April 14, 2024: new and updated tools
| Name | Version | Description | Category | Website |
|---|---|---|---|---|
| aflplusplus | 1:v4.20c.r0.g1d17210d | American Fuzzing Lop fuzzer with community patches and additional features. | fuzzer | |
| android-udev-rules | 1:526.d4452bf | Android udev rules. | mobile | |
| angrop | 378.87d2b37 | A rop gadget finder and chain builder. | exploitation | |
| arjun | 234.16ee735 | HTTP parameter discovery suite. | webapp scanner | |
| asnmap | v1.1.0.r7.gafd1e90 | Map organization network ranges using ASN information. | networking | |
| boofuzz | v0.4.2.r15.g8d56073 | fuzzer | ||
| bopscrk | 1:v2.4.5.r10.gadb2050 | bopscrk (Before Outset PaSsword CRacKing) is a tool to generate smart and powerful wordlists for targeted attacks. | automation cracker | |
| brakeman | 1:v6.1.2.1.r2.g2fc14da7c | A static analysis security vulnerability scanner for Ruby on Rails applications | code-audit exploitation scanner | |
| cariddi | v1.3.3.testrelease.r0.ga78821f | Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, token. | webap scanner | |
| checkov | 3.2.63.r0.gb501c6e74 | Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages. | code-audit | |
| clair | 1899.6884969b | Vulnerability Static Analysis for Containers. | scanner | |
| cloudlist | 575.ebe1127 | A tool for listing Assets from multiple Cloud Providers. | recon | |
| cloudsploit | 5939.b64684b85 | AWS security scanning checks. | scanner automation | |
| commix | 2100.2fca6df3 | Automated All-in-One OS Command Injection and Exploitation Tool. | webapp automation exploitation | |
| cook | 1:v2.2.1.r13.gbabf5ba | Easily create word's permutation and combination to generate complex wordlists and passwords. | automation | |
| ctf-party | v3.0.0.r19.g82181df | A CLI tool & library to enhance and speed up script/exploit writing for CTF players. | misc | |
| cve-search | v5.0.2.r1.ga546dda | A tool to perform local searches for known vulnerabilities. | exploitation | |
| cvemap | v0.0.6.r57.g6f2d963 | CLI tool designed to provide a structured and easily navigable interface to various vulnerability databases. | exploitation | |
| darkdump | 48.7cad8ca | Search The Deep Web Straight From Your Terminal. | webapp scanner | |
| ddosify | 1:v1.7.2.r2.g1639885 | High-performance load testing tool, written in Golang. | dos misc | |
| detect-secrets | v1.4.0.r121.gbcf96da | An enterprise friendly way of detecting and preventing secrets in code. | code-audit | |
| didier-stevens-suite | 384.65c7552 | Didier Stevens Suite. | (blackarch | |
| dnstwist | 625.bb60ca7 | Domain name permutation engine for detecting typo squatting, phishing and corporate espionage. | scanner recon | |
| dnsx | 809.c458eee | Fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers. | recon | |
| dorkbot | 210.fb7f946 | Command-line tool to scan Google search results for vulnerabilities. | scanner | |
| dublin-traceroute | 342.a92118d | NAT-aware multipath tracerouting tool. | networking | |
| enum4linux-ng | 414.b79ead5 | A next generation version of enum4linux. | recon scanner | |
| espionage | 1:47.029635b | A Network Packet and Traffic Interceptor For Linux. Sniff All Data Sent Through a Network. | sniffer networking | |
| exabgp | 5130.826c450e | The BGP swiss army knife of networking. | networking defensive | |
| fakenet-ng | 304.2e3e99e | Next Generation Dynamic Network Analysis Tool. | malware networking sniffer proxy | |
| firefox-decrypt | 1.1.1.r3.g2a163fa | Extract passwords from Mozilla Firefox, Waterfox, Thunderbird, SeaMonkey profiles. | forensic | |
| gowitness | 299.6b10eae | A golang, web screenshot utility using Chrome Headless. | webapp recon | |
| gps-sdr-sim | 214.dc65ee8 | Software-Defined GPS Signal Simulator. | radio | |
| graudit | 621.675eaa9 | Grep rough source code auditing tool. | code-audit | |
| haiti | v2.1.0.r24.g4ff70fb | A CLI tool to identify the hash type of a given hash. | crypto | |
| httpx | 1848.266d3a7 | A fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library. | webapp scanner | |
| imhex | 1.33.0.r166.g4b1b52ca | A Hex Editor for Reverse Engineers, Programmers and people that value their eye sight when working at 3 AM. | misc | |
| ivre | 0.9.20.dev184 | Network recon framework. | recon networking | |
| ivre-docs | 0.9.20.dev184 | Network recon framework (documentation) | recon networking | |
| ivre-web | 0.9.20.dev184 | Network recon framework (web application) | recon networking | |
| kh2hc | 0.0.1.r49.g50e4e5e | Convert OpenSSH known_hosts file hashed with HashKnownHosts to hashes crackable by Hashcat. | crypto misc | |
| leo | 34008.1bb3279c0 | Literate programmer's editor, outliner, and project manager. | misc | |
| libbde | 1:334.59aa40b | A library to access the BitLocker Drive Encryption (BDE) format. | crypto | |
| libtins | 1305.fe22186 | High-level, multiplatform C++ network packet sniffing and crafting library. | networking | |
| linkfinder | 168.1debac5 | Discovers endpoint and their parameters in JavaScript files. | webapp recon | |
| maltrail | 105235.64dc80550a | Malicious traffic detection system. | defensive networking sniffer | |
| mapcidr | v1.1.34.r10.ge115483 | Utility program to perform multiple operations for a given subnet/CIDR ranges. | misc networking | |
