--- title: "Hacking" date: draft: false ---
![Horizpontal.jpeg](/Images/Headers/Hacking.jpg)
*"The truth is revealed by removing things that stand in its light, an art not unlike sculpture, in which the artist creates, not by building, but by hacking away." - Alan Watts* Welcome to the Hacking section of Liberty tools! Hacking should be used to increase your knowledge and harden your defenses. Please use these tools responsibly. --- ### **Anonymity** - [**BinGoo**](https://github.com/Hood3dRob1n/BinGoo) - GNU/Linux bash based Bing and Google Dorking Tool. - [**Censys**](https://www.censys.io/) - Collects data on hosts and websites through daily ZMap and ZGrab scans. - [**creepy**](https://github.com/ilektrojohn/creepy) - Geolocation OSINT tool. - [**dork-cli**](https://github.com/jgor/dork-cli) - Command line Google dork tool. - [**Fast-recon**](https://github.com/DanMcInerney/fast-recon) - Perform Google dorks against a domain. - [**GooDork**](https://github.com/k3170makan/GooDork) - Command line Google dorking tool. - [**Google Hacking Database**](https://www.exploit-db.com/google-hacking-database) - Database of Google dorks; can be used for recon. - [**Google-dorks**](https://github.com/JohnTroony/Google-dorks) - Common Google dorks and others you probably don’t know. - [**I2P**](https://geti2p.net/) - The Invisible Internet Project. - [**Maltego**](http://www.paterva.com/web7/) - One of the Hacking Tools and Proprietary software for open source intelligence and forensics, from Paterva. - [**metagoofil**](https://github.com/laramies/metagoofil) - Metadata harvester. - [**Nipe**](https://github.com/GouveaHeitor/nipe) - Script to redirect all traffic from the machine to the Tor network. - [**OnionScan**](https://onionscan.org/) - One of the Hacking Tools for investigating the Dark Web by finding operational security issues introduced by Tor hidden service operators. - [**recon-ng**](https://github.com/lanmaster53/recon-ng) - One of the Hacking Tools Full-featured Web Reconnaissance framework written in Python. - [**snitch**](https://github.com/Smaash/snitch) - Information gathering via dorks. - [**Spiderfoot**](http://www.spiderfoot.net/) - Multi-source OSINT automation tool with a Web UI and report visualizations. - [**theHarvester**](https://github.com/laramies/theHarvester) - E-mail, subdomain and people names harvester. - [**Tor**](https://www.torproject.org/) - Free software and onion routed overlay network that helps you defend against traffic analysis. - [**Virus Total**](https://www.virustotal.com/) - VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware. - [**What Every Browser Knows About You**](http://webkay.robinlinus.com/) - Comprehensive detection page to test your own Web browser’s configuration for privacy and identity leaks. - [**ZoomEye**](https://www.zoomeye.org/) - Search engine for cyberspace that lets the user find specific network components. --- ### Bug Bounty Platforms - [**Bugcrowd List**](https://www.bugcrowd.com/bug-bounty-list/) - List of many companies that provide bug bounties. --- ### **CTF(Capture the flag)** - [**Ctf-tools**](https://github.com/zardus/ctf-tools) - Collection of setup scripts to install various security research tools easily and quickly deployable to new machines. - [**Pwntools**](https://github.com/Gallopsled/pwntools) - Rapid exploit development framework built for use in CTFs. - [**RsaCtfTool**](https://github.com/sourcekris/RsaCtfTool) - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks. --- ### **DDoS** - [**HOIC**](https://sourceforge.net/projects/high-orbit-ion-cannon/) - Updated version of Low Orbit Ion Cannon, has ‘boosters’ to get around common counter measures. - [**JS LOIC**](http://metacortexsecurity.com/tools/anon/LOIC/LOICv1.html) - JavaScript in-browser version of LOIC. - [**LOIC**](https://github.com/NewEraCracker/LOIC/) - Open source network stress tool for Windows. - [**SlowLoris**](https://github.com/gkbrk/slowloris) - DoS tool that uses low bandwidth on the attacking side. - [**T50**](https://sourceforge.net/projects/t50/) - Faster network stress tool. - [**UFONet**](https://github.com/epsylon/ufonet) - Abuses OSI layer 7 HTTP to create/manage ‘zombies’ and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc. --- ### **Defense Evasion** - [**AntiVirus Evasion Tool (AVET)**](https://github.com/govolution/avet) - Post-process exploits containing executable files targeted for Windows machines to avoid being recognized by antivirus software. - [**Hyperion**](http://nullsecurity.net/tools/binary.html) - Runtime encryptor for 32-bit portable executables (“PE .exes”). - [**PeCloak.py**](https://www.securitysift.com/pecloak-py-an-experiment-in-av-evasion/) - Automates the process of hiding a malicious Windows executable from antivirus (AV) detection. - [**PeCloakCapstone**](https://github.com/v-p-b/peCloakCapstone) - Multi-platform fork of the peCloak.py automated malware antivirus evasion tool. - [**UniByAv**](https://github.com/Exploit-install/UniByAv) - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key. - [**Veil**](https://github.com/Veil-Framework/Veil) - Generate metasploit payloads that bypass common anti-virus solutions. --- ### **Defcon Suggested Reading** - [**Defcon Suggested Reading**](https://www.defcon.org/html/links/book-list.html) --- ### Email Spoofing - [**SpoofBox**](https://www.spoofbox.com) - Offers email, SMS, Phone spoofing and lots of other tools. Not a free service. Can also be used to look up phone numbers. --- ### **Exploit Development** - [**Exploit Writing Tutorials**](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/) - Tutorials on how to develop exploits. - [**Shellcode Examples**](http://shell-storm.org/shellcode/) - Shellcodes database. - [**Shellcode Tutorial**](http://www.vividmachines.com/shellcode/shellcode.html) - Tutorial on how to write shellcode. --- ### **File Format Analysis** - [**Hachoir**](http://hachoir3.readthedocs.io/) - Python library to view and edit a binary stream as tree of fields and tools for metadata extraction. - [**Kaitai