Tools list

Click here to see the lists of tools featured in the latest nightly images.

Error

[August 5th, 2023] - The lists descriptions were mostly AI-generated for this first version of the tools list in order to get the list shipped quickly. Many descriptions are wrong and will be fixed very soon.

Hint

The lists featured here are automatically generated. Exegol features CI/CD pipelines that build the images. At build, most tools are tested. If at least one test fails, the image doesn’t get published.

Image tag

Version

Arch

Build date

Tools list

nightly

a62cd97f

amd64

2024-02-27T12:12:07Z

nightly_a62cd97f_amd64.csv

nightly

a84f73f5

arm64

2024-02-21T20:51:01Z

nightly_a84f73f5_arm64.csv

Image tag

Version

Arch

Build date

Tools list

full

3.1.2

arm64

2023-12-22T12:20:18Z

full_3.1.2_arm64.csv

full

3.1.2

amd64

2023-12-22T12:04:26Z

full_3.1.2_amd64.csv

ad

3.1.2

arm64

2023-12-22T12:03:46Z

ad_3.1.2_arm64.csv

ad

3.1.2

amd64

2023-12-22T11:41:22Z

ad_3.1.2_amd64.csv

web

3.1.2

arm64

2023-12-22T12:08:45Z

web_3.1.2_arm64.csv

web

3.1.2

amd64

2023-12-22T11:46:29Z

web_3.1.2_amd64.csv

light

3.1.2

arm64

2023-12-22T00:48:17Z

light_3.1.2_arm64.csv

light

3.1.2

amd64

2023-12-22T00:08:53Z

light_3.1.2_amd64.csv

osint

3.1.2

arm64

2023-12-22T00:43:53Z

osint_3.1.2_arm64.csv

osint

3.1.2

amd64

2023-12-22T00:02:50Z

osint_3.1.2_amd64.csv

full

3.1.1

amd64

2023-08-18T01:36:37Z

full_3.1.1_amd64.csv

full

3.1.1

arm64

2023-08-18T01:36:23Z

full_3.1.1_arm64.csv

ad

3.1.1

amd64

2023-08-18T02:59:03Z

ad_3.1.1_amd64.csv

ad

3.1.1

arm64

2023-08-18T02:58:49Z

ad_3.1.1_arm64.csv

web

3.1.1

arm64

2023-08-18T01:08:44Z

web_3.1.1_arm64.csv

web

3.1.1

amd64

2023-08-18T01:35:14Z

web_3.1.1_amd64.csv

osint

3.1.1

arm64

2023-08-18T01:04:50Z

osint_3.1.1_arm64.csv

osint

3.1.1

amd64

2023-08-18T01:34:47Z

osint_3.1.1_amd64.csv

light

3.1.1

arm64

2023-08-18T01:05:12Z

light_3.1.1_arm64.csv

light

3.1.1

amd64

2023-08-18T01:35:00Z

light_3.1.1_amd64.csv

full

3.1.0

arm64

2023-08-09T09:12:21Z

full_3.1.0_arm64.csv

full

3.1.0

amd64

2023-08-09T22:27:20Z

full_3.1.0_amd64.csv

ad

3.1.0

amd64

2023-08-10T00:33:47Z

ad_3.1.0_amd64.csv

ad

3.1.0

arm64

2023-08-10T00:11:36Z

ad_3.1.0_arm64.csv

web

3.1.0

amd64

2023-08-09T11:12:12Z

web_3.1.0_amd64.csv

web

3.1.0

arm64

2023-08-09T11:11:33Z

web_3.1.0_arm64.csv

osint

3.1.0

amd64

2023-08-09T10:50:11Z

osint_3.1.0_amd64.csv

osint

3.1.0

arm64

2023-08-09T10:48:56Z

osint_3.1.0_arm64.csv

light

3.1.0

amd64

2023-08-09T02:53:53Z

light_3.1.0_amd64.csv

light

3.1.0

arm64

2023-08-09T01:50:40Z

light_3.1.0_arm64.csv

Below is the list of tools featured in the latest nightly (AMD64) image.

Tool

Link

Description

abuseACL

https://github.com/AetherBlack/abuseACL

A python script to automatically list vulnerable Windows ACEs/ACLs.

aclpwn

https://github.com/aas-n/aclpwn.py

Tool for testing the security of Active Directory access controls.

adidnsdump

https://github.com/dirkjanm/adidnsdump

Active Directory Integrated DNS dump utility

aircrack-ng

https://www.aircrack-ng.org

A suite of tools for wireless penetration testing

amass

https://github.com/OWASP/Amass

A DNS enumeration / attack surface mapping & external assets discovery tool

amber

https://github.com/EgeBalci/amber

Forensic tool to recover browser history / cookies and credentials

androguard

https://github.com/androguard/androguard

Reverse engineering and analysis of Android applications

android-tools-adb

https://developer.android.com/studio/command-line/adb

A collection of tools for debugging Android applications

anew

https://github.com/tomnomnom/anew

A simple tool for filtering and manipulating text data / such as log files and other outputs.

angr

https://github.com/angr/angr

a platform-agnostic binary analysis framework

apksigner

https://source.android.com/security/apksigning

arguably the most important step to optimize your APK file

apktool

https://github.com/iBotPeaches/Apktool

It is a tool for reverse engineering 3rd party / closed / binary Android apps.

arjun

https://github.com/s0md3v/Arjun

HTTP parameter discovery suite.

arsenal

https://github.com/Orange-Cyberdefense/arsenal

Powerful weapons for penetration testing.

asdf

https://github.com/asdf-vm/asdf

Extendable version manager with support for ruby python go etc

assetfinder

https://github.com/tomnomnom/assetfinder

Tool to find subdomains and IP addresses associated with a domain.

autoconf

https://www.gnu.org/software/autoconf/autoconf.html

Tool for producing shell scripts to configure source code packages

autorecon

https://github.com/Tib3rius/AutoRecon

Multi-threaded network reconnaissance tool which performs automated enumeration of services.

avrdude

https://github.com/avrdudes/avrdude

AVRDUDE is a command-line program that allows you to download/upload/manipulate the ROM and EEPROM contents of AVR microcontrollers using the in-system programming technique (ISP).

awscli

https://aws.amazon.com/cli/

Command-line interface for Amazon Web Services.

azure-cli

https://github.com/Azure/azure-cli

A great cloud needs great tools; we’re excited to introduce Azure CLI our next generation multi-platform command line experience for Azure.

bettercap

https://github.com/bettercap/bettercap

The Swiss Army knife for 802.11 / BLE / and Ethernet networks reconnaissance and MITM attacks.

binwalk

https://github.com/ReFirmLabs/binwalk

Binwalk is a tool for analyzing / reverse engineering / and extracting firmware images.

