Introduction
Penetration testing and ethical hacking tools are critical components of any organization’s vulnerability assessment and patching process.
Because cyber assaults are on the rise, businesses must pay close attention to penetration testing and continue to monitor their networks to avoid an attack that might result in major harm to the company’s image.
In order to run a security operation, security specialists and researchers must depend on security and hacking tools that allow them to save time while successfully monitoring and doing penetration testing on the network.
We’ve compiled a comprehensive list of the most essential hacking tools used by millions of security experts and thousands of businesses across the globe.
Debuggers
- GDB https://www.gnu.org/software/gdb
- IDA https://www.hex-rays.com/products/ida/
- Immunity Debugger https://www.immunityinc.com/products/debugger
- OllyDbg www.ollydbg.de
- WinDbg https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-tools
Evasion and Code Obfuscation
- py2exe https:/py2exe.org
- Shikata_ga_nai https://github.com/rapid7/metasploit-framework
- Veil https://github.com/Veil-Framework/Veil
Networking Tools
- fping https://fping.org
- hping http://www.hping.org
- Scapy https://scapy.net
- Tcpdump https://www.tcpdump.org
- Wireshark https://www.wireshark.org
Penetration Testing Frameworks
- Empire https://www.powershellempire.com
- Impacket https://github.com/CoreSecurity/impacket
- Kali Linux https://www.kali.org
- Metasploit https://www.metasploit.com
- PowerSploit https://github.com/PowerShellMafia/PowerSploit
- Responder https://github.com/SpiderLabs/Responder
- SharpHound https://github.com/BloodHoundAD/SharpHound3
Reconnaissance (OSINT)
- Censys https://censys.io
- ExifTool https://github.com/exiftool/exiftool
- FOCA https://github.com/ElevenPaths/FOCA
- Maltego https://www.maltego.com
- Recon-ng https://github.com/lanmaster53/recon-ng
- Shodan https://www.shodan.io
- theHarvester https://github.com/laramies/theHarvester
- WHOIS https://www.whois.net
Remote Access Tools
- Apple Remote Desktop https://www.apple.com/remotedesktop
- Microsoft Remote Desktop Protocol (RDP) https://docs.microsoft.com/en-us/windows/desktop/termserv/remote-desktop-protocol
- Ncat https://nmap.org/ncat
- Netcat http://netcat.sourceforge.net
- OpenSSH https://www.openssh.com
- ProxyChains https://github.com/haad/proxychains
- PsExec https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
- TigerVNC https://tigervnc.org
- WinRM https://docs.microsoft.com/en-us/windows/desktop/winrm/portal
- WMI https://docs.microsoft.com/en-us/windows/desktop/wmisdk/about-wmi
- X server https://www.x.org/wiki/XServer
Social Engineering Tools
Virtual Machine Software
- Oracle VM VirtualBox https://www.virtualbox.org
- Proxmox Virtual Environment https://www.proxmox.com
- VMware Workstation or VMware Player https://www.vmware.com
Vulnerability and Exploitation Research
- ATT&CK https://attack.mitre.org
- CAPEC https://capec.mitre.org
- CVE Details https://www.cvedetails.com
- CVE https://cve.mitre.org
- CWE https://cwe.mitre.org
- Exploit Database https://www.exploit-db.com
- National Vulnerability Database https://nvd.nist.gov
- Searchsploit https://www.exploit-db.com/searchsploit
- sqlninja http://sqlninja.sourceforge.net/
- xsshunter https://xsshunter.com/
- NoSQLMap https://github.com/codingo/NoSQLMap
- ysoserial https://github.com/frohoff/ysoserial
- SSRFTest https://github.com/daeken/SSRFTest
- Retire-js https://addons.mozilla.org/en-US/firefox/addon/retire-js/
- spiderfoot https://github.com/smicallef/spiderfoot
Vulnerability Scanners
- Nessus https://www.tenable.com/products/nessus
- Nikto https://cirt.net/Nikto2
- OpenVAS https://www.openvas.org
- wapiti https://wapiti.sourceforge.io/
- canvas https://www.immunityinc.com/products/canvas/
- Sn1per https://github.com/1N3/Sn1per
- lazyrecon https://github.com/nahamsec/lazyrecon
- Osmedeus https://github.com/j3ssie/Osmedeus
- reconness https://github.com/reconness/reconness
- ironwasp https://resources.infosecinstitute.com/ironwasp-part-1-2/
Web and Database Tools
- Burp Suite https://portswigger.net/burp
- OWASP ZAP https://github.com/zaproxy/zaproxy
- sqlmap http://sqlmap.org
