Awesome Penetration Testing Tools
Awesome Penetration Testing Tools
lol
Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Please check the [Contributing Guidelines]
(CONTRIBUTING.md) for more details. This work is licensed under a [Creative Commons Attribution 4.0
International License](https://creativecommons.org/licenses/by/4.0/).
## Contents
* [Anonymity Tools](#anonymity-tools)
* [Anti-virus Evasion Tools](#anti-virus-evasion-tools)
* [Books](#books)
* [Defensive Programming Books](#defensive-programming-books)
* [Hacker's Handbook Series Books](#hackers-handbook-series-books)
* [Lock Picking Books](#lock-picking-books)
* [Malware Analysis Books](#malware-analysis-books)
* [Network Analysis Books](#network-analysis-books)
* [Penetration Testing Books](#penetration-testing-books)
* [Reverse Engineering Books](#reverse-engineering-books)
* [Social Engineering Books](#social-engineering-books)
* [Windows Books](#windows-books)
* [CTF Tools](#ctf-tools)
* [Collaboration Tools](#collaboration-tools)
* [Conferences and Events](#conferences-and-events)
* [Asia](#asia)
* [Europe](#europe)
* [North America](#north-america)
* [South America](#south-america)
* [Zealandia](#zealandia)
* [Docker Containers](#docker-containers)
* [Docker Containers of Intentionally Vulnerable Systems](#docker-containers-of-intentionally-vulnerable-systems)
* [Docker Containers of Penetration Testing Distributions and Tools](#docker-containers-of-penetration-testing-
distributions-and-tools)
* [File Format Analysis Tools](#file-format-analysis-tools)
* [GNU/Linux Utilities](#gnulinux-utilities)
* [Hash Cracking Tools](#hash-cracking-tools)
* [Hex Editors](#hex-editors)
* [Industrial Control and SCADA Systems](#industrial-control-and-scada-systems)
* [Multi-paradigm Frameworks](#multi-paradigm-frameworks)
* [Network Tools](#network-tools)
* [DDoS Tools](#ddos-tools)
* [Exfiltration Tools](#exfiltration-tools)
* [Network Reconnaissance Tools](#network-reconnaissance-tools)
* [Protocol Analyzers and Sniffers](#protocol-analyzers-and-sniffers)
* [Network Traffic Replay and Editing Tools](#network-traffic-replay-and-editing-tools)
* [Proxies and Machine-in-the-Middle (MITM) Tools](#proxies-and-machine-in-the-middle-mitm-tools)
* [Transport Layer Security Tools](#transport-layer-security-tools)
* [Wireless Network Tools](#wireless-network-tools)
* [Network Vulnerability Scanners](#network-vulnerability-scanners)
* [Web Vulnerability Scanners](#web-vulnerability-scanners)
* [OSINT Tools](#osint-tools)
* [Data broker and search engine services](#data-broker-and-search-engine-services)
* [Dorking tools](#dorking-tools)
* [Email search and analysis tools](#email-search-and-analysis-tools)
* [Metadata harvesting and analysis](#metadata-harvesting-and-analysis)
* [Network device discovery tools](#network-device-discovery-tools)
* [Source code repository searching tools](#source-code-repository-searching-tools)
* [Online Resources](#online-resources)
* [Online Code Samples and Examples](#online-code-samples-and-examples)
* [Online Exploit Development Resources](#online-exploit-development-resources)
* [Online Lock Picking Resources](#online-lock-picking-resources)
* [Online Open Sources Intelligence (OSINT) Resources](#online-open-sources-intelligence-osint-resources)
* [Online Operating Systems Resources](#online-operating-systems-resources)
* [Online Penetration Testing Resources](#online-penetration-testing-resources)
* [Online Social Engineering Resources](#online-social-engineering-resources)
* [Other Lists Online](#other-lists-online)
* [Penetration Testing Report Templates](#penetration-testing-report-templates)
* [Operating System Distributions](#operating-system-distributions)
* [Periodicals](#periodicals)
* [Physical Access Tools](#physical-access-tools)
* [Reverse Engineering Tools](#reverse-engineering-tools)
* [Security Education Courses](#security-education-courses)
* [Side-channel Tools](#side-channel-tools)
* [Social Engineering Tools](#social-engineering-tools)
* [Static Analyzers](#static-analyzers)