Blackbird

https://github.com/p1ngul1n0/blackbird

An OSINT tool to search fast for accounts by username across 581 sites.

bloodhound

https://github.com/BloodHoundAD/BloodHound

Active Directory security tool for reconnaissance and attacking AD environments.

BloodHound-CE

https://github.com/SpecterOps/BloodHound

Active Directory security tool for reconnaissance and attacking AD environments (Community Edition)

bloodhound-ce.py

https://github.com/fox-it/BloodHound.py

BloodHound-CE ingestor in Python.

bloodhound-import

https://github.com/fox-it/BloodHound.py

Import data into BloodHound for analyzing active directory trust relationships

bloodhound-quickwin

https://github.com/kaluche/bloodhound-quickwin

A tool for BloodHounding on Windows machines without .NET or Powershell installed

bloodhound.py

https://github.com/fox-it/BloodHound.py

BloodHound ingestor in Python.

bolt

https://github.com/s0md3v/bolt

Bolt crawls the target website to the specified depth and stores all the HTML forms found in a database for further processing.

bqm

https://github.com/Acceis/bqm

Tool to deduplicate custom BloudHound queries from different datasets and merge them in one file.

brakeman

https://github.com/presidentbeef/brakeman

Static analysis tool for Ruby on Rails applications

bruteforce-luks

https://github.com/glv2/bruteforce-luks

A tool to help recover encrypted LUKS2 containers

bully

https://github.com/aanarchyy/bully

bully is a tool for brute-forcing WPS (Wireless Protected Setup) PINs.

burpsuite

https://portswigger.net/burp

Web application security testing tool.

buster

https://github.com/sham00n/Buster

Advanced OSINT tool

byp4xx

https://github.com/lobuhi/byp4xx

A Swiss Army knife for bypassing web application firewalls and filters.

carbon14

https://github.com/Lazza/carbon14

OSINT tool for estimating when a web page was written.

Censys

https://github.com/censys/censys-python

An easy-to-use and lightweight API wrapper for Censys APIs

certipy

https://github.com/ly4k/Certipy

Python tool to create and sign certificates

certsync

https://github.com/zblurx/certsync

certsync is a tool that helps you synchronize certificates between two directories.

cewl

https://digi.ninja/projects/cewl.php

Generates custom wordlists by spidering a target’s website and parsing the results

cewler

https://github.com/roys/cewler

CeWL alternative in Python

chainsaw

https://github.com/WithSecureLabs/chainsaw

Rapidly Search and Hunt through Windows Forensic Artefacts

checksec-py

https://github.com/Wenzel/checksec.py

Python wrapper script for checksec.sh from paX.

chisel

https://github.com/jpillora/chisel

Go based TCP tunnel with authentication and encryption support

cloudfail

https://github.com/m0rtem/CloudFail

a reconnaissance tool for identifying misconfigured CloudFront domains.

cloudmapper

https://github.com/duo-labs/cloudmapper

CloudMapper helps you analyze your Amazon Web Services (AWS) environments.

cloudsplaining

https://github.com/salesforce/cloudsplaining

AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.

cloudsploit

https://github.com/aquasecurity/cloudsploit

Cloud Security Posture Management

clusterd

https://github.com/hatRiot/clusterd

A tool to distribute and remotely manage Hacking Team’s RCS agents.

cmsmap

https://github.com/Dionach/CMSmap

Tool for security audit of web content management systems.

coercer

https://github.com/p0dalirius/coercer

DFS-R target coercion tool

constellation

https://github.com/constellation-app/Constellation

Find and exploit vulnerabilities in mobile applications.

corscanner

https://github.com/chenjj/CORScanner

a Python script for finding CORS misconfigurations.

cowpatty

https://github.com/joswr1ght/cowpatty

cowpatty is a tool for offline dictionary attacks against WPA-PSK (Pre-Shared Key) networks.

crackhound

https://github.com/trustedsec/crackhound

A fast WPA/WPA2/WPA3 WiFi Handshake capture / password recovery and analysis tool

crackmapexec

https://github.com/Porchetta-Industries/CrackMapExec

Network scanner.

crunch

https://github.com/crunchsec/crunch

A wordlist generator where you can specify a standard character set or a character set you specify.

cupp

https://github.com/Mebus/cupp

Cupp is a tool used to generate personalized password lists based on target information.

