Tools List

This page contains numerous tools that I have stumbled upon and have arbitrarily deemed useful


  • Nmap - Port/ip/network scanning
  • rustscan - If Nmap was a DOS tool. All ports in 17 seconds.
  • nc/netcat - anything TCP/IP related. Connections, listeners, etc
  • msfconsole - db_nmap and others store information gathered for later attacks
  • gobuster - alternative to dirbuster - brute force URIs (paths), DNS subdomains, Virtual Host names on webservers, open S3 buckets
  • enum4linux - smb enumeration from a linux machine. Built into most kali distributions
  • wfuzz - more advanced version of dir buster with python that can fuzz form fields
  • AMASS - open-source tool by OWASP to fully discover, map, and enumerate assets. DNS, certificates, APIs, etc.
  • dnschecker - Full DNS record information.
  • fierce - DNS enumeration tool; attempts zone transfer, wildcard, and common subdomains.



  • BruteShark - deep pcap analysis tool
  • gsf-vba-dump - part if libgsf, vba macro extraction tool that runs on mac (brew install libgsf), works better that olevba


  • sshuttle - Essentially a VPN over SSH
  • evil-winrm - "ultimate" winrm shell for penetration testing (port 5985)


  • sqlmap - identify vulnerable sql-type databases. Use in conjunction with burp for best results
  • impacket - python tools to pwn windows boxes (smb, ps, mimikatz, mysql)
  • msfconsole - exploiting vulnerabilities with precrafted payloads
  • PayloadsAllTheThings - every type of payload imaginable, including reverse shells in many languages



  • linPEAS - linux privilege escalation script (blog on linux privilege escalation)
  • GTFObins - linux privilege escalation without color coding


  • LOLAS - GTFObins for windows
  • winPEAS - linPEAS for windows
  • SeatBelt - automatically checks sysinfo, netstat, interesting files, etc
  • SMBCrunch - SMBHunt, SMBList, SMBGrab in one. Most useful with credentials
  • mimikittenz - post-exploitation powershell tool to extract plain-text passwords from target processes.


  • SecLists, dirbuster - wordlists including passwords, common services, usernames, fuzzing attacks, etc (note: Kali has a TON of great wordlists under /usr/share/wordlists)
  • de4js - swiss pocket knife for javascript deobfuscation
  • CyberChef - translating/converting all imaginable types of input. Create "recipes" to cook data
  • Ciphey - Python tool like CyberChef that can identify/crack encryption types
  • pwn - Python library for CTFs/Scripting, contains 'tubes' module which makes network sessions significantly easier than requests, with ssh, sockets, serial ports, etc
  • Basecrack - identifies/decodes alphanumeric strings (i.e base64). Also is a stenography solver with "magic mode", saves time on unoriginal stenography challenges
  • Hash Analyzer - identify hashes and encoding (very old)
  • rot - Rot 1 through 26 all at once


  • aperisolve - online stenography solving tool, displays color layers, zsteg, steghide, outguess, binwalk, exiftool, foremost, and more.
  • ssconvert - (not steno-specific) can be used to extract hidden data from xlsx into readable formats (i.e ssconvert infile.xlxs outfile.txt )


  • openssl asn1parse - identify and pull parameters from RSA and other crypto keys example
  • RSACtfTool - one stop shop for breaking easy-medium RSA challenges
  • quipquip - automatically solves simple substitution ciphers using word frequency analysis

Hashes and Hash Cracking



  • pspy - unprivileged Linux process snooping


  • APT-hunter - python script to scan Windows event logs for suspicious activity


  • - online, free, no signup required diagram/flowchart/etc tool. Useful for presenting topologies

Other Lists


  • awesome-ctf - massive collection of CTF tools and starting points
  • ctfsites - collection of permanent CTF/hack the box/attack defense websites
Last modified 10mo ago