Security Tools Directory

Graph-based OSINT and threat intelligence platform. Visualise relationships between people, domains, IPs, and organisations.

Harvest emails, subdomains, hosts, employee names, open ports, and banners from public sources.

Search engine for internet-connected devices. Find exposed servers, webcams, routers, and industrial control systems.

Full-featured web reconnaissance framework with independent modules for OSINT data gathering.

Automates OSINT collection across 200+ data sources to build a complete picture of a target.

OWASP's gold standard for attack surface mapping. Deep DNS enumeration, scraping, and certificate transparency.

Internet-wide scanning platform with richer data than Shodan. Essential for attack surface management and exposed asset discovery.

Fast passive subdomain enumeration using search engines, VirusTotal, Netcraft, and DNSdumpster simultaneously.

Structured web-based map of OSINT tools and resources organised by data type. The starting point for any recon engagement.

The gold standard for network discovery and security auditing. Detects open ports, OS versions, and running services.

Scans the entire internet in under 6 minutes. Fastest TCP port scanner available, ideal for large-scale recon.

Open source web server scanner that detects dangerous files, outdated software, and server misconfigurations.

Active/passive ARP reconnaissance tool for discovering live hosts on a local network without DNS.

Single-packet internet scanner capable of surveying the entire IPv4 address space in under 45 minutes.

Industry-standard directory, DNS, and VHost brute forcer. Faster than DirBuster and a staple in every CTF and pentest.

Blazing-fast recursive content discovery tool written in Rust. Handles large wordlists and deep directory trees effortlessly.

Next-gen SMB/Samba enumeration tool. Extracts usernames, shares, policies, and OS info from Windows targets.

Identifies web technologies, CMS, frameworks, and server software. Quiet to aggressive scan modes available.

Open source vulnerability scanner and manager. Part of the Greenbone Vulnerability Management suite.

Fast, template-based vulnerability scanner. Community-driven with thousands of detection templates.

Widely used web application security scanner. Great for finding OWASP Top 10 vulnerabilities during development.

Web application vulnerability scanner that crawls pages and injects payloads to find SQL injection, XSS, and more.

Security auditing tool for Unix/Linux systems. Performs in-depth scans of system hardening and compliance.

Industry-leading professional vulnerability scanner by Tenable. Trusted by enterprise security teams worldwide.

Black box WordPress security scanner. Enumerates users, plugins, themes, and known CVEs. Essential for WordPress assessments.

Fast SSL/TLS configuration analyser. Checks for weak ciphers, expired certs, BEAST, POODLE, Heartbleed, and more.

All-in-one vulnerability scanner for containers, filesystems, Git repos, and cloud configs. The go-to for DevSecOps pipelines.

The world's most used penetration testing framework. Contains hundreds of exploits, payloads, and auxiliary modules.

Automates detection and exploitation of SQL injection vulnerabilities. Supports all major databases.

Browser Exploitation Framework. Focuses on web browser vulnerabilities to assess the security posture of a target.

Automated command injection and exploitation tool for web applications. Detects and exploits injection flaws.

Exploitation framework dedicated to embedded devices. Includes exploits for common routers and IoT devices.

LLMNR/NBT-NS/MDNS poisoner that captures NTLMv1/v2 hashes on the local network. One of the most effective internal pentest tools.

Python classes for crafting and parsing network protocols. Powers tools like psexec, secretsdump, and GetUserSPNs for AD attacks.

Full-featured WinRM shell for pentesting. Supports file upload/download, script loading, and pass-the-hash authentication.

Swiss army knife for Active Directory environments. Tests credentials, executes commands, and enumerates shares across the network.

World's fastest GPU-based password recovery tool. Supports 300+ hash types including MD5, SHA, bcrypt, and WPA.

Classic open source password cracker. Supports auto-detection of hash type and multiple attack modes.

Fast and flexible network login cracker supporting SSH, FTP, HTTP, SMB, and 50+ other protocols.

Parallel network login auditor. Designed for speed with modular support for many services.

Custom wordlist generator. Spiders a target website and builds a tailored wordlist from its content.

802.11 WEP and WPA/WPA2 cracking suite. Captures handshakes, performs deauth attacks, and cracks WiFi passwords.

Hash cracker that uses precomputed rainbow tables for near-instant cracking of unsalted MD5, SHA1, and NTLM hashes.

Multi-purpose brute forcer built to avoid false positives. Supports SSH, FTP, HTTP, LDAP, SMB, and more with fine control.

The ultimate collection of wordlists for fuzzing, brute forcing, and payload testing. Used in virtually every pentest.

The definitive web application security testing platform. Proxy, scanner, intruder, repeater — used by every professional web pentester.

Fuzz Faster U Fool. Lightning-fast web fuzzer for directories, parameters, headers, and virtual hosts. A CTF and bug bounty essential.

Web application fuzzer that replaces any field in HTTP requests. Flexible payload support for auth bypass, SQLi, and parameter tampering.

HTTP parameter discovery suite. Finds hidden GET/POST/JSON parameters that may expose unintended functionality.

Fast and powerful XSS scanner and parameter analyser. Detects reflected, stored, and DOM-based XSS with low false-positive rates.