CyberChef

https://github.com/gchq/CyberChef/

The Cyber Swiss Army Knife

cyperoth

https://github.com/seajaysec/cypheroth

Automated extensible toolset that runs cypher queries against Bloodhound’s Neo4j backend and saves output to spreadsheets.

darkarmour

https://github.com/bats3c/darkarmour

a tool to detect and evade common antivirus products

dex2jar

https://github.com/pxb1988/dex2jar

A tool to convert Android’s dex files to Java’s jar files

dfscoerce

https://github.com/Wh04m1001/dfscoerce

DFS-R target coercion tool

dirb

https://github.com/v0re/dirb

Web Content Scanner

dirsearch

https://github.com/maurosoria/dirsearch

Tool for searching files and directories on a web site.

divideandscan

https://github.com/snovvcrash/divideandscan

Advanced subdomain scanner

dns2tcp

https://github.com/alex-sector/dns2tcp

dns2tcp is a tool for relaying TCP connections over DNS.

dnschef

https://github.com/iphelix/dnschef

Tool for DNS MITM attacks

dnsenum

https://github.com/fwaeytens/dnsenum

dnsenum is a tool for enumerating DNS information about a domain.

dnsx

https://github.com/projectdiscovery/dnsx

A tool for DNS reconnaissance that can help identify subdomains and other related domains.

donpapi

https://github.com/login-securite/DonPAPI

Dumping revelant information on compromised targets without AV detection

droopescan

https://github.com/droope/droopescan

Scan Drupal websites for vulnerabilities.

drupwn

https://github.com/immunIT/drupwn

Drupal security scanner.

eaphammer

https://github.com/s0lst1c3/eaphammer

EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks.

empire

https://github.com/BC-SECURITY/Empire

post-exploitation and adversary emulation framework

enum4linux-ng

https://github.com/cddmp/enum4linux-ng

Tool for enumerating information from Windows and Samba systems.

enyx

https://github.com/trickster0/enyx

Framework for building offensive security tools.

evilwinrm

https://github.com/Hackplayers/evil-winrm

Tool to connect to a remote Windows system with WinRM.

exif

https://exiftool.org/

Utility to read / write and edit metadata in image / audio and video files

exifprobe

https://github.com/hfiguiere/exifprobe

Exifprobe is a command-line tool to parse EXIF data from image files.

exiftool

https://github.com/exiftool/exiftool

ExifTool is a Perl library and command-line tool for reading / writing and editing meta information in image / audio and video files.

exiv2

https://github.com/Exiv2/exiv2

Image metadata library and toolset

ExtractBitlockerKeys

https://github.com/p0dalirius/ExtractBitlockerKeys

A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.

eyewitness

https://github.com/FortyNorthSecurity/EyeWitness

a tool to take screenshots of websites / provide some server header info / and identify default credentials if possible.

fcrackzip

https://github.com/hyc/fcrackzip

Password cracker for zip archives.

fdisk

https://github.com/karelzak/util-linux

Collection of basic system utilities / including fdisk partitioning tool

feroxbuster

https://github.com/epi052/feroxbuster

Simple / fast and recursive content discovery tool

ffuf

https://github.com/ffuf/ffuf

Fast web fuzzer written in Go.

fierce

https://github.com/mschwager/fierce

A DNS reconnaissance tool for locating non-contiguous IP space

finalrecon

https://github.com/thewhiteh4t/FinalRecon

A web reconnaissance tool that gathers information about web pages

findomain

https://github.com/findomain/findomain

The fastest and cross-platform subdomain enumerator.

finduncommonshares

https://github.com/p0dalirius/FindUncommonShares

Script that can help identify shares that are not commonly found on a Windows system.

firefox

https://www.mozilla.org

A web browser

foremost

https://doc.ubuntu-fr.org/foremost

Foremost is a forensic tool for recovering files based on their headers / footers / and internal data structures.

freeipscanner

https://github.com/scrt/freeipscanner

A simple bash script to enumerate stale ADIDNS entries

freerdp2-x11

https://github.com/FreeRDP/FreeRDP

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP) released under the Apache license.

frida

https://github.com/frida/frida

Dynamic instrumentation toolkit

fuxploider

https://github.com/almandin/fuxploider

a Python tool for finding and exploiting file upload forms/directories.

fzf

https://github.com/junegunn/fzf

🌸 A command-line fuzzy finder

gau

https://github.com/lc/gau

Fast tool for fetching URLs

genusernames

https://gitlab.com/-/snippets/2480505/raw/main/bash

GenUsername is a Python tool for generating a list of usernames based on a name or email address.

GeoPincer

https://github.com/tloja/GeoPincer

GeoPincer is a script that leverages OpenStreetMap’s Overpass API in order to search for locations.

geowordlists

https://github.com/p0dalirius/GeoWordlists

tool to generate wordlists of passwords containing cities at a defined distance around the client city.

gf

https://github.com/tomnomnom/gf

A wrapper around grep to avoid typing common patterns

ghidra

https://github.com/NationalSecurityAgency/ghidra

Software reverse engineering suite of tools.

git-dumper

https://github.com/arthaud/git-dumper

Small script to dump a Git repository from a website.

githubemail

https://github.com/paulirish/github-email

a command-line tool to retrieve a user’s email from Github.

gittools

https://github.com/internetwache/GitTools

A collection of Git tools including a powerful Dumper for dumping Git repositories.

gmsadumper

https://github.com/micahvandeusen/gMSADumper

A tool for extracting credentials and other information from a Microsoft Active Directory domain.

gobuster

https://github.com/OJ/gobuster

Tool to discover hidden files and directories.

goldencopy

https://github.com/Dramelac/GoldenCopy

Copy the properties and groups of a user from neo4j (bloodhound) to create an identical golden ticket

GoMapEnum

https://github.com/nodauf/GoMapEnum

Nothing new but existing techniques are brought together in one tool.

gopherus

https://github.com/tarunkant/Gopherus

Gopherus is a simple command line tool for exploiting vulnerable Gopher servers.

gosecretsdump

https://github.com/c-sto/gosecretsdump

Implements NTLMSSP network authentication protocol in Go

goshs

https://github.com/patrickhener/goshs

Goshs is a replacement for Python’s SimpleHTTPServer. It allows uploading and downloading via HTTP/S with either self-signed certificate or user provided certificate and you can use HTTP basic auth.

gowitness

https://github.com/sensepost/gowitness

A website screenshot utility written in Golang.

