Tooling Repository
Last updated
Last updated
- Find out who owns an IP Address
- Find IP addresses owned by a company
- Identify the email schema used by an organization
Phonebook.cz - Lookup emails related to the organization
- Validate emails identified are in use by the organization
- Find emails via search engines
- Well known OSINT tool that can be used to gather names, email addresses, and more
- An incredible open-source phishing framework
- Man-in-the-middle attack framework for phishing login credentials and bypassing 2fa
- Generate similar looking domains for use in phishing attacks
- Generate malicious XLM documents for phishing
- Automize obfuscation of Office documents
- Collection of pretexts to use when crafting campaigns
- Amazing for performing initial reconnaissance on a website. Also has a PoC for Sweet32 built into it
- Googles active web application security reconnaissance tool
- Vulnerability scanner that is actively maintained and updated frequently
- Parse Nmap scans and run DirBuster against targets. Useful when covering a large scope$
- My replacement for Dirb and other fuzzing tooling
- In-depth attack surface mapping. Great for asset discovery and performing external reconnaissance
- Scan Google search results for vulnerabilities with dorks
- Searches for leaked credentials
- Popular way to search for leaked credentials but requires payment
- Alternative to DeHashed
- TCM's script to parse databases and identify leaked credentials
- OSINT tool to identify if an account has appeared in a database leak
- Alternative to Nmap. Port scanning goes brrr
- NSE script for scanning Elasticsearch. Useful when identified in a penetration test.
- Useful for gathering information from a host with anoymous access or authenticating to a DC to obtain a list of usernames
- Automated enumeration of services
- Visually inspect websites. Has the ability to parse Nmap scans
- Visually inspect websites. My preferred tool of choice. Has the ability to parse Nessus scans
- A tool geared towards pentesting APIs using OpenAPI definitions
- LinkedIn reconnaissance tool that provides output with picture, name, email, title, and location
- Reguarly updated LinkedIn recon tool (10/11/2021)
- My favorite LinkedIn reconnaissance tool. It should be noted that this tool will not reliably identify all of the emails for a company.
- LinkedIn reconnaissance tool that works great in combination with LinkedIn2Username
- Email Generation from Bing using LinkedIn Dorks
- Analyze PCAPs. Can extract useful data and create a network diagram
- Analyze PCAPs. The free version is great but the professional is better (costs $$$)
- My favorite way to analyze PCAPs or live captures. Free, fast, and great for PCI tests
- Abuse LLMNR and NBT-NS protocols (and more) to get a reliable foothold
- Abuse IPv6 to obtain a foothold
- The options are endless with Impacket. Kerberoast until you drop!
- Capture credentials sprayed across the network
- Collection of Windows print spooler exploits. Great for obtaining a foothold or escalating privileges!
- Router exploitation framework
- Smart Install Exploitation Tool
- Spraying attacks against Lync/S4B, OWA, and O365
- Spraying attacks against.. Everything
- Spraying attacks against a domain. Gathers account lockout windows which is nifty
- Spraying against Active Directory
- Multi-purpose brute-forcer. Takes a little reading of the manual but works incredibly
- Brute-Forcing from an Nmap output. One of my favorites for automating the assessment of a network
- Brute-forcing tool that supports protocols not currently supported by Hydra
- Updated Nmap default credential list
- Default credential scanner. I've had mixed results with this. When it works it's great!
- List of common default credentials
- Hashcat Automation Tool
- My favorite rule list
- Probable wordlists to use in password attacks
- This should go without saying.. But Hashcat is amazing
- Password Analysis and Cracking Toolkit. There's a lot of password goodies and resources here
- TrustedSec's password cracking utility. Automates a lot
- Perform password analysis
- One of the best tools I've used to interact with databases.
- Interact with NoSQL (DBeaver removed this in the community version)
- I used Covenant throughout the CRTO certification and fell in love. Free and easy to use
- Bishop Fox's C2 framework
- Bats3c's C2. Used it a few times and it's a ton of fun!
- Cross-platform C2. Previously used while on an OSX engagement
- AWS exploitation fraemwork from RhinoSecurityLabs
- AWS red teaming framework
- A tool to abuse Exchange services
- My goto when spraying Office 365
- Conduct password attacks against Azure AD and Office 365 endpoints
- User enumeration with the Microsoft Teams API
- Exchange Attack Tool
- Bats3c's obfuscation tool.
- Shellcode and PE packer
- Store obfuscated pentesting tools in one place
- PowerShell script obfuscator
- PowerShell obfuscator. I've had a lot of success using this tool
- Powershell obfuscator using polyglots
- Python obfuscation tool
- Post exploitation toolkit in a bash script
- Mimikatz for Unix
- A customizable post exploitation Linux framework
- Payload generator for MacOS
- Mac red teaming resources
- Automate attack against WiFi
- Framework for rogue access point attacks
- One of the more comprehensive SSL/TLS testing tools I've used
- Useful when SSLyze doesn't work as intended
- Useful when SSLScan doesn't work as intended
- Comprehensive audit of SSH. Provides comprehensive information about the SSH server in use
- Automate the installation of additional tools
- Any dotfiles work, make sure you're comfortable in your environment and log log log
- Swiss army knife for SMTP testing
- Collection of offensive PowerShell scripts for use in penetration testing and red teaming
- Collection of offensive PowerShell scripts, useful in all phases of testing
- Runs Mimikatz but better
- Dump information about the domain. Incredibly useful for escalating privileges or gathering additional information for spraying attacks
- Exfiltrate sensitive data from Confluence
- Need I say more? Find attack paths and own the domain
- Find delicious candy on a domain
- Netcat on steroids. Post exploitation tool that has some neat tools built into it
- Extract passwords from a KeePass 2.x database from memory
- Grab information about Active Directory (this tool does way more, check it out)
- Gathers information about Active Directory
- Collection of well known offensive scripts in one place
- Similar collection to WinPwn but can be encrypted
- Same as the above, collection of red team PowerShell tools
- Script for advanced discovery of Privileged Accounts
- Searches through DNS after compromising a machine to identify interesting assets
- Repository of public pentesting resources
- Tips to secure Kali Linux installation
- Build tools within PowerShell
- Recover information from pixelized screenshots
- Monitor changes throughout the environment during a penetration test
- Slingshot is an Ubuntu-based Linux distribution with the MATE Desktop Environment built for use in the SANS penetration testing curriculum and beyond.
- Hopefully no explanation needed here
- A fully customizable Windows-based pentesting virtual machine distribution
- GNU/Linux distribution based on Debian and designed with Security and Privacy in mind