MQCyberSec

Network security suite for monitoring, attacking, testing, and cracking WiFi networks with tools for all aspects of WiFi...

In-depth attack surface mapping and asset discovery tool that performs network mapping of attack surfaces and external a...

Powerful binary analysis framework for symbolic execution and program state exploration that automates vulnerability dis...

Online platform that performs multiple automated steganography analysis tools on uploaded images to reveal hidden data.

HTTP parameter discovery suite designed to find hidden GET and POST parameters in web applications.

Tool that retrieves organizations' Autonomous System Numbers (ASNs) and their network ranges to help identify additional...

Tool for extracting assets from Unity games and projects, capable of recreating source code and unpacking resource files...

Autopsy

A digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools, designed for d...

Script to run multiple Volatility plugins simultaneously, streamlining memory forensics analysis by automating common ta...

A curated list of delightful Unicode tidbits, packages, and resources that can be used for security and development purp...

List of AWS resources that can be publicly exposed or shared with untrusted accounts, focusing on resource policies, sha...

The Swiss Army knife for WiFi, Bluetooth Low Energy, wireless HID hijacking, CAN-bus and IPv4 and IPv6 networks reconnai...

Interactive binary analysis platform with powerful disassembly, decompilation, and graphing capabilities for reverse eng...

Firmware analysis tool that scans binary files for embedded files and executable code, essential for IoT device analysis...

Tool for analyzing network traffic to identify and extract information from BitTorrent protocol communications.

Tool that allows querying blockchain wallets and transactions using SQL-like syntax for cryptocurrency investigations an...

Bloodhound

A graphical interface that uses graph theory to reveal hidden and often unintended relationships within Active Directory...

NirSoft utility that displays the browsing history of multiple web browsers, allowing forensic investigators to examine ...

NirSoft utility that displays browsing history databases from multiple browsers, providing a consolidated view for foren...

Burp Suite

An integrated platform for performing security testing of web applications, featuring a proxy server, scanner, intruder,...

Reference guide for subdomain takeover vulnerabilities, listing vulnerable services and providers.

Crowd-sourced cellular coverage mapping service that collects and displays data on cell tower locations and signal cover...

Search engine and attack surface management platform that continuously monitors the internet to find exposures before at...

A Cloudflare security testing framework.

NirSoft utility that displays the contents of the Chrome web browser cache, allowing investigators to examine cached fil...

Tool for extracting passwords from Chrome browser, functioning as a standalone alternative to Mimikatz's dpapi::chrome m...

An HTTP inspector for Android & OkHTTP (like Charles but on device)

Automated decryption tool using artificial intelligence to decipher encrypted text, excelling in various ciphers and enc...

Implementation of Coppersmith's algorithm for finding small roots of polynomial equations, useful in attacking cryptogra...

NirSoft tool for displaying the password history of Windows credentials stored by the Credential History feature, reveal...

Certificate Transparency search tool that allows searching and monitoring SSL/TLS certificates for domains.

Framework containing implementations of various cryptographic attacks, providing tools for breaking cryptographic scheme...

Collection of various cryptographic attacks, focusing on implementations and theoretical vulnerabilities in cryptographi...

Tool by Google that helps developers and security experts analyze Content Security Policies for security vulnerabilities...

Tool that demonstrates bypass techniques for Content Security Policy (CSP) restrictions on websites, useful for security...

Tool for finding all the resources loaded by a domain to detect possible Content Security Policy bypasses.

Collection of cryptographic challenges and solutions from Capture The Flag (CTF) competitions, covering a wide range of ...

Abuses Certificate Transparency logs to retrieve subdomains from a target domain, providing valuable reconnaissance data...

Web app for encryption, encoding, compression and data analysis, offering a simple interface for complex operations on d...

Collection of cryptographic, mathematical, and puzzle-solving tools for decryption, encoding/decoding, and solving vario...

Windows local privilege escalation exploit that leverages DCOM for unauthorized privilege elevation on vulnerable system...

.NET deobfuscator and unpacker designed to undo the effects of various .NET code obfuscators, helping with malware analy...