Advanced XSS detection suite with a built-in fuzzer, DOM crawler, and intelligent payload generation engine.

Modern web security testing proxy built for speed. Clean UI, built-in scripting, and collaborative workflows — a strong Burp alternative.

Fast web crawler for gathering URLs, endpoints, and JS files from web applications. Pipes cleanly into other tools.

Mines parameters from web archives without interacting with the target. Great for passive recon before active testing.

The most widely used network protocol analyser. Captures live traffic or reads pcap files with deep protocol dissection.

Lightweight command-line packet analyser. The go-to for quick captures on servers where a GUI isn't available.

Swiss army knife for network attacks. Handles ARP spoofing, MITM, credential sniffing, and WiFi/BLE attacks in one tool.

Comprehensive MITM attack suite supporting ARP poisoning, passive sniffing, and active injection on switched networks.

Powerful network analysis framework that converts packet data into structured logs. Used heavily in threat hunting and SOC workflows.

Passive network forensics tool that reassembles files, images, and credentials from pcap files without active scanning.

Python-based packet manipulation library. Craft, send, sniff, and dissect custom packets for protocol testing and network attacks.

Wireshark's command-line counterpart. Ideal for scripted captures, pcap analysis, and piping into other tools.

Large-scale full packet capture and search system. Indexes and stores network traffic for long-term analysis and incident response.

NSA-developed reverse engineering suite. Disassembles and decompiles binaries across architectures with a powerful scripting engine.

GNU debugger enhanced with pwndbg for exploit development. Essential for binary exploitation and CTF pwn challenges.

Advanced open source reverse engineering framework. Disassembly, debugging, patching, and scripting in one powerful CLI tool.

Industry-standard memory forensics framework. Extracts processes, network connections, registry hives, and malware from RAM dumps.

Digital forensics platform with a GUI for analysing disk images, recovering deleted files, and building timelines of activity.

Firmware analysis and extraction tool. Identifies and carves embedded files, filesystems, and compressed archives from binary blobs.

Extracts printable strings from binaries. The first thing to run on any unknown file in a CTF challenge.

Identifies packers, compilers, and protectors in executables. Tells you what you're dealing with before you start reversing.

PE file explorer and editor for Windows binaries. Inspect headers, import tables, resources, and patch executables directly.

The "Cyber Swiss Army Knife" by GCHQ. Encodes, decodes, analyses, and transforms data with 300+ operations — open in every CTF.

CTF framework and exploit development library for Python. Simplifies binary exploitation, ROP chaining, and remote interaction.

Finds ROP, JOP, and SYS gadgets in binaries for return-oriented programming exploits. Essential for CTF pwn challenges.

Mathematics software for cryptography challenges. Solves RSA, elliptic curve, and lattice-based crypto problems that appear in CTFs.

Attacks weak RSA implementations automatically. Tries dozens of known RSA attacks: small e, common factor, Wiener, and more.

Identifies cryptographic hash types from their format. Paste an unknown hash and instantly know what algorithm produced it.

Steganography tool that hides and extracts data inside JPEG, BMP, WAV, and AU files. Common in CTF stego challenges.

Image steganography analyser. Cycles through bit planes and colour filters to reveal hidden data in images.

Automatically decrypts and decodes unknown ciphertext using AI. Handles 50+ encodings and ciphers without knowing the algorithm.

The Social-Engineer Toolkit by TrustedSec. The standard for phishing, credential harvesting, and payload delivery simulations.

Open source phishing framework. Build, launch, and track phishing campaigns with detailed click-through and credential capture reporting.

MITM attack framework for phishing credentials and session tokens. Bypasses 2FA by proxying real login pages transparently.

Feature-rich phishing campaign toolkit with a web dashboard, email templates, and real-time visitor tracking.

Enterprise social engineering awareness platform. Runs simulated phishing, vishing, and smishing campaigns with detailed analytics.

Phishing framework that uses real login pages captured from live sites. Supports 2FA token capture and session hijacking.

Automated phishing tool with 30+ built-in templates for popular services. Beginner-friendly for learning phishing mechanics in a lab.

Flexible HTTP reverse proxy for 2FA bypass phishing. Works transparently between the victim and the real website.

Quick phishing page generator and credential logger. Useful for controlled security awareness tests in lab environments.

Extract plaintext passwords, hashes, and Kerberos tickets from Windows memory. A staple in Windows post-exploitation.

Maps Active Directory attack paths using graph theory. Reveals hidden privilege escalation routes.

PowerShell and Python post-exploitation agent. Provides C2 functionality with a wide range of modules.

Fast TCP/UDP tunnel over HTTP. Used for pivoting through firewalls and tunnelling traffic in restricted environments.

Linux privilege escalation awesome script. Automatically checks hundreds of common local privilege escalation vectors.

Windows privilege escalation checker. Enumerates misconfigured services, weak permissions, unquoted paths, and stored credentials.

PowerShell-based AD recon tool. Enumerates domain trusts, GPOs, ACLs, and user relationships. Pairs perfectly with BloodHound.

Advanced reverse and bind shell framework. Auto-upgrades shells, handles persistence, and provides a full local TTY.

.NET-based collaborative C2 framework. Web UI, multi-operator support, and stealthy Grunt implants for red team operations.