| Name of tool | Category | Link to the tool | Short Discription |
|---|---|---|---|
| Aline | Web | https://github.com/ferreiraklet/Aline | A tool that simply downloads files of a certain type, located on a certain domain and indexed by Google. |
| Burp Suite | Web | https://portswigger.net/burp/communitydownload | It is tool for performing security testing of web applications. |
| Chrome DevTools | Web | https://developer.chrome.com/docs/devtools/ | Chrome provides a set of tools for web developers. These tools are built into Google Chrome. It has the functionality to view and change the DOM and a Page’s Style. With Chrome DevTools, you will be able to view messages, run & debug JavaScript in the Console, edit the pages on-the-fly, diagnose the problem quickly, and optimize the website speed . |
| Cookie-editor | Web | https://github.com/Moustachauve/cookie-editor | Browser extension to create, edit and delete cookies for the current tab. |
| Crackstation | Web | https://crackstation.net/ | CrackStation is a massive pre-computed lookup tables to crack password hashes. |
| DNSDumpster | Web | https://dnsdumpster.com/ | DNSdumpster is a FREE domain research tool that can discover hosts related to a domain. |
| Dirbuster | Web | https://www.kali.org/tools/dirbuster/ | DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. |
| Dirsearch | Web | https://github.com/maurosoria/dirsearch | Tool for scanning a website path. |
| EditThisCookie | Web | https://editthiscookie.com/ | Cookie viewer and editor |
| Feroxbuster | Web | https://github.com/epi052/feroxbuster | A simple, fast, recursive content discovery tool written in Rust |
| Gobuster | Web | https://github.com/OJ/gobuster | Bruteforce tool for finding directories and files in webserver |
| GrayHatWarfare | Web | https://buckets.grayhatwarfare.com/ | Website used to look for publicly exposed s3 buckets of AWS servers |
| HackBrowserData | Web | https://github.com/moonD4rk/HackBrowserData | Tools that could help us decrypt data like password, bookmark, history from the browser. |
| Insomnia | Web | https://insomnia.rest/ | Tool for testing API calls and stubing the data to APIs to mock the calls |
| Nessus | Web | https://www.tenable.com/downloads/nessus?loginAttempted=true | An all in one tool that has various featured like network scan , website scan , api scan , etc |
| OWASP ZAP | Web | https://www.zaproxy.org/ | OWASP Zed Attact Proxy (ZAP) used for spidering website/passive scanning of website. It contain scanner,proxy and many other features. |
| OWASP-ZAP | Web | https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project | Owasp-zap tool is used to scan web application. |
| Postman | Web | https://www.postman.com/ | Tool for testing API calls and stubing the data to APIs to mock the calls |
| Raccoon | Web | https://github.com/evyatarmeged/Raccoon | A high-performance offensive security tool for reconnaissance and vulnerability scanning |
| SimilarWeb | Web | https://www.similarweb.com/ | A tool that provides detailed website traffic analysis |
| Sqlmap | Web | https://sqlmap.org/ | automates the process of detecting and exploiting SQL injection |
| Subbrute | Web | https://github.com/TheRook/subbrute | A DNS meta-query spider that enumerates DNS records, and subdomains. |
| Urlscan | Web | https://urlscan.io/ | urlscan.io is a free service to scan and analyse websites. It record the activity that this page navigation creates. |
| ViewDns | Web | https://viewdns.info | ViewDNS is used to search for Domain/IP address info and can reverse search about the IP address of the website. Many of the tools are included in it as: Reverse IP Lookup,IP Whois,etc |
| Wappalyzer | Web | https://github.com/wappalyzer/wappalyzer | Browser extension which identifies technologies on websites |
| WebHackUrls | Web | https://github.com/mathis2001/WebHackUrls | A tool for URl recon with filter by keyword and saving results to file. |
