Pentest Tools

The tools listed below are commonly used in penetration testing, and the tool catalog is referenced from Kali Tools, most of which are open source software. The project long-term supplementary update QAQ

TODO

• [x] Directory
• [ ] Browser bookmarks
• [ ] Tools Usage
• [x] Virtual machine - Windows11 Penetration Suite Toolkit

List

• Information Gathering
• Vulnerability Analysis
• Web Applications
• Database Assessment
• Password Attacks
• Wireless Attacks
• Reverse Engineering
• Exploitation Tools
• Sniffing & Spoofing
• Maintaining Access
• Golang Sec Tools
• Reporting & Collaboration
• Social Engineering
• Code Audit
• Port Forwarding & Proxies
• DevSecOps
• RootKit
• Pentesting Distribution
• Cyber Range

Information Gathering

Domain Name

• whois - Windows Whois performs the registration record for the domain name or IP address that you specify.
• DNSrecon-gui - DNSrecon tool with GUI for Kali Linux
• Dnsx - dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.

Subdomain

• subDomainsBrute - A fast sub domain brute tool for pentesters
• ksubdomain - Subdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second
• Sublist3r - Fast subdomains enumeration tool for penetration testers
• OneForAll - 👊 OneForAll is a powerful subdomain integration tool
• LayerDomainFinder - a subdomains enumeration tool by Layer
• ct - Collect information tools about the target domain.
• Subfinder - Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
• Probable_subdomains - Subdomains analysis and generation tool. Reveal the hidden!
  • domains - Generate subdomains and wordlists Online.
• MassDNS - High-performance DNS stub resolver targeting those who seek to resolve a massive amount of domain names in the order of millions or even billions.
• altdns - Altdns takes in words that could be present in subdomains under a domain (such as test, dev, staging) as well as takes in a list of subdomains that you know of.
• dnscan - Fast and lightweight dns bruteforcer with built-in wordlist and zone transfer checks.

Google Hacking

• GHDB - Google Hack Database
• SearchDiggity - SearchDiggity 3.1 is the primary attack tool of the Google Hacking Diggity Project
• Katana - A Python Tool For google Hacking
• GooFuzz - GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).
• Pagodo - pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching .
• Google-Dorks - Useful Google Dorks for WebSecurity and Bug Bounty

Github

• GitHacker - 🕷️ A Git source leak exploit tool that restores the entire Git repository, including data from stash, for white-box auditing and analysis of developers' mind.
• GitGraber - gitGraber is a tool developed in Python3 to monitor GitHub to search and find sensitive data in real time for different online services.
• GitHound - Use GitHub Code Search API to find exposed API keys across all of GitHub, not just known repos and orgs. Comes with a web dashboard for filtering and tracking your results
• GitMiner - Tool for advanced mining for content on Github.
• Gitrob - Reconnaissance tool for GitHub organizations.
• GitGot Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
• GitDump - A pentesting tool that dumps the source code from .git even when the directory traversal is disabled

SVN

• svnExploit - Support for SVN source code disclosure of full version and Dump it.
• SvnHack - SvnHack is a SVN folder disclosure exploit. :lock:

Port Scan

• Nmap | Zenmap - Free and open source utility for network discovery and security auditing
• Masscan - TCP port scanner, spews SYN packets asynchronously
• Ports - Common service ports and exploitations
• Goby - Attack surface mapping
  • Gobyu-POC - The POC of Goby .
• Goscan - Interactive Network Scanner
• NimScan - 🚀 Fast Port Scanner 🚀
• RustScan - 🤖 The Modern Port Scanner 🤖
• TXPortMap - Port Scanner & Banner Identify From TianXiang
• Scaninfo - fast scan for redtools
• SX - 🖖 Fast, modern, easy-to-use network scanner
• Yujianportscan A Fast Port Scanner GUI Tools Build by VB.NET + IOCP
• Naabu - A fast port scanner written in go with a focus on reliability and simplicity.

OSINT

• theHarvester- E-mails, subdomains and names Harvester - OSINT
• SpiderFoot - SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
• Recon-ng - Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.
• FOCA - Tool to find metadata and hidden information in the documents.
• Amass - In-depth Attack Surface Mapping and Asset Discovery
• Censys-subdomain-finder - Perform subdomain enumeration using the certificate transparency logs from Censys.
• EmailHarvester - Email addresses harvester
• Finalrecon - The Last Web Recon Tool You'll Need.
• LittleBrother - Information gathering (OSINT) on a person (EU)
• Octosuite - Advanced Github OSINT Framework
• Kunyu - Kunyu, more efficient corporate asset collection
• Glass - OSINT Framework with Fofa/ZoomEye/Shodan/360 API
• BBOT - OSINT automation for hackers.
• octosuite - Advanced Github OSINT Framework
• GHunt - 🕵️‍♂️ Offensive Google framework.

Phishing

• gophish - Open-Source Phishing Toolkit
• AdvPhishing - This is Advance Phishing Tool ! OTP PHISHING
• SocialFish - Educational Phishing Tool & Information Collector
• Zphisher - An automated phishing tool with 30+ templates. This Tool is made for educational purpose only