Hello in this thread I bring you more than 100 different tools to exploit various areas of the world of Hacking. They are free of malware and are open source.
Reconnaissance and OSINT
Gathering public information about targets, such as names, emails, IP addresses, and infrastructure details.
Vulnerability Scanning
Identifying weaknesses in servers, networks, and web applications to assess potential entry points.
Exploitation and Intrusion Testing
Leveraging discovered vulnerabilities to gain unauthorized access to systems or applications.
Network Analysis and Packet Inspection
Monitoring and analyzing network traffic to identify security issues or perform attacks.
Password Attacks
Breaking passwords using brute force, dictionary attacks, or hash cracking.
Phishing and Social Engineering
Crafting fake websites, emails, or scenarios to exploit human trust and manipulate targets.
Post-Exploitation and Privilege Escalation
Gaining further control or access after initial compromise by exploiting misconfigurations or system vulnerabilities.
Forensics and Malware Analysis
Investigating cybersecurity incidents and understanding malicious software behavior.
Automation and Frameworks
Streamlining penetration testing processes and workflows to save time and improve efficiency.
Defense and Detection
Monitoring and protecting systems against intrusions, and detecting malicious activities.
Network Scanning and Enumeration
Nmap
https://github.com/nmap/nmap
Network scanner for discovering hosts, services, and vulnerabilities.
Masscan
https://github.com/robertdavidgraham/masscan
High-speed port scanner with massive IP range support.
ZMap
https://github.com/zmap/zmap
Internet-wide network scanner for rapid host discovery.
Netcat
https://github.com/diegocr/netcat
Tool for reading and writing data across network connections.
Fping
https://github.com/schweikert/fping
High-performance ping tool for scanning subnets.
Nikto
https://github.com/sullo/nikto
Web server scanner for finding vulnerabilities and misconfigurations.
Amass
https://github.com/owasp-amass/amass
Subdomain enumeration and DNS mapping tool.
Censys
https://github.com/censys/censys-python
Search for network infrastructure using Censys API.
WhatWeb
https://github.com/urbanadventurer/WhatWeb
Web scanner to identify technologies used by websites.
Shodan Python
https://github.com/achillean/shodan-python
Interface to interact with the Shodan search engine API.
WiFi Hacking
Aircrack-ng
https://github.com/aircrack-ng/aircrack-ng
Crack WEP/WPA/WPA2 networks and perform wireless attacks.
Wifite
https://github.com/derv82/wifite
Automated tool to attack multiple Wi-Fi networks.
Reaver
https://github.com/t6x/reaver-wps-fork-t6x
Brute-force WPA/WPA2 keys exploiting WPS vulnerabilities.
Kismet
https://github.com/kismetwireless/kismet
Wireless network sniffer and intrusion detection system.
Bettercap
https://github.com/bettercap/bettercap
Powerful framework for network monitoring and attacks.
Fluxion
https://github.com/FluxionNetwork/fluxion
Automated tool to hack WPA networks using social engineering.
Fern Wifi Cracker
https://github.com/savio-code/fern-wifi-cracker
GUI-based tool for wireless auditing.
Wireshark
https://www.wireshark.org/
Analyze network traffic and capture packets in real-time.
airodump-ng
https://github.com/aircrack-ng/aircrack-ng
Monitor and capture packets from wireless networks.
Wifiphisher
https://github.com/wifiphisher/wifiphisher
Create fake WiFi networks for phishing attacks.
Web Application Security
SQLMap
https://github.com/sqlmapproject/sqlmap
Automate SQL injection discovery and database takeover.
Burp Suite Community
https://portswigger.net/burp/communitydownload
Web vulnerability scanner and proxy.
OWASP ZAP
https://github.com/zaproxy/zaproxy
Open-source web application security scanner.
XSStrike
https://github.com/s0md3v/XSStrike
Advanced XSS vulnerability scanner.
Dirsearch
https://github.com/maurosoria/dirsearch
Directory brute-forcing for hidden paths.
Wapiti
https://github.com/IFGHou/wapiti
Web vulnerability scanner for detecting flaws like XSS and SQLi.