Struct**](http://kaitai.io/) - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby. - [**Veles**](https://codisec.com/veles/) - Binary data visualization and analysis tool. --- ### Forensics - [**Autopsy**](https://www.autopsy.com/) - Full suite of open source forensics tools. - [**CAINE**](https://forensictools.dev/listing/caine/) - CAINE is Linux Live CD that contains a wealth of digital forensic tools. Features include a user-friendly GUI, semi-automated report creation and tools for Mobile Forensics, Network Forensics, Data Recovery and more. - [**FTK Imager**](https://www.exterro.com/ftk-imager) - Open Source Disk imaging tool. - [**Paladin Forensic Suite**](https://sumuri.com/product-category/brands/paladin/) - Live Ubuntu distro with lots of tools. Open source with free and paid versions. - [**SIFT Workstation**](https://www.sans.org/tools/sift-workstation/) - The SIFT Workstation is a collection of free and open-source incident response and forensic tools designed to perform detailed digital forensic examinations in a variety of settings, all built inside an Ubuntu VM. - [**SMART**](https://smart-forensic.com/) - Open source sampling of many proprietary forensics tools. --- ### **GNU/Linux Utilities** - [**Linux Exploit Suggester**](https://github.com/PenturaLabs/Linux_Exploit_Suggester) - Heuristic reporting on potentially viable exploits for a given GNU/Linux system. --- ### **Hacking Focused OSINT** - [**AQUATONE**](https://github.com/michenriksen/aquatone) - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools. - [**BinGoo**](https://github.com/Hood3dRob1n/BinGoo) - GNU/Linux bash based Bing and Google Dorking Tool. - [**Censys**](https://www.censys.io/) - Collects data on hosts and websites through daily ZMap and ZGrab scans. - [**creepy**](https://github.com/ilektrojohn/creepy) - Geolocation OSINT tool. - [**DataSploit**](https://github.com/upgoingstar/datasploit) - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes. - [**dork-cli**](https://github.com/jgor/dork-cli) - Command line Google dork tool. - [**Fast-recon**](https://github.com/DanMcInerney/fast-recon) - Perform Google dorks against a domain. - [**GooDork**](https://github.com/k3170makan/GooDork) - Command line Google dorking tool. - [**Google Hacking Database**](https://www.exploit-db.com/google-hacking-database) - Database of Google dorks; can be used for recon. - [**Google-dorks**](https://github.com/JohnTroony/Google-dorks) - Common Google dorks and others you probably don’t know. - [**github-dorks**](https://github.com/techgaun/github-dorks) - CLI tool to scan Github repos/organizations for potential sensitive information leak. - [**Intrigue**](http://intrigue.io/) - Automated OSINT & Attack Surface discovery framework with powerful API, UI and CLI. - [**Maltego**](http://www.paterva.com/web7/) - One of the Hacking Tools and Proprietary software for open source intelligence and forensics, from Paterva. - [**metagoofil**](https://github.com/laramies/metagoofil) - Metadata harvester. - [**recon-ng**](https://github.com/lanmaster53/recon-ng) - One of the Hacking Tools Full-featured Web Reconnaissance framework written in Python. - [**Shodan**](https://www.shodan.io/) - World’s first search engine for Internet-connected devices. - [**snitch**](https://github.com/Smaash/snitch) - Information gathering via dorks. - [**Sn1per**](https://github.com/1N3/Sn1per) - One of the Hacking Tools for Automated Pentest Recon Scanner. - [**Spiderfoot**](http://www.spiderfoot.net/) - Multi-source OSINT automation tool with a Web UI and report visualizations. - [**Threat Crowd**](http://ci-www.threatcrowd.org/) - Search engine for threats. - [**theHarvester**](https://github.com/laramies/theHarvester) - E-mail, subdomain and people names harvester. - [**vcsmap**](https://github.com/melvinsh/vcsmap) - Plugin-based tool to scan public version control systems for sensitive information. - [**Virus Total**](https://www.virustotal.com/) - VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware. - [**What Every Browser Knows About You**](http://webkay.robinlinus.com/) - Comprehensive detection page to test your own Web browser’s configuration for privacy and identity leaks. - [**ZoomEye**](https://www.zoomeye.org/) - Search engine for cyberspace that lets the user find specific network components. --- ### Hacking Conventions - [**44Con**](https://44con.com/) - Annual Security Conference held in London. - [**AppSecUSA**](https://globalappsec.org/) - Annual conference organized by OWASP. - [**BalCCon**](https://www.balccon.org/) - Balkan Computer Congress, annually held in Novi Sad, Serbia. - [**Black Hat**](http://www.blackhat.com/) - Annual security conference in Las Vegas. - [**BruCON**](http://brucon.org/) - Annual security conference in Belgium. - [**CarolinaCon**](http://www.carolinacon.org/) - Infosec conference, held annually in North Carolina. - [**CCC**](https://events.ccc.de/congress/) - Annual meeting of the international hacker scene in Germany. - [**CHCon**](https://2016.chcon.nz/) - Christchurch Hacker Con, Only South Island of New Zealand hacker con. - [**DeepSec**](https://deepsec.net/) - Security Conference in Vienna, Austria. - [**DefCamp**](http://def.camp/) - Largest Security Conference in Eastern Europe, held annually in Bucharest, Romania. - [**DEF CON**](https://www.defcon.org/) - Annual hacker convention in Las Vegas. Known for having a left wing bias. - [**Ekoparty**](http://www.ekoparty.org/) - Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina. - [**FSec**](http://fsec.foi.hr/) - FSec - Croatian Information Security Gathering in Varaždin, Croatia. - [**Hack3rCon**](http://hack3rcon.org/) - Annual US hacker conference. - [**Hack.lu**](https://2016.hack.lu/) - Annual conference held in Luxembourg. - [**Hackfest**](https://hackfest.ca/) - Largest hacking conference in Canada. - [**HITB**](https://conference.hitb.org/) - Deep-knowledge security conference held in Malaysia and The Netherlands. - [**Hacking In The Box**](https://conference.hitb.org/) - Deep-knowledge security conference held in Malaysia and The Netherlands. - [**Infosecurity Europe**](http://www.infosecurityeurope.com/) - Europe’s number