Tools List

This page contains numerous tools that I have stumbled upon and have arbitrarily deemed useful

RECON AND ENUM
Nmap - Port/ip/network scanning
​rustscan - If Nmap was a DOS tool. All ports in 17 seconds.
nc/netcat - anything TCP/IP related. Connections, listeners, etc 
msfconsole - db_nmap and others store information gathered for later attacks
gobuster - alternative to dirbuster - brute force URIs (paths), DNS subdomains, Virtual Host names on webservers, open S3 buckets
enum4linux - smb enumeration from a linux machine. Built into most kali distributions
​wfuzz - more advanced version of dir buster with python that can fuzz form fields
​AMASS - open-source tool by OWASP to fully discover, map, and enumerate assets. DNS, certificates, APIs, etc. 
​dnschecker - Full DNS record information.
​fierce - DNS enumeration tool; attempts zone transfer, wildcard, and common subdomains.
OSINT
​PimEyes - reverse image search using facial recognition
username enumeration online - namechk, whatsmyname (app), namecheckup 
username enumeration locally - sherlock, whatsmyname (cli)
​scylla - password breaches (with passwords)
​Google Hacking Database - examples of "google dorking" 
ANALYSIS
​BruteShark - deep pcap analysis tool 
​gsf-vba-dump - part if libgsf, vba macro extraction tool that runs on mac (brew install libgsf), works better that olevba
PIVOT/Connect
​sshuttle - Essentially a VPN over SSH
​evil-winrm - "ultimate" winrm shell for penetration testing (port 5985)
EXPLOIT
​sqlmap - identify vulnerable sql-type databases. Use in conjunction with burp for best results
impacket - python tools to pwn windows boxes (smb, ps, mimikatz, mysql) 
msfconsole - exploiting vulnerabilities with precrafted payloads
​PayloadsAllTheThings - every type of payload imaginable, including reverse shells in many languages
ESCALATE / POST EXPLOITATION
Linux
​linPEAS - linux privilege escalation script (blog on linux privilege escalation)
​GTFObins - linux privilege escalation without color coding
Windows
​LOLAS - GTFObins for windows
​winPEAS - linPEAS for windows 
​SeatBelt - automatically checks sysinfo, netstat, interesting files, etc
​SMBCrunch - SMBHunt, SMBList, SMBGrab in one. Most useful with credentials
​mimikittenz - post-exploitation powershell tool to extract plain-text passwords from target processes.
SUPPORTING TOOLS
​SecLists, dirbuster - wordlists including passwords, common services, usernames, fuzzing attacks, etc (note: Kali has a TON of great wordlists under /usr/share/wordlists)
​de4js - swiss pocket knife for javascript deobfuscation
​CyberChef - translating/converting all imaginable types of input. Create "recipes" to cook data
​Ciphey - Python tool like CyberChef that can identify/crack encryption types 
​pwn - Python library for CTFs/Scripting,  contains 'tubes' module which makes network sessions significantly easier than requests, with ssh, sockets, serial ports, etc
​Basecrack - identifies/decodes alphanumeric strings (i.e base64). Also is a stenography solver with "magic mode", saves time on unoriginal stenography challenges
​Hash Analyzer - identify hashes and encoding (very old)
​rot - Rot 1 through 26 all at once 
Stenography-specific
​aperisolve - online stenography solving tool, displays color layers, zsteg, steghide, outguess, binwalk, exiftool, foremost, and more.
ssconvert - (not steno-specific) can be used to extract hidden data from xlsx into readable formats (i.e ssconvert infile.xlxs outfile.txt )
Crypto-specific
​openssl asn1parse - identify and pull parameters from RSA and other crypto keys example​
​RSACtfTool -  one stop shop for breaking easy-medium RSA challenges
​quipquip - automatically solves simple substitution ciphers using word frequency analysis
Hashes and Hash Cracking
​haiti - (CLI) modern (2021) hash identifier containing over 382 types of hashes 
​Name That Hash - (WEB) modern hash identifier (2021)
​crackstation, md5decrypt, hashes - databases of cracked hashes
DEFENSE
Linux
​pspy - unprivileged Linux process snooping
Windows
​APT-hunter - python script to scan Windows event logs for suspicious activity
​
REPORTING
​diagrams.net - online, free, no signup required diagram/flowchart/etc tool. Useful for presenting topologies 
Other Lists
​Passing OSCP - Cheat sheet containing command usage needed to get through OSCP (and HTB)
​Active Directory Checklist - Comprehensive checklist of offensive active directory vectors (amp link)
​zardus ctf-tools - massive github repo of ctf tools
​NetbiosX Checklists - Red Teaming & Pentesting checklists for various engagements
Fun 
​awesome-ctf - massive collection of CTF tools and starting points
​ctfsites - collection of permanent CTF/hack the box/attack defense websites 

Next - Hacker Mode

Nmap

Last modified 1yr ago