Tools

Traceroute tool that runs within an existing TCP connection. Bypasses some types of stateful packet filters.

7-Zip is a file archiver with a high compression ratio supporting multiple formats for packing/unpacking and extraction. It provides strong AES-256 encryption and powerful command line functionality.

Above is a network security sniffer designed for pentesters and security professionals to find vulnerabilities in network hardware through traffic analysis. It supports live interface listening and analysis of existing pcap files without generating noise on the network.

Adaptix is an extensible post-exploitation and adversarial emulation framework made for authorized penetration testing. The Adaptix server is written in Golang to allow operator flexibility.

aesfix corrects bit errors in AES-128 key schedules from hex-encoded files. It is designed for use with aeskeyfind output and handles unidirectional 1->0 bit errors.

Tool for locating 128-bit and 256-bit AES keys in a captured memory image. Uses algorithms and entropy tests to identify keys even with some bit corruption.

Advanced Forensics Format Library provides utilities for handling AFF disk images with metadata, digital signatures, and encryption. It enables conversion, comparison, verification, and manipulation of forensic disk images across various formats.

Instrumentation-driven fuzzer for binary formats that uses compile-time instrumentation and genetic algorithms to discover test cases triggering new internal states.

aircrack-ng is a suite of tools for auditing wireless networks, capable of cracking WEP and WPA-PSK keys from captured packets using statistical attacks and dictionary methods.

Multi-use bash script for Linux systems to audit wireless networks. Menu driven 3rd party tools wrapper with many features for wireless network auditing.

Subdomain discovery tool that generates altered and mutated potential subdomains from known subdomains and wordlists for DNS bruteforcing.

AMAP is a next-generation scanning tool for pentesters that identifies applications even on non-standard ports. It uses trigger packets and response strings to detect protocols including non-ASCII based applications.

Amass is a tool for in-depth DNS enumeration and network mapping to help information security professionals discover attack surfaces and external assets. It uses open source information gathering and active reconnaissance techniques.

Metapackage that installs the complete Android Software Development Kit (SDK) for developing mobile applications on the Android platform. It pulls in SDK Tools, Platform-tools, and Build-tools required for Android app development and analysis.

Apache HTTP Server is a secure, efficient, and extensible open-source web server that powers the majority of websites on the Internet. It provides full installation including configuration files, init scripts, and support scripts for running HTTP services.

Apache-users enumerates usernames on systems running Apache with the UserDir module enabled. It uses a dictionary of usernames to probe for valid users via HTTP requests.

Apktool is a tool for reverse engineering Android APK files. It decodes resources to nearly original form, rebuilds them after modifications, and enables debugging of smali code.

apple-bleee provides experimental scripts that demonstrate what information an attacker can extract from Apple devices by sniffing Bluetooth traffic. It requires a Bluetooth adapter for BLE messages and a Wi-Fi card with monitor mode for AWDL communication.

Arjun is an HTTP parameter discovery suite that finds query parameters for URL endpoints using a large dictionary of 25,890 parameter names. It efficiently tests parameters with minimal requests, typically completing in under 10 seconds.

Armitage is a scriptable red team collaboration tool for Metasploit that visualizes targets, recommends exploits, and exposes advanced post-exploitation features.

arp-scan is a command-line tool that uses the ARP protocol to discover and fingerprint IP hosts on the local network. It sends ARP requests and displays responses with MAC addresses and vendor information.

arping sends ARP and/or ICMP requests to a specified host and displays the replies. The host can be identified by hostname, IP address, or MAC address.

arpwatch monitors Ethernet/FDDI station activity by maintaining a database of MAC addresses and their associated IP pairs. It alerts system administrators via email on changes like new stations, flip-flops, or reused addresses.

asleap is a tool for actively recovering LEAP and PPTP passwords by exploiting deficiencies in Cisco LEAP networks. It uses dictionary files with NT hashes and libpcap captures to crack authentication credentials.

assetfinder is a command-line tool designed to find domains and subdomains associated with a specific domain. It uses multiple data sources to expand coverage and increase result accuracy.

Advanced TFTP client and server for testing, debugging, and file transfers over Trivial File Transfer Protocol. Supports interactive and non-interactive modes for scripting and implements RFC standards with multicast options.

