Penetration testing and tools for hackers are more often used by security industries to test vulnerabilities in networks and applications. Here you can find a complete list of penetration testing and hacking tools that covers penetration testing operations in all environments.
List of tools for hackers and penetration testing
- Online resources
- Penetration Testing Distributions
- Docker for Penetration Testing
- Multi-paradigm frameworks
- Vulnerability scanners
- Network tools
- Wireless network tools
- Transport Layer Security Tools
- Web exploration
- Hex editors
- File Format Analysis Tools
- Defense evasion tools
- Hash cracking tools
- Windows Utilities
- GNU / Linux Utilities
- macOS Utilities
- DDoS Tools
- Social engineering tools
- OSINT Tools
- Anonymity tools
- Reverse engineering tools
- Physical access tools
- Side-channel tools
- CTF Tools
- Penetration Testing Report Templates
- Vulnerability Databases
- Security courses
- Information Security Conferences
- Information Security Magazines
- Awesome lists
Penetration Testing Resources
- Metasploit Unleashed is a free offensive Metasploit course.
- Penetration Testing Execution Standard (PTES) is a documentation designed to provide a common understanding and scope for the implementation and reporting of penetration test results.
- The Open Web Application Security Project (OWASP) is a global non-profit charitable organization focused on improving the security of especially web and application software.
- PENTEST-WIKI is a free online security knowledge library for pentesters and researchers.
- Penetration Testing Framework (PTF) is a penetration test execution framework compiled as a general framework used by both vulnerability analysts and penetration testers.
- XSS-Payloads is the ultimate resource for all things cross-scripting attacks on the site, including payloads, tools, games and documentation.
- Open Source Security Testing Methodology Manual (OSSTMM) is a framework for providing test cases that lead to verified facts on which decisions that affect the security of an organization are based.
- MITRE’s Adversarial Tactics, Techniques & Common Knowledge (ATT & CK) is a curated knowledge base and behavior model for a cybercriminal.
- Shellcode Tutorial – A tutorial on how to write shellcode.
- Shellcode examples – shellcode database.
- Exploit Writing Tutorials – Exploit development tutorials.
- OSINT Framework – A collection of various OSINT hacking tools, categorized.
- Intel Techniques – OSINT Tools Collection. The menus on the left can be used to navigate categories.
- NetBootcamp OSINT Tools – A collection of OSINT links and web user interfaces to other services, such as Facebook Graph Search and various insert sites .
- WiGLE.net – Information on wireless networks around the world, with convenient desktop and web applications.
Social Engineering Resources
- Social Engineering Framework – An information resource for social engineers.
Lock Pick Resources
- Schuyler Town Channel – video capture and security talks.
- bosnianbill – more video blocking.
- / r / lockpicking – resources for learning lockpicking, hardware recommendations.
- Security Related Operating Systems @ Rawsec is a complete list of security related operating systems.
- Best Linux Penetration Testing Distributions @ CyberPunk – A description of the main penetration testing distributions.
- Security @ Distrowatch is a web site dedicated to discussing, reviewing, and updating open source operating systems.
- cuckoo is an open source malware analysis system.
- Computer Aided Investigative Environment (CAINE) is an Italian GNU / Linux live distribution created as a digital forensics project.
- Digital Evidence & Forensics Toolkit (DEFT) – Live CD for forensic analysis runnable without interference or damage to connected devices where the boot process takes place.
- Tails – Live OS, aimed at maintaining confidentiality and anonymity.
Penetration Testing Distributions
- Kali Distribution – GNU / Linux Designed for Digital Forensics and Hacker Penetration Testing
- ArchStrike is the Arch GNU / Linux repository for security professionals and enthusiasts.
- BlackArch – Arch GNU / Linux distribution with the best hacking tools for penetration testers and security researchers.
- Network Security Toolkit (NST) is the Fedora boot operating system designed to provide easy access to best-of-breed open source network security applications.