Nikto
https://github.com/sullo/nikto
Scan for insecure files, outdated software, and other web server issues.
Sublist3r
https://github.com/aboul3la/Sublist3r
Subdomain enumeration tool for reconnaissance.
Commix
https://github.com/commixproject/commix
Exploits command injection vulnerabilities.
Arjun
https://github.com/s0md3v/Arjun
Identify hidden HTTP parameters for GET and POST requests.
Phishing Tools
Phishing Frenzy
https://github.com/pentestgeek/phishing-frenzy
Framework for designing and executing phishing campaigns.
Evilginx2
https://github.com/kgretzky/evilginx2
Tool for advanced phishing attacks with session hijacking.
HiddenEye
https://github.com/DarkSecDevelopers/HiddenEye
Create phishing pages for multiple platforms.
SocialFish
https://github.com/UndeadSec/SocialFish
Phishing tool for capturing login credentials.
ShellPhish
https://github.com/thelinuxchoice/shellphish
Create fake login pages for phishing campaigns.
Gophish
https://github.com/gophish/gophish
Open-source phishing framework for training and simulation.
Password Cracking
John the Ripper
https://github.com/openwall/john
Password cracker for multiple hash types.
Hashcat
https://github.com/hashcat/hashcat
GPU-based password recovery tool.
Hydra
https://github.com/vanhauser-thc/thc-hydra
Brute-force tool for network authentication protocols.
Cewl
https://github.com/digininja/CeWL
Generate custom wordlists from websites.
OSINT (Open Source Intelligence)
Maltego
https://github.com/maltego/maltego
Interactive tool for information gathering and visualization.
theHarvester
https://github.com/laramies/theHarvester
Email, subdomain, and employee information collection.
SpiderFoot
https://github.com/smicallef/spiderfoot
Automated OSINT framework for reconnaissance.
Recon-ng
https://github.com/lanmaster53/recon-ng
Web reconnaissance framework for automated data collection.
Shodan Eye
https://github.com/BullsEye0/shodan-eye
Simplifies using Shodan for infrastructure discovery.
Social-Engineer Toolkit (SET)
https://github.com/trustedsec/social-engineer-toolkit
Toolkit for social engineering attacks, including phishing.
Datasploit
https://github.com/datasploit/datasploit
OSINT collection and correlation from various online sources.
Osmedeus
https://github.com/j3ssie/Osmedeus
Automated reconnaissance framework for mapping the attack surface.
GHunt
https://github.com/mxrch/GHunt
Gather information about Google accounts, including metadata.
IntelX API
https://github.com/IntelligenceX/SDK
Access data from IntelligenceX for OSINT purposes.
Reverse Engineering and Exploitation
Metasploit Framework
https://github.com/rapid7/metasploit-framework
Comprehensive framework for developing and executing exploits.
Immunity Debugger
https://www.immunityinc.com/products/debugger/
GUI-based debugger for reverse engineering.
Ghidra
https://github.com/NationalSecurityAgency/ghidra
Software reverse engineering framework from the NSA.
IDA Free
https://hex-rays.com/ida-free/
Interactive Disassembler for analyzing binaries.
Radare2
https://github.com/radareorg/radare2
Open-source framework for reverse engineering.
pwndbg
https://github.com/pwndbg/pwndbg
GDB plugin for exploit development.
Binwalk
https://github.com/ReFirmLabs/binwalk
Analyze and extract firmware images.
Angr
https://github.com/angr/angr
Python framework for binary analysis.
Rizin
https://github.com/rizinorg/rizin
Fork of Radare2 focused on usability and stability.
Volatility
https://github.com/volatilityfoundation/volatility
Memory forensics framework for malware analysis.
Post-Exploitation and Persistence
Empire
https://github.com/BC-SECURITY/Empire
Post-exploitation framework for PowerShell and Python.
Cobalt Strike
https://www.cobaltstrike.com/
Commercial toolkit for penetration testing and red teaming.
PowerSploit
https://github.com/PowerShellMafia/PowerSploit
PowerShell scripts for post-exploitation.
Pupy
https://github.com/n1nj4sec/pupy
Cross-platform post-exploitation remote access tool.