| Webgrep | Web | https://github.com/dhondta/webgrep | grep for Web pages, with JS deobfuscation, CSS unminifying and OCR on images. |
| XSS Hunter | Web | https://xsshunter.com/ | XSS Hunter allows you to find all kinds of cross-site scripting vulnerabilities, including the often-missed blind XSS. The service works by hosting specialized XSS probes which, upon firing, scan the page and send information about the vulnerable page to the XSS Hunter service. |
| XSSer | Web | https://xsser.03c8.net/ | Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. It provides several options to try to bypass certain filters and various special techniques for code injection. |
| Xepor | Web | https://github.com/xepor/xepor | Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy & Flask |
| ffuf | Web | https://github.com/ffuf/ffuf | Fast web fuzzer written in Go |
| lfimap | Web | https://github.com/hansmach1ne/lfimap | Local file inclusion discovery and exploitation tool |
| mitmproxy | Web | https://mitmproxy.org | Mitmproxy is a free and open source interactive HTTPS proxy. |
| Arjun | Web | https://github.com/s0md3v/Arjun | HTTP parameter discovery suite. |
| gf | Web | https://github.com/tomnomnom/gf | A wrapper around grep, to help you grep for things |
|Pingdom | Web | https://tools.pingdom.com/ | Pingdom offers cost-effective and reliable uptime and performance monitoring for website. |
| Name of tool | Category | Link to the tool | Short Description |
|---|---|---|---|
| Android-SDK | android | https://developer.android.com/studio | A tool for development of android app using android-sdk,emulator |
| Audacity | Misc | https://www.audacityteam.org/download/ | An audio editor that can be used for waveform and spectrum steganography. |
| Cmder | Misc | https://cmder.app/ | Console emulator for Windows. You get almost all features of linux and much more all embedded in this nice piece of software. |
| CyberChef | Misc | https://gchq.github.io/CyberChef/ | Browser tool for quickly testing various encoding/encryption operations on a given input, such as base64, XOR, hexdumping, ... |
| Hash Analyzer | Misc | https://www.tunnelsup.com/hash-analyzer/ | A website that helps to identify hash types. |
| Hash-Identify | Misc | https://github.com/blackploit/hash-identifier | Software to identify the different types of hashes used to encrypt data and especially passwords. |
| Malzilla | Misc | https://malzilla.sourceforge.net/ | Malware hunting tool. It shows you the full source of webpages and all the HTTP headers |
| Oh My Zsh | Misc | https://github.com/ohmyzsh/ohmyzsh | Framework for zsh terminal customization. |
| ShadowcryptTools | Misc | https://shadowcrypt.net/tools/ | A collection of 24 online tools for OSINT, network scanning, MD5 encryption and many others |
| Warp | Misc | https://www.warp.dev/ | MacOS terminal with many great features out of the box without any additional setup |
| XOR Calculator | Misc | https://xor.pw/# | Browser tool for calculate XOR (biner, decimal, hexadecimal, ASCII) |
| dCode | Misc | https://www.dcode.fr/tools-list | A online tool for identifying and decoding various ciphers |
| instances | Misc | https://instances.vantage.sh/ | Tool to compare EC2 metrics and pricing on AWS |
| prezto | Misc | https://github.com/sorin-ionescu/prezto | Prezto is the configuration framework for Zsh |
| Name of tool | Category | Link to the tool | Short Description |
|---|---|---|---|
| DeHashed | OSINT | https://www.dehashed.com/ | DeHashed is a hacked database search engine to help secure accounts and provide insight on database breaches and account leaks |
| Epieos | OSINT | https://epieos.com/ | Retrieve information linked to an email address, without notifying its user |
| Geogramint | OSINT | https://github.com/Alb-310/Geogramint | An OSINT Geolocalization tool for Telegram that find nearby users and groups |
| GitHound | OSINT | https://github.com/tillson/git-hound | A useful tool to extract sensitive information leaked on github, can be used for bug bounty hunting. |