- Pentoo is a security-oriented live CD based on Gentoo.
- BackBox is a Ubuntu-based distribution for penetration tests and security assessments.
- Parrot is a distribution similar to Kali, with several architectures and 100 hacking tools.
- Buscador is a GNU / Linux virtual machine preconfigured for online researchers.
- Fedora Security Lab – Provides a secure test environment for working on security audits, forensics, rescue systems, and training in security testing methods.
- Pentesters Framework – The distribution is organized around the standard for penetration testing (PTES), providing a curated collection of utilities that eliminates frequently unused toolchains.
- Attifyos – The GNU / Linux distribution focuses on tools useful in assessing the security of the Internet of Things (IoT).
Piercing Test Docker
- docker pull kalilinux/kali-linux-docker official Kali Linux
- docker pull owasp/zap2docker-stable – official OWASP ZAP
- docker pull wpscanteam/wpscan – official WPScan
- docker pull citizenstig/dvwa – Damn Vulnerable Web Application (DVWA)
- docker pull wpscanteam/vulnerablewordpress – Vulnerable WordPress Installation
- docker pull hmlio/vaas-cve-2014-6271 – Vulnerability as a Service: Shellshock
- docker pull hmlio/vaas-cve-2014-0160 – Vulnerability as a Service: Heartbleed
- docker pull opendns/security-ninjas – Security Ninja
- docker pull diogomonica/docker-bench-security – docker stand for safety
- docker pull ismisepaul/securityshepherd – Oswas safety shepherd
- docker pull danmx/docker-owasp-webgoat – OWASP WebGoat Project docker image
- docker-compose build && docker-compose up – OWASP NodeGoat
- docker pull citizenstig/nowasp – OWASP Mutillidae II Web Pen-test practice
- docker pull bkimminich/juice-shop – OWASP juice shop
- docker pull kalilinux/kali-linux-docker – Kali Linux Docker Image
- docker pull phocean/msf – docker-metasploit
- Metasploit – Hacking tools for attacking security groups to check vulnerabilities and manage security assessments.
- Armitage is a Java-based GUI for the Metasploit Framework.
- Faraday is a multi-user integrated pentesting environment for red teams performing joint penetration tests, security audits and risk assessments.
- ExploitPack is a graphical tool for automating penetration tests, which comes with a large number of ready-made exploits.
- Pupi – Cross-platform (Windows, Linux, macOS, Android) tool for remote administration and after operation,
- Nexpose is a commercial vulnerability assessment and risk management mechanism that integrates with Metasploit sold by Rapid7.
- Nessus is a commercial vulnerability management, configuration, and conformance assessment platform sold by Tenable.
- OpenVAS is a free software implementation of the popular Nessus vulnerability assessment system.
- Vuls is an agentless vulnerability scanner for GNU / Linux and FreeBSD written in Go.
- Brakeman – Static analysis Security vulnerability scanner for Ruby on Rails applications.
- cppcheck is an extensible C / C ++ static error analyzer.
- FindBugs is a free software static analyzer for finding errors in Java code.
- sobelow is a security-oriented static analysis for the Phoenix framework.
- Bandit is a security oriented static analyzer for python code.
- Nikto is a noisy but fast black box web server and web application vulnerability scanner.
- Arachni – Scriptable framework for assessing the security of web applications.
- w3af – hacking tools to attack and audit web applications.
- Wapiti – Black box web application vulnerability scanner with integrated fuzzer.
- SecApps – in-browser Web application Security testing suite.
- WebReaver is a commercial web application vulnerability graphic scanner for macOS.
- WPScan – hacker toolsBlack box WordPress vulnerability scanner.
- CMS-explorer – identify specific modules, Plugins, components, and themes that run on various websites running on content management systems.
- joomscan is one of the best hacker tools for Joomla vulnerability scanner.