one information security event, held in London, UK. - [**LayerOne**](http://www.layerone.org/) - Annual US security conference held every spring in Los Angeles. - [**Nullcon**](http://nullcon.net/website/) - Annual conference in Delhi and Goa, India. - [**PhreakNIC**](http://phreaknic.info/) - Technology conference held annually in middle Tennessee. - [**RSA Conference USA**](https://www.rsaconference.com/) - Annual security conference in San Francisco, California, USA. - [**ShmooCon**](http://shmoocon.org/) - Annual US East coast hacker convention. - [**SkyDogCon**](http://www.skydogcon.com/) - Technology conference in Nashville. - [**SummerCon**](http://www.summercon.org/) - One of the oldest hacker conventions, held during Summer. - [**Swiss Cyber Storm**](https://www.swisscyberstorm.com/) - Annual security conference in Lucerne, Switzerland. - [**ThotCon**](http://thotcon.org/) - Annual US hacker conference held in Chicago. - [**Troopers**](https://www.troopers.de/) - Annual international IT Security event with workshops held in Heidelberg, Germany. - [**Virus Bulletin Conference**](https://www.virusbulletin.com/conference/index) - Annual conference going to be held in Denver, USA for 2016. --- ### **Hash Cracking** - [**BruteForce Wallet**](https://github.com/glv2/bruteforce-wallet) - Find the password of an encrypted wallet file (i.e. wallet.dat). - [**CeWL**](https://digi.ninja/projects/cewl.php) - Generates custom wordlists by spidering a target’s website and collecting unique words. - [**Hashcat**](http://hashcat.net/hashcat/) - Another One of the Hacking Tools The more fast hash cracker. - [**John the Ripper**](http://www.openwall.com/john/) - One of the best Hacking Tools for Fast password cracker. - [**JWT Cracker**](https://github.com/lmammino/jwt-cracker) - Simple HS256 JWT token brute force cracker. - [**Rar Crack**](http://rarcrack.sourceforge.net/) - RAR bruteforce cracker. ### **Hex Editors** - [**0xED**](https://web.archive.org/web/20140106172311if_/http://www.suavetech.com:80/0xed/0xed.html) – Native macOS hex editor that supports plug-ins to display custom data types. - [**Frhed**](http://frhed.sourceforge.net/) – Binary file editor for Windows. - [**HexEdit.js**](https://hexed.it/) – Browser-based hex editing. - [**Hexinator**](https://hexinator.com/) – World’s finest (proprietary, commercial) Hex Editor. --- ### **Information Security Magazines** - [**2600: The Hacker Quarterly**](https://www.2600.com/Magazine/DigitalEditions) – American publication about technology and computer “underground.” - [**Phrack Magazine**](http://www.phrack.org/) – By far the longest running hacker zine. - [**Unredacted Magazine**](https://unredactedmagazine.com/) - The official magazine from Michael Bazzell author of Extreme Privacy. --- ### **Lock Picking Resources** - [**Awesome Lockpicking**](https://github.com/meitar/awesome-lockpicking) – Awesome guides, tools, and other resources about the security and compromise of locks, safes, and keys. - [**Bosnianbill**](https://www.youtube.com/user/bosnianbill) – More lockpicking videos. - [**Schuyler Towne channel**](https://www.youtube.com/user/SchuylerTowne/) – Lockpicking videos and security talks. - [**/r/lockpicking**](https://www.reddit.com/r/lockpicking) – Resources for learning lockpicking, equipment recommendations. --- ### **macOS Utilities** - [Bella](https://github.com/00xkhaled/Bella) – Pure Python post-exploitation data mining and remote administration tool for macOS. --- ### **Multi-paradigm Frameworks** - [**Armitage**](https://github.com/blackhatethicalhacking/armitage) – Java-based GUI front-end for the Metasploit Framework. - [**ExploitPack**](https://juansacco.gitbooks.io/exploitpack/content/) – Graphical tool for automating penetration tests that ships with many pre-packaged exploits. - [**Faraday**](https://github.com/infobyte/faraday) – Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments. - [**Metasploit**](https://www.metasploit.com/) – Post exploitation Hacking Tools for offensive security teams to help verify vulnerabilities and manage security assessments. - [**Pupy**](https://github.com/n1nj4sec/pupy) – Cross-platform (Windows, Linux, macOS, Android) remote administration and post-exploitation tool. --- ### **Network Tools** - [**BetterCAP**](https://www.bettercap.org/) – Modular, portable and easily extensible MITM framework. - [**CloudFail**](https://github.com/m0rtem/CloudFail) – Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS. - [**CrackMapExec**](https://github.com/byt3bl33d3r/CrackMapExec) – A swiss army knife for pentesting networks. - [**Debookee**](http://www.iwaxx.com/debookee/) – Simple and powerful network traffic analyzer for macOS. - [**DET**](https://github.com/sensepost/DET) – Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time. - [**Dgcd**](http://tgcd.sourceforge.net/) – Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls. - [**Dnsmap**](https://github.com/makefu/dnsmap/) – One of the Hacking Tools for Passive DNS network mapper. - [**Dnsrecon**](https://github.com/darkoperator/dnsrecon/) – One of the Hacking Tools for DNS enumeration script. - [**Dnschef**](https://github.com/iphelix/dnschef) – Highly configurable DNS proxy for pentesters. - [**Dnsenum**](https://github.com/fwaeytens/dnsenum/) – Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results. - [**Dnstracer**](http://www.mavetju.org/unix/dnstracer.php) – Determines where a given DNS server gets its information from, and follows the chain of DNS servers. - [**DNSDumpster**](https://dnsdumpster.com/) – One of the Hacking Tools for Online DNS recon and search service. - [**Dshell**](https://github.com/USArmyResearchLab/Dshell) – Network forensic analysis framework. - [**Dsniff**](https://www.kali.org/tools/dsniff/) – Collection of tools for network auditing and pentesting. - [**Dripcap**](https://github.com/orinocoz/dripcap) – Caffeinated packet analyzer. - [**Evilgrade**](https://github.com/infobyte/evilgrade) – Modular framework to take advantage of poor upgrade implementations by injecting fake updates. - [**Ettercap**](http://www.ettercap-project.org/) – Comprehensive, mature