GPOddity

https://github.com/synacktiv/GPOddity

Aiming at automating GPO attack vectors through NTLM relaying (and more)

gpp-decrypt

https://github.com/t0thkr1s/gpp-decrypt

A tool to decrypt Group Policy Preferences passwords

gqrx

https://github.com/csete/gqrx

Software defined radio receiver powered by GNU Radio and Qt

gron

https://github.com/tomnomnom/gron

Make JSON greppable!

h2csmuggler

https://github.com/BishopFox/h2csmuggler

HTTP Request Smuggling tool using H2C upgrade

h8mail

https://github.com/khast3x/h8mail

Email OSINT and breach hunting.

hackrf

https://github.com/mossmann/hackrf

Low cost software defined radio platform

haiti

https://github.com/noraj/haiti

haiti is a A CLI tool (and library) to identify hash types (hash type identifier).

hakrawler

https://github.com/hakluke/hakrawler

a fast web crawler for gathering URLs and other information from websites

hakrevdns

https://github.com/hakluke/hakrevdns

Reverse DNS lookup utility that can help with discovering subdomains and other information.

hashcat

https://hashcat.net/hashcat

A tool for advanced password recovery

hashonymize

https://github.com/ShutdownRepo/hashonymize

This small tool is aimed at anonymizing hashes files for offline but online cracking like Google Collab for instance (see https://github.com/ShutdownRepo/google-colab-hashcat).

Havoc

https://github.com/HavocFramework/Havoc

Command & Control Framework

hcxdumptool

https://github.com/ZerBea/hcxdumptool

Small tool to capture packets from wlan devices.

hcxtools

https://github.com/ZerBea/hcxtools

Tools for capturing and analyzing packets from WLAN devices.

hexedit

https://github.com/pixel/hexedit

View and edit binary files

holehe

https://github.com/megadose/holehe

mail osint tool finding out if it is used on websites.

hping3

https://github.com/antirez/hping

A network tool able to send custom TCP/IP packets

httpmethods

https://github.com/ShutdownRepo/httpmethods

Tool for exploiting HTTP methods (e.g. PUT / DELETE / etc.)

httprobe

https://github.com/tomnomnom/httprobe

A simple utility for enumerating HTTP and HTTPS servers.

httpx

https://github.com/projectdiscovery/httpx

A tool for identifying web technologies and vulnerabilities / including outdated software versions and weak encryption protocols.

hydra

https://github.com/vanhauser-thc/thc-hydra

Hydra is a parallelized login cracker which supports numerous protocols to attack.

ida

https://www.hex-rays.com/products/ida/

Interactive disassembler for software analysis.

ignorant

https://github.com/megadose/ignorant

holehe but for phone numbers.

imagemagick

https://github.com/ImageMagick/ImageMagick

ImageMagick is a free and open-source image manipulation tool used to create / edit / compose / or convert bitmap images.

impacket

https://github.com/ThePorgs/impacket

Set of tools for working with network protocols (ThePorgs version).

ipinfo

https://github.com/ipinfo/cli

Get information about an IP address or hostname.

iptables

https://linux.die.net/man/8/iptables

Userspace command line tool for configuring kernel firewall

jackit

https://github.com/insecurityofthings/jackit

Exploit to take over a wireless mouse and keyboard

jadx

https://github.com/skylot/jadx

Java decompiler

jd-gui

https://github.com/java-decompiler/jd-gui

A standalone Java Decompiler GUI

jdwp

https://github.com/IOActive/jdwp-shellifier

This exploitation script is meant to be used by pentesters against active JDWP service / in order to gain Remote Code Execution.

john

https://github.com/openwall/john

John the Ripper password cracker.

joomscan

https://github.com/rezasp/joomscan

A tool to enumerate Joomla-based websites

jwt

https://github.com/ticarpi/jwt_tool

a command-line tool for working with JSON Web Tokens (JWTs)

kadimus

https://github.com/P0cL4bs/Kadimus

a tool for detecting and exploiting file upload vulnerabilities

KeePwn

https://github.com/Orange-Cyberdefense/KeePwn

KeePwn is a tool that extracts passwords from KeePass 1.x and 2.x databases.

kerbrute

https://github.com/ropnop/kerbrute

A tool to perform Kerberos pre-auth bruteforcing

kiterunner

https://github.com/assetnote/kiterunner

Tool for operating Active Directory environments.

Kraken

https://github.com/kraken-ng/Kraken

Kraken is a modular multi-language webshell focused on web post-exploitation and defense evasion. It supports three technologies (PHP / JSP and ASPX) and is core is developed in Python.

krbjack

https://github.com/almandin/krbjack

A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.

krbrelayx

https://github.com/dirkjanm/krbrelayx

a tool for performing Kerberos relay attacks

kubectl

https://kubernetes.io/docs/reference/kubectl/overview/

Command-line interface for managing Kubernetes clusters.

ldapdomaindump

https://github.com/dirkjanm/ldapdomaindump

A tool for dumping domain data from an LDAP service

ldaprelayscan

https://github.com/zyn3rgy/LdapRelayScan

Check Domain Controllers for LDAP server protections regarding the relay of NTLM authentication.

ldapsearch

https://wiki.debian.org/LDAP/LDAPUtils

Search for and display entries (ldap)

ldapsearch-ad

https://github.com/yaap7/ldapsearch-ad

LDAP search utility with AD support

LDAPWordlistHarvester

https://github.com/p0dalirius/LDAPWordlistHarvester

Generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts

ldeep

https://github.com/franc-pentest/ldeep

ldeep is a tool to discover hidden paths on Web servers.

legba

https://github.com/evilsocket/legba

a multiprotocol credentials bruteforcer / password sprayer and enumerator built with Rust

libmspack

https://github.com/kyz/libmspack

C library for Microsoft compression formats.

libnfc

https://github.com/grundid/nfctools

Library for Near Field Communication (NFC) devices

libnfc-crypto1-crack

https://github.com/droidnewbie2/acr122uNFC

Implementation of cryptographic attack on Mifare Classic RFID cards

libusb-dev

https://github.com/libusb/libusb

Library for USB device access

ligolo-ng

https://github.com/nicocha30/ligolo-ng

An advanced yet simple tunneling tool that uses a TUN interface.

linkedin2username

https://github.com/initstring/linkedin2username

Generate a list of LinkedIn usernames from a company name.