- ACSTIS – automatic client-side pattern discovery (sandbox escape / bypass) for AngularJS.
- zmap – An open source network scanner that allows researchers to easily perform network research on the Internet.
- Nmap is a free security scanner for network research and security auditing.
- pig – one of the hacking tools forGNU / Linuxcraft.
- beskankovaya – A utility for using websites to perform port scans on your behalf so as not to reveal your own IP.
- output tcpdump / libpcap – A general package analyzer that runs under the command line.
- Wireshark is a widely used graphical cross-platform network protocol analyzer.
- Network-Tools.com -Web site of exhibition, offers an interface to many major network utilitamkak ping, traceroute, whois, and more.
- netsniff- ng -Swiss army army for sniffing the net.
- Intercepter-NG is a multi – functional network toolkit.
- Sparta is a graphical interface that provides scriptable, customizable access to existing network scanning and enumeration tools.
- dnschef – Highly customizable DNS proxy for pentester.
- DNSDumpster is one of the hacking tools for online DNS recon and search.
- CloudFail – Disable the server IP addresses hidden behind Cloudflare by searching for old database records and finding incorrect DNS settings.
- dnsenum – A Perl script that enumerates DNS information from a domain, tries to transfer zones, performs a brute-force dictionary style, and then searches back for results.
- dnsmap – One of the hacking tools for the passive DNS Network mapper.
- dnsrecon – One of the hacking tools for the DNS enumeration script.
- dnstracer – Determines where this DNS server gets information from and follows the chain of DNS servers.
- passivedns client library and query tool for querying multiple passive DNS providers.
- passivedns is a network sniffer that logs all DNS server responses for use in passive DNS configuration.
- Mass Scan – the best hacking tools for TCP port scanner, spews SYN packets asynchronously, scanning the entire Internet in less than 5 minutes.
- Zarp is a network-oriented attack tool.
- mitmproxy -Interactive TLS-interception of HTTP proxies for penetration testers and software developers.
- Morpheus -Tettercap Automated Hacking TCP / IPTools.
- mallory -HTTP / HTTPS proxy via SSH.
- SSH MITM – Interception of SSH connections with a proxy; all passwords and plaintext sessions are recorded to disk.
- Netzob – reverse engineering, traffic generation and blurring communication protocols.
- Det is a proof of concept for performing data filtering using one or more channels simultaneously.
- pwnat – Punches holes in firewalls and NATs.
- dsniff – A collection of tools for network audit and pentesting.
- tgcd – A simple Unix network utility to expand the availability of TCP / IP-based network services outside of firewalls.
- smbmap is a convenient SMB enumeration tool.
- scapy – Python based on an interactive package processing program and library.
- Dshell is a network forensic analysis framework .
- Debookee is a simple and powerful network traffic analyzer for macOS.
- Dripcap – Caffeine packet analyzer.
- Printer Exploitation Toolkit (PRET) – a tool for testing printer security, capable of connecting IP and USB, fuzzing and operating PostScript, PJL, and features of the PCL printer language.
- Praeda – Automated multi-function Data harvester printer for collecting useful data during a security assessment.
- routersploit – An open source exploitation framework similar to Metasploit, but designed for embedded devices.
- evilgrade – A modular structure to take advantage of poor update implementations by introducing fake updates.
- XRay is a network (sub) domain discovery and intelligence automation tool.
- Ettercap -complex, mature set for attacks like “machine in the middle.”
- BetterCAP is a modular, portable and easily extensible MITM platform.
- CrackMapExec – Swiss army knife for testing networks.
- impacket – A collection of Python classes for working with network protocols.
Wireless Hacking Tools
- Aircrack-ng – a set of penetration and hacking testing tools for auditing wireless networks.
- Kismet – wireless detector, sniffer and identifiers.
- Reaver – brute force attack against a WiFi protected installation.
- Wifite is an automated wireless attack tool.
- Fluxion is a suite of automated WPA attacks based on social engineering.