suite for machine-in-the-middle attacks. - [**Impacket**](https://github.com/CoreSecurity/impacket) – A collection of Python classes for working with network protocols. - [**Intercepter-NG**](http://sniff.su/) – Multifunctional network toolkit. - [**Mass Scan**](https://github.com/robertdavidgraham/masscan) – Best Hacking Tools for TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. - [**Mallory**](https://github.com/justmao945/mallory) – HTTP/HTTPS proxy over SSH. - [**Mitmproxy**](https://github.com/mitmproxy/mitmproxy) – Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers. - [**Morpheus**](https://github.com/r00t-3xp10it/morpheus) – Automated ettercap TCP/IP Hacking Tools. - [**Netsniff-ng**](https://github.com/netsniff-ng/netsniff-ng) – Swiss army knife for network sniffing. - [**Network-Tools.com**](http://network-tools.com/) – Website offering an interface to numerous basic network utilities like ping, traceroute, whois, and more. - [**Nmap**](https://nmap.org/) – Free security scanner for network exploration & security audits. - [**Passivedns**](https://github.com/gamelinux/passivedns) – Network sniffer that logs all DNS server replies for use in a passive DNS setup. - [**Passivedns-client**](https://github.com/chrislee35/passivedns-client) – Library and query tool for querying several passive DNS providers. - [**Pig**](https://github.com/rafael-santiago/pig) – One of the Hacking Tools for GNU/Linux packet crafting. - [**Pwnat**](https://github.com/samyk/pwnat) – Punches holes in firewalls and NATs. - [**Praeda**](http://h.foofus.net/?page_id=218) – Automated multi-function printer data harvester for gathering usable data during security assessments. - [**Printer Exploitation Toolkit (PRET)**](https://github.com/RUB-NDS/PRET) – Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features. - [**Routersploit**](https://github.com/reverse-shell/routersploit) – Open source exploitation framework similar to Metasploit but dedicated to embedded devices. - [**Scanless**](https://github.com/vesche/scanless) – Utility for using websites to perform port scans on your behalf so as not to reveal your own IP. - [**Scapy**](https://github.com/secdev/scapy) – Python-based interactive packet manipulation program & library. - [**SPARTA**](https://sparta.secforce.com/) – Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools. - [**SSH MITM**](https://github.com/jtesta/ssh-mitm) – Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk. - [**Tcpdump/libpcap**](http://www.tcpdump.org/) – Common packet analyzer that runs under the command line. - [**Wireshark**](https://www.wireshark.org/) – Widely-used graphical, cross-platform network protocol analyzer. - [**XRay**](https://github.com/evilsocket/xray) – Network (sub)domain discovery and reconnaissance automation tool. - [**Zarp**](https://github.com/hatRiot/zarp) – Network attack tool centered around the exploitation of local networks. - [**Zmap**](https://zmap.io/) – Open source network scanner that enables researchers to easily perform Internet-wide network studies. --- ### **Operating Systems** - [**Best Linux Penetration Testing Distributions @ CyberPunk**](https://n0where.net/best-linux-penetration-testing-distributions/) – Description of main penetration testing distributions. - [**Cuckoo**](https://github.com/cuckoosandbox/cuckoo) – Open source automated malware analysis system. - [**Computer Aided Investigative Environment (CAINE)**](http://www.caine-live.net/) – Italian GNU/Linux live distribution created as a digital forensics project. - [**CSILinux**](https://csilinux.com/) - CSI's mission is to equip you with the most advanced tools in digital forensics, OSINT, and incident response. - [**Digital Evidence & Forensics Toolkit (DEFT)**](https://archiveos.org/deft/) – Live CD for forensic analysis runnable without tampering or corrupting connected devices where the boot process takes place. - [**Security related Operating Systems @ Rawsec**](https://github.com/tyki6/rawsec_cli) – Penetration testing tools & Hacking Tools list Related Complete list of security operating systems. - [**Security @ Distrowatch**](http://distrowatch.com/search.php?category=Security) – Website dedicated to talking about, reviewing, and keeping up to date with open source operating systems. - [**Tails**](https://tails.boum.org/) – Live OS aimed at preserving privacy and anonymity. --- ### Physical Hacking Tools - [**Anof-cyber/APTRS**](https://github.com/Anof-cyber/APTRS) - APTRS (Automated Penetration Testing Reporting System) is an automated reporting tool in Python and Django. The tool allows Penetration testers to create a report directly without using the Traditional Docx file. It also provides an approach to keeping track of the projects and vulnerabilities. - [**Canarytokens.org**](https://canarytokens.org/generate) - Canarytokens are a free, quick, painless way to help defenders discover they've been breached by having attackers announce themselves. These are digital honeypots you can configure on your own network. - [**Flipperzero.one**](https://flipperzero.one/) - Flipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware and more. It's fully open-source and customizable, so you can extend it in whatever way you like. Check out more firmware options [**here**](https://flipper-xtre.me/asset-packs/) - [**Hak5.org**](https://shop.hak5.org/) - Sells many hacking for wifi pentesting, hotplug attacks, implants, remote access field kits and more. [**Breakdown of multiple tools**](https://www.youtube.com/watch?v=6F7EHO4niCw) - [**LAN Turtle**](https://lanturtle.com/) – Covert “USB Ethernet Adapter” that provides remote access, network intelligence gathering, and MITM capabilities when installed in a local network. - [**Poisontap**](https://samy.pl/poisontap/) – Siphons cookies, exposes internal (LAN-side) router and installs web backdoor on locked computers. - [**USB Rubber Ducky**](http://usbrubberducky.com/) – Customizable keystroke injection attack platform masquerading as a USB thumbdrive. - [**WiFi Pineapple**](https://www.wifipineapple.com/) – Wireless auditing and