* [Vulnerability Databases](#vulnerability-databases)
* [Web Exploitation](#web-exploitation)
* [Android Utilities](#android-utilities)
* [Windows Utilities](#windows-utilities)
* [macOS Utilities](#macos-utilities)
## Anonymity Tools
## Books
* [Network Forensics: Tracking Hackers through Cyberspace by Sherri Davidoff & Jonathan Ham,
2012](http://www.amazon.com/Network-Forensics-Tracking-Hackers-Cyberspace-ebook/dp/B008CG8CYU/)
* [Nmap Network Scanning by Gordon Fyodor Lyon, 2009](https://nmap.org/book/)
* [Practical Packet Analysis by Chris Sanders, 2011](https://nostarch.com/packet2.htm)
* [Wireshark Network Analysis by by Laura Chappell & Gerald Combs, 2012](https://www.amazon.com/Wireshark-
Network-Analysis-Second-Certified/dp/1893939944)
* [Gray Hat Hacking The Ethical Hacker's Handbook by Daniel Regalado et al.,
2015](http://www.amazon.com/Hacking-Ethical-Hackers-Handbook-Edition/dp/0071832386)
* [Hacking the Xbox by Andrew Huang, 2003](https://nostarch.com/xbox.htm)
* [Practical Reverse Engineering by Bruce Dang et al.,
2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118787315.html)
* [Reverse Engineering for Beginners by Dennis Yurichev](http://beginners.re/)
* [The IDA Pro Book by Chris Eagle, 2011](https://nostarch.com/idapro2.htm)
* [Troubleshooting with the Windows Sysinternals Tools by Mark Russinovich & Aaron Margosis,
2016](https://www.amazon.com/Troubleshooting-Windows-Sysinternals-Tools-2nd/dp/0735684448/)
* [Windows Internals by Mark Russinovich et al., 2012](http://www.amazon.com/Windows-Internals-Part-Developer-
Reference/dp/0735648735/)
## CTF Tools
## Collaboration Tools
* [RedELK](https://github.com/outflanknl/RedELK) - Track and alarm about Blue Team activities while providing
better usability in long term offensive operations.
### Asia
### Europe
### Zealandia
* [CHCon](https://chcon.nz) - Christchurch Hacker Con, Only South Island of New Zealand hacker con.
## Docker Containers
Thu 3:44pm
### Docker Containers of Intentionally Vulnerable Systems
## GNU/Linux Utilities
## Hex Editors
## Multi-paradigm Frameworks
## Network Tools
* [TraceWrangler](https://www.tracewrangler.com/) - Network capture file toolkit that can edit and merge `pcap` or
`pcapng` files with batch editing features.
* [WireEdit](https://wireedit.com/) - Full stack WYSIWYG pcap editor (requires a free license to edit packets).
* [bittwist](http://bittwist.sourceforge.net/) - Simple yet powerful libpcap-based Ethernet packet generator useful in
simulating networking traffic or scenario, testing firewall, IDS, and IPS, and troubleshooting various network
problems.
* [hping3](https://github.com/antirez/hping) - Network tool able to send custom TCP/IP packets.
* [pig](https://github.com/rafael-santiago/pig) - GNU/Linux packet crafting tool.
* [scapy](https://github.com/secdev/scapy) - Python-based interactive packet manipulation program and library.
* [tcpreplay](https://tcpreplay.appneta.com/) - Suite of free Open Source utilities for editing and replaying previously
captured network traffic.
## OSINT Tools
* [Hunter.io](https://hunter.io/) - Data broker providing a Web search interface for discovering the email addresses and
other organizational details of a company.
* [Threat Crowd](https://www.threatcrowd.org/) - Search engine for threats.
* [Virus Total](https://www.virustotal.com/) - Free service that analyzes suspicious files and URLs and facilitates the
quick detection of viruses, worms, trojans, and all kinds of malware.
* [surfraw](https://github.com/kisom/surfraw) - Fast UNIX command line interface to a variety of popular WWW
search engines.
## Online Resources
* [Android Tamer](https://androidtamer.com/) - Distribution built for Android security professionals that includes
tools required for Android security testing.
* [ArchStrike](https://archstrike.org/) - Arch GNU/Linux repository for security professionals and enthusiasts.
* [AttifyOS](https://github.com/adi0x90/attifyos) - GNU/Linux distribution focused on tools useful during Internet of
Things (IoT) security assessments.