| Grepp | OSINT | https://grep.app/ | Searches across git repos using normal keywords |
| Holehe | OSINT | https://github.com/megadose/holehe | Holehe checks if an email is attached to an account on sites like twitter, instagram, imgur and more than 120 others |
| Hunter.io | OSINT | https://hunter.io/ | Hunter lets you find professional email addresses in seconds and connect with the people that matter for your business. |
| InstantUsername | OSINT | https://instantusername.com/#/ | Tool to search for a given username in all social media |
| KnockKnock | OSINT | https://github.com/harleo/knockknock | A script written in #go that queries the ViewDNSInfo API (free, 500 results limit) and gets a list of domains related to target domain |
| Maltego | OSINT | https://github.com/M0m0SMS-OSINT/Maltego | Maltego is a Java application that simplify and expedite your investigations.Thanks to its fantastic access to databases and visualization tools. |
| OSINT Search Tools | OSINT | https://osint.hopain.cyou/index.html | Several hundred links for quick search in Social Media, Communties, Maps, Documents Search Engines |
| Osintgram | OSINT | https://github.com/Datalux/Osintgram | Osintgram offers an interactive shell to perform analysis on Instagram account of any users by its nickname.This tool help to collect, analyze, and run reconnaissance. |
| ReconDog | OSINT | https://github.com/s0md3v/ReconDog | An OSINT tool which uses api to collect all data , no direct contact with user is made. |
| Sherlock | OSINT | https://github.com/sherlock-project/sherlock | Hunt down social media accounts by username across social networks |
| SnapScraper | OSINT | https://rhematt.github.io/Snap-Scraper/ | SnapScraper is an open source intelligence tool which enables users to download media uploaded to Snapchat’s Snap Map using a set of latitude and longitiude co-ordinates. |
| Spiderfoot | OSINT | https://www.spiderfoot.net/ | Spiderfoot is automating the process of gathering intelligence about a given target, which may be an IP address. |
| Spiderfoot | OSINT | https://www.spiderfoot.net/ | Spiderfoot is automating the process of gathering intelligence about a given target, which may be an IP address. |
| Sublist3r | OSINT | https://github.com/aboul3la/Sublist3r | Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT |
| Twint | OSINT | https://github.com/twintproject/twint | A Python Tool to scrape twitter data without API limitations |
| ViewDns | OSINT | https://viewdns.info | ViewDNS is used to search for Domain/IP address info and can reverse search about the IP address of the website. Many of the tools are included in it as: Reverse IP Lookup,IP Whois,etc |
| WAGSCRAPER | OSINT | https://github.com/riz4d/WaGpScraper | A Python Oriented tool to Scrap WhatsApp Group Link using Google Dork it Scraps Whatsapp Group Links From Google Results And Gives Working Links. |
| WAGSCRAPER | OSINT | https://github.com/riz4d/WaGpScraper | A Python Oriented tool to Scrap WhatsApp Group Link using Google Dork it Scraps Whatsapp Group Links From Google Results And Gives Working Links. |
| WEBOSINT | OSINT | https://github.com/C3n7ral051nt4g3ncy/webosint | Simple #python tool for step-by-step collection of domain information using HackerTarget and whoisxmlapi APIs. |
| Watools | OSINT | https://Watools.io | download whatsapp profile picture |
| crt.sh | OSINT | https://crt.sh/ | Crt.sh is a site where you could find all the SSL or TLS certificates and subdomains of the particular targeted domain. And the site is open-source to monitor the certificates. |
| geocreepy | OSINT | http://geocreepy.com | A Geolocation OSINT Tool. Offers geolocation information gathering through social networking platforms. |
| octosuite | OSINT | https://github.com/bellingcat/octosuite | Advanced Github OSINT Framework |
| WayBackMachine | OSINT | https://github.com/hamza34-del/abcctf | The Wayback Machine is a digital archive of the World Wide Web founded by the Internet Archive |