penetration testing platform. --- ## Penetration Testing Resources ### Pentest Tools - [**Metasploit Unleashed**](https://www.offsec.com/metasploit-unleashed/) - Free Offensive Security Metasploit course. - [**MITRE’s Adversarial Tactics, Techniques & Common Knowledge (ATT&CK)**](https://attack.mitre.org/) – Curated knowledge base and model for cyber adversary behavior. - [**Open Source Security Testing Methodology Manual (OSSTMM)**](http://www.isecom.org/mirror/OSSTMM.3.pdf) – Framework for providing test cases that result in verified facts on which to base decisions that impact an organization’s security. - [**Open Web Application Security Project (OWASP)**](https://www.owasp.org/index.php/Main_Page) – Worldwide not-for-profit charitable organization focused on improving the security of especially Web-based and Application-layer software. - [**Penetration Testing Execution Standard (PTES)**](http://www.pentest-standard.org/) – Documentation designed to provide a common language and scope for performing and reporting the results of a penetration test. - [**Penetration Testing Framework (PTF)**](http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html) – Outline for performing penetration tests compiled as a general framework usable by vulnerability analysts and penetration testers alike. - [**PENTEST-WIKI**](https://github.com/nixawk/pentest-wiki) – Free online security knowledge library for pentesters and researchers. - [**Security related Operating Systems @ Rawsec**](https://github.com/tyki6/rawsec_cli) – Penetration testing tools & Hacking Tools list Related Complete list of security operating systems. - [**Shellcode Examples**](http://shell-storm.org/shellcode/) – Shellcodes database. - [**Shellcode Tutorial**](http://www.vividmachines.com/shellcode/shellcode.html) – Tutorial on how to write shellcode. - [**XSS-Payloads**](http://www.xss-payloads.com/) – Ultimate resource for all things cross-site including payloads, tools, games and documentation. ### **Penetration Testing Distributions** - [**ArchStrike**](https://archstrike.org/) – Arch GNU/Linux repository for security professionals and enthusiasts. - [**AttifyOS**](https://github.com/adi0x90/attifyos) – GNU/Linux distribution focused on tools useful during Internet of Things (IoT) security assessments. - [**BackBox**](https://backbox.org/) – Ubuntu-based distribution for penetration tests and security assessments. - [**BlackArch**](https://www.blackarch.org/) – Arch GNU/Linux-based distribution with best Hacking Tools for penetration testers and security researchers. - [**Fedora Security Lab**](https://labs.fedoraproject.org/en/security/) – Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies. - [**Kali**](https://www.kali.org/) – GNU/Linux distribution designed for digital forensics and penetration testing Hacking Tools. - [**Network Security Toolkit (NST)**](http://networksecuritytoolkit.org/) – Fedora-based bootable live operating system designed to provide easy access to best-of-breed open source network security applications. - [**Parrot**](https://www.parrotsec.org/) – Distribution similar to Kali, with multiple architectures with 100 of Hacking Tools. - [**Pentoo**](http://www.pentoo.ch/) – Security-focused live CD based on Gentoo. - [**The Pentesters Framework**](https://github.com/trustedsec/ptf) – Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that eliminates often unused toolchains. ### **Docker for Penetration Testing** - docker pull kalilinux/kali-linux-docker - docker pull owasp/zap2docker-stable - docker pull wpscanteam/wpscan - docker pull citizenstig/dvwa - docker pull wpscanteam/vulnerablewordpress - docker pull hmlio/vaas-cve-2014-6271 - docker pull hmlio/vaas-cve-2014-0160 - docker pull opendns/security-ninjas - docker pull diogomonica/docker-bench-security - docker pull ismisepaul/securityshepherd - docker pull danmx/docker-owasp-webgoat - docker-compose build && docker-compose up - docker pull citizenstig/nowasp - docker pull bkimminich/juice-shop - docker pull phocean/msf ### **Penetration Testing Report Templates** - [**Pentesting Report Template**](http://lucideus.com/pdf/stw.pdf) – lucideus.com template. - [**Pentesting Report Template**](https://www.pcisecuritystandards.org/documents/Penetration_Testing_Guidance_March_2015.pdf) – pcisecuritystandards.org template. - [**Public Pentesting Reports**](https://github.com/juliocesarfort/public-pentesting-reports) – Curated list of public penetration test reports released by several consulting firms and academic security groups. ### Ransomware Recovery - [**Nomoreransom**](https://www.nomoreransom.org/en/index.html) - Help detect what kind of ransomware encryption you’re affected by and free tools to unlock it, in many but not all cases. ### **Reverse Engineering Tools** - [**Binwalk**](https://github.com/devttys0/binwalk) – Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images. - [**Capstone**](http://www.capstone-engine.org/) – Lightweight multi-platform, multi-architecture disassembly framework. - [**dnSpy**](https://github.com/0xd4d/dnSpy) – One of the Hacking Tools to reverse engineer .NET assemblies. - [**Evan’s Debugger**](http://www.codef00.com/projects#debugger) – OllyDbg-like debugger for GNU/Linux. - [**Frida**](https://www.frida.re/) – Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. - [**Immunity Debugger**](http://debugger.immunityinc.com/) – Powerful way to write exploits and analyze malware. - [**Interactive Disassembler (IDA Pro)**](https://www.hex-rays.com/products/ida/) – Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, [IDA Free](https://www.hex-rays.com/products/ida/support/download_freeware.shtml). - [**Medusa**](https://github.com/wisk/medusa) – Open source, cross-platform interactive disassembler. - [**OllyDbg**](http://www.ollydbg.de/) – x86 debugger for Windows binaries that emphasizes binary code analysis. - [**Peda**](https://github.com/longld/peda) – Python Exploit Development Assistance for GDB. - [**Plasma**](https://github.com/joelpx/plasma) – Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code. - [**PyREBox**](https://github.com/Cisco-Talos/pyrebox) – Python