- SSLyze is a fast and comprehensive TLS / SSL configuration analyzer to help identify mis-security configurations.
- Tls_prober – imprint of SSL / TLS server implementation.
- testssl.sh is a command line tool that checks the server service on any port to support TLS / SSL ciphers, protocols, as well as some cryptographic flaws.
- OWASP Zed Attack Proxy (ZAP) – multifunctional, scripted HTTP – interception proxy and fazzer for testing penetration of web applications.
- Fiddler is a free cross-platform web debugging proxy server with convenient related tools.
- Burp Suite is one of the hacking tools of an integrated platform for testing web application security.
- autochrome – easy to install a test browser with all the relevant settings necessary for testing web applications that support its own Burp, from NCCGroup.
- Browser Exploitation Framework (BeEF) – a command and control server for delivering exploits to commanded web browsers.
- Offensive Web Testing Framework (OWTF) is a Python-based platform for testing web applications based on the OWASP testing guide.
- WordPress Exploit Framework -Ruby framework for developing and using modules that help in testing the penetration of WordPress powered websites and systems.
- WPSploit – Use website-based WordPress with Metasploit.
- SQLmap is an automatic SQL injection and database capture tool.
- tplmap – Automatic injection of server-side templates and hacking of the web serverTools.
- weevely3 -armed web shell.
- Wappalyzer -Wappalyzer reveals the technologies used on websites.
- WhatWeb fingerprint website .
- BlindElephant is a fingerprint web application.
- wafw00f- Identifies and Fingerprint Web Application Firewall (WAF) products.
- fimap – Find, prepare, audit, use, and even Google automatically for LFI / RFI errors.
- Kadabra is an automatic exploiter and LFI scanner.
- Cadimus – LFI Scan and Exploit Tool.
- liffy – LFI Maintenance Tool.
- Commix is an automated universal tool for entering and operating operating system commands.
- DVCS Ripper -Rip web available (distributed) version control systems: SVN / git / HG / bzr.
- GitTools is one of the hacking tools that automatically finds and downloads Web-accessible .git storage.
- sslstrip –
One of the hacking tools for demonstrating HTTPS stripping attacks.
- sslstrip2 -SSLStrip version to defeat HSTS.
- NoSQLmap is an automatic tool for injecting and capturing a NoSQL database.
- VHostScan – a virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scripts, aliases and dynamic pages by default.
- FuzzDB is a dictionary of attack patterns and primitives for introducing black box application errors and resource discovery.
- An eyewitness is a tool for taking screenshots of websites, providing server header information, and identifying default credentials, if possible.
- webscreenshot – A simple script to take screenshots of a list of websites.
- HexEdit.JS – Browser Hex Editing.
- Hexinator is the world’s best (proprietary, commercial) Hex editor.
- Frhed is a binary editor for Windows.
- 0xED is macOS’s own hex editor that supports plugins for displaying custom data types.
File Format Analysis Tools
- Veles is a binary data visualization and analysis tool.
- Hachoir is a Python library for viewing and editing a binary stream in the form of a tree of fields and tools for extracting metadata.
Defense Evasion Tools
- Veil – creating metasploit payloads that bypass conventional antivirus solutions.
- shellsploit – generates custom shellcode, backdoors, injectors, optionally obfuscates each byte using encoders.
- Hyperion -runtime encryptor for 32-bit portable executables (“PE .exes”).
- AntiVirus Evasion Tool (AVET) – post-process exploits containing executable files intended for Windows computers to avoid recognition by antivirus software.
- peCloak.py -automatizes the process of hiding a malicious Windows executable from antivirus (AV) detection.
- peCloakCapstone is a multi-platform fork peCloak.py is an automated antivirus malware evasion tool.
- UniByAv is a simple obfuscator that accepts raw shellcode and generates anti-virus friendly executable files using brute force, a 32-bit XOR key.
