A curated list of awesome cybersecurity tools for both red, blue, and purple team operations.
Contributions are welcome! The goal of this repository is to be an up-to-date source of tools for all facets of cybersecurity. The landscape changes constantly and so do the tools. It's hard keeping track of everything! If you want to add (or remove outdated) tools, feel free to create an issue or a PR.
OS
Description
FlareVM Windows distribution for malware analysis and incident response.
Kali Open-source, Debian-based Linux distribution geared towards various information security tasks, such as Penetration Testing.
Parrot Parrot Security (ParrotOS, Parrot) is a Free and Open source GNU/Linux distribution based on Debian Stable designed for security experts, developers and privacy aware people.
REMnux Linux toolkit for reverse engineering malware.
Other awesome-Collections This repository is just a brief (and generalized) list of resources and tools for both sides of cyber: blue and red team operations. As such, this is not meant to be in-depth resources. If you are looking for more specific information and/or tools, this contains a list of resource collections.
Repository
Description
awesome-reversing A curated list of awesome reversing resources.
awesome-hacking A list of hacking resources and tools: RE, web, forensics, etc.
awesome-osint A curated list of amazingly awesome OSINT.
awesome-pentest A collection of awesome penetration testing resources, tools and other shiny things.
awesome-social-engineering A curated list of awesome social engineering resources.
awesome-asset-discovery List of Awesome Asset Discovery Resources.
awesome-incident-response A curated list of tools for incident response.
awesome-red-teaming List of Awesome Red Teaming Resources.
awesome-malware-analysis A curated list of awesome malware analysis tools and resources.
awesome-ida-x64-olly-plugin A list of plugins for IDA, Ghidra, GDB, OllyDBG, etc.
awesome-forensics A curated list of awesome forensic analysis tools and resources
awesome-pcaptools Tools for PCAP files
awesome-windows-post-exploitation Windows post-exploitation tools, resources, techniques and commands to use during post-exploitation phase of penetration test.
Repository
Description
Amsi-Bypass-PowerShell AMSI bypasses (Most are patched, but can be obfuscated to bypass)
AMSITrigger Finds which string(s) trigger AMSI.
chameleon PowerShell Script Obfuscator
Invisi-Shell Used to bypass PowerShell security (logging, AMSI, etc).
Invoke-Obfuscation PowerShell module for obfuscating PowerShell scripts to bypass AV/EDR solutions.
ISESteroids Powerful extension for the built-in ISE PowerShell editor (has obfuscation module)
Invoke-Stealth Simple & Powerful PowerShell Script Obfuscator
UPX PE packer.
Unprotect Contains malware evasion techniques along with PoC.
Repository
Description
Cloudmare Cloudflare, Sucuri, Incapsula real IP tracker.
crt.sh Find certificates based on a domain name. Can be used to find subdomains.
DorkSearch Premade Google dork queries.
ExifTool Read (and modify) metadata of files.
FaceCheck.ID Reverse image lookup based on facial-recognition.
Hunter Find company email format and list of employee email addresses.
osintframework An online database of OSINT tools.
PimEyes Reverse image lookup based on facial-recognition.
Recon-NG Reconaissance and OSINT framework. Has many modules such as port scanning, subdomain finding, Shodan, etc.
ScrapeIn Scrapes LinkedIn to create a list of employee email addresses (for use in Initial Access).
SecurityTrails Extensive DNS information.
Shodan Scans for all digital assets.
SpiderFoot Automatic OSINT analysis.
TheHarvester Collects names, emails, IPs, and subdomains of a target.
Repository
Description
altdns Subdomain enumeration using mutated wordlists.
AWSBucketDump Enumerate AWS S3 buckets to find interesting files.
burpsuite An advanced web application testing suite that can be used to get info on how webpages work.
CameRadar Cameradar hacks its way into RTSP videosurveillance cameraa
CloudBrute Enumerates "the cloud" (Google, AWS, DigitalOcean, etc) to find infrastructure, files, and apps for a given target.
dirb Web application directory / file fuzzer to find other pages.
DNSDumpster Online tool for DNS information of a domain.
EyeWitness Screenshots webpages. Supports multi-domain lists and Nmap output.
feroxbuster Like dirb, but written in Rust.
gobuster Like dirb, but written in Go. Also supports DNS busting (such as subdomains).
