February 17, 2025: new and updated tools
Name | Version | Description | Category | Website |
---|---|---|---|---|
badsecrets | v0.8.25.r0.gf2880df | A library for detecting known secrets across many web frameworks. | webapp | |
beef | 1:4664.d52c37f3 | The Browser Exploitation Framework that focuses on the web browser | exploitation | |
bloodhound-python | v1.0.1.r167.gc88eea6 | Bloodhound python data collector | recon windows | |
burpsuite | 1:2025.1.1 | An integrated platform for attacking web applications (free edition). | fuzzer proxy scanner webapp | |
can-utils | 1205.2b8c7c5 | Linux-CAN / SocketCAN user space applications. | automobile | |
checkov | 3.2.370.r1.g1e778524c | Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages. | code-audit | |
chipsec | 5:1.13.9.r6.gf6be0ab | Framework for analyzing the security of PC platforms including hardware, system firmware (BIOS/UEFI), and platform components. | hardware binary forensic scanner fuzzer | |
clair | 2030.e45fbf0e | Vulnerability Static Analysis for Containers. | scanner | |
cloudlist | 763.fe54f85 | A tool for listing Assets from multiple Cloud Providers. | recon | |
cloudsploit | 6576.6802dd4e6 | AWS security scanning checks. | scanner automation | |
commix | 2216.1ae15df0 | Automated All-in-One OS Command Injection and Exploitation Tool. | webapp automation exploitation | |
country-ip-blocks | 5079.d80ddcc | CIDR country-level IP data, straight from the Regional Internet Registries, updated hourly. | wordlists misc | |
cvemap | v0.0.7.r303.g8332145 | CLI tool designed to provide a structured and easily navigable interface to various vulnerability databases. | exploitation | |
dalfox | 1592.2e19e44 | Parameter Analysis and XSS Scanning tool. | webapp fuzzer | |
dftimewolf | 768.4f2b6d8a | Framework for orchestrating forensic collection, processing and data export . | forensic | |
didier-stevens-suite | 407.409cd58 | Didier Stevens Suite. | (blackarch | |
dnswatch | dnswatch.1.r18.g7ee12c9 | DNS Traffic Sniffer and Analyzer. | sniffer | |
emp3r0r | v2.4.2.r3.ge08222c9 | Linux post-exploitation framework made by linux user. | automation | |
fscan | 2.0.0.build4.r0.g4aaa05f | A Security Auditing Tool. | scanner | |
imhex | 1.37.0.r14.g658d4c4d7 | A Hex Editor for Reverse Engineers, Programmers and people that value their eye sight when working at 3 AM. | misc | |
intelmq | 3.3.1.r65.gadb2d156d | A tool for collecting and processing security feeds using a message queuing protocol. | misc | |
ivre | 0.9.21.dev48 | Network recon framework. | recon networking | |
ivre-docs | 0.9.21.dev48 | Network recon framework (documentation) | recon networking | |
ivre-web | 0.9.21.dev48 | Network recon framework (web application) | recon networking | |
jefferson | v0.4.6.r0.g9e33796 | JFFS2 filesystem extraction tool. | forensic reversing | |
jsql-injection | 0.109 | A Java application for automatic SQL database injection. | webapp exploitation fuzzer | |
lazagne | 880.30aebe9 | An open source application used to retrieve lots of passwords stored on a local computer. | forensic social | |
maltrail | 117253.66e59bf872 | Malicious traffic detection system. | defensive networking sniffer | |
mapcidr | v1.1.34.r391.g873f5b8 | Utility program to perform multiple operations for a given subnet/CIDR ranges. | misc networking | |
metagoofil | 87.b232cb4 | An information gathering tool designed for extracting metadata of public documents. | recon | |
netexec | v1.3.0.r343.gc2f85db6 | A Windows / Active Directory environments pentest tool. | scanner exploitation windows | |
nettacker | 0.4.0.r48.g012bf5dd | Automated Penetration Testing Framework. | automation scanners recon | |
nuclei | 2:v3.3.8.r43.gdabcce865 | Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. | webapp scanner | |
openscap | 1.4.1.r16.g5a63d1e83 | Open Source Security Compliance Solution. | automation defensive scanner | |
pagodo | 154.6490b04 | Google dork script to collect potentially vulnerable web pages and applications on the Internet. | scanner recon | |
patator | 1:235.5be299a | A multi-purpose bruteforcer. | cracker | |
