misc-tools.md

Miscellaneous Tools

Information Gathering

• bing-ip2hosts - Enumerate hostnames from Bing
• datasploit - OSINT Framework to perform various recon techniques
• dnsenum - Perl script that enumerates DNS information
• dnsmap - Subdomain brute-forcing
• dnsrecon - DNS Enumeration Script
• dork-cli - Command-line Google dork tool
• dorks - Google hack database automation tool
• faraday - Collaborative Penetration Test and Vulnerability Management Platform
• fierce - DNS Analysis perl script
• FOCA - Fingerprinting Organizations with Collected Archives
• hping - Network tool able to send custom TCP/IP packets
• image-match - Quickly search over billions of images
• knock - Subdomain Scan
• masscan - Fast TCP port scanner
• metagoofil - Document and metadata reconnaissance (updated version)
• onioff - An onion url inspector for inspecting deep web links
• OSINT-SPY - Performs OSINT scan on email/domain/ip_address/organization
• pagodo - Automate Google Hacking Database scrapin
• SimplyEmail - Email recon made fast nd easy
• surfraw - a fast UNIX command line interface to a variety of popular WWW search engines
• TekDefense-Automater - IP URL and MD5 OSINT Analysis
• thechoice - TheChoice is a collection of 14 hacker tools
• WhatWeb - Web scanner
• xray - A tool for recon, mapping and OSINT gathering from public networks
• zmap - Fast single packet network scanner

Keyloggers

• BeeLogger - Generate Gmail Emailing Keyloggers to Windows
• Blackcat-Keylogger - Blackcat Keylogger is 100% invisible keylogger
• Keylogger - A simple keylogger for Windows, Linux and Mac
• Radium-Keylogger - Python keylogger with multiple features

Infrastructure

• inctf-framework - Attack-Defence CTF framework that uses application containers instead of virtual machines
• NullCTF - A Discord bot that provides ctf tools for collaboration in Discord servers!
• pentest-env - Pentest environment deployer (kali linux + targets) using vagrant and chef.

Maintaining Access

• EggShell - iOS/macOS/Linux Remote Administration Tool
• Metasploit - The world’s most used penetration testing framework
• Parat - Python based Remote Administration Tool(RAT)
• pupy - An opensource, cross-platform, multi function RAT
• QuasarRAT - Remote Administration Tool for Windows
• tgcd - TCP/IP Gender Changer Daemon
• TheFatRat - An Easy tool to Generate Backdoor for bypass AV
• Veil - Tool designed to generate metasploit payloads that bypass common anti-virus solutions
• WMImplant - PowerShell based tool that is designed to act like a RAT
• AhMyth - Android RAT

Social Engineering

• blackeye - The most complete Phishing Tool, with 32 templates +1 customizable
• evilginx2 - Standalone man-in-the-middle attack framework
• Gophish - Open-Source Phishing Framework
• king-phisher - Phishing Campaign Toolkit
• phishery - An SSL Enabled Basic Auth Credential Harvester
• ReelPhish - A Real-Time Two-Factor Phishing Tool
• social-engineer-toolkit - Open-source penetration testing framework designed for social engineering
• SocialFish - An Advanced Phishing Tool

Vulnerability Analysis

• Am-I-affected-by-Meltdown - Meltdown Exploit - Proof-of-concept
• InSpectre - Examine Windows for Meltdown and Spectre attack
• linux-exploit-suggester - Linux privilege escalation auditing tool
• Lynis - Auditing tool for Unix-based system
• Nmap - The Network Mapper
• sqlmap - Automatic SQL injection and database takeover tool
• T50 - The fastest network packet injector
• unix-privesc-check - Shell script to check for simple privilege escalation vectors on Unix systems
• Wapiti - The web-application vulnerability scanner
• Windows-Exploit-Suggester - Find exploits on Windows
• Mobile Security Framework (MobSF) - Mobile Security Framework is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework