makes debugging with GDB suck less |
|
pwnedornot |
Check if a password has been leaked in a data breach. |
|
pwninit |
A tool for automating starting binary exploit challenges |
|
pwntools |
a CTF framework and exploit development library |
|
pyftpdlib |
Extremely fast and scalable Python FTP server library |
|
pygpoabuse |
A tool for abusing GPO permissions to escalate privileges |
|
pykek |
PyKEK (Python Kerberos Exploitation Kit) a python library to manipulate KRB5-related data. |
|
pylaps |
Utility for enumerating and querying LDAP servers. |
|
pymeta |
Google and Bing scraping osint tool |
|
pypykatz |
a Python library for mimikatz-like functionality |
|
pyrit |
Python-based WPA/WPA2-PSK attack tool. |
|
pywerview |
A (partial) Python rewriting of PowerSploit’s PowerView. |
|
pywhisker |
PyWhisker is a Python equivalent of the original Whisker made by Elad Shamir and written in C#. This tool allows users to manipulate the msDS-KeyCredentialLink attribute of a target user/computer to obtain full control over that object. It’s based on Impacket and on a Python equivalent of Michael Grafnetter’s DSInternals called PyDSInternals made by podalirius. |
|
pywsus |
Python implementation of a WSUS client |
|
radare2 |
A complete framework for reverse-engineering and analyzing binaries |
|
rdesktop |
rdesktop is a client for Remote Desktop Protocol (RDP) used in a number of Microsoft products including Windows NT Terminal Server / Windows 2000 Server / Windows XP and Windows 2003 Server. |
|
reaver |
reaver is a tool for brute-forcing WPS (Wireless Protected Setup) PINs. |
|
recon-ng |
External recon tool. |
|
recondog |
a reconnaissance tool for performing information gathering on a target. |
|
redis-tools |
redis-tools is a collection of Redis client utilities including redis-cli and redis-benchmark. |
|
remmina |
Remote desktop client. |
|
responder |
a LLMNR / NBT-NS and MDNS poisoner. |
|
rlwrap |
rlwrap is a small utility that wraps input and output streams of executables / making it possible to edit and re-run input history |
|
ROADtools |
ROADtools is a framework to interact with Azure AD. It consists of a library (roadlib) with common components / the ROADrecon Azure AD exploration tool and the ROADtools Token eXchange (roadtx) tool. |
|
roastinthemiddle |
RoastInTheMiddle is a tool to intercept and relay NTLM authentication requests. |
|
robotstester |
Utility for testing whether a website’s robots.txt file is correctly configured. |
|
routersploit |
Security audit tool for routers. |
|
RsaCracker |
Powerful RSA cracker for CTFs. Supports RSA - X509 - OPENSSH in PEM and DER formats. |
|
rsactftool |
The rsactftool tool is used for RSA cryptographic operations and analysis. |
|
rsync |
File synchronization tool for efficiently copying and updating data between local or remote locations |
|
rtl-433 |
Tool for decoding various wireless protocols/ signals such as those used by weather stations |
|
ruler |
Outlook Rules exploitation framework. |
|
rusthound |
BloodHound ingestor in Rust. |
|
rusthound-ce |
BloodHound-CE ingestor in Rust. |
|
rustscan |
The Modern Port Scanner |
|
samdump2 |
A tool to dump Windows NT/2k/XP/Vista password hashes from SAM files |
|
sccmhunter |
SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain. |
|
sccmwtf |
This code is designed for exploring SCCM in a lab. |
|
scout |
Scout Suite is an open source multi-cloud security-auditing tool which enables security posture assessment of cloud environments. |
|
scrcpy |
Display and control your Android device. |
|
searchsploit |
A command line search tool for Exploit-DB |
|
seclists |
A collection of multiple types of lists used during security assessments |
|
semgrep |
Static analysis tool that supports multiple languages and can find a variety of vulnerabilities and coding errors. |
|
shadowcoerce |
Utility for bypassing the Windows Defender antivirus by hiding a process within a legitimate process. |
|
shellerator |
a simple command-line tool for generating shellcode |
|
Sherlock |
Hunt down social media accounts by username across social networks. |
|
shuffledns |
A fast and customizable DNS resolver that can be used for subdomain enumeration and other tasks. |
|
simplyemail |
a scriptable command line tool for sending emails |
|
sipvicious |
Enumeration and MITM tool for SIP devices |
|
sleuthkit |
Forensic toolkit to analyze volume and file system data |
|
sliver |
Open source / cross-platform and extensible C2 framework |
|
smali |
A tool to disassemble and assemble Android’s dex files |
|
smartbrute |
The smart password spraying and bruteforcing tool for Active Directory Domain Services. |
|
smbclient |
SMBclient is a command-line utility that allows you to access Windows shared resources |
|
smbclient-ng |
smbclient-ng is a fast and user friendly way to interact with SMB shares. |
|
smbmap |
A tool to enumerate SMB shares and check for null sessions |
|
smtp-user-enum |
A tool to enumerate email addresses via SMTP |
|
smuggler |
Smuggler is a tool that helps pentesters and red teamers to smuggle data into and out of the network even when there are multiple layers of security in place. |
|
SoapUI |
SoapUI is the world’s leading testing tool for API testing. |
|
spiderfoot |
A reconnaissance tool that automatically queries over 100 public data sources |
|
sprayhound |
Active Directory password audit tool. |
|
sqlmap |
Sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws |
|
ssh-audit |
ssh-audit is a tool to test SSH server configuration for best practices. |
|
sshuttle |
Transparent proxy server that tunnels traffic through an SSH server |
|
sslscan |
a tool for testing SSL/TLS encryption on servers |
|