| Shodan.io | OSINT | https://www.shodan.io | Shodan is the world's first search engine for Internet-connected devices.its used for crawling, IP lookups, searching, data streaming |
| Name of tool | Category | Link to the tool | Short Description |
|---|---|---|---|
| A-Packet | Forensics | https://apackets.com/ | Online pcap file analyzer. |
| ALEAPP | Forensics | https://github.com/abrignoni/ALEAPP | Android Logs Events And Protobuf Parser |
| Aperisolve | Forensics | https://www.aperisolve.com/ | Its offerings, which span the gamut of image analysis, include Steghide, Binwalk, Exiftool, and many others. |
| Arsenal Image Mounter | Forensics | https://arsenalrecon.com/downloads/ | Many Windows-based disk image mounting solutions mount the contents of disk images as shares or partitions, rather than complete (aka "physical or "real") disks. |
| Autopsy | Forensics | https://www.autopsy.com/ | Powerful tool to analyze disk images. |
| Binwalk | Forensics | https://github.com/ReFirmLabs/binwalk | Tool for searching a given binary image for embedded files and executable code. |
| Creddump | Forensics | https://github.com/moyix/creddump | Dump windows credentials |
| DTMF decoder | Forensics | https://unframework.github.io/dtmf-detect/ | Tool to solve DTMF audio based forensics |
| Dislocker | Forensics | http://www.hsc.fr/ressources/outils/dislocker/ | Tool for reading Bitlocker encrypted partitions. |
| Eric Zimmerman's Tools | Forensics | https://ericzimmerman.github.io/ | Forensic tools developed by Eric Zimmerman. |
| Exiftool | Forensics | https://github.com/exiftool | Tool for looking into meta data and other useful information related to a particular image file |
| Firmware-mod-kit | Forensics | https://code.google.com/p/firmware-mod-kit/ | Tools for firmware packing/unpacking. |
| Foremost | Forensics | https://www.kali.org/tools/foremost/ | A forensic program to recover lost files based on their headers, footers, and internal data structures. |
| Forensically | Forensics | https://29a.ch/photo-forensics/#forensic-magnifier | Forensically is a set of free tools for digital image forensics. |
| ILEAPP | Forensics | https://github.com/abrignoni/iLEAPP | iOS Logs, Events, And Plists Parser |
| LogFileParser | Forensics | https://github.com/jschicht/LogFileParser | Parser for $LogFile on NTFS |
| Lookyloo | Forensics | https://lookyloo.circl.lu/ | Webapp allowing to scrape a website and then displays a tree of domains calling each other |
| Mft2Csv | Forensics | https://github.com/jschicht/Mft2Csv | Extract $MFT record info and log it to a csv file. |
| NTFS Log Tracker | Forensics | https://sites.google.com/site/forensicnote/ntfs-log-tracker | This tool can parse $LogFile, $UsnJrnl:$J of NTFS and carve UsnJrnl record in multiple files. |
| Network Miner | Forensics | http://www.netresec.com/?page=NetworkMiner | Network Forensic Analysis Tool. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network |
| Sherloq | Forensics | https://github.com/GuidoBartoli/sherloq | An open-source digital image forensic toolset |
| StegOnline | Forensics | https://stegonline.georgeom.net/ | Steganography tool for extracting embedded data from images. A web-based, accessible and open-source port of StegSolve. |
| UsnJrnl2Csv | Forensics | https://github.com/jschicht/UsnJrnl2Csv | Parser for $UsnJrnl on NTFS |
| fcrackzip | Forensics | https://github.com/hyc/fcrackzip | Brute-force guesses a zip password (for passwords <7 characters or so) |
| pngtools | Forensics | https://github.com/mikalstill/pngtools | An open-source tool to dissect pngs. |
| Name of tool | Category | Link to the tool | Short Description |
|---|---|---|---|
| Aircrack-ng | pwn | https://www.aircrack-ng.org/ | A complete suite of tools to test WiFi network security. |
| Crackmapexec | pwn | https://github.com/Porchetta-Industries/CrackMapExec | post-exploitation tool that helps automate assessing the security of large Active Directory networks. |
