Hacking/Tools
General tools
- Kali Linux, Pentoo are operating systems for penetration testing.
- Metasploit Project — provides information about security vulnerabilities and aids in penetration testing and IDS signature development
- Metasploit Unleashed – Free Ethical Hacking Course
- Armitage — GUI for Metasploit
- Veil generates Metasploit payloads that bypass common anti-virus solutions
- Nessus is a proprietary vulnerability scanner.
- NASL — The Nessus Attack Scripting Language — a scripting language that is used by vulnerability scanners like Nessus and OpenVAS.
- https://beefproject.com/ The Browser Exploitation Framework.
- Burp Suite
- https://NoDistribute.com/ — privately scans files online with multiple different anti-viruses
- Maltego for open-source intelligence and forensics
- Google hacking — advanced search
- Shodan — search engine for the Internet of Everything
Network tools
- nmap discovers hosts and services on a computer network by sending packets and analyzing the responses.
- traceroute displays route and measures transit delays of packets across an IP network.
- dig — a network administration command-line tool for querying the Domain Name System (DNS)
- nslookup queries the DNS to obtain the mapping between domain name and IP address, or other DNS records.
- iproute2 — collection of userspace utilities for controlling and monitoring various aspects of networking in the Linux kernel, including routing, network interfaces, tunnels, traffic control, and network-related device drivers
- netdiscover — arp based network address discovering tool
- EtherApe is a packet sniffer/network traffic monitoring tool.
- netsniff-ng is a free Linux network analyzer and networking toolkit.
- Ettercap is a free and open source network security tool for MITM attacks on LAN.
- Xerosploit — MITM framework. Powered by bettercap and nmap.
- cloudflare-scrape to bypass Cloudflare's anti-bot page
- dSniff — set of password sniffing and network traffic analysis tools
- BDFProxy — BackdoorFactory + mitmProxy
- Netcraft
- https://www.robtex.com/
- OWASP ZAP — open-source web application security scanner
General purpose tools
- packet analyzers: tcpdump, Wireshark
- iptables — packet filter rules configuration
Defense
- http://www.XArp.net — advanced ARP spoofing detection
- HTTPS Everywhere
- VPN
Wi-Fi tools
- https://github.com/ZerBea/hcxtools converts Wi-Fi dump files to hashcat formats
- https://github.com/brannondorsey/wifi-cracking cracks WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat
Password
- Hashcat
- John the Ripper
- Hydra
- Aircrack-ng
- https://sourceforge.net/projects/crunch-wordlist/ - wordlist generator
Other
- https://github.com/laramies/theHarvester — E-mails, subdomains and names Harvester - OSINT
- dirb — Web Content Scanner
- https://sqlmap.org/ — detecting and exploiting SQL injection
- https://app.any.run/ — interactive online malware analysis service
Targets
- https://www.vulnhub.com/
- https://www.root-me.org/?lang=en
- http://www.vulnweb.com/
- https://dvwa.co.uk/ - Damn Vulnerable Web Application
- https://github.com/rapid7/metasploitable3 - target for testing exploits with Metasploit
- https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/
Further reading
- https://sectools.org/
- Decoding Obfuscated JavaScript Using Google Chrome.
- Phishing.
- Social engineering (security).
- https://github.com/topics/security
- https://outpost24.com/blog/wps-cracking-with-reaver
- https://kalilinuxtutorials.com/mdk3/
- 25 Best Ethical Hacking Tools & Software for Hackers (2021)
- https://medium.com/hacker-toolbelt