Privilege Escalation

  • BloodHound - a graphical tool used to analyze relationships within an Active Directory environment and help identify attack paths
  • BeRoot - a script to check for common privilege escalation vectors on Windows systems
  • LinPeas - a script to enumerate Linux systems for privilege escalation paths
  • WinPeas - a script to enumerate Windows systems for privilege escalation paths

Command and control

  • Empire Project - a PowerShell and Python-based Empire is a post-exploitation framework that includes a variety of modules for command and control, keylogging, and lateral movement
  • Pupy - a Python-based remote administration tool that allows for persistent access to a compromised system
  • Cobalt Strike - a commercial post-exploitation tool that includes command and control capabilities, keylogging, and lateral movement
  • Sliver - a macOS, Linux, and Windows client-server based payload generator that uses PowerShell and Python

Reconnaissance

  • Nginxpwner - a script used to identify misconfigured nginx web servers that may be vulnerable to exploitation
  • Nmap - a tool used for network exploration, port scanning, and service enumeration
  • Shodan - a search engine for internet-connected devices that allows for reconnaissance and identification of vulnerable systems
  • Sqlmap - an automated tool used for SQL injection and database takeover
  • Crt.sh - a search engine for SSL/TLS certificates that can be used for subdomain enumeration and reconnaissance
  • OpenVAS - an open-source vulnerability scanner that can be used to identify security vulnerabilities in a network
  • RustScan - a fast and lightweight port scanner that can be used for reconnaissance and enumeration
  • Nikto - an open-source web server scanner that can be used for reconnaissance and identification of vulnerabilities
  • Amass - a tool for subdomain enumeration that can be used for reconnaissance and identification of vulnerable systems

Phishing

  • Gophish - Open-source phishing toolkit designed for businesses and penetration testers.
  • King Phisher - Phishing campaign toolkit for penetration testers and red teams.
  • EvilURL - A tool that can generate and test domain typos and homograph attacks.

Bruteforce

  • Hydra - Fast and flexible network login password cracking tool.
  • John the Ripper - Password cracking tool that uses dictionary attacks and brute-force methods.
  • Medusa - Speedy, massively parallel, modular login brute-forcer.
  • Ncrack - High-speed network authentication cracking tool.
  • CeWL - Custom Word List generator to extract unique words and generate password lists.

Zip Cracker

  • fcrackzip - A fast password cracker partly written in assembler.

Directories and Subdomains Enumeration

  • PureDNS - A fast domain name resolution analyzer and DNS scanner.
  • GoBuster - Directory and DNS brute-forcing tool written in Go.
  • DirBuster - A multi-threaded Java application designed to brute force directories and files names on web/application servers.
  • DIRSEARCH - A simple command-line tool for brute-forcing directories and files on web servers.
  • FFUF - A fast web fuzzer written in Go.
  • Merlin - Subdomain discovery and enumeration tool.
  • Dirsearch-x - An advanced variant of dirsearch, a web path scanner.
  • Dirb - A web content scanner and brute force tool.
  • Recon-ng - A full-featured web reconnaissance framework.
  • LFISuite - A tool to find and exploit local file inclusion vulnerabilities using a variety of techniques.

OSINT

  • Maltego - Proprietary software for open-source intelligence and forensics, enabling users to mine and gather information from various sources.
  • Spiderfoot - An open-source intelligence automation tool that automatically queries over 100 public data sources to gather intelligence on IP addresses, domain names, email addresses, names, and more.
  • OSINT - A framework for performing OSINT tasks to find information about a target.

Framework Exfiltration

  • Egress-Assess - A tool designed to test an organization’s outbound Internet connectivity by attempting various data exfiltration techniques.

Credential Dumping

  • Mimikatz - A tool used to extract Windows credentials from memory, Windows registry hives, and Windows authentication packages.
  • LaZagne - A tool used to retrieve passwords stored on a local computer. It supports more than 200 applications.
  • forkatz - A .NET security tool that can be used to enumerate and extract various types of Windows credentials, including the DPAPI Master Keys and Windows Vault credentials.
  • Pypykatz - A tool used to extract Windows credentials from memory and various Windows artifacts. It supports both live and offline analysis.