John the Jumbo |
Bruteforcer |
https://github.com/openwall/john |
Community advance version of John the Ripper |
DLL Injector |
Exploits |
https://github.com/OpenSecurityResearch/dllinjector |
Injects dlls in processes |
Creddump |
Forensics |
https://github.com/moyix/creddump |
Dump Windows credentials |
Exif Tool |
Forensics |
https://exiftool.org/ |
Read, write and edit file metadata |
IDA pro |
Reversing |
https://www.hex-rays.com/ida-pro/ |
Most used Reversing software |
Hopper |
Reversing |
https://www.hopperapp.com/ |
Reverse engineering tool (disassembler) for OSX and Linux |
Steganabara |
Steganography |
https://www.openhub.net/p/steganabara |
Tool for stegano analysis written in Java |
Stegbreak |
Steganography |
https://linux.die.net/man/1/stegbreak |
Launches brute-force dictionary attacks on JPG image |
Steghide |
Steganography |
https://steghide.sourceforge.net/ |
Hide data in various kind of images |
Hackbar |
Web |
https://addons.mozilla.org/en-US/firefox/addon/hackbar/ |
Firefox addon for easy web exploitation |
Sublist3r |
OSINT |
https://github.com/aboul3la/Sublist3r |
Tool designed to enumerate subdomains of websites using OSINT |
decode.fr |
Cryptography |
https://www.dcode.fr/ |
convert the cipher text to plain text |
DaveGrohl |
Bruteforcer |
https://github.com/octomagon/davegrohl |
Brute-forcing tool for Mac OS X |
Rainbow Crack |
Bruteforcer |
http://project-rainbowcrack.com/ |
Generates rainbow tables to be used in recovering passwords |
THC Hydra |
Bruteforcer |
https://sectools.org/tool/hydra/ |
Offers a large number of protocols (Telnet, RDP, SSH, FTP, HTTP, HTTPS, SMB) to brute force |
Ncrack |
Bruteforcer |
https://nmap.org/ncrack/ |
Proactively tests all hosts and networking devices for poor passwords |
Wireshark |
Packet Tracing |
https://www.wireshark.org/ |
Lets you trace and analyze network packets at a very minute and detailed level |
Metasploit |
Penetration Testing |
https://www.metasploit.com/ |
Tool for penetration testing and checking your system for known and open vulnerabilities |
Metasploit |
Penetration Testing |
https://www.metasploit.com/ |
Tool for penetration testing and checking your system for known and open vulnerabilities |
Crackstation |
Web |
https://crackstation.net/ |
CrackStation is a massive pre-computed lookup tables to crack password hashes. |
DNSDumpster |
Web |
https://dnsdumpster.com/ |
DNSdumpster is a FREE domain research tool that can discover hosts related to |
Webgrep |
Web |
https://github.com/dhondta/webgrep |
grep for Web pages, with JS deobfuscation, CSS unminifying and OCR on images. |
Ghidra |
Reverse Engineering |
https://github.com/NationalSecurityAgency/ghidra |
It is a reverse engineering framework made by the NSA |
DTMF decoder |
Forensics |
https://unframework.github.io/dtmf-detect/ |
Tool to solve DTMF audio based forensics |
Dislocker |
Forensics |
http://www.hsc.fr/ressources/outils/dislocker/ |
Tool for reading Bitlocker encrypted partitions. |
OWASP ZAP |
Web Security |
https://www.zaproxy.org/ |
World's most widely used web app scanner. Free and open source. |
FFuF |
Discovery |
https://github.com/ffuf/ffuf |
Fast web fuzzer written in Go that allows typical directory discovery, virtual host discovery (without DNS records), GET and POST parameter fuzzing |