scriptable Reverse Engineering sandbox by Cisco-Talos. - [**Radare2**](http://rada.re/r/index.html) – Open source, crossplatform reverse engineering framework. - [**rVMI**](https://github.com/fireeye/rVMI) – Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool. - [**Voltron**](https://github.com/snare/voltron) – Extensible debugger UI toolkit written in Python. - [**WDK/WinDbg**](https://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx) – Windows Driver Kit and WinDbg. - [**x64dbg**](http://x64dbg.com/) – Open source x64/x32 debugger for windows. ### Security Courses - [**ARIZONA CYBER WARFARE RANGE**](http://azcwr.org/) – 24×7 live fire exercises for beginners through real world operations; capability for upward progression into the real world of cyber warfare. - [**Computer Security Student**](http://computersecuritystudent.com/) – Many free tutorials, great for beginners, \$10/mo membership unlocks all content. - [**CTF Field Guide**](https://trailofbits.github.io/ctf/) – Everything you need to win your next CTF competition. - [**Cybrary**](http://cybrary.it/) – Free courses in ethical hacking and advanced penetration testing. Advanced penetration testing courses are based on the book ‘Penetration Testing for Highly-Secured Environments’. - [**European Union Agency for Network and Information Security**](https://www.enisa.europa.eu/topics/trainings-for-cybersecurity-specialists/online-training-material) – ENISA Cyber Security Training material. - [**Offensive Security Training**](https://www.offensive-security.com/information-security-training/) – Training from BackTrack/Kali developers. - [**Open Security Training**](http://opensecuritytraining.info/) – Training material for computer security classes. - [**SANS Security Training**](http://www.sans.org/) – Computer Security Training & Certification. ### **Side-channel Tools** - [**ChipWhisperer**](http://chipwhisperer.com/) – Complete open-source toolchain for side-channel power analysis and glitching attacks. ### **Social Engineering** - [**Beelogger**](https://github.com/4w4k3/BeeLogger) – Tool for generating keylooger. - [**Catphish**](https://github.com/ring0lab/catphish) – Tool for phishing and corporate espionage written in Ruby. - [**Evilginx**](https://github.com/kgretzky/evilginx) – MITM attack framework used for phishing credentials and session cookies from any Web service. - [**King Phisher**](https://github.com/securestate/king-phisher) – One of the Hacking Tools for Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content. - [**Social Engineer Toolkit (SET)**](https://github.com/trustedsec/social-engineer-toolkit) – Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly. - [**Social Engineering Framework**](http://www.social-engineer.org/framework/general-discussion/) – Information resource for social engineers. - [**wifiphisher**](https://github.com/sophron/wifiphisher) – Automated phishing attacks against WiFi networks. ### **Static Analyzers** - [**Bandit**](https://pypi.python.org/pypi/bandit/) – Security oriented static analyser for python code. - [**Brakeman**](https://github.com/presidentbeef/brakeman) – Static analysis security vulnerability scanner for Ruby on Rails applications. - [**Cppcheck**](http://cppcheck.sourceforge.net/) – Extensible C/C++ static analyzer focused on finding bugs. - [**FindBugs**](http://findbugs.sourceforge.net/) – Free software static analyzer to look for bugs in Java code. - [**Sobelow**](https://github.com/nccgroup/sobelow) – Security-focused static analysis for the Phoenix Framework. ### **Transport Layer Security Tools** - [**SSLyze**](https://github.com/nabla-c0d3/sslyze) – Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations. - [**TLS Prober**](https://github.com/WestpointLtd/tls_prober) – Fingerprint a server’s SSL/TLS implementation. - [**Testssl.sh**](https://github.com/drwetter/testssl.sh) – Command line tool which checks a server’s service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws. ### **Tools, Lists, Tutorials etc.** - [**AD Exploit guides**](https://scribe.froth.zone/@kuwaitison/active-directory-lateral-movement-and-post-exploitation-cheat-sheet-3170982a7055) - Detailed guide on methods to exploit Active Directory. - [**Android Security**](https://github.com/ashishb/android-security-awesome) – Collection of Android security-related resources. - [**AppSec**](https://github.com/paragonie/awesome-appsec) – Resources for learning about application security. - [**Awesome Awesomness**](https://github.com/bayandin/awesome-awesomeness) – The List of the Lists. - [**C/C++ Programming**](https://github.com/fffaraz/awesome-cpp) – One of the main language for open source security tools. - [**CTFs**](https://github.com/apsdehal/awesome-ctf) – Capture The Flag frameworks, libraries, etc. - [**Exploit Writing Tutorials**](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/) – Tutorials on how to develop exploits. - [**Forensics**](https://github.com/Cugu/awesome-forensics) – Free (mostly open source) forensic analysis tools and resources. - [**GB Hackers Tools List**](https://gbhackers.com/hacking-tools-list/) - Massive list of Tools. - [**Hackerone Tools List**](https://www.hackerone.com/ethical-hacker/100-hacking-tools-and-resources) - Massive list of Tools. - [**Hacking**](https://github.com/carpedm20/awesome-hacking) – Tutorials, tools, and resources. - [**Honeypots**](https://github.com/paralax/awesome-honeypots) – Honeypots, tools, components, and more. - [**InfoSec § Hacking challenges**](https://github.com/AnarchoTechNYC/meta/wiki/InfoSec#hacking-challenges) – Comprehensive directory of CTFs, wargames, hacking challenge websites, Penetration testing tools list practice lab exercises, and more. - [**Infosec**](https://github.com/onlurking/awesome-infosec) – Information security resources for pentesting, forensics, and more. - [**JavaScript Programming**](https://github.com/sorrycc/awesome-javascript) – In-browser development and scripting. - [**Kali Linux Tools**](https://gbhackers.com/kalitutorials/) – List of Hacking tools present in Kali Linux. - [**Malware