Tools List

This page contains numerous tools that I have stumbled upon and have arbitrarily deemed useful


  • Nmap - Port/ip/network scanning
  • ​rustscan - If Nmap was a DOS tool. All ports in 17 seconds.
  • nc/netcat - anything TCP/IP related. Connections, listeners, etc
  • msfconsole - db_nmap and others store information gathered for later attacks
  • gobuster - alternative to dirbuster - brute force URIs (paths), DNS subdomains, Virtual Host names on webservers, open S3 buckets
  • enum4linux - smb enumeration from a linux machine. Built into most kali distributions
  • ​wfuzz - more advanced version of dir buster with python that can fuzz form fields
  • ​AMASS - open-source tool by OWASP to fully discover, map, and enumerate assets. DNS, certificates, APIs, etc.
  • ​dnschecker - Full DNS record information.
  • ​fierce - DNS enumeration tool; attempts zone transfer, wildcard, and common subdomains.



  • ​BruteShark - deep pcap analysis tool
  • ​gsf-vba-dump - part if libgsf, vba macro extraction tool that runs on mac (brew install libgsf), works better that olevba


  • ​sshuttle - Essentially a VPN over SSH
  • ​evil-winrm - "ultimate" winrm shell for penetration testing (port 5985)


  • ​sqlmap - identify vulnerable sql-type databases. Use in conjunction with burp for best results
  • impacket - python tools to pwn windows boxes (smb, ps, mimikatz, mysql)
  • msfconsole - exploiting vulnerabilities with precrafted payloads
  • ​PayloadsAllTheThings - every type of payload imaginable, including reverse shells in many languages



  • ​linPEAS - linux privilege escalation script (blog on linux privilege escalation)
  • ​GTFObins - linux privilege escalation without color coding


  • ​LOLAS - GTFObins for windows
  • ​winPEAS - linPEAS for windows
  • ​SeatBelt - automatically checks sysinfo, netstat, interesting files, etc
  • ​SMBCrunch - SMBHunt, SMBList, SMBGrab in one. Most useful with credentials
  • ​mimikittenz - post-exploitation powershell tool to extract plain-text passwords from target processes.


  • ​SecLists, dirbuster - wordlists including passwords, common services, usernames, fuzzing attacks, etc (note: Kali has a TON of great wordlists under /usr/share/wordlists)
  • ​de4js - swiss pocket knife for javascript deobfuscation
  • ​CyberChef - translating/converting all imaginable types of input. Create "recipes" to cook data
  • ​Ciphey - Python tool like CyberChef that can identify/crack encryption types
  • ​pwn - Python library for CTFs/Scripting, contains 'tubes' module which makes network sessions significantly easier than requests, with ssh, sockets, serial ports, etc
  • ​Basecrack - identifies/decodes alphanumeric strings (i.e base64). Also is a stenography solver with "magic mode", saves time on unoriginal stenography challenges
  • ​Hash Analyzer - identify hashes and encoding (very old)
  • ​rot - Rot 1 through 26 all at once


  • ​aperisolve - online stenography solving tool, displays color layers, zsteg, steghide, outguess, binwalk, exiftool, foremost, and more.
  • ssconvert - (not steno-specific) can be used to extract hidden data from xlsx into readable formats (i.e ssconvert infile.xlxs outfile.txt )


  • ​openssl asn1parse - identify and pull parameters from RSA and other crypto keys example​
  • ​RSACtfTool - one stop shop for breaking easy-medium RSA challenges
  • ​quipquip - automatically solves simple substitution ciphers using word frequency analysis

Hashes and Hash Cracking



  • ​pspy - unprivileged Linux process snooping


  • ​APT-hunter - python script to scan Windows event logs for suspicious activity


  • ​ - online, free, no signup required diagram/flowchart/etc tool. Useful for presenting topologies

Other Lists


  • ​awesome-ctf - massive collection of CTF tools and starting points
  • ​ctfsites - collection of permanent CTF/hack the box/attack defense websites
Last modified 1yr ago