Audio steganography tool that hides secret data inside audio files with support for various audio formats and encryption...

Program for determining file types, compilers, and packers used in binary executables with support for multiple formats ...

Free domain research tool that discovers hosts related to a domain through DNS records, finding subdomains and related d...

.NET debugger and assembly editor that enables debugging and editing of .NET applications even without source code, supp...

Online decompiler explorer that compares the output of various decompilers against the same binary to aid in reverse eng...

Free .NET decompiler and assembly browser from JetBrains that reconstructs source code from compiled assemblies with hig...

Forensic tool for analyzing Google Drive File Stream artifacts on Windows systems to recover file metadata and activity ...

Tool to parse and extract information from .DS_Store files, which can reveal directory structures and filenames on macOS...

Repository of known attacks on Elliptic Curve Cryptography (ECC), covering ECDH and ECDSA vulnerabilities, with explanat...

Browser extension for managing, editing, and exporting browser cookies; useful for web development, testing, and securit...

Windows privilege escalation exploit that abuses the Encrypting File System Remote Protocol (MS-EFSRPC) to gain SYSTEM p...

OSINT platform for retrieving information about email addresses, social media accounts, and other digital identities for...

Ultimate WinRM shell for hacking/pentesting that leverages PowerShell features for Windows Remote Management exploitatio...

Windows Event Log parser that processes .evtx files and outputs CSV or JSON with comprehensive event data for forensic a...

Powerful metadata extraction and manipulation tool that reads, writes, and edits metadata in a wide variety of files.

Online database for integer factorization that stores known factorizations of numbers and provides an interface for fact...

A fast, simple, recursive content discovery tool written in Rust designed to enumerate hidden resources in web applicati...

A fast web fuzzer written in Go that allows for fuzzing of various parts of HTTP requests to discover content, parameter...

Command-line tool to extract passwords from Firefox/Thunderbird profiles using NSS library, supporting master password d...

Tool to recover forgotten master passwords in Firefox and other Mozilla-based applications, enabling access to saved cre...

Tool for Flask session cookie manipulation that allows decoding and creating secure Flask session cookies for security t...

Open-source font editor that can be used in forensics to analyze and extract data from font files, or create steganograp...

Digital forensics tool for file carving and data recovery that can extract files from disk images based on headers, foot...

Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers to inject JavaScript into na...

Forensic imaging tool for creating forensically sound duplicates of digital evidence, previewing recoverable data, and m...

Inspects Java libraries and classpaths for gadget chains used to construct exploits for deserialization vulnerabilities.

The GNU Project Debugger allows you to see what's happening inside a program while it executes, analyze memory, and trac...

Godot engine project recovery tool that extracts/decompiles games, recovers original source code, and converts binary re...

Chrome extension for automating CSPT discovery.

Ghidra

A software reverse engineering framework developed by NSA that helps analyze malicious code and malware, featuring a dis...

An OSINT tool to extract information from Google accounts, such as name, profile picture, and linked services using mini...

OSINT investigation tool for GitHub that helps gather information about users, organizations, and repositories for secur...

Tool that searches for subdomains in GitHub repositories content using GitHub API.

Tool that searches for subdomains in GitLab repositories content using GitLab API.

Gitleaks is a tool for detecting secrets like passwords, API keys, and tokens in git repos, files, and whatever else you...

Collection of tools for finding, downloading, and extracting Git repositories from websites with exposed .git directorie...

Fast directory/file/DNS/vhost/S3 bucket enumeration tool written in Go that helps with web application discovery and inf...

Windows local privilege escalation exploit that uses DCOM for unauthorized access escalation to SYSTEM privileges on Win...

Reverse engineering tool for extracting symbol information from Go binaries to assist with malware analysis and vulnerab...

Curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions and obtain priv...

Comprehensive hacking resource containing techniques, tools, and methodologies for penetration testing and security asse...

CLI tool that identifies hash types based on their structure, supporting over 270 hash types for use in CTFs and penetra...