- Active Scan++ https://portswigger.net/bappstore/3123d5b5f25c4128894d97ea1acc4976
- BurpSentinel https://github.com/dobin/BurpSentinel
- Auto Repeater https://github.com/nccgroup/AutoRepeater
- Authorize https://portswigger.net/bappstore/f9bbac8c4acf4aefa4d7dc92a991af2f
- Burp Beautifier https://portswigger.net/bappstore/a005a6a8fba34a8893ec649f76a8d5a7
- Flow https://portswigger.net/bappstore/ee1c45f4cc084304b2af4b7e92c0a49d
- Headless Burp https://portswigger.net/bappstore/d54b11f7af3c4dfeb6b81fb5db72e381
- Logger++ https://portswigger.net/bappstore/470b7057b86f41c396a97903377f3d81
- WSDL wizard https://portswigger.net/bappstore/ef2f3f1a593d417987bb2ddded760aee
- Json beautifier https://portswigger.net/bappstore/309ef28d45ff4f19bedfed3896cb3ca9
- Jparser https://github.com/nahamsec/JSParser
- Knockpy https://github.com/guelfoweb/knock
- Lazys3 https://github.com/nahamsec/lazys3
- Sublist3r https://github.com/aboul3la/Sublist3r
- teh_s3_bucketeers https://github.com/tomdev/teh_s3_bucketeers
- virtual-host-discovery https://github.com/jobertabma/virtual-host-discovery
- wpscan https://github.com/wpscanteam/wpscan
- webscreenshot https://github.com/maaaaz/webscreenshot
- asnloockup https://www.ultratools.com/tools/asnInfo
- unfurl https://github.com/JLospinoso/unfurl
- waybackurls https://github.com/tomnomnom/waybackurls
- httprobe https://github.com/tomnomnom/httprobe
- meg https://github.com/tomnomnom/meg
- gau https://github.com/lc/gau
- ffuf https://github.com/ffuf/ffuf
- dirsearch https://github.com/maurosoria/dirsearch
- subfinder https://github.com/projectdiscovery/subfinder
- EyeWitness https://github.com/FortyNorthSecurity/EyeWitness
- nuclei https://github.com/projectdiscovery/nuclei
- naabu https://github.com/projectdiscovery/naabu
- shuffledns https://github.com/projectdiscovery/shuffledns
- dnsprobe https://github.com/projectdiscovery/dnsprobe
- chaos https://chaos.projectdiscovery.io/
- subjack https://github.com/haccer/subjack
- gitGraber https://github.com/hisxo/gitGraber
- shhgit https://github.com/eth0izzle/shhgit
- commit-stream https://github.com/x1sec/commit-stream
- masscan https://github.com/robertdavidgraham/masscan
- massdns https://github.com/blechschmidt/massdns
- findomain https://github.com/Edu4rdSHL/findomain
- Amass https://github.com/OWASP/Amass
- dnsgen https://github.com/ProjectAnte/dnsgen
- DNSGrep https://github.com/erbbysam/DNSGrep
- wfuzz https://github.com/xmendez/wfuzz
- aquatone https://github.com/michenriksen/aquatone
- WhatWeb https://github.com/urbanadventurer/WhatWeb
- recon_profile https://github.com/nahamsec/recon_profile
Wireless Testing Tools
- Aircrack-ng https://www.aircrack-ng.org
- Kismet https://www.kismetwireless.net
- Wifite https://github.com/derv82/wifite2
Credential Testing Tools
- Cain and Abel https://www.darknet.org.uk/2007/01/cain-and-abel-download-windows-password-cracker/
- CeWL https://tools.kali.org/password-attacks/cewl
- DirBuster https://tools.kali.org/web-applications/dirbuster
- Hashcat https://hashcat.net/hashcat
- Hydra https://tools.kali.org/password-attacks/hydra
- John the Ripper https://tools.kali.org/password-attacks/john
- Medusa http://foofus.net/goons/jmk/medusa/medusa.html
- Mimikatz https://github.com/gentilkiwi/mimikatz
- Patator https://github.com/lanjelot/patator
- w3af http://w3af.org
CTF Tools
- ctf-tools https://github.com/zardus/ctf-tools
- Pwntools https://github.com/Gallopsled/pwntools
- RSACTFTool https://github.com/sourcekris/RsaCtfTool
Mobile hacking
- MobSF https://github.com/MobSF/Mobile-Security-Framework-MobSF
- jadx https://github.com/skylot/jadx
- dex2jar https://github.com/pxb1988/dex2jar
- radare2 https://rada.re/n/
- genymotion https://www.genymotion.com/
- Universal unpinner https://gist.github.com/teknogeek/4dc35fb3801bd7f13e5f0da5b784c725
- Frida https://frida.re/
Other tools
- ettercap https://www.ettercap-project.org/
- transformations https://transformations.jobertabma.nl/
- foxyproxy https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/
- wappalyzer https://addons.mozilla.org/en-US/firefox/addon/wappalyzer/
- builtwith https://addons.mozilla.org/en-US/firefox/addon/builtwith/
- altair https://altair.sirmuel.design/
- thc-hydra https://github.com/vanhauser-thc/thc-hydra
- peda https://github.com/longld/peda