Browse & filter

Debian-based distribution maintained by Offensive Security, shipping thousands of pre-packaged security and penetration-testing tools.

Arch Linux-based penetration testing distribution: thousands of security tools via the BlackArch repository.

Modular exploitation framework with payloads, encoders, auxiliaries, and integration points for exploit development.

OWASP flagship web app scanner and proxy: automated checks, manual request tampering, scripting, and CI integrations.

Automatic SQL injection and database takeover helper with fingerprinting, data exfiltration, and OS-shell paths.

Web server scanner that probes for dangerous files, outdated software, and misconfigurations via many checks.

Fast vulnerability scanner driven by YAML templates—used for recon, misconfigs, CVEs, and custom checks at scale.

Fast HTTP probing CLI: status, title, tech fingerprinting, paths, and pipeline-friendly output for asset lists.

Passive subdomain enumeration aggregating many OSINT sources with resolver validation options.

Attack surface mapping engine: DNS, certificates, APIs, scraping, and graphing for deep asset discovery.

E-mail, subdomain, and host harvesting from search engines, PGP servers, and common OSINT APIs.

Fast web fuzzer for directories, virtual hosts, parameters, and raw HTTP—common in bug bounty playbooks.

Go-based directory/DNS/vhost brute-forcer with threading tuned for pentest wordlists.

Recursive content discovery written in Rust with intelligent filtering and replay-friendly output.

WordPress security scanner: version fingerprinting, plugin/theme vuln DB, weak creds, and user enumeration.

XSS parameter analyzer and reflected/stored/DOM-focused fuzzer with mining and pipeline modes.

Python classes and scripts for low-level Windows network protocols (SMB, MSRPC, Kerberos, LDAP, etc.).

Active Directory attack-path graphing: ingest collectors, map privilege chains, and plan remediations.

Network post-exploitation Swiss Army knife for SMB/WinRM/LDAP/MSSQL/WMI—successor spirit to CrackMapExec.

Ruby WinRM shell for pentesting: remote commands, file upload, Pass-the-Hash, and menu helpers.

LLMNR/NBT-NS/mDNS poisoner and rogue server suite for credential capture in internal test networks.

Interactive TLS-capable HTTP(S) proxy with console, web, and scriptable interception.

Network attack framework: Wi-Fi, BLE, LAN recon, ARP/DNS spoofing, proxy, and modular caplets.

GPU-accelerated password recovery and hash cracking supporting hundreds of algorithms and attack modes.

Password cracker focused on fast CPU modes, formats, and incremental attacks—ubiquitous in audits.

802.11 WEP/WPA/WPA2 auditing suite: capture, deauth, handshake cracking, and WPS testing tools.

Python wrapper automating Aircrack/Reaver/Bully flows for WEP/WPA wireless audits.

Curated archive of public exploits and proof-of-concepts with searchsploit CLI for offline lookup.

CLI probe of TLS/SSL ciphers, protocols, headers, and common misconfigurations on any TCP listener.

Penetration testing tool for Kubernetes clusters: active hunting modules for API exposure, services, and misconfigs.

Rhino Security Labs offensive AWS testing framework: modules for privilege escalation, persistence, data exfiltration, and service-specific attacks.