linkfinder

https://github.com/GerbenJavado/LinkFinder

a Python script that finds endpoints and their parameters in JavaScript files.

lnkup

https://github.com/Plazmaz/lnkUp

This tool will allow you to generate LNK payloads. Upon rendering or being run they will exfiltrate data.

lsassy

https://github.com/Hackndo/lsassy

Windows secrets and passwords extraction tool.

ltrace

https://github.com/dkogan/ltrace

ltrace is a debugging program for Linux and Unix that intercepts and records dynamic library calls that are called by an executed process.

maigret

https://github.com/soxoj/maigret

Collects information about a target email (or domain) from Google and Bing search results

maltego

https://www.paterva.com/web7/downloads.php

A tool used for open-source intelligence and forensics

manspider

https://github.com/blacklanternsecurity/MANSPIDER

Manspider will crawl every share on every target system. If provided creds don’t work it will fall back to ‘guest’ then to a null session.

mariadb-client

https://github.com/MariaDB/server

MariaDB is a community-developed fork of the MySQL relational database management system. The mariadb-client package includes command-line utilities for interacting with a MariaDB server.

masky

https://github.com/Z4kSec/Masky

Masky is a python library providing an alternative way to remotely dump domain users’ credentials thanks to an ADCS. A command line tool has been built on top of this library in order to easily gather PFX or NT hashes and TGT on a larger scope

masscan

https://github.com/robertdavidgraham/masscan

Masscan is an Internet-scale port scanner

mdcat

https://github.com/swsnr/mdcat

Fancy cat for Markdown

metasploit

https://github.com/rapid7/metasploit-framework

A popular penetration testing framework that includes many exploits and payloads

mfcuk

https://github.com/nfc-tools/mfcuk

Implementation of an attack on Mifare Classic and Plus RFID cards

mfdread

https://github.com/zhovner/mfdread

Tool for reading/writing Mifare RFID tags

mfoc

https://github.com/nfc-tools/mfoc

Implementation of ‘offline nested’ attack by Nethemba

minicom

https://doc.ubuntu-fr.org/minicom

Minicom is a text-based serial communication program for Unix-like operating systems.

mitm6

https://github.com/fox-it/mitm6

Tool to conduct a man-in-the-middle attack against IPv6 protocols.

mobsf

https://github.com/MobSF/Mobile-Security-Framework-MobSF

Automated and all-in-one mobile application (Android/iOS/Windows) pen-testing malware analysis and security assessment framework

moodlescan

https://github.com/inc0d3/moodlescan

Scan Moodle sites for information and vulnerabilities.

mousejack

https://github.com/BastilleResearch/mousejack

Exploit to take over a wireless mouse and keyboard

msprobe

https://github.com/puzzlepeaches/msprobe

msprobe is a tool to identify Microsoft Windows hosts and servers that are running certain services.

MurMurHash

https://github.com/QU35T-code/MurMurHash

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

naabu

https://github.com/projectdiscovery/naabu

A fast and reliable port scanner that can detect open ports and services.

name-that-hash

https://github.com/HashPals/Name-That-Hash

Online tool for identifying hashes.

nasm

https://github.com/netwide-assembler/nasm

NASM is an 80x86 assembler designed for portability and modularity.

nbtscan

https://github.com/charlesroelli/nbtscan

NBTscan is a program for scanning IP networks for NetBIOS name information.

neo4j

https://github.com/neo4j/neo4j

Database.

neovim

https://neovim.io/

hyperextensible Vim-based text editor

netdiscover

https://github.com/netdiscover-scanner/netdiscover

netdiscover is an active/passive address reconnaissance tool

netexec

https://github.com/Pennyw0rth/NetExec

Network scanner (Crackmapexec updated).

nfct

https://github.com/grundid/nfctools

Tool for Near Field Communication (NFC) devices

ngrok

https://github.com/inconshreveable/ngrok

Expose a local server behind a NAT or firewall to the internet

nmap

https://nmap.org

The Network Mapper - a powerful network discovery and security auditing tool

nmap-parse-ouptut

https://github.com/ernw/nmap-parse-output

Converts/manipulates/extracts data from a Nmap scan output.

noPac

https://github.com/Ridter/noPac

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user.

nosqlmap

https://github.com/codingo/NoSQLMap

a Python tool for testing NoSQL databases for security vulnerabilities.

ntlmv1-multi

https://github.com/evilmog/ntlmv1-multi

Exploit a vulnerability in Microsoft Windows to gain system-level access.

ntlm_theft

https://github.com/Greenwolf/ntlm_theft

A tool for generating multiple types of NTLMv2 hash theft files

nuclei

https://github.com/projectdiscovery/nuclei

A fast and customizable vulnerability scanner that can detect a wide range of issues / including XSS / SQL injection / and misconfigured servers.

oaburl

https://gist.githubusercontent.com/snovvcrash/4e76aaf2a8750922f546eed81aa51438/raw/96ec2f68a905eed4d519d9734e62edba96fd15ff/oaburl.py

Find Open redirects and other vulnerabilities.

objection

https://github.com/sensepost/objection

Runtime mobile exploration

objectwalker

https://github.com/p0dalirius/objectwalker

A python module to explore the object tree to extract paths to interesting objects in memory.

oneforall

https://github.com/shmilylty/OneForAll

a powerful subdomain collection tool.

onesixtyone

https://github.com/trailofbits/onesixtyone

onesixtyone is an SNMP scanner which utilizes a sweep technique to achieve very high performance.

osrframework

https://github.com/i3visio/osrframework

Include references to a bunch of different applications related to username checking / DNS lookups / information leaks research / deep web search / regular expressions extraction and many others.

pass

https://github.com/hashcat/hashcat

TODO

PassTheCert

https://github.com/AlmondOffSec/PassTheCert

PassTheCert is a tool to extract Active Directory user password hashes from a domain controller’s local certificate store.

patator

https://github.com/lanjelot/patator

Login scanner.

pcredz

https://github.com/lgandx/PCredz

PowerShell credential dumper

pcsc

https://pcsclite.apdu.fr/

Middleware for smart card readers

pdfcrack

https://github.com/robins/pdfcrack

A tool for cracking password-protected PDF files

peepdf

https://github.com/jesparza/peepdf

peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not.

petitpotam

https://github.com/topotam/PetitPotam

Windows machine account manipulation

phoneinfoga

https://github.com/sundowndev/PhoneInfoga

Information gathering & OSINT framework for phone numbers.

photon

https://github.com/s0md3v/Photon

a fast web crawler which extracts URLs / files / intel & endpoints from a target.