| mobsf | 1:1932.99977da4 | An intelligent, all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static, dynamic analysis and web API testing. | mobile | |
| muraena | 223.3cf02b5 | Almost-transparent reverse proxy to automate phishing and post-phishing activities. | social | |
| naabu | 1191.a6e89fa | A fast port scanner written in go with focus on reliability and simplicity. | scanner | |
| netexec | v1.1.0.r385.gd19b5243 | A Windows / Active Directory environments pentest tool. | scanner exploitation windows | |
| nuclei | 2:v3.0.0.r523.g0d5e26d7b | Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. | webapp scanner | |
| o-saft | 6052.07ca63b4 | A tool to show informations about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations. | scanner recon | |
| oniongrok | v1.1.2.r7.ga46bc96 | Onion addresses for anything. | tunnel | |
| packetsender | 942.a385242 | An open source utility to allow sending and receiving TCP and UDP packets. | networking | |
| pagodo | 143.7b81d4b | Google dork script to collect potentially vulnerable web pages and applications on the Internet. | scanner recon | |
| pass-station | v1.4.0.r53.g1d2f385 | CLI & library to search for default credentials among thousands of Products / Vendors. | misc recon | |
| payloadsallthethings | 1907.293723d | A list of useful payloads and bypass for Web Application Security and Pentest/CTF. | misc | |
| peass | 20240408.791fa356.r0.ga2fb2cd | Privilege Escalation Awesome Scripts SUITE (with colors). | scanner | |
| pentestgpt | v0.9.1.r73.g43f6e80 | A penetration testing tool empowered by ChatGPT. It is designed to automate the penetration testing process. | automation | |
| persistencesniper | v1.16.0.r3.gb3cc015 | Hunt persistences implanted in Windows machines. | defensive windows | |
| phpstan | 10635.b00c42d29 | PHP Static Analysis Tool - discover bugs in your code without running it. | code-audit | |
| pwned | 2398.d04ebc5 | A command-line tool for querying the 'Have I been pwned?' service. | recon | |
| python-ivre | 0.9.20.dev184 | Network recon framework (library) | recon networking | |
| quickscope | 437.a4e6427 | Statically analyze windows, linux, osx, executables and also APK files. | binary reversing | |
| rabid | 1:v0.1.0.r107.gc667845 | A CLI tool and library allowing to simply decode all kind of BigIP cookies. | webapp misc | |
| recuperabit | 77.c6f8678 | A tool for forensic file system reconstruction. | forensic | |
| restler-fuzzer | 8:397.0277c5b | First stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. | webapp fuzzer | |
| retire | 5.0.0.beta.1.r15.g3f36fa6 | Scanner detecting the use of JavaScript libraries with known vulnerabilities. | scanner code-audit | |
| rr | 6761.126ceea8 | A Record and Replay Framework. | debugger misc | |
| s3scanner | 465.c544f1c | Scan for open S3 buckets and dump. | scanner | |
| sipp | 1460.1e84248 | A free Open Source test tool / traffic generator for the SIP protocol. | voip | |
| sippts | 1:v3.4.r2.g2db69f8 | Set of tools to audit SIP based VoIP Systems. | voip | |
| slither | 1:4439.fdf54f624 | Solidity static analysis framework written in Python 3. | code-audit exploitation | |
| sn1per | 1:596.bfd1057 | Automated Pentest Recon Scanner. | recon automation scanner cracker | |
| socialpwned | v2.0.1.r5.g6af3563 | OSINT tool that allows to get the emails, from a target, published in social networks. | social recon | |
| spiga | 2:648.617a342 | Configurable web resource scanner. | webapp scanner | |
| spotbugs | 17356.b5c3870e7 | A tool for static analysis to look for bugs in Java code. | code-audit | |
| stowaway | v2.2.r15.g3c0e805 | A Multi-hop proxy tool for security researchers and pentesters. | proxy exploitation | |
| subfinder | 1:v2.6.3.r310.g175412b | Modular subdomain discovery tool that can discover massive amounts of valid subdomains for any target. | recon | |
| suricata-verify | 1172.84f285fe | Suricata Verification Tests - Testing Suricata Output. | misc ids | |
| tls-map | v2.2.0.r68.gb52ba62 | CLI & library for mapping TLS cipher algorithm names: IANA, OpenSSL, GnUTLS, NSS. | crypto misc | |
| tlsfuzzer | 1715.5c7e569 | SSL and TLS protocol test suite and fuzzer. | crypto fuzzer | |
| tlshelpers | 23.9e80719 | A collection of shell scripts that help handling X.509 certificate and TLS issues. | crypto | |
| trufflehog | 2:v3.73.0.r9.g198c63cb8 | Searches through git repositories for high entropy strings, digging deep into commit history. | recon | |
| uacme | 281.6e36b58 | Defeating Windows User Account Control. | windows | |
| vbsmin | v1.1.0.r103.gcb66594 | VBScript minifier. | packer automation | |
| wapiti | 3.1.8.r72.gf9029514 | A vulnerability scanner for web applications. It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, LDAP injections, CRLF injections... | fuzzer scanner webapp | |
| wesng | 330.fce2bdf | Windows Exploit Suggester - Next Generation. | exploitation windows | |
| whapa | 371.a9efb77 | WhatsApp Parser Tool. | misc | |
| whispers | 2.2.1.r3.g8f17f77 | Identify hardcoded secrets and dangerous behaviours. | code-audit | |
| yeti | 3290.f0df5c40 | A platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository. | defensive recon | |
| zeek | 1:v7.0.0.dev.r116.g6c88bd115 | Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. | networking defensive sniffer | |
| zgrab2 | 607.baa27dc | Go Application Layer Scanner. | fingerprint recon |