Hash Hacking Tools
- John the Ripper is one of the best hacking tools for quickly cracking passwords.
- Hashcat is another tool for cracking a faster hash cracker.
- CeWL -creates custom word lists by moving the target’s website and collecting unique words.
- JWT Cracker -simple hs256 JWT brute force token cracker.
- Rar Crack -RARbruteforce cracker.
- Bruteforce Wallet – find the password of the encrypted wallet file (i.e. wallet.dat).
Utilities for Windows
- Sysinternals Suite – Sysinternals Troubleshooting Utilities.
- Windows Credential Editor – Verify login sessions and add, change, list, and delete associated credentials, including Kerberos tickets.
- mimikatz is a credential extraction tool for the Windows operating system.
- PowerSploit – PowerShell Post-Production Environment.
- Windows Exploit Suggester – Detects potential missing fixes on target.
- Defendant -LLMNR, NBT-NS and Poisoner MDNS.
- Bloodhound is a graphical Active Directory trust browser.
- Empire is a pure PowerShell agent after use.
- Fibratus is a tool for researching and tracking the Windows kernel.
- wePWNise generates architecture-independent VBA code for use in Office documents or templates, and automates crawling software for application management and use.
- redsnarf -a means after operation for receiving hashes of passwords and credentials from Windows workstations, servers and domain controllers.
- Magic Unicorn is a shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell macros, HTML applications (HTAs) or certutil(using fake certificates).
- Deathstar is a Python script that uses the Empire RESTful API to automate domain administrator privileges in Active Directory environments.
Utilities for GNU / Linux
- Linux Exploit Suggester – heuristic reporting of potentially viable exploits for this GNU / Linux system.
Utilities for macOS
- Bella is a pure Python after-use data mining and remote administration tool for macOS.
- LOIC -Open Source network stress tool for Windows.
- SlowLoris -DoS tool that uses low bandwidth on the attacking side.
- The HOIC is an updated version of the low-orbit ion cannon that has “boosters” to circumvent common countermeasures.
- T50 is a faster mains voltage tool.
- UFONet – Uses OSI layer 7 HTTP to create / control “zombies” and conduct various attacks using; GET/ POST, multithreading, proxies, origin substitution methods, cache evasion methods, etc.
Social Engineering Tools
- Social Engineer Toolkit (SET) is an open source pentesting framework designed for social engineering involving a number of custom attack vectors to make believable attacks quickly.
- King Phisher is one of the phishing campaign toolkit hack tools used to create and manage multiple simultaneous phishing attacks with user email and server content.
- The Evilginx -MITM attack framework is used to phishing credentials and session cookies from any web service.
- Spousal Machine – Automated phishing attacks on WiFi networks.
- Catphish is a phishing and corporate espionage tool written in Ruby.
- Beelogger – A tool for generating a keyloger .
- Maltego is one of hacker tools and proprietary open source intelligence and forensics software from Paterva.
- the Harvester is the email, subdomain, and harvester people’s names.
- creepy- location OSINT tool.
- metagoofil – Metadata reaper .
- Google Hacking Database – Google dorks database can be used for reconnaissance.
- Google dorks – General Google dorks and others you probably don’t know.
- GooDork – Google Command Line Dorking Tool.
- dork-cli – Command line Google dork tool.
- Censys – Collects host and website data through daily ZMap and ZGrab scans.
- Shodan is the world’s first search engine for Internet-connected devices.
- recon-ng is one of the full-featured hacking tools of the web Reconnaissance framework, written in Python.
- github-dorks -CLI tool for scanning Github REPO / organization potential leakage of confidential information.
- vcsmap – A plug-in based on a tool for scanning public version control systems for confidential information.
- Spiderfoot is a multi-functional OSINT automation tool with a web interface and report visualization.
- BinGoo -GNU / Linux bash-based Bing and Google Dorking tool.