GoWitness Like EyeWitness, but in Go.
Masscan Like nmap, but faster (thus, not stealthy.)
Nikto Web server scanner to perform security checks on a web server.
Nmap Find running services on a network.
Raccoon All-in-one Reconaissance. Port/service scans, dirbusting, and web application retrieval.
Recon-NG Reconaissance and OSINT framework. Has many modules such as port scanning, subdomain finding, Shodan, etc.
Rustscan A rust network scanner that is faster than Nmap, and sends open ports to Nmap for service/version detection.
subfinder Passive subdomain discovery tool.
wappalyzer Identify what frameworks a website runs
wpscan Automatic WordPress scanner to identify information about a WordPress site and possible vulnerabilities.
Repository
Description
evilginx Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
GoPhish Phishing campaign framework to compromise user credentials.
Social Engineering Toolkit Social engineering framework.
SpoofCheck Checks if a domain can be spoofed.
zphisher An automated phishing tool with 30+ templates.
Repository
Description
BreachDirectory Leaked credential search engine to find passwords based on username, email, etc.
Dehashed Leaked credential search engine to find passwords based on username, email, etc.
IntelligenceX Leaked credential search engine to find passwords based on username, email, domain, etc.
LeakCheck Leaked credential search engine to find passwords based on username, email, domain, etc.
Snusbase Leaked credential search engine to find passwords based on username, email, etc.
Repository
Description
Arachni Web Application Security Scanner Framework
burpsuite Full web testing suite, including proxied requests
Caido Like Burp but written in Rust
dirb Web application directory/file fuzzer to find other pages or files worth looking at.
dotGit A Firefox and Chrome extension that shows you if there is an exposed .git directory
feroxbuster Web application directory/file fuzzer to find other pages or files worth looking at. Written in Rust.
flask-unsign Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application
gobuster Web application directory/file fuzzer to find other pages or files worth looking at. Also supports DNS busting (such as subdomains). Written in Go.
Nikto Web server scanner to perform security checks on a web server.
nosqlmap Like sqlmap, but for NoSQL.
PayloadsAllTheThings Useful payloads for a variety of attacks such as SQLi, IDOR, XSS, etc.
sqlmap Performs automated SQL injection tests on GET and POST requests.
w3af Web application attack and audit framework.
wappalyzer Identify what frameworks a website runs
wpscan Automatic WordPress scanner to identify information about a WordPress site and possible vulnerabilities.
Repository
Description
Aircrack-ng Aircrack-ng is a complete suite of tools to assess WiFi network security.
Kismet sniffer, WIDS, and wardriving tool for Wi-Fi, Bluetooth, Zigbee, RF, and more
Reaver Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases
Wifite Python script to automate wireless auditing using aircrack-ng tools
WifiPhisher The Rogue Access Point Framework
Repository
Description
Easysploit Automatic Metasploit payload generator and shell listener.
Impacket A collection of Python scripts useful for Windows targets: psexec, smbexec, kerberoasting, ticket attacks, etc.
Kerbrute A tool to perform Kerberos pre-auth bruteforcing
Medusa Bruteforcer with multiple protocol support.
Metasploit Exploit framework that can be used for intial access and/or post-exploitation.
Searchsploit Search ExploitDB for exploits. Useful if you identify a service version.
TeamFiltration Cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts
THC-Hydra Bruteforcer with multiple protocol support.
TREVORspray Advanced password spraying tool for Active Directory environments.
C2 frameworks can be considered both initial access and post-exploitation, as they generate payloads to be used in phishing campaigns (initial access) and will provide access to the host machine when ran (post exploitation).
Repository
Description
Cobalt Strike Most robust and advanced C2 framework (also paid).
Pupy Python and C C2 framework.
Sliver Go C2 framework.
Villain Python and Powershell C2 framework.
Repository
Description
BeRoot Automated Windows, Linux, and Mac privilege escalation path discovery tool.
BloodHound Active Directory visualizer, useful for finding misconfigurations and/or shortest path to Domain Admin.
CrackmapExec Post-exploitation tool that helps automate assessing the security of large Active Directory networks
GTFOBins Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
Impacket A collection of Python scripts useful for Windows targets: psexec, smbexec, kerberoasting, ticket attacks, etc.