Atomic-operator is a module to execute Atomic Red Team tests across multiple operating system environments. It enables security professionals to test detection and defensive capabilities against prescribed techniques.

Autopsy is a graphical interface to The Sleuth Kit for digital forensic analysis of Windows and UNIX file systems. It provides features comparable to commercial digital forensics tools.

Multi-threaded network reconnaissance tool which performs automated enumeration of services. Intended as a time-saving tool for CTFs and penetration testing environments.

Axel is a light command line download accelerator that uses multiple connections to speed up file downloads from the Internet. It supports HTTP, HTTPS, FTP, and FTPS protocols and can achieve up to 60% faster downloads.

AzureHound is the official BloodHound data collector for Microsoft Azure. It collects Azure data for use with BloodHound and BloodHound Enterprise.

b374k is a PHP-based remote management tool that provides comprehensive system administration capabilities through a web browser without needing cpanel, SSH, or FTP. It includes features like file management, command execution, shell access, and database connectivity all in a single file.

BED is a network protocol fuzzer designed to check daemons for potential buffer overflows, format strings, and similar vulnerabilities. It supports fuzzing various protocols like HTTP, FTP, and SMTP.

BeEF is the Browser Exploitation Framework, a penetration testing tool focusing on web browser vulnerabilities. It hooks browsers to launch client-side attacks and assess security from within the browser context.

berate-ap is a script for orchestrating mana rogue Wi-Fi Access Points. It can also handle regular hostapd APs and create access points easily.

bettercap is a complete, modular, portable and easily extensible MITM framework serving as a Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and attacks. It provides an all-in-one solution for security researchers, red teamers and reverse engineers.

bettercap-ui provides the web-based user interface for Bettercap, a powerful network security tool. It enables users to interact with Bettercap's features through a graphical web interface.

BIND 9 is the most widely-used Internet domain name server software that implements DNS protocol functionality. It provides a DNS server along with client utilities and DNSSEC tools for secure DNS operations.

bing-ip2hosts is a Bing.com web scraper that discovers hostnames and websites associated with an IP address. It leverages Bing's unique IP-based search feature to enumerate subdomains and identify shared hosting environments.

Binwalk is a tool for searching binary images for embedded files and executable code, particularly designed for analyzing firmware images. It uses libmagic signatures and includes custom signatures for firmware-specific content like compressed files, kernels, and filesystems.

Binwalk3 is a tool library for analyzing binary blobs and executable code, identifying and optionally extracting embedded files and data. This Rust-rewritten version of Binwalk focuses on firmware analysis with support for various file types and entropy analysis for unknown compression or encryption.

BloodHound uses graph theory to reveal hidden relationships within Active Directory environments. It helps both attackers and defenders identify complex attack paths and privilege relationships.

Python-based ingestor for BloodHound Community Edition (CE) that collects Active Directory data. Built on Impacket and compatible only with BloodHound CE.

Python-based ingestor for BloodHound using Impacket for Active Directory enumeration. Collects domain data like groups, sessions, trusts, and ACLs for BloodHound analysis.

Active Directory privilege escalation framework that performs specific LDAP calls to domain controllers. Supports authentication via cleartext passwords, pass-the-hash, pass-the-ticket, or certificates.

BlueHydra is a Bluetooth device discovery service built on top of the bluez library. It uses ubertooth where available to track both classic and low energy (LE) Bluetooth devices over time.

Bluelog is a Bluetooth scanner designed to quickly identify the number of discoverable devices in an area. It logs discovered devices to a file and can run unattended for long periods.

BlueRanger is a simple Bash script that uses Bluetooth Link Quality to locate devices by sending L2CAP pings. It determines proximity based on the strength of the connection without requiring authentication.

Bluesnarfer is a Bluetooth bluesnarfing utility that extracts data such as device information and phonebook entries from vulnerable Bluetooth-enabled devices. It targets weaknesses in Bluetooth implementations to access unauthorized information.

BlueZ is the official Linux Bluetooth protocol stack providing tools and daemons for Bluetooth device management, testing, and interaction. It includes utilities for scanning, connecting, configuring, and testing Bluetooth and BLE devices.