- fast-recon – execution of Google dorks against a domain.
- snitch – collecting information through morons.
- Sn1per -ons hacking tools for Pentest Recon automatic scanner.
- Threat Crowd is a threat search engine.
- Virus Total -VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans and all types of malware.
- The data block is an OSINT visualizer using Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye backstage.
- AQUATONE is a subdomain detection tool using various open sources that generates a report that can be used as input to other tools.
- Intrigue – OSINT & Attack Surface discovery framework automated platform with powerful API, UI and Kli.
- ZoomEye is a cyberspace search engine that allows the user to find specific network components.
Tools for Anonymity
- Tor is free software and an onion routed overlay network that helps you protect yourself from traffic analysis.
- OnionScan is one of the hacking tools for researching the darkness Web by searching for operational security problems introduced by the operators of the hidden Tor service.
- I2P – Invisible Internet project.
- Nipe- script for redirecting all traffic from the machine to the Tor network.
- What every browser knows about you is a complete discovery page to check the configuration of your own web browser for privacy and identity leakage.
Reverse Engineering Tools
- Interactive Disassembler (IDA Pro) – a proprietary multiprocessor disassembler and debugger for Windows, GNU / Linux or macOS; also has a free version of IDA Free .
- WDK / WinDbg – a set of Windows and WinDbg drivers.
- OllyDbg -x86 debugger for Windows binaries that emphasizes binary code analysis.
- Radare2 is an open source, cross-back engineering framework.
- x64dbg is an open source x64 / x32 debugger for windows.
- Immunity Debugger is a powerful way to write exploits and analyze malware.
- Evan’s debugger is an OllyDbg-like debugger for GNU / Linux.
- Medusa is an open source cross-platform interactive disassembler.
- plasma is an interactive disassembler for x86 / ARM / MIPS. Generates indented pseudocode with color syntax code.
- peda – Help develop Python exploits for GDB.
- dnSpy is one of the hack tools for reverse engineering .NET assemblies.
- Sidewalk – A fast, easy-to-use tool for analyzing, reverse engineering and extracting firmware images.
- Pyrebox -Python scriptable Reverse Engineering sandbox from Cisco-Talos.
- Voltron is an extensible UI toolkit debugger written in Python.
- Capstone – lightweight multi-platform, multi-arch disassembly of the frame.
- rVMI – Debugger on steroids; Check user space processes, kernel drivers, and preboot environments in one tool.
- Frida – Dynamic instrumentation toolkit for developers, reverse engineers and security researchers.
Physical access facilities
- LAN Turtle is a hidden “USB Ethernet Adapter” that provides remote access, intelligence and MITM capabilities when installed on a local network.
- USB Rubber Ducky is a customizable key injection platform that masquerades as a USB thumbdrive.
- Poisontap- siphons cookies, provides an internal (LAN-side) router and installs a web backdoor on locked computers.
- WiFi Pineapple is a wireless audit and penetration testing platform.
- Proxmark3- RFID / NFC cloning, playback and spoofing tools are often used to analyze and attack contactless cards / readers, wireless keys / key fobs and much more.
Side channel tool
- ChipWhisperer is a complete chain of open source tools for analyzing side channel power and crashes.
- ctf-tools – a collection of installation scripts for installing various security research tools is easily and quickly deployed to new machines.
- Pwntools is a quick exploit development platform designed for use in CTFs.
- RsaCtfTool – decryption of data encrypted using weak RSA keys, and recovery of private keys from public keys using various automatic attacks.
Penetration Test Report Templates
- Public Pentesting Reports – A curated list of public penetration test reports issued by several consulting firms and academic security groups.
- Pentesting report template – testandverification.com template.
- Pentesting report template – hitachi-systems-security.com template.
- Pentesting Report Template – lucideus.com template.
- Pentesting report template – crest-approved.org template.
- Pentesting Report Template – pcisecuritystandards.org template.