| Linpeas | pwn | https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS | Shows the ways to escalate privileges on Linux |
| Nmap | pwn | https://nmap.org/ | utility for network discovery and security auditing. |
| RustScan | pwn | https://github.com/RustScan/RustScan | The fast port scanner. |
| Wireshark | pwn | https://wireshark.org/ | Network protocol analyzer tool |
| metasploit | pwn | https://www.metasploit.com/ | Very powerful penetration testing framework |
| one_gadget | pwn | https://github.com/david942j/one_gadget | Tool for finding ROP-tools in libc6.so.6 |
| pwntools | pwn | https://github.com/Gallopsled/pwntools | Library to develop exploits in Python |
| Name of tool | Category | Link to the tool | Short Description |
|---|---|---|---|
| CTF-CryptTool | Crypto | https://github.com/karma9874/CTF-CryptoTool | Works for the cipher which does not have a key. |
| CaptfEncoder | Crypto | https://github.com/guyoung/CaptfEncoder | CaptfEncoder is a network security tool suite, cryptography, and asymmetric encryption. |
| Ciphers | Crypto | [https://rumkin.com/tools/cipher/] | A collection of different ciphers tools to encrypt/decrypt messages. |
| Featherduster | Crypto | https://github.com/nccgroup/featherduster | An automated, modular cryptanalysis tool. |
| Hash-Extender | Crypto | https://github.com/iagox86/hash_extender | Tool for performing hash length extension attacks |
| Hashkill | Crypto | https://github.com/gat3way/hashkill | hashkill password recovery tool |
| PkCrack | Crypto | https://github.com/keyunluo/pkcrack | A tool for breaking PkZip-encryption. |
| RsaCtfTool | Crypto | https://github.com/RsaCtfTool/RsaCtfTool | RSA multi attacks tool : uncipher data from weak public key. |
| StegoCracker | Crypto | https://github.com/W1LDN16H7/StegoCracker | Stego is an open-source and free steganography tool that lets you hide your secret message in an image or audio file. |
| XORTool | Crypto | https://github.com/hellman/xortool | A tool to analyze multi-byte xor cipher. |
| XORTool | Crypto | https://github.com/hellman/xortool | A tool to analyze multi-byte xor cipher. |
| Patator | Crypto | https://github.com/lanjelot/patator | Patator is a multi-purpose brute-forcer, with a modular design. |
| rot 13 | Crypto | https://rot13.com/ |
| Name of tool | Category | Link to the tool | Short Description |
|---|---|---|---|
| Androguard | Reverse Engineering | https://github.com/androguard/androguard | It is a reverse engineering for Android applications. |
| BARF | Reverse Engineering | https://github.com/programa-stic/barf-project | BARF is an open source binary analysis framework that aims to support a wide range of binary code analysis tasks that are common in the information security discipline. |
| BinUtils | Reverse Engineering | http://www.gnu.org/software/binutils/binutils.html | The GNU Binary Utilities, or Binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code. |
| Binary Ninja | Reverse Engineering | https://binary.ninja/ | It has the ability to deconstruct binary files and show the results in linear or graph representations. It automatically analyses the code in-depth, producing data that aids in binary analysis. |
| Ciphey | Docker | https://github.com/Ciphey/Ciphey | Tool to automaticaaly decrypt encryptions without knowing the key or cipher, decode encoding and crack hashes. |
| Compiler Explorer | Reverse Engineering | https://github.com/compiler-explorer/compiler-explorer | Compiler Explorer is an interactive compiler exploration website. |
| Decompiler Explorer | Reverse Engineering | https://github.com/decompiler-explorer/decompiler-explorer | Decompiler Explorer is a web front-end to a number of decompilers. This web service lets you compare the output of different decompilers on small executables. In other words: It's basically the same thing as Matt Godbolt's awesome Compiler Explorer, but in reverse. |
| Ghidra | Reverse Engineering | https://github.com/NationalSecurityAgency/ghidra | It is a reverse engineering framework made by the NSA |