* [BackBox](https://backbox.org/) - Ubuntu-based distribution for penetration tests and security assessments.
* [BlackArch](https://www.blackarch.org/) - Arch GNU/Linux-based distribution for penetration testers and security
researchers.
* [Buscador](https://inteltechniques.com/buscador/) - GNU/Linux virtual machine that is pre-configured for online
investigators.
* [Kali](https://www.kali.org/) - Rolling Debian-based GNU/Linux distribution designed for penetration testing and
digital forensics.
* [Network Security Toolkit (NST)](http://networksecuritytoolkit.org/) - Fedora-based GNU/Linux bootable live
Operating System designed to provide easy access to best-of-breed open source network security applications.
* [Parrot](https://www.parrotsec.org/) - Distribution similar to Kali, with support for multiple hardware architectures.
* [PentestBox](https://pentestbox.org/) - Open source pre-configured portable penetration testing environment for the
Windows Operating System.
* [The Pentesters Framework](https://github.com/trustedsec/ptf) - Distro organized around the Penetration Testing
Execution Standard (PTES), providing a curated collection of utilities that omits less frequently used utilities.
## Periodicals
* [AT Commands](https://atcommands.org/) - Use AT commands over an Android device's USB port to rewrite device
firmware, bypass security mechanisms, exfiltrate sensitive information, perform screen unlocks, and inject touch
events.
* [Bash Bunny](https://www.hak5.org/gear/bash-bunny) - Local exploit delivery tool in the form of a USB
thumbdrive in which you write payloads in a DSL called BunnyScript.
* [LAN Turtle](https://lanturtle.com/) - Covert "USB Ethernet Adapter" that provides remote access, network
intelligence gathering, and MITM capabilities when installed in a local network.
* [PCILeech](https://github.com/ufrisk/pcileech) - Uses PCIe hardware devices to read and write from the target
system memory via Direct Memory Access (DMA) over PCIe.
* [Packet Squirrel](https://www.hak5.org/gear/packet-squirrel) - Ethernet multi-tool designed to enable covert remote
access, painless packet captures, and secure VPN connections with the flip of a switch.
* [Poisontap](https://samy.pl/poisontap/) - Siphons cookies, exposes internal (LAN-side) router and installs web
backdoor on locked computers.
* [Proxmark3](https://proxmark3.com/) - RFID/NFC cloning, replay, and spoofing toolkit often used for analyzing
and attacking proximity cards/readers, wireless keys/keyfobs, and more.
* [USB Rubber Ducky](http://usbrubberducky.com/) - Customizable keystroke injection attack platform
masquerading as a USB thumbdrive.
* [WiFi Pineapple](https://www.wifipineapple.com/) - Wireless auditing and penetration testing platform.
* [ARIZONA CYBER WARFARE RANGE](http://azcwr.org/) - 24x7 live fire exercises for beginners through real
world operations; capability for upward progression into the real world of cyber warfare.
* [CTF Field Guide](https://trailofbits.github.io/ctf/) - Everything you need to win your next CTF competition.
* [Cybrary](http://cybrary.it) - Free courses in ethical hacking and advanced penetration testing. Advanced penetration
testing courses are based on the book 'Penetration Testing for Highly Secured Environments'.
* [European Union Agency for Network and Information Security](https://www.enisa.europa.eu/topics/trainings-for-
cybersecurity-specialists/online-training-material) - ENISA Cyber Security Training material.
* [Offensive Security Training](https://www.offensive-security.com/information-security-training/) - Training from
BackTrack/Kali developers.
* [Open Security Training](http://opensecuritytraining.info/) - Training material for computer security classes.
* [SANS Security Training](http://www.sans.org/) - Computer Security Training & Certification.
## Side-channel Tools
## Static Analyzers
## Vulnerability Databases
## Web Exploitation
## Android Utilities
* [Android Open Pwn Project (AOPP)](https://www.pwnieexpress.com/aopp) - Variant of the Android Open Source
Project (AOSP), called Pwnix, is built from the ground up for network hacking and pentesting.
* [cSploit](https://www.csploit.org/) - Advanced IT security professional toolkit on Android featuring an integrated
Metasploit daemon and MITM capabilities.
* [Fing](https://www.fing.com/products/fing-app/) - Network scanning and host enumeration app that performs
NetBIOS, UPnP, Bonjour, SNMP, and various other advanced device fingerprinting techniques.
## Windows Utilities
## macOS Utilities