payloadsallthethings | 2050.7e64eda | A list of useful payloads and bypass for Web Application Security and Pentest/CTF. | misc | |
phpstan | 12131.f2bf43c2c | PHP Static Analysis Tool - discover bugs in your code without running it. | code-audit | |
pmacct | 1:v1.7.6.r1534.g85a0694 | Small set of multi-purpose passive network monitoring tools [NetFlow IPFIX sFlow libpcap BGP BMP IGP Streaming Telemetry]. | networking sniffer defensive | |
postenum | 125.3188f0a | Clean, nice and easy tool for basic/advanced privilege escalation techniques. | recon scanner exploitation | |
prowler | 1:5637.bcbc9bf67 | Tool for AWS security assessment, auditing and hardening. | defensive scanner | |
pwned | 2653.c77df18 | A command-line tool for querying the 'Have I been pwned?' service. | recon | |
python-dissect.target | 3.20.1.r46.gcd799b4 | The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets). | forensic | |
python-dissect.volume | 3.13.r4.ge8fbb39 | A Dissect module implementing a parser for different disk volume and partition systems, for example LVM2, GPT and MBR. | forensic | |
python-ivre | 0.9.21.dev48 | Network recon framework (library) | recon networking | |
qbdi | v0.11.0.r51.gf551138 | A Dynamic Binary Instrumentation framework based on LLVM. | binary | |
restler-fuzzer | 8:419.1f1d59c | First stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. | webapp fuzzer | |
rex | 726.617ed4d | Shellphish's automated exploitation engine, originally created for the Cyber Grand Challenge. | exploitation | |
roadlib | 371.c59c09d | Azure AD and O365 exploration framework | windows scanner recon | |
roadoidc | 371.c59c09d | Azure AD and O365 exploration framework | windows scanner recon | |
roadrecon | 371.c59c09d | Azure AD and O365 exploration framework | windows scanner recon | |
roadtx | 371.c59c09d | Azure AD and O365 exploration framework | windows scanner recon | |
rtl-433 | 24.10+58.r3624.20250213.474feb53 | A generic software defined radio data receiver, mainly for the 433.92 MHz, 868 MHz (SRD), 315 MHz, 345 MHz, and 915 MHz ISM bands. | radio wireless | |
sdrpp | nightly.r275.gf90e2d5 | The bloat-free SDR receiver. | radio wireless | |
soapui | 5.8.0 | The Swiss-Army Knife for SOAP Testing. | proxy fuzzer | |
spotbugs | 17652.6b58d8568 | A tool for static analysis to look for bugs in Java code. | code-audit | |
stunner | v0.5.8.r59.g3d87a99 | Test and exploit STUN, TURN and TURN over TCP servers. | networking webapp | |
subfinder | 1:v2.6.7.r60.gf77b5bd | Modular subdomain discovery tool that can discover massive amounts of valid subdomains for any target. | recon | |
suricata-verify | 1457.8062ab01 | Suricata Verification Tests - Testing Suricata Output. | misc ids | |
t50 | 5.8.7c | Experimental Multi-protocol Packet Injector Tool. | dos networking | |
tlsfuzzer | 1873.b579043 | SSL and TLS protocol test suite and fuzzer. | crypto fuzzer | |
tlshelpers | 25.f1263ce | A collection of shell scripts that help handling X.509 certificate and TLS issues. | crypto | |
triton | 1:4291.e312eafc | A Dynamic Binary Analysis (DBA) framework. | binary reversing | |
trufflehog | 2:v3.88.9.r2.g52ae3c343 | Searches through git repositories for high entropy strings, digging deep into commit history. | recon | |
uacme | 285.32647ec | Defeating Windows User Account Control. | windows | |
websockify | 946.e818947 | WebSocket to TCP proxy/bridge. | networking | |
wesng | 396.9b29e0b | Windows Exploit Suggester - Next Generation. | exploitation windows | |
whatsmyname | 2604.d6d9ad5 | Tool to perform user and username enumeration on various websites. | webapp recon | |
yeti | 3400.85c12943 | A platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository. | defensive recon | |
zarn | 0.0.9.r31.gfc46bc1 | A lightweight static security analysis tool for modern Perl Apps. | code-audit | |
zdns | 675.1cde476 | Fast CLI DNS Lookup Tool. | networking | |
zeek | 1:v7.2.0.dev.r199.g9c41b6d22 | Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. | networking defensive sniffer | |
zgrab2 | 769.86d6d6d | Go Application Layer Scanner. | fingerprint recon |