Tools List
This page contains numerous tools that I have stumbled upon and have arbitrarily deemed useful

RECON AND ENUM

  • Nmap - Port/ip/network scanning
  • ​rustscan - If Nmap was a DOS tool. All ports in 17 seconds.
  • nc/netcat - anything TCP/IP related. Connections, listeners, etc
  • msfconsole - db_nmap and others store information gathered for later attacks
  • gobuster - alternative to dirbuster - brute force URIs (paths), DNS subdomains, Virtual Host names on webservers, open S3 buckets
  • enum4linux - smb enumeration from a linux machine. Built into most kali distributions
  • ​wfuzz - more advanced version of dir buster with python that can fuzz form fields
  • ​AMASS - open-source tool by OWASP to fully discover, map, and enumerate assets. DNS, certificates, APIs, etc.
  • ​dnschecker - Full DNS record information.
  • ​fierce - DNS enumeration tool; attempts zone transfer, wildcard, and common subdomains.

OSINT

ANALYSIS

  • ​BruteShark - deep pcap analysis tool
  • ​gsf-vba-dump - part if libgsf, vba macro extraction tool that runs on mac (brew install libgsf), works better that olevba

PIVOT/Connect

  • ​sshuttle - Essentially a VPN over SSH
  • ​evil-winrm - "ultimate" winrm shell for penetration testing (port 5985)

EXPLOIT

  • ​sqlmap - identify vulnerable sql-type databases. Use in conjunction with burp for best results
  • impacket - python tools to pwn windows boxes (smb, ps, mimikatz, mysql)
  • msfconsole - exploiting vulnerabilities with precrafted payloads
  • ​PayloadsAllTheThings - every type of payload imaginable, including reverse shells in many languages

ESCALATE / POST EXPLOITATION

Linux

  • ​linPEAS - linux privilege escalation script (blog on linux privilege escalation)
  • ​GTFObins - linux privilege escalation without color coding

Windows

  • ​LOLAS - GTFObins for windows
  • ​winPEAS - linPEAS for windows
  • ​SeatBelt - automatically checks sysinfo, netstat, interesting files, etc
  • ​SMBCrunch - SMBHunt, SMBList, SMBGrab in one. Most useful with credentials
  • ​mimikittenz - post-exploitation powershell tool to extract plain-text passwords from target processes.

SUPPORTING TOOLS

  • ​SecLists, dirbuster - wordlists including passwords, common services, usernames, fuzzing attacks, etc (note: Kali has a TON of great wordlists under /usr/share/wordlists)
  • ​de4js - swiss pocket knife for javascript deobfuscation
  • ​CyberChef - translating/converting all imaginable types of input. Create "recipes" to cook data
  • ​Ciphey - Python tool like CyberChef that can identify/crack encryption types
  • ​pwn - Python library for CTFs/Scripting, contains 'tubes' module which makes network sessions significantly easier than requests, with ssh, sockets, serial ports, etc
  • ​Basecrack - identifies/decodes alphanumeric strings (i.e base64). Also is a stenography solver with "magic mode", saves time on unoriginal stenography challenges
  • ​Hash Analyzer - identify hashes and encoding (very old)
  • ​rot - Rot 1 through 26 all at once

Stenography-specific

  • ​aperisolve - online stenography solving tool, displays color layers, zsteg, steghide, outguess, binwalk, exiftool, foremost, and more.
  • ssconvert - (not steno-specific) can be used to extract hidden data from xlsx into readable formats (i.e ssconvert infile.xlxs outfile.txt )

Crypto-specific

  • ​openssl asn1parse - identify and pull parameters from RSA and other crypto keys example​
  • ​RSACtfTool - one stop shop for breaking easy-medium RSA challenges
  • ​quipquip - automatically solves simple substitution ciphers using word frequency analysis

Hashes and Hash Cracking

DEFENSE

Linux

  • ​pspy - unprivileged Linux process snooping

Windows

  • ​APT-hunter - python script to scan Windows event logs for suspicious activity
​

REPORTING

  • ​diagrams.net - online, free, no signup required diagram/flowchart/etc tool. Useful for presenting topologies

Other Lists

Fun

  • ​awesome-ctf - massive collection of CTF tools and starting points
  • ​ctfsites - collection of permanent CTF/hack the box/attack defense websites
Last modified 8mo ago
Copy link
On this page
RECON AND ENUM
ANALYSIS
PIVOT/Connect
EXPLOIT
ESCALATE / POST EXPLOITATION
Linux
Windows
SUPPORTING TOOLS
Stenography-specific
Crypto-specific
Hashes and Hash Cracking
DEFENSE
Linux
Windows
REPORTING
Other Lists
Fun