| Hashcat | Reverse Engineering | https://hashcat.net/hashcat/ | hashcat is the world's fastest and most advanced password recovery utility. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS. |
| Hiew | Reverse Engineering | http://www.hiew.ru/ | Hiew is a binary file editor focused on working with code. |
| IDA | Reverse Engineering | https://hex-rays.com/ida-pro/ | Tool for disassembling a binary file and also a versatile debugger |
| ImHex | Reverse Engineering | https://github.com/WerWolv/ImHex | A Hex Editor for Reverse Engineers, And Programmers. Support useful features for Hex editing. |
| Java Decompilers | Reverse Engineering | http://www.javadecompilers.com/ | An online decompiler for Java and Android APKs |
| ScyllaHide | Reverse Engineering | https://github.com/x64dbg/ScyllaHide | ScyllaHide is an advanced open-source x64/x86 user mode Anti-Anti-Debug library. It hooks various functions to hide debugging. |
| WinHex | Reverse Engineering | https://x-ways.net/winhex/ | WinHex is an advanced tool for everyday and emergency use: inspect and edit all kinds of files, recover deleted files or lost data from hard drives with corrupt file systems or from digital camera cards. |
| Z3 Solver | Reverse Engineering | https://github.com/Z3Prover/z3 | SAT Solver for automating finding value with multiple constraint checks |
| cutter | Reverse Engineering | https://github.com/rizinorg/cutter | Reverse Engineering platform (disassembler) |
| gdb | Reverse Engineering | https://www.sourceware.org/gdb/ | Tool that lets you step through the assembly code as it runs, and examine the contents of registers and memory. |
| pe-bear | Reverse Engineering | https://github.com/hasherezade/pe-bear | Portable Executable reversing tool with a friendly GUI |
| fREdom | Reverse Engineering | https://github.com/cseagle/fREedom | Software that extracts disassembly information from executables |
| Name of Tool | Category | Link to the tool | Short Description |
|---|---|---|---|
| DaveGrohl | Bruteforcer | https://github.com/octomagon/davegrohl | Brute-forcing tool for Mac OS X |
| Hashcat | Bruteforcer | https://hashcat.net/hashcat/ | Password Cracker |
| John The ripper | Bruteforcer | https://www.openwall.com/john/ | Tool for cracking password hashes |
| John the Jumbo | Bruteforcer | https://github.com/openwall/john | Community advance version of John the Ripper |
| John the Ripper | Bruteforcer | https://www.openwall.com/john/ | Password Cracker |
| Ncrack | Bruteforcer | https://nmap.org/ncrack/ | Proactively tests all hosts and networking devices for poor passwords |
| Nozzlr | Bruteforcer | https://github.com/intrd/nozzlr | Nozzlr is a bruteforce framework, trully modular and script-friendly |
| Ophcrack | Bruteforcer | https://ophcrack.sourceforge.io/ | Windows password cracker based on rainbow tables |
| Outguess | Bruteforcer | https://github.com/resurrecting-open-source-projects/outguess | Useful in forensics investigations and security actions |
| Patator | Bruteforcer | https://github.com/lanjelot/patator | Patator is a multi-purpose brute-forcer, with a modular design |
| Rainbow Crack | Bruteforcer | http://project-rainbowcrack.com/ | Generates rainbow tables to be used in recovering passwords |
| SCWF | Bruteforcer | https://github.com/DaWouw/SCWF | CTF tool for identifying, brute forcing and decoding encryption schemes in an automated way |
| Stegbrute | Bruteforcer | https://www.kitploit.com/2021/01/stegbrute-fast-steganography-bruteforce.html | Fast Steganography Bruteforce Tool |
| THC Hydra | Bruteforcer | https://sectools.org/tool/hydra/ | Offers a large number of protocols (Telnet, RDP, SSH, FTP, HTTP, HTTPS, SMB) to brute force |
| Twigonometry | Bruteforcer | https://github.com/Twigonometry/CTF-Tools | Scripts for CTFs and pentest practice |
| Hydra | Bruteforcer | https://www.kali.org/tools/hydra/ | It is a parallelized login cracker which supports numerous protocols to attack |