Analysis**](https://gbhackers.com/malware-analysis-cheat-sheet-and-tools-list/) – Tools and resources for analysts. - [**Node.js Programming**](https://github.com/sindresorhus/awesome-nodejs) – Curated list of delightful Node.js packages and resources. - [**PCAP Tools**](https://github.com/caesar0301/awesome-pcaptools) – Tools for processing network traffic. - [**Penetration Testing Cheat Sheets**](https://github.com/coreb1t/awesome-pentest-cheat-sheets) – Awesome Pentest Cheat Sheets. - [**Pivoting and Tunneling Guide**](https://scribe.rip/@kuwaitison/pivoting-and-tunneling-for-oscp-and-beyond-cheat-sheet-3435d1d6022) - Detailed guide on methods to exploit. - [**Python Programming 1**](https://github.com/svaksha/pythonidae) – General Python programming. - [**Python Programming 2**](https://github.com/vinta/awesome-python) – General Python programming. - [**Python tools for penetration testers**](https://github.com/dloss/python-pentest-tools) – Lots of pentesting tools are written in Python. - [**Ruby Programming 1**](https://github.com/dreikanter/ruby-bookmarks) – The de-facto language for writing exploits. - [**Ruby Programming 2**](https://github.com/markets/awesome-ruby) – The de-facto --- ### **Virtual Machines Labs** - [**CFTtime**](https://ctftime.org) - Free capture the flag hacking games. - [**MindMaps**](http://www.amanhardikar.com/mindmaps/Practice.html) - Massive list of smaller sites that provide individual hacking challenges. - [**Pentesterlab**](https://www.pentesterlab.com) - Free and paid Pentesting training with labs. - [**Sadcloud**](https://github.com/nccgroup/sadcloud) - Sadcloud is a tool for spinning up insecure AWS infrastructure with Terraform. - [**Vulnerability Hub**](https://www.vulnhub.com/) - Free Virtual machines to hack, provided by the community. - [**Vulnmachines**](https://vulnmachines.com) - A place to learn and improve penetration testing/ethical hacking skills for FREE. The labs consist of 100+ real world scenarios to practice the latest exploits and cutting edge hacking techniques. --- ### **Vulnerability Databases** - [**Bugtraq (BID)**](http://www.securityfocus.com/bid/) – Software security bug identification database compiled from submissions to the SecurityFocus mailing list and other sources, operated by Symantec, Inc. - [**Common Vulnerabilities and Exposures (CVE)**](https://cve.mitre.org/) – Dictionary of common names (i.e., CVE Identifiers) for publicly known security vulnerabilities. - [**CXSecurity**](https://cxsecurity.com/) – Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a Google dork database for discovering the listed vulnerability. - [**Exploit-DB**](https://www.exploit-db.com/) – Non-profit project hosting exploits for software vulnerabilities, provided as a public service by Offensive Security. - [**Full-Disclosure**](http://seclists.org/fulldisclosure/) – Public, vendor-neutral forum for detailed discussion of vulnerabilities, often publishes details before many other sources. - [**Inj3ct0r**](https://www.0day.today/) ([Onion service](http://mvfjfugdwgc5uwho.onion/)) – Exploit marketplace and vulnerability information aggregator. - [**Microsoft Security Advisories**](https://technet.microsoft.com/en-us/security/advisories#APUMA) – Archive of security advisories impacting Microsoft software. - [**Microsoft Security Bulletins**](https://technet.microsoft.com/en-us/security/bulletins#sec_search) – Announcements of security issues discovered in Microsoft software, published by the Microsoft Security Response Center (MSRC). - [**Mozilla Foundation Security Advisories**](https://www.mozilla.org/security/advisories/) – Archive of security advisories impacting Mozilla software, including the Firefox Web Browser. - [**National Vulnerability Database (NVD)**](https://nvd.nist.gov/) – United States government’s National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine. - [**Packet Storm**](https://packetstormsecurity.com/files/) – Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry. - [**SecuriTeam**](http://www.securiteam.com/) – Independent source of software vulnerability information. - [**US-CERT Vulnerability Notes Database**](https://www.kb.cert.org/vuls/) – Summaries, technical details, remediation information, and lists of vendors affected by software vulnerabilities, aggregated by the United States Computer Emergency Response Team (US-CERT). - [**Vulnerability Lab**](https://www.vulnerability-lab.com/) – Open forum for security advisories organized by category of exploit target. - [**Vulners**](https://vulners.com/) – Security database of software vulnerabilities. - [**Zero Day Initiative**](http://zerodayinitiative.com/advisories/published/) – Bug bounty program with the publicly accessible archive of published security advisories, operated by TippingPoint. --- ### **Vulnerability Scanners** - [**Nexpose**](https://www.rapid7.com/products/nexpose/) – Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7. - [**Nessus**](https://www.tenable.com/products/nessus-vulnerability-scanner) – Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable. Free for under 25 devices. - [**OpenVAS**](http://www.openvas.org/) – Free open source software implementation of the popular Nessus vulnerability assessment system. - [**Vuls**](https://github.com/future-architect/vuls) – Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go. --- ### **Web Exploitation** - [**Autochrome**](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) – Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup. - [**BlindElephant**](http://blindelephant.sourceforge.net/) – Web application fingerprinter. - [**Browser Exploitation Framework (BeEF)**](https://github.com/beefproject/beef) – Command and control server for delivering exploits to commandeered Web browsers. - [**Burp Suite**](https://portswigger.net/burp/) – One of the Hacking Tools integrated platform for performing security testing of web applications. - [**Commix**](https://github.com/commixproject/commix) – Automated all-in-one operating system command injection and exploitation tool. - [**DVCS