World's fastest password recovery tool supporting multiple algorithms with advanced features like rule-based attacks and...

Python tool that identifies different types of hashes used to encrypt data, particularly passwords, supporting over 220 ...

Tool for extracting and analyzing web browsing data from Chrome, Chromium, and other Chromium-based browsers for forensi...

Python library to exploit hash length extension attacks against various hashing algorithms like SHA-1, SHA-256, and MD5.

Tool that checks if an email address is registered on various websites, helping to find user information across differen...

Fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library, supporting HTTP...

BGP routing and network intelligence tool providing information about autonomous systems, IP addresses, and network rela...

Industry-standard interactive disassembler and debugger for software reverse engineering that supports multiple processo...

Collection of Python classes for working with network protocols, providing programmatic access to low-level packet creat...

Search engine and data archive that provides access to leaked data, darknet information, and historical internet content...

Command line and GUI tools for producing Java source code from Android Dex and Apk files.

Professional reverse engineering platform that decompiles various binary formats including WASM, Android, iOS, and deskt...

JBoss verification and exploitation tool that detects and exploits vulnerabilities in JBoss Application Server and relat...

Advanced automated malware analysis platform that detects and analyzes malicious files, URLs, and other threats with det...

Popular password cracking tool that combines several cracking modes in one package, supporting hundreds of hash and ciph...

Toolkit for testing, analyzing, and manipulating JSON Web Tokens for security vulnerabilities like weak signatures and i...

A specialized tool that recovers public keys used to sign JSON Web Tokens (JWTs) for security assessment and vulnerabili...

Online tool for decoding, verifying, and generating JSON Web Tokens (JWTs); enables secure inspection and debugging of J...

Tool for performing Kerberos pre-auth bruteforcing, account enumeration, and password spraying against Active Directory.

NirSoft utility that displays a timeline of user and system actions including file operations, application execution, an...

Credential recovery tool that can retrieve passwords stored on local computers from various sources including browsers, ...

Command-line utility for querying LDAP directory servers and retrieving information from Active Directory environments.

Tool that identifies leaked process handles in Windows systems, which could potentially be exploited for privilege escal...

Open platform that indexes data leaks and vulnerable services discovered through internet scanning, helping identify exp...

Resources and guidance on security risks and vulnerabilities related to Large Language Models (LLMs) and AI applications...

Comprehensive database of mathematical objects related to L-functions, modular forms, and related number theory objects,...

Living Off The Land Binaries and Scripts - documentation of Windows binaries, scripts, and libraries that can be used fo...

Tool for collecting a dossier on a person by username only, retrieving accounts from a large number of sites.

Maltego

A visual link analysis tool that connects information in meaningful ways to reveal hidden connections in data for intell...

The World's First Universal Mod Loader for Unity Games compatible with both Il2Cpp and Mono.

Memory analysis toolkit exposing physical memory as a filesystem, enabling live memory forensics, extraction, and analys...

MetaSploit

A penetration testing framework that makes discovering, exploiting, and sharing vulnerabilities quick and straightforwar...

Parser for $MFT, $Boot, $J, $SDS, and $LogFile that extracts critical file system metadata from NTFS artifacts.

Powerful post-exploitation tool that extracts plaintext passwords, hashes, and Kerberos tickets from memory, among many ...

Text-based serial port communications program for interfacing with embedded systems, routers, and other hardware devices...

mitmproxy is a free and open source interactive HTTPS proxy.

Versatile command-line utility for reading and writing data across network connections using TCP or UDP; widely used for...

Nginx exploitation tool.

Open source web server scanner that performs comprehensive tests against web servers for multiple vulnerabilities and se...

Nmap

Powerful network scanner for discovering hosts, services, and vulnerabilities on computer networks through port scanning...

Tool to identify possible WAF bypasses

Nuclei

A fast, template-based vulnerability scanner designed to probe for security issues using its extensive library of templa...

objection is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of yo...

A package of Python tools to analyze Microsoft OLE2 files (Structured Storage, Compound File Binary Format) for maliciou...