Meterpreter
https://github.com/rapid7/metasploit-framework
Dynamic payload within the Metasploit framework.
LaZagne
https://github.com/AlessandroZ/LaZagne
Extract passwords stored on local machines.
Mimikatz
https://github.com/gentilkiwi/mimikatz
Extract plaintext passwords and hashes from memory.
Responder
https://github.com/lgandx/Responder
Tool for LLMNR/NBT-NS/MDNS poisoning.
CrackMapExec
https://github.com/Porchetta-Industries/CrackMapExec
Post-exploitation tool for lateral movement in Windows networks.
BloodHound
https://github.com/BloodHoundAD/BloodHound
Visualize Active Directory relationships for privilege escalation.
Additional Phishing Tools
Zphisher
https://github.com/htr-tech/zphisher
Create phishing pages for multiple services like Facebook, Gmail, etc.
EvilProxy
https://github.com/joswr1ght/evilproxy
Transparent proxy for phishing and credential collection.
King Phisher
https://github.com/rsmusllp/king-phisher
Advanced phishing campaign toolkit.
CredSniper
https://github.com/ustayready/CredSniper
Framework for real-time two-factor phishing attacks.
Mobile Pentesting
Drozer
https://github.com/FSecureLABS/drozer
Test Android app vulnerabilities.
MobSF
https://github.com/MobSF/Mobile-Security...work-MobSF
Static and dynamic analysis of mobile apps.
APKTool
https://github.com/iBotPeaches/Apktool
Decompile and recompile APKs for reverse engineering.
Frida
https://github.com/frida/frida
Dynamic instrumentation toolkit for mobile apps.
Objection
https://github.com/sensepost/objection
Runtime mobile app manipulation framework.
Needle
https://github.com/mwrlabs/needle
Automated testing framework for iOS apps.
Forensic Analysis
Autopsy
https://github.com/sleuthkit/autopsy
Digital forensics platform for analyzing disk images.
FTK Imager
https://accessdata.com/products-services...oolkit-ftk
Acquire and analyze digital evidence.
Plaso (Log2Timeline)
https://github.com/log2timeline/plaso
Create timelines of events from forensic data.
Network Analysis and Packet Capture
Wireshark
https://github.com/wireshark/wireshark
Packet analyzer for real-time network traffic capture and analysis.
Tcpdump
https://github.com/the-tcpdump-group/tcpdump
Command-line packet analyzer for troubleshooting and monitoring.
Ettercap
https://github.com/Ettercap/ettercap
Network security tool for man-in-the-middle attacks.
TShark
https://www.wireshark.org/docs/man-pages/tshark.html
Command-line interface for Wireshark.
Aircrack-ng
https://github.com/aircrack-ng/aircrack-ng
Suite for WiFi security assessment, including cracking WEP and WPA.
Kismet
https://github.com/kismetwireless/kismet
Wireless network detector, sniffer, and intrusion detection system.
Privilege Escalation and Exploitation
LinPEAS
https://github.com/carlospolop/PEASS-ng
Privilege escalation scripts for Linux.
WinPEAS
https://github.com/carlospolop/PEASS-ng
Privilege escalation tool for Windows.
PowerUp
https://github.com/PowerShellEmpire/PowerTools
Windows privilege escalation framework using PowerShell.
BeRoot
https://github.com/AlessandroZ/BeRoot
Privilege escalation checker for Linux and Windows.
GTFOBins
https://gtfobins.github.io/
Repository of Unix binaries useful for privilege escalation.
Evil-WinRM
https://github.com/Hackplayers/evil-winrm
Remote access shell for exploiting Windows via WinRM.
LOLBAS
https://github.com/LOLBAS-Project/LOLBAS
Repository of legitimate binaries for malicious use.
Password Cracking and Hash Manipulation
John the Ripper
https://github.com/openwall/john
Password cracking tool supporting multiple hash formats.
Netcat
https://github.com/diegocr/netcat
Networking utility for reading/writing across connections.
Bettercap
https://github.com/bettercap/bettercap
Comprehensive network attack and monitoring tool.
Fiddler
https://www.telerik.com/fiddler
Web debugging proxy for HTTP(S) traffic analysis.