Ripper**](https://github.com/kost/dvcs-ripper) – Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR. - [**EyeWitness**](https://github.com/ChrisTruncer/EyeWitness) – Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible. - [**Fiddler**](https://www.telerik.com/fiddler) – Free cross-platform web debugging proxy with user-friendly companion tools. - [**Fimap**](https://github.com/kurobeats/fimap) – Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs. - [**FuzzDB**](https://github.com/fuzzdb-project/fuzzdb) – Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery. - [**GitTools**](https://github.com/internetwache/GitTools) – One of the Hacking Tools that Automatically find and download Web accessible .git repositories. - [**Kadabra**](https://github.com/D35m0nd142/Kadabra) – Automatic LFI exploiter and scanner. - [**Kadimus**](https://github.com/P0cL4bs/Kadimus) – LFI scan and exploit tool. - [**Liffy**](https://github.com/hvqzao/liffy) – LFI exploitation tool. - [**NoSQLmap**](http://nosqlmap.net/) – Automatic NoSQL injection and database takeover tool. - [**Offensive Web Testing Framework (OWTF)**](https://www.owasp.org/index.php/OWASP_OWTF) – Python-based framework for pentesting Web applications based on the OWASP Testing Guide. - [**Sslstrip**](https://www.thoughtcrime.org/software/sslstrip/) – One of the Hacking Tools Demonstration of the HTTPS stripping attacks. - [**Sslstrip2**](https://github.com/LeonardoNve/sslstrip2) – SSLStrip version to defeat HSTS. - [**sqlmap**](http://sqlmap.org/) – Automatic SQL injection and database takeover tool. - [**Tplmap**](https://github.com/epinna/tplmap) – Automatic server-side template injection and Web server takeover Hacking Tools. - [**VHostScan**](https://github.com/codingo/VHostScan) – A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages. - [**Weevely3**](https://github.com/epinna/weevely3) – Weaponized web shell. - [**Webscreenshot**](https://github.com/maaaaz/webscreenshot) – A simple script to take screenshots of list of websites. - [**WhatWeb**](https://github.com/urbanadventurer/WhatWeb) – Website fingerprinter. - [**Wappalyzer**](https://www.wappalyzer.com/) – Wappalyzer uncovers the technologies used on websites. - [**wafw00f**](https://github.com/EnableSecurity/wafw00f) – Identifies and fingerprints Web Application Firewall (WAF) products. - [**WordPress Exploit Framework**](https://github.com/rastating/wordpress-exploit-framework) – Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. - [**WPSploit**](https://github.com/espreto/wpsploit) – Exploit WordPress-powered websites with Metasploit. --- ### **Web Scanners** - [**Arachni**](http://www.arachni-scanner.com/) – Scriptable framework for evaluating the security of web applications. - [**Cms-explorer**](https://code.google.com/archive/p/cms-explorer/) – Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running. - [**Nikto**](https://cirt.net/nikto2) – Noisy but fast black box web server and web application vulnerability scanner. - [**SecApps**](https://secapps.com/) – In-browser web application security testing suite. - [**WebReaver**](https://www.webreaver.com/) – Commercial, graphical web application vulnerability scanner designed for macOS. - [**w3af**](https://github.com/andresriancho/w3af) – Hacking Tools for Web application attack and audit framework. - [**WPScan**](https://wpscan.org/) – Hacking Tools of Black box WordPress vulnerability scanner. - [**Wapiti**](http://wapiti.sourceforge.net/) – Black box web application vulnerability scanner with built-in fuzzer. - [**Joomscan**](https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project) – One of the best Hacking Tools for Joomla vulnerability scanner. - [**ACSTIS**](https://github.com/tijme/angularjs-csti-scanner) – Automated client-side template injection (sandbox escape/bypass) detection for AngularJS. --- ### **Windows Utilities** - [**Bloodhound**](https://github.com/adaptivethreat/Bloodhound/wiki) – Graphical Active Directory trust relationship explorer. - [**DeathStar**](https://github.com/byt3bl33d3r/DeathStar) – Python script that uses Empire’s RESTful API to automate gaining Domain Admin rights in Active Directory environments. - [**Empire**](https://www.powershellempire.com/) – Pure PowerShell post-exploitation agent. - [**Fibratus**](https://github.com/rabbitstack/fibratus) – Tool for exploration and tracing of the Windows kernel. - [**Magic Unicorn**](https://github.com/trustedsec/unicorn) – Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or certutil (using fake certificates). - [**Mimikatz**](http://blog.gentilkiwi.com/mimikatz) – Credentials extraction tool for Windows operating system. - [**PowerSploit**](https://github.com/PowerShellMafia/PowerSploit) – PowerShell Post-Exploitation Framework. - [**redsnarf**](https://github.com/nccgroup/redsnarf) – Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers. - [**Responder**](https://github.com/SpiderLabs/Responder) – LLMNR, NBT-NS and MDNS poisoner. - [**Sysinternals Suite**](https://technet.microsoft.com/en-us/sysinternals/bb842062) – The Sysinternals Troubleshooting Utilities. - [**wePWNise**](https://labs.mwrinfosecurity.com/tools/wepwnise/) – Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software. - [**Windows Credentials Editor**](http://www.ampliasecurity.com/research/windows-credentials-editor/) – Inspect logon sessions and add, change, list, and delete associated credentials, including Kerberos tickets. - [**Windows Exploit Suggester**](https://github.com/GDSSecurity/Windows-Exploit-Suggester) – Detects potential missing patches on the target. --- ### **Wireless Network Hacking** - [**Aircrack-ng**](http://www.aircrack-ng.org/) – Set of Penetration testing & Hacking Tools list for auditing wireless networks. - [**Fluxion**](https://github.com/FluxionNetwork/fluxion) – Suite of automated social engineering based WPA attacks. - [**Kismet**](https://kismetwireless.net/) – Wireless network detector, sniffer, and IDS. - [**Reaver**](https://code.google.com/archive/p/reaver-wps) – Brute force attack against WiFi Protected Setup. - [**Wifite**](https://github.com/derv82/wifite) – Automated wireless attack tool.