PHP filter chain generator

https://github.com/synacktiv/php_filter_chain_generator

A CLI to generate PHP filters chain / get your RCE without uploading a file if you control entirely the parameter passed to a require or an include in PHP!

phpggc

https://github.com/ambionics/phpggc

Exploit generation tool for the PHP platform.

pkcrack

https://github.com/keyunluo/pkcrack

tool to generate wordlists of passwords containing cities at a defined distance around the client city

pkinittools

https://github.com/dirkjanm/PKINITtools

Pkinit support tools

polenum

https://github.com/Wh1t3Fox/polenum

Polenum is a Python script which uses the Impacket library to extract user information through the SMB protocol.

powershell

https://github.com/PowerShell/PowerShell

a command-line shell and scripting language designed for system administration and automation

pp-finder

https://github.com/yeswehack/pp-finder

Prototype pollution finder tool for javascript. pp-finder lets you find prototype pollution candidates in your code.

pre2k

https://github.com/garrettfoster13/pre2k

pre2k is a tool to check if a Windows domain has any pre-2000 Windows 2000 logon names still in use.

pretender

https://github.com/RedTeamPentesting/pretender

an mitm tool for helping with relay attacks.

prips

https://manpages.ubuntu.com/manpages/focal/man1/prips.1.html

A utility for quickly generating IP ranges or enumerating hosts within a specified range.

privexchange

https://github.com/dirkjanm/PrivExchange

a tool to perform attacks against Microsoft Exchange server using NTLM relay techniques

prowler

https://github.com/prowler-cloud/prowler

Perform Cloud Security best practices assessments / audits / incident response / compliance / continuous monitoring / hardening and forensics readiness.

proxmark3

https://github.com/Proxmark/proxmark3

Open source RFID research toolkit.

proxychains

https://github.com/rofl0r/proxychains

Proxy chains - redirect connections through proxy servers.

pst-utils

https://manpages.debian.org/jessie/pst-utils/readpst.1

pst-utils is a set of tools for working with Outlook PST files.

pth-tools

https://github.com/byt3bl33d3r/pth-toolkit

A toolkit to perform pass-the-hash attacks

pwncat

https://github.com/calebstewart/pwncat

A lightweight and versatile netcat alternative that includes various additional features.

pwndb

https://github.com/davidtavarez/pwndb

A command-line tool for searching the pwndb database of compromised credentials.

pwndbg

https://github.com/pwndbg/pwndbg

a GDB plugin that makes debugging with GDB suck less

pwnedornot

https://github.com/thewhiteh4t/pwnedOrNot

Check if a password has been leaked in a data breach.

pwninit

https://github.com/io12/pwninit

A tool for automating starting binary exploit challenges

pwntools

https://github.com/Gallopsled/pwntools

a CTF framework and exploit development library

pygpoabuse

https://github.com/Hackndo/pyGPOAbuse

A tool for abusing GPO permissions to escalate privileges

pykek

https://github.com/preempt/pykek

PyKEK (Python Kerberos Exploitation Kit) a python library to manipulate KRB5-related data.

pylaps

https://github.com/p0dalirius/pylaps

Utility for enumerating and querying LDAP servers.

pymeta

https://github.com/m8sec/pymeta

Google and Bing scraping osint tool

pypykatz

https://github.com/skelsec/pypykatz

a Python library for mimikatz-like functionality

pyrit

https://github.com/JPaulMora/Pyrit

Python-based WPA/WPA2-PSK attack tool.

pywerview

https://github.com/the-useless-one/pywerview

A (partial) Python rewriting of PowerSploit’s PowerView.

pywhisker

https://github.com/ShutdownRepo/pywhisker

PyWhisker is a Python equivalent of the original Whisker made by Elad Shamir and written in C#. This tool allows users to manipulate the msDS-KeyCredentialLink attribute of a target user/computer to obtain full control over that object. It’s based on Impacket and on a Python equivalent of Michael Grafnetter’s DSInternals called PyDSInternals made by podalirius.

pywsus

https://github.com/GoSecure/pywsus

Python implementation of a WSUS client

radare2

https://github.com/radareorg/radare2

A complete framework for reverse-engineering and analyzing binaries

rdesktop

https://github.com/rdesktop/rdesktop

rdesktop is a client for Remote Desktop Protocol (RDP) used in a number of Microsoft products including Windows NT Terminal Server / Windows 2000 Server / Windows XP and Windows 2003 Server.

reaver

https://github.com/t6x/reaver-wps-fork-t6x

reaver is a tool for brute-forcing WPS (Wireless Protected Setup) PINs.

recon-ng

https://github.com/lanmaster53/recon-ng

External recon tool.

recondog

https://github.com/s0md3v/ReconDog

a reconnaissance tool for performing information gathering on a target.

redis-tools

https://github.com/antirez/redis-tools

redis-tools is a collection of Redis client utilities including redis-cli and redis-benchmark.

remmina

https://github.com/FreeRDP/Remmina

Remote desktop client.

responder

https://github.com/lgandx/Responder

a LLMNR / NBT-NS and MDNS poisoner.

rlwrap

https://github.com/hanslub42/rlwrap

rlwrap is a small utility that wraps input and output streams of executables / making it possible to edit and re-run input history

ROADtools

https://github.com/dirkjanm/ROADtools

ROADtools is a framework to interact with Azure AD. It consists of a library (roadlib) with common components / the ROADrecon Azure AD exploration tool and the ROADtools Token eXchange (roadtx) tool.

roastinthemiddle

https://github.com/Tw1sm/RITM

RoastInTheMiddle is a tool to intercept and relay NTLM authentication requests.

robotstester

https://github.com/p0dalirius/robotstester

Utility for testing whether a website’s robots.txt file is correctly configured.

routersploit

https://github.com/threat9/routersploit

Security audit tool for routers.

