PentestDB

In-depth attack surface mapping and asset discovery tool by OWASP.

Advanced dork search & mass exploit scanner.

Recursive internet scanner for hackers — faster and more reliable than Spiderfoot.

Multi-cloud OSINT tool to enumerate public resources in AWS, Azure, and Google Cloud.

CMS detection and exploitation — scans WordPress, Joomla, Drupal and 170+ other CMSs.

DNS enumeration script for comprehensive DNS information gathering.

Takes screenshots of websites, provides server header info, and identifies default credentials.

The fastest and cross-platform subdomain enumerator.

Detect secrets (API keys, passwords, tokens) in git repos, files, and stdin.

Email OSINT and password breach hunting. Searches breach databases and reconnaissance services.

Check if an email is attached to accounts on 120+ sites including Twitter, Instagram, Imgur.

Fast and multi-purpose HTTP toolkit for running multiple probes. By ProjectDiscovery.

Next-generation crawling and spidering framework by ProjectDiscovery.

Collect a dossier on a person by username from thousands of sites. Advanced Sherlock fork.

Open source OSINT automation integrating with almost every data source available.

Fast passive subdomain enumeration tool by ProjectDiscovery.

Fast subdomain enumeration tool for penetration testers.

E-mails, subdomains and names harvester for OSINT reconnaissance.

Hunt down social media accounts by username across social networks.

Find and verify leaked credentials in git history, S3, filesystem, and more.

Automated recon on a target domain running best-in-class tools.

Security tester's companion — usernames, passwords, URLs, fuzzing payloads, web shells, and more.

Next generation web scanner — identifies technologies used by websites.

Automated all-in-one OS command injection and exploitation tool.

Powerful open-source XSS scanner and utility focused on automation.

Damn Small SQLi Scanner — minimal but effective SQL injection detection.

Fast web fuzzer written in Go — industry-standard for directory/parameter fuzzing.

Tool for brute-forcing URIs, DNS subdomains, virtual host names, Amazon S3 buckets, and more.

Automatic SQL injection and database takeover tool. The gold standard for SQLi.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Black box WordPress vulnerability scanner written for security professionals.

Web application fuzzer designed for brute-forcing web applications.

Most advanced XSS scanner with fuzzing and payload generation capabilities.

The OWASP ZAP core project — leading open-source web security scanner.

Automatic SSRF fuzzer and exploitation tool.

Fast and powerful SSL/TLS scanning library.

Web application attack and audit framework — open-source web vulnerability scanner.

DotDotPwn — the directory traversal fuzzer.

Custom word list generator that spiders a target website.

Swiss Army knife for 802.11, BLE, and Ethernet networks reconnaissance and MITM attacks.

Fast TCP/UDP tunnel over HTTP — popular for network pivoting in pentests.

Next-generation enum4linux with additional features for Windows/Samba enumeration.

The ultimate WinRM shell for hacking and pentesting Windows environments.

Python classes for working with network protocols — essential for Windows/AD pentesting.

Fast Kerberos bruteforce and enumeration tool for Active Directory environments.

Advanced, fast tunneling/pivoting tool using TUN interfaces.

TCP port scanner that spews SYN packets asynchronously — scans entire internet in under 5 minutes.

Network execution tool (successor to CrackMapExec) for credential spraying on services.

LLMNR, NBT-NS and MDNS poisoner with built-in rogue authentication servers (HTTP/SMB/MSSQL/FTP/LDAP).

Exploitation framework for embedded devices and routers.

The modern port scanner — find ports in seconds, then pass them to Nmap for deeper analysis.

Handy SMB enumeration tool for Windows file share assessment.

Offensive PowerShell for red team, penetration testing, and offensive security.

Multi-use bash script for Linux to audit wireless networks comprehensively.

Targeted evil twin attacks against WPA2-Enterprise networks.

Wireless security auditing and attack software with GUI.

Security auditing and social engineering research tool for evil twin attacks.

Small tool to capture packets from WLAN devices.

Convert capture files to hash files for Hashcat or John the Ripper. WiFi security research.

IEEE 802.15.4/ZigBee security research toolkit.

Offline Wi-Fi Protected Setup brute-force utility.

WPA2-PSK offline password cracking tool.

Crack and decrypt BLE encryption vulnerabilities.

Bull's Eye Wordlist Generator — advanced wordlist creation tool.

Fast and flexible online password cracking tool supporting 50+ protocols.

John the Ripper — industry-standard offline password hash cracker.

World's fastest GPU-based password recovery utility.

Common User Passwords Profiler — generate targeted wordlists from target information.

Custom wordlist generator that spiders a target website.

Brute-forcing tool that leverages unique attack methods to bypass rate limits.

Multi-purpose brute-forcing tool with modular design for flexibility.

The world's most-used penetration testing framework. Exploit development, delivery, and post-exploitation.

Open source cross-platform adversary emulation/red team framework.

Post-exploitation framework with PowerShell and Python agents.

PowerShell post-exploitation framework with extensive offensive module library.

Tool implementing the Golden SAML attack for cloud environment post-exploitation.

Automated pentest framework for offensive security experts — full attack chain automation.

The Social-Engineer Toolkit — the most widely used penetration testing tool for social engineering.

Accurately locate smartphones using social engineering and fake high-fidelity pages.

Educational phishing tool and information collector with various campaign templates.

People tracker on the internet — OSINT analysis and research tool using JS hooks.

Security research tool combining social engineering with evil twin attacks.

Advanced memory forensics framework — extract digital artifacts from RAM dumps.

Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.

Capstone disassembly framework supporting Arm, Arm64, x86, MIPS, PowerPC, and more.

Detect capabilities in executable files — understand what malware can do.

Tool for reverse engineering Android APK files — decompile, modify, rebuild.

Security auditing tool for Linux, macOS, and UNIX. Assists with HIPAA/ISO27001/PCI DSS compliance.

Efficient Android vulnerability scanner for developers and security researchers.

Reverse engineering tool for Android APK files.

Dynamic instrumentation toolkit — works on Android, iOS, macOS, Windows, Linux.

Automated all-in-one mobile app (Android/iOS) pen-testing, malware analysis, and security assessment.

Tool to look for security-related Android application vulnerabilities.

Quickly analyze and reverse engineer Android packages.

AntiVirus evasion tool for generating undetected payloads.

Toolkit to quickly create payloads, PowerShell attacks, and virus attacks for HID devices.

HTA encryption tool for red teams to bypass detection.

Malicious payload evasion tool using image steganography techniques.

Patch PE, ELF, Mach-O binaries with shellcode.

Undetectable Windows payload generation for red team engagements.

Bash script for anonymizing public IP via TOR and various VPN providers.

The official Exploit Database repository — searchable archive of public exploits.

All in one hacking tool for Linux & Android combining multiple tools.

Security auditing and hardening tool for Unix-based systems.

Onion URL inspector for inspecting and verifying deep web links.

Tor anonymizer — route all traffic through the Tor network.

Kali Linux hacking tool installer for Termux — install 370+ hacking tools on Android.

Smart meter security testing framework for industrial control systems.