Invoke-PrivescCheck Automated Windows privilege escalation path discovery tool.
LOLBAS Microsoft-signed binaries to perform APT or red-team functions (ie: dumping process memory).
Metasploit Exploit framework that can be used for intial access and/or post-exploitation.
Mimikatz Mimikatz is both an exploit on Microsoft Windows that extracts passwords stored in memory and software that performs that exploit.
nishang Offensive PowerShell for red team, penetration testing and offensive security.
PEASS-ng Automated Windows, Linux, and Mac privilege escalation path discovery tool.
PowerHub Post-exploitation module for bypassing endpoint protection and running arbitrary files.
PowerSploit A PowerShell post-exploitation framework with many modules: exfiltration, privelege escalation, etc.
PowerUp Automated Windows privilege escalation path discovery tool.
Searchsploit Search ExploitDB for exploits. Useful if you identify a service version.
SharpHound Data ingestor for BloodHound.
smbclient Allows connection to the SMB protocol.
smbmap Enumerates SMB shares.
Repository
Description
DNSExfiltrator Data exfiltration over DNS request covert channel
PowerSploit A PowerShell post-exploitation framework with many modules: exfiltration, privelege escalation, etc.
Repository
Description
certsync Dump NTDS with golden certificates and UnPAC the hash
Dumpert LSASS memory dumper using direct system calls and API unhooking.
Mimikatz Mimikatz is both an exploit on Microsoft Windows that extracts passwords stored in memory and software that performs that exploit.
nishang Offensive PowerShell for red team, penetration testing and offensive security.
PowerSploit A PowerShell post-exploitation framework with many modules: exfiltration, privelege escalation, etc.
Repository
Description
CeWL Scrape a website to generate a wordlist
crunch Generate wordlists based on requirements such as minimum and maximum length, character sets, etc.
Cupp Utilize OSINT to create password candidates for a specific person
hashcat Password cracking tool with multiple different supported formats
JohnTheRipper Password cracking tool (slower than Hashcat) but supports more formats with the Jumbo version
Mentalist A GUI for wordlisst generation
Repository
Description
Angle-Grinder Slice and dice logs on the command line
Autopsy Investigate disk images
Chainsaw Rapidly Search and Hunt through Windows Forensic Artefacts
FTK Imager Investigate disk images
Magika Detect file content types with deep learning
Velociraptor Velociraptor is a tool for collecting host based state information using The Velociraptor Query Language (VQL) queries.
Volatility An advanced memory forensics framework
Wireshark Network traffic packet analyzer
ZimmermanTools Eric Zimmerman's toolset for Windows forensics. EVTX, registry, ShellBags, ShimCache, and more.
Repository
Description
awesome-ida-x64-olly-plugin A list of plugins for IDA, Ghidra, GDB, OllyDBG, etc.
Cerberus A Python tool to unstrip Rust/Go binaries on Linux
cutter Disassembler and decompiler for multiple executable formats, based on Rizin.
Detect-It-Easy Detect file type and packer used.
dnSpy .NET debugger and editor.
dotPeak .NET Decompiler and assembly browser
FLOSS Automatically extract obfuscated strings from malware.
GDB Debugging tool for C, C++, Go, Rust, and more.
GEF GDB addon with advanced features -- GDB Enhanced Features.
ghidra Disassembler and decompiler for multiple executable formats.
hexedit View file hexadecimal.
JADX decompilation tool that can decompile JAR, APK, DEX, AAR, AAB, ZIP files
IDA Disassembler and decompiler for multiple executable formats.
PEiD detects most common packers, cryptors and compilers for PE files.
rizin CLI disassembler.
XPEViewer PE file viewer (headers, libraries, strings, etc).
Repository
Description
Cuckoo Automated dynamic malware analysis.
Wireshark View incoming and outgoing network connections.
Repository
Description
BLUESPAWN An Active Defense and EDR software to empower Blue Teams
CISBenchmarks Benchmark for security configuration best practices
HardeningKitty HardeningKitty and Windows Hardening settings and configurations
Linux Hardening Linux Hardening
SteamRoller Automating basic security configurations across an Active Directory environment
Coming soon?