RsaCracker

https://github.com/skyf0l/RsaCracker

Powerful RSA cracker for CTFs. Supports RSA - X509 - OPENSSH in PEM and DER formats.

rsactftool

https://github.com/RsaCtfTool/RsaCtfTool

The rsactftool tool is used for RSA cryptographic operations and analysis.

rsync

https://packages.debian.org/sid/rsync

File synchronization tool for efficiently copying and updating data between local or remote locations

rtl-433

https://github.com/merbanan/rtl_433

Tool for decoding various wireless protocols/ signals such as those used by weather stations

ruler

https://github.com/sensepost/ruler

Outlook Rules exploitation framework.

rusthound (v2)

https://github.com/OPENCYBER-FR/RustHound

BloodHound-CE ingestor in Rust.

rusthound

https://github.com/OPENCYBER-FR/RustHound

BloodHound ingestor in Rust.

rustscan

https://github.com/RustScan/RustScan

The Modern Port Scanner

samdump2

https://github.com/azan121468/SAMdump2

A tool to dump Windows NT/2k/XP/Vista password hashes from SAM files

scout

https://github.com/nccgroup/ScoutSuite

Scout Suite is an open source multi-cloud security-auditing tool which enables security posture assessment of cloud environments.

scrcpy

https://github.com/Genymobile/scrcpy

Display and control your Android device.

searchsploit

https://gitlab.com/exploit-database/exploitdb

A command line search tool for Exploit-DB

seclists

https://github.com/danielmiessler/SecLists

A collection of multiple types of lists used during security assessments

semgrep

https://github.com/returntocorp/semgrep/

Static analysis tool that supports multiple languages and can find a variety of vulnerabilities and coding errors.

shadowcoerce

https://github.com/ShutdownRepo/shadowcoerce

Utility for bypassing the Windows Defender antivirus by hiding a process within a legitimate process.

shellerator

https://github.com/ShutdownRepo/Shellerator

a simple command-line tool for generating shellcode

Sherlock

https://github.com/sherlock-project/sherlock

Hunt down social media accounts by username across social networks.

shuffledns

https://github.com/projectdiscovery/shuffledns

A fast and customizable DNS resolver that can be used for subdomain enumeration and other tasks.

simplyemail

https://github.com/SimplySecurity/SimplyEmail

a scriptable command line tool for sending emails

sipvicious

https://github.com/enablesecurity/sipvicious

Enumeration and MITM tool for SIP devices

sleuthkit

https://github.com/sleuthkit/sleuthkit

Forensic toolkit to analyze volume and file system data

sliver

https://github.com/BishopFox/sliver

Open source / cross-platform and extensible C2 framework

smali

https://github.com/JesusFreke/smali

A tool to disassemble and assemble Android’s dex files

smartbrute

https://github.com/ShutdownRepo/SmartBrute

The smart password spraying and bruteforcing tool for Active Directory Domain Services.

smbclient

https://github.com/samba-team/samba

SMBclient is a command-line utility that allows you to access Windows shared resources

smbmap

https://github.com/ShawnDEvans/smbmap

A tool to enumerate SMB shares and check for null sessions

smtp-user-enum

https://github.com/pentestmonkey/smtp-user-enum

A tool to enumerate email addresses via SMTP

smuggler

https://github.com/defparam/smuggler

Smuggler is a tool that helps pentesters and red teamers to smuggle data into and out of the network even when there are multiple layers of security in place.

SoapUI

https://github.com/SmartBear/soapui

SoapUI is the world’s leading testing tool for API testing.

spiderfoot

https://github.com/smicallef/spiderfoot

A reconnaissance tool that automatically queries over 100 public data sources

sprayhound

https://github.com/Hackndo/Sprayhound

Active Directory password audit tool.

sqlmap

https://github.com/sqlmapproject/sqlmap

Sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws

ssh-audit

https://github.com/jtesta/ssh-audit

ssh-audit is a tool to test SSH server configuration for best practices.

sshuttle

https://github.com/sshuttle/sshuttle

Transparent proxy server that tunnels traffic through an SSH server

sslscan

https://github.com/rbsec/sslscan

a tool for testing SSL/TLS encryption on servers

ssrfmap

https://github.com/swisskyrepo/SSRFmap

a tool for testing SSRF vulnerabilities.

steghide

https://github.com/StefanoDeVuono/steghide

steghide is a steganography program that is able to hide data in various kinds of image and audio files.

stegolsb

https://github.com/KyTn/STEGOLSB

Steganography tool to hide data in BMP images using least significant bit algorithm

stegosuite

https://github.com/osde8info/stegosuite

Stegosuite is a free steganography tool that allows you to hide data in image and audio files.

strace

https://github.com/strace/strace

strace is a debugging utility for Linux that allows you to monitor and diagnose system calls made by a process.

subfinder

https://github.com/projectdiscovery/subfinder

Tool to find subdomains associated with a domain.

sublist3r

https://github.com/aboul3la/Sublist3r

a Python tool designed to enumerate subdomains of websites.

swaks

https://github.com/jetmore/swaks

Swaks is a featureful flexible scriptable transaction-oriented SMTP test tool.

symfony-exploits

https://github.com/ambionics/symfony-exploits

Collection of Symfony exploits and PoCs.

tailscale

https://github.com/tailscale/tailscale

A secure and easy-to-use VPN alternative that is designed for teams and businesses.