Powerful subdomain enumeration tool that integrates multiple data sources and methods to find as many subdomains as poss...

Open-source AWS exploitation framework designed for offensive security testing against cloud environments with numerous ...

Automated script for performing Padding Oracle attacks

Blazing fast, advanced Padding Oracle exploit

NirSoft tool that extracts the stored usernames and passwords from Mozilla Firefox profiles, useful for forensic investi...

Collection of payloads, bypass techniques, and methodologies for various security scenarios including web app security, ...

Python library for analyzing and extracting information from PDF documents, useful for forensic analysis and malicious P...

Prefetch parser that extracts execution artifacts from Windows Prefetch files to determine program execution history and...

PoC exploit tool that forces Windows domain controllers to authenticate to arbitrary NTLM relays using MS-EFSRPC protoco...

PHP Gadget Chains Generator for exploiting unserialize vulnerabilities in PHP applications with various popular framewor...

Tool for breaking PkZip encryption using known-plaintext attacks, useful for recovering password-protected zip archives ...

Suite of tools for working with PNG images, allowing manipulation, analysis, and extraction of metadata and hidden conte...

PowerShell-based post-exploitation framework with modules for privilege escalation, reconnaissance, and exfiltration in ...

Unprivileged Linux process snooper that allows monitoring processes without root permissions, useful for privilege escal...

Python Utilities Kit that provides a collection of utility functions for security professionals, including data manipula...

A GDB plug-in that makes debugging with GDB easier while doing exploit development, providing enhanced disassembly, memo...

Firefox extension designed for penetration testers, providing features like traffic coloring, multi-proxy support, and w...

CTF framework and exploit development library for Python that simplifies the process of writing exploits and interacting...

Comprehensive guide for escaping Python sandboxes and restricted environments in CTF challenges.

Pure Python implementation of Mimikatz capable of extracting credentials from Windows memory dumps without requiring Win...

Tool for manipulating Shadow Credentials in Active Directory to perform resource-based constrained delegation attacks.

Open-source reverse engineering framework providing disassembly, debugging, analysis, and manipulation of binary files.

This page will help to generate a hostname for use with testing for dns rebinding vulnerabilities in software.

Advanced Windows Registry editor with enhanced features for searching, comparing, and modifying registry structures for ...

Online Reverse Shell generator with Local Storage functionality, URI & Base64 Encoding, MSFVenom Generator, and Raw Mode...

This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF/PE/M...

Tool for attacking RSA encryption in CTF challenges, supporting various attack methods against weak keys and implementat...

C# toolset for raw Kerberos interaction and abuses, useful for attacking Kerberos in Active Directory environments.

Runtime Mobile Security (RMS), powered by FRIDA, is a powerful web interface that helps you to manipulate Android and iO...

A Burp Suite extension for testing SAML implementations.

This is a simple Ruby script to generate UUIDs based on a range of timestamps in order to perform a Sandwich Attack.

Tool for identifying privilege escalation opportunities in Microsoft's System Center Configuration Manager (SCCM) enviro...

Collection of multiple types of lists used during security assessments, including usernames, passwords, URLs, sensitive ...

NirSoft utility that reveals the security questions and answers stored by Windows 10 for local user accounts, useful for...

Tool for detecting shadow accounts in Microsoft environments.

C# implementation of DPAPI (Data Protection API) functionality, allowing for decryption of secrets protected by DPAPI.

C# port of PowerUp privilege escalation checks that helps identify potential privilege escalation vectors on Windows sys...

Search engine for internet-connected devices, services, and systems, allowing users to find specific types of computers ...

Scanner for finding dangerous URL shortener open redirects that can be exploited for phishing campaigns.

Steganography tool that embeds and extracts data from image and audio files using LSB (Least Significant Bit) techniques...

Tool for extracting and analyzing data from Slack workspaces, including messages, files, and user information for forens...

Tool for fixing blurry, defocused, and motion-blurred images using deconvolution algorithms and specialized filters.

Application for viewing and analyzing the contents of audio files, revealing hidden patterns and data through visualizat...

