A list of great resources for pentesting and similars.
Always try to search in internet for potential vulnerabilities, default credentials and things you don't know about.
If you think my repository has been interesting please give me a star.
I will keep updated the project with new tools or changes.
- More Resources
- Fuzzing
- Scanning
- Network Exploitation
- Web Scanners
- Active Directory
- Bypassing
- Web Hacking
- Privilege Escalation
- Pivoting
- Payloads-Frameworks
- Famous Vulns
- HashCracking
- Wi-Fi
- Buffer Overflow
- Social Engineering
- OSINT
- Bluethooth
- Extra
- Captcha-ByPassing-Lab
- Browser Add-ons
- Car-Hacking
- wfuzz
- gobuster
- dirbuster
- dirb
- feroxbuster
- ffuz
- sublist3r
- nmap
- masscan
- smbmap
- enum4linux
- rpcclient
- Bingoo (for dorking searching and exploitation)
- WhatWaf (useful to discover the exactly WAF of a server)
- whatw00f
- snmpwalk
- crackmapexec
- Rubeus
- netcat
- nishang
- dig
- WhatWeb (for identifying technologies on a webpage)
- wpscan (the best wordpress scanner)
- WPSeku
- joomscan
- mimikatz
- kerbrute
- impacket
- ldapdomaindump
- Responder
- evil-winrm
- gMSADumper
- ConPtyShell
- BloodHound
- ldapsearch
- NTLM-Generator
- neo4j
- SharpHound
- PowerSploit
- PSByPassCLM (for bypassing ConstrainedLanguage)
- AppLocker
- Chimera
- Ebowla (not longer updated but useful)
- PowerShdll
- Chankro
- PHP_disabled_functions
- Phantom-Evasion (for bypassing antivirus)
- Burp Suite (for intercepting web requests)
- sqlmap
- NoSQLMap
- kiterunner
- xsshunter
- PEASS-ng (the best system enumeration tool)
- LinEnum
- Windows-Exploit-Suggester
- GTFOBins (binaries exploitations)
- juicy-potato (for abusing SeImpersonatePrivilege)
- pspy (for capturing running processes)
- JAWS
- BeRoot
- socat
- proxychains (for establishing connections with proxys)
- chisel (used for port forwarding)
- Precompiled-Binaries
- reGeorg (used for port forwarding throught a uploaded file)
- proxify
- peirates (useful for kubernetes pivoting)
- searchsploit
- metasploit (Not allowed in the OSCP)
- merlin
- Graffiti
- legion
- SILENTTRINITY
- Covenant
- msfvenom (the best shellcode/exploit generator)
- bin-sploits
- One-Lin3r (a framework with a useful list of one-liners)
- john (And john variants like ssh2john or zip2john...)
- hashcat
- CyberChef (for resolving a lot of crypto CFTs)
- hash-identifier
- HashID
- Crackstation (a huge list of rainbow tables with precomputed hashes)
- RsaCtfTool (useful for different cryptography situations)
- NameThatHash (for identifying unknown hashes)
- quipqiup
- aircrack-ng (the well known aircrack suite)
- Wireshark (for intercepting wifi and bluethooth packets)
- wifite2
- macchanger (the most famous tool to change your mac address)
- bettercap
- Pyrit (deprecated)
- hcxtools (for the PKMID attack)
- Evil-Trust (for the evil twin attack)
- wifiphiser
- routersploit
- gps-sdr-sim (useful to do GPS spoofing and much more)
- RFAnalyzer (used to analyze the radio frecuncies spectrum)
- portapack-hackrf (a extra module to make your HackRF portable)
- proxmark3 (for cloning RFID signals)
- hackrf (the best radio frecuencies gadget)
- FCC (a list with the most used frecuencies and much more info)
- gqrx (another great spectrum analyzer to discover the objects frecuencies)
- brakeman
- radare2 (for debugging binaries in the terminal)
- gdb (a command line tool to interact with binaries)
- gef (it's a gdb extension)
- peda
- ghydra (a debugging framework developed by the NSA)
- ropper (for searching gadgets)
- InmunityDebugger
- badchars (a list of badchars that may be used in a BoF)
- x64dbg
- mona
- apktool (for debugging apk files)
- dotPeek (a windows debugging application)
- gophish (the best tool for creating templates and campaigns)
- SET
- BITB (templates for the Browser In Ihe Browser attack)
- urlcrazy
- theHarvester
- CredSniper
- BeEF
- goclone
- Mythic-Macro-Generator
- KnockMail (to verify if an email exists)
- evilginx2
- Maltego
- Shodan (The famous IoT browser)
- recon-ng
- WayBack Machine (A big list of websites, databases, and more)
- OSINT Framework
- email2phonenumber
- Ahria
- PhoneInfoga
- Ashok
- TinEye
- mvt (for checking if you're infected with pegasus)
- MobSF
- Needle
- Vezir-Project
- objection
- apktool
- RMS
- Jadx
- Volatily
- exiftool (used to view the metadata of a file)
- UsnJrnl2Csv
- usbkill (it shuts down your pc if it's manipulated)
- Inception
- pegasus_spyware (you know what is this)
- GoldenEye (a python ddos tool)
- GOD_KILLER (for sms spamming)
- pandora-carding (a carding blog in spanish)
- ufonet (used for ddos, it abuses Open Redirections)
- Dorkify (for performing google dorking)
- AdoBot (and android spyware)
- LaZagne (used to find passwords once you have access to a pc)
- rootkit
- btlejack (best BLE hijacking tool)
- bettercap
- crackle (used for cracking protected connections)
- hcitool
- esptool
- wireshark
- CommandoVM (a totaly offensive windows machine)
- GitTools (tools to recompile a git project)
- DDexec
- odat (for attacking Oracle services)
- Ghostpack
- cewl (for creating dictionaries based on a webpage)
- rlwrap
- phpsploit
- onesixtyone (for bruteforcing SNMP string)
- Honeypot
- HomePWN (an IoT device pwner)
- Gopherus
- Stego-Toolkit
- PRET (for printer exploitation)
- deserialization-Log4j
- jwt_tool
- dronesploit
- Reptile (A linux rootkit)
- SprayingToolkit (used for password spraying)
- smtp-user-enum
- FoxyProxy (for sending requests to BurpSuite)
- Wappalyzer (for web scanning)
- EasyXSS
- Authenticator
- DarkReader (for changing the white colors to black ones, hackers take care of their eyes)
- Anonymox
- Keepass (for keeping secure your passwords)
- Reverse-Shells
- PayloadsAllTheThings
- VirusTotal
- Wrappers
- ExploitDB
- HackTricks
- Buffer-Overflow
- Wifi-Cheat-Sheet
- CVE
- AppLockerByPass
- SecLists
- My-Setup
- HackingDream
- Vulnhub
- PHP-Webshell
- MalwareSourceCode
- Reverse Shell Generator
- Pivoting-Cheat-Sheet
- HackTheBox-Writeups
- ViewDns
- Linux-Functions
- Spanish-Pentesting
- English-Pentesting
⚪ Created by D3Ext