targetedKerberoast

https://github.com/ShutdownRepo/targetedKerberoast

Kerberoasting against specific accounts

tcpdump

https://github.com/the-tcpdump-group/tcpdump

a powerful command-line packet analyzer for Unix-like systems

TeamsPhisher

https://github.com/Octoberfest7/TeamsPhisher

TeamsPhisher is a Python3 program that facilitates the delivery of phishing messages and attachments to Microsoft Teams users whose organizations allow external communications.

testdisk

https://github.com/cgsecurity/testdisk

Partition recovery and file undelete utility

testssl

https://github.com/drwetter/testssl.sh

a tool for testing SSL/TLS encryption on servers

theharvester

https://github.com/laramies/theHarvester

Tool for gathering e-mail accounts / subdomain names / virtual host / open ports / banners / and employee names from different public sources

tig

https://github.com/jonas/tig

Tig is an ncurses-based text-mode interface for git.

timing

https://github.com/ffleming/timing_attack

Tool to generate a timing profile for a given command.

tls-map

https://github.com/sec-it/tls-map

tls-map is a library for mapping TLS cipher algorithm names.

tls-scanner

https://github.com/tls-attacker/tls-scanner

a simple script to check the security of a remote TLS/SSL web server

tomcatwardeployer

https://github.com/mgeeky/tomcatwardeployer

Script to deploy war file in Tomcat.

tor

https://github.com/torproject/tor

Anonymity tool that can help protect your privacy and online identity by routing your traffic through a network of servers.

toutatis

https://github.com/megadose/Toutatis

Toutatis is a tool that allows you to extract information from instagrams accounts such as e-mails / phone numbers and more.

traceroute

https://github.com/iputils/iputils

Traceroute is a command which can show you the path a packet of information takes from your computer to one you specify.

trevorspray

https://github.com/blacklanternsecurity/TREVORspray

TREVORspray is a modular password sprayer with threading SSH proxying loot modules / and more

trid

https://mark0.net/soft-trid-e.html

File identifier

trilium

https://github.com/zadam/trilium

Personal knowledge management system.

tshark

https://github.com/wireshark/wireshark

TShark is a terminal version of Wireshark.

uberfile

https://github.com/ShutdownRepo/Uberfile

Uberfile is a simple command-line tool aimed to help pentesters quickly generate file downloader one-liners in multiple contexts (wget / curl / powershell / certutil…). This project code is based on my other similar project for one-liner reverseshell generation Shellerator.

updog

https://github.com/sc0tfree/updog

Simple replacement for Python’s SimpleHTTPServer.

upx

https://github.com/upx/upx

UPX is an advanced executable packer

username-anarchy

https://github.com/urbanadventurer/username-anarchy

Tools for generating usernames when penetration testing. Usernames are half the password brute force problem.

Villain

https://github.com/t3l3machus/Villain

Command & Control Framework

volatility2

https://github.com/volatilityfoundation/volatility

Volatile memory extraction utility framework

volatility3

https://github.com/volatilityfoundation/volatility3

Advanced memory forensics framework

wabt

https://github.com/WebAssembly/wabt

The WebAssembly Binary Toolkit (WABT) is a suite of tools for WebAssembly (Wasm) including assembler and disassembler / a syntax checker / and a binary format validator.

wafw00f

https://github.com/EnableSecurity/wafw00f

a Python tool that helps to identify and fingerprint web application firewall (WAF) products.

waybackurls

https://github.com/tomnomnom/waybackurls

Fetch all the URLs that the Wayback Machine knows about for a domain.

webclientservicescanner

https://github.com/Hackndo/webclientservicescanner

Scans for web service endpoints

weevely

https://github.com/epinna/weevely3

a webshell designed for post-exploitation purposes that can be extended over the network at runtime.

wfuzz

https://github.com/xmendez/wfuzz

WFuzz is a web application vulnerability scanner that allows you to find vulnerabilities using a wide range of attack payloads and fuzzing techniques

whatportis

https://github.com/ncrocfer/whatportis

Command-line tool to lookup port information

whatweb

https://github.com/urbanadventurer/WhatWeb

Next generation web scanner that identifies what websites are running.

whois

https://packages.debian.org/sid/whois

See information about a specific domain name or IP address.

wifite2

https://github.com/derv82/wifite2

Script for auditing wireless networks.

windapsearch-go

https://github.com/ropnop/go-windapsearch/

Active Directory enumeration tool.

wireshark

https://github.com/wireshark/wireshark

Wireshark is a network protocol analyzer that lets you see what’s happening on your network at a microscopic level.

wpscan

https://github.com/wpscanteam/wpscan

A tool to enumerate WordPress-based websites

wuzz

https://github.com/asciimoo/wuzz

a command-line tool for interacting with HTTP(S) web services

XSpear

https://github.com/hahwul/XSpear

a powerful XSS scanning and exploitation tool.

xsrfprobe

https://github.com/0xInfection/XSRFProbe

a tool for detecting and exploiting Cross-Site Request Forgery (CSRF) vulnerabilities

xsser

https://github.com/epsylon/xsser

XSS scanner.

xsstrike

https://github.com/s0md3v/XSStrike

a Python tool for detecting and exploiting XSS vulnerabilities.

xtightvncviewer

https://www.commandlinux.com/man-page/man1/xtightvncviewer.1.html

xtightvncviewer is an open source VNC client software.

Yalis

https://github.com/EatonChips/yalis

Yet Another LinkedIn Scraper

youtubedl

https://github.com/ytdl-org/youtube-dl

Download videos from YouTube and other sites.

ysoserial

https://github.com/frohoff/ysoserial

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

yt-dlp

https://github.com/yt-dlp/yt-dlp

A youtube-dl fork with additional features and fixes

zerologon

https://github.com/SecuraBV/CVE-2020-1472

Exploit for the Zerologon vulnerability (CVE-2020-1472).

zipalign

https://developer.android.com/studio/command-line/zipalign

arguably the most important step to optimize your APK file

zsteg

https://github.com/zed-0xff/zsteg

Detect steganography hidden in PNG and BMP images