tools list - dvanmosselbeen/security-cheat-sheet GitHub Wiki
Tools List
Table of Contents
Brute-Forcing
| Application |
Description |
| hydra |
very fast network logon cracker |
| hydra-gtk |
very fast network logon cracker - GTK+ based GUI |
| john |
active password cracking tool |
| johnny |
GUI for John the Ripper |
| wpscan |
Black box WordPress vulnerability scanner |
| joomscan |
OWASP Joomla Vulnerability Scanner Project |
Enumerating
Network Hosts enumerating
| Application |
Description |
| nmap |
The Network Mapper |
| rustscan |
The Modern Port Scanner |
| zenmap-kbx |
The Network Mapper Front End (GUI for nmap. the binary is called zenmap) |
| nmapsi4 |
graphical interface to nmap, the network scanner |
| netdiscover |
active/passive network address scanner using ARP requests |
| fierce |
Domain DNS scanner |
Web server enumerating
| Application |
Description |
| gobuster |
Directory/file & DNS busting tool written in Go |
| dirb |
URL bruteforcing tool |
| dirbuster |
Web server directory brute-forcer |
| nikto |
web server security scanner |
| wpscan |
Black box WordPress vulnerability scanner |
| wapiti |
web application vulnerability scanner |
SMB enumerating
| Application |
Description |
| enum4linux |
Enumerates info from Windows and Samba systems |
Vulnerability Scanners
| Application |
Description |
| Nessus |
Needs to be downloaded from their website |
| pompem |
Exploit and Vulnerability Finder |
Windows
System Analyse
Tools to analyse the system.
| Application |
Description |
| Sysinternals |
A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. |
| Process Hacker |
|
| Process Explorer |
|
| Windows-Exploit-Suggester |
This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins. |
| winPEAS |
Windows Privilege Escalation Awesome Scripts |
Note-making apps
| Application |
Description |
| CherryTree |
|
| OneNote |
|
| Joplin |
|
NOT SORTED YET
| Application |
Description |
| MimikatzMimikatz |
|
| linPEAS |
Linux Privilege Escalation Awesome Script |
| pspy |
unprivileged Linux process snooping |
| LinEnum |
Scripted Local Linux Enumeration & Privilege Escalation Checks |
| LSE |
Linux enumeration tools for pentesting and CTFs |
| PowerUp.ps1 |
PowerUp aims to be a clearinghouse of common Windows privilege escalation vectors that rely on misconfigurations. |
| shellgen |
Reverse and webshell Python script that generated different shells. TOP! NOTE: There are different version going around! |
| pwncat |
pwncat is a post-exploitation platform |
Resources