ssrfmap |
a tool for testing SSRF vulnerabilities. |
|
steghide |
steghide is a steganography program that is able to hide data in various kinds of image and audio files. |
|
stegolsb |
Steganography tool to hide data in BMP images using least significant bit algorithm |
|
stegosuite |
Stegosuite is a free steganography tool that allows you to hide data in image and audio files. |
|
strace |
strace is a debugging utility for Linux that allows you to monitor and diagnose system calls made by a process. |
|
subfinder |
Tool to find subdomains associated with a domain. |
|
sublist3r |
a Python tool designed to enumerate subdomains of websites. |
|
swaks |
Swaks is a featureful flexible scriptable transaction-oriented SMTP test tool. |
|
symfony-exploits |
Collection of Symfony exploits and PoCs. |
|
tailscale |
A secure and easy-to-use VPN alternative that is designed for teams and businesses. |
|
targetedKerberoast |
Kerberoasting against specific accounts |
|
tcpdump |
a powerful command-line packet analyzer for Unix-like systems |
|
TeamsPhisher |
TeamsPhisher is a Python3 program that facilitates the delivery of phishing messages and attachments to Microsoft Teams users whose organizations allow external communications. |
|
testdisk |
Partition recovery and file undelete utility |
|
testssl |
a tool for testing SSL/TLS encryption on servers |
|
theharvester |
Tool for gathering e-mail accounts / subdomain names / virtual host / open ports / banners / and employee names from different public sources |
|
tig |
Tig is an ncurses-based text-mode interface for git. |
|
timing |
Tool to generate a timing profile for a given command. |
|
tls-map |
tls-map is a library for mapping TLS cipher algorithm names. |
|
tls-scanner |
a simple script to check the security of a remote TLS/SSL web server |
|
tomcatwardeployer |
Script to deploy war file in Tomcat. |
|
tor |
Anonymity tool that can help protect your privacy and online identity by routing your traffic through a network of servers. |
|
toutatis |
Toutatis is a tool that allows you to extract information from instagrams accounts such as e-mails / phone numbers and more. |
|
traceroute |
Traceroute is a command which can show you the path a packet of information takes from your computer to one you specify. |
|
trevorspray |
TREVORspray is a modular password sprayer with threading SSH proxying loot modules / and more |
|
trid |
File identifier |
|
trilium |
Personal knowledge management system. |
|
tshark |
TShark is a terminal version of Wireshark. |
|
uberfile |
Uberfile is a simple command-line tool aimed to help pentesters quickly generate file downloader one-liners in multiple contexts (wget / curl / powershell / certutil…). This project code is based on my other similar project for one-liner reverseshell generation Shellerator. |
|
updog |
Simple replacement for Python’s SimpleHTTPServer. |
|
uploader |
Tool for quickly downloading files to a remote machine based on the target operating system |
|
upx |
UPX is an advanced executable packer |
|
username-anarchy |
Tools for generating usernames when penetration testing. Usernames are half the password brute force problem. |
|
Villain |
Command & Control Framework |
|
volatility2 |
Volatile memory extraction utility framework |
|
volatility3 |
Advanced memory forensics framework |
|
wabt |
The WebAssembly Binary Toolkit (WABT) is a suite of tools for WebAssembly (Wasm) including assembler and disassembler / a syntax checker / and a binary format validator. |
|
wafw00f |
a Python tool that helps to identify and fingerprint web application firewall (WAF) products. |
|
waybackurls |
Fetch all the URLs that the Wayback Machine knows about for a domain. |
|
webclientservicescanner |
Scans for web service endpoints |
|
weevely |
a webshell designed for post-exploitation purposes that can be extended over the network at runtime. |
|
wesng |
WES-NG is a tool based on the output of Windows’s systeminfo utility which provides the list of vulnerabilities the OS is vulnerable to including any exploits for these vulnerabilities. |
|
wfuzz |
WFuzz is a web application vulnerability scanner that allows you to find vulnerabilities using a wide range of attack payloads and fuzzing techniques |
|
whatportis |
Command-line tool to lookup port information |
|
whatweb |
Next generation web scanner that identifies what websites are running. |
|
whois |
See information about a specific domain name or IP address. |
|
wifite2 |
Script for auditing wireless networks. |
|
windapsearch-go |
Active Directory enumeration tool. |
|
wireshark |
Wireshark is a network protocol analyzer that lets you see what’s happening on your network at a microscopic level. |
|
wpscan |
A tool to enumerate WordPress-based websites |
|
wuzz |
a command-line tool for interacting with HTTP(S) web services |
|
XSpear |
a powerful XSS scanning and exploitation tool. |
|
xsrfprobe |
a tool for detecting and exploiting Cross-Site Request Forgery (CSRF) vulnerabilities |
|
xsser |
XSS scanner. |
|
xsstrike |
a Python tool for detecting and exploiting XSS vulnerabilities. |
|
xtightvncviewer |
https://www.commandlinux.com/man-page/man1/xtightvncviewer.1.html |
xtightvncviewer is an open source VNC client software. |
Yalis |
Yet Another LinkedIn Scraper |
|
youtubedl |
Download videos from YouTube and other sites. |
|
ysoserial |
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. |
|
yt-dlp |
A youtube-dl fork with additional features and fixes |
|
zerologon |
Exploit for the Zerologon vulnerability (CVE-2020-1472). |
|
zipalign |
arguably the most important step to optimize your APK file |
|
zsteg |
Detect steganography hidden in PNG and BMP images |