Automatic SQL injection and database takeover tool that detects, exploits, and extracts data from vulnerable web applica...

Tool for hiding text within text using invisible unicode characters, allowing steganography with no visible changes to t...

Command-line tool for hiding data in various image and audio files using steganography techniques with encryption suppor...

Comprehensive steganography tool that automates the process of detecting and extracting hidden information from image fi...

Lightning fast steganography cracker that detects hidden data in files protected with steghide, significantly faster tha...

Tool for hiding messages in ASCII text by appending whitespace characters, creating steganography that's virtually invis...

Fast passive subdomain discovery tool that uses various sources to discover subdomains efficiently.

Local privilege escalation tool that combines different known Windows privilege escalation techniques with a focus on se...

A webshell application and interactive shell for pentesting Apache Tomcat servers.

An incident response Swiss Army knife that automates memory forensics, event log analysis, and system artifact collectio...

An incident response Swiss Army knife that automates memory forensics, event log analysis, and system artifact collectio...

Comprehensive collection of wordlists organized by categories for various security testing scenarios including passwords...

Advanced secret scanning tool that finds credentials, API keys, and other sensitive information in Git repositories and ...

Command-line network protocol analyzer, part of the Wireshark suite, for capturing and analyzing network traffic in real...

Tool to sign and align single APKs or multiple APKs (ApkBundles, xAPKs, split APKs) with Uber's method.

Official Unicode tool for identifying confusable characters and homoglyphs that could be used in spoofing attacks or phi...

A tool that reverses pixelation/blurring to reveal redacted information in images and documents through machine learning...

High-performance executable packer that compresses and modifies binary files while preserving their functionality. Has a...

Forensic tool for analyzing USB device artifacts and history on Windows systems, helping track USB activity and data tra...

Tool to visualize USB mouse data captured in PCAP files, aiding in analysis of mouse movements and potential input injec...

NirSoft tool that lists all USB devices currently connected or previously connected to the system, providing detailed in...

Tool for generating username lists from real names to use in security assessments, supporting various username formats a...

NirSoft utility that extracts and displays passwords stored in the Windows Credential Manager vault, including web crede...

Volatility2

Classic memory forensics framework (version 2) for analyzing RAM dumps with Python 2 compatibility and a robust plugin e...

Volatility3

Rewritten memory forensics framework with improved performance, object-oriented architecture, and Python 3 support for m...

The WebAssembly Binary Toolkit providing tools to translate between WebAssembly text and binary formats, with focus on w...

Interactive cheat sheet of commands for Windows/AD security assessments and privilege escalation, organized by attack te...

Browser extension and online service that uncovers technologies used on websites, including CMS, eCommerce platforms, we...

Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal & Intelligence X!

NirSoft password recovery tool that reveals saved passwords from multiple web browsers including Chrome, Firefox, Opera,...

Online service for capturing, inspecting, and testing webhooks and HTTP requests; provides a unique URL to receive and d...

Windows Exploit Suggester - Next Generation. A tool for finding potential missing patches based on the output of systemi...

Web application fuzzer that can be used to find resources, discover parameters, and identify vulnerabilities in web appl...

Automated wireless attack tool designed to simplify WiFi penetration testing by automating attacks against multiple wire...

Database and mapping platform of wireless networks with statistics and information gathered by community wardriving and ...

NirSoft utility that reads the prefetch files stored in Windows, providing insights into application execution history a...

NirSoft utility that recovers all wireless network security keys/passwords stored on the computer by the Wireless Zero C...

Wireshark

The world's foremost network protocol analyzer that lets you see what's happening on your network at a microscopic level...

WordPress security scanner that identifies vulnerabilities, enumerates users, plugins, themes, and performs brute force ...

Comprehensive collection of cross-site scripting (XSS) attack vectors, filter evasion techniques, and testing methodolog...

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization, allowing remote code ex...

A proof-of-concept tool for generating payloads that exploit unsafe .NET object deserialization, enabling remote code ex...

Tool for detecting hidden data in PNG and BMP images using various steganography techniques with focus on the least sign...