A guide to using Kali Linux tools for web penetration testing, ethical hacking, forensics, and bug bounty. Covers setup, key tools, methodologies, and best practices. Optimized for security professionals.
Note
This repository contains tools and scripts sourced from various GitHub repositories and other open-source platforms. All original works are credited to their respective authors. If you are the owner of any content and wish to have it removed, please contact the repository author directly. This project is intended for educational and ethical purposes only. Unauthorized use, distribution, or modification of these tools without proper consent is prohibited. By using this repository, you agree to comply with all applicable laws and ethical guidelines. The author is not responsible for any misuse or damage caused by the tools provided herein.
This phase involves collecting as much data as possible about a target system or network.
Tools for enumerating DNS records and identifying subdomains.
- dnsenum: A multithreaded Perl script to enumerate DNS information from a domain, discover non-contiguous IP blocks, and perform reverse lookups.
- dnsmap: A passive DNS mapping tool that performs brute-force subdomain discovery to identify hidden or non-linked hosts.
- dnsrecon: A versatile DNS enumeration script that checks for zone transfers, performs SRV record enumeration, and supports various discovery techniques.
- fierce: A DNS reconnaissance tool for locating non-contiguous IP space and identifying domain names, often used as a last resort before a full port scan.
- subfinder: A powerful subdomain discovery tool that focuses on speed and reliability, using passive online sources to enumerate valid subdomains.
- aquatone: A tool for visual inspection of websites across many hosts, providing screenshots and HTTP response data for easy analysis.
- gobuster: A multi-purpose tool for brute-forcing URIs (directories and files), DNS subdomains, and virtual host names.
- shuffledns: A wrapper around massdns that enumerates subdomains using a wordlist and various resolvers.
Open-Source Intelligence (OSINT) tools for gathering information from publicly available sources.
- maltego: An interactive data mining tool that renders directed graphs for link analysis, allowing you to uncover relationships between people, companies, domains, and more.
- spiderfoot: An automated OSINT tool that integrates with numerous data sources to collect intelligence on targets, including IP addresses, domains, email addresses, and names.
- recon-ng: A full-featured Web Reconnaissance framework written in Python, providing a powerful environment for automated OSINT collection.
- theHarvester: A tool for gathering emails, subdomains, hosts, employee names, open ports, and banners from different public sources like search engines and PGP key servers.
- sherlock: A powerful tool to hunt down usernames across hundreds of social networks, making it invaluable for social media intelligence.
- waybackurls: Fetch URLs from the Wayback Machine for a given domain, useful for discovering hidden endpoints.
- gau: Get All URLs - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
- shodan: The official command-line interface for Shodan, allowing you to search for internet-connected devices and services.
Tools for identifying live systems on a network and analyzing network paths.
- netdiscover: An active/passive ARP reconnaissance tool for discovering live hosts on a local network, useful for wardriving and network inventory.
- nmap: The industry-standard network exploration and security auditing tool, used for host discovery, port scanning, version detection, and OS fingerprinting.
- masscan: A high-performance TCP port scanner that can scan the entire internet in minutes, transmitting packets at a very high rate.
- unicornscan: A sophisticated network reconnaissance and port scanning tool with a high degree of control over packet transmission and data collection.
- fping: A high-performance ping tool capable of sending ICMP echo requests to multiple hosts in parallel, ideal for large-scale host discovery.
- hping3: A command-line TCP/IP packet assembler and analyzer, often used for advanced port scanning, firewall testing, and manual path MTU discovery.
- arping: A utility for sending ARP requests to discover and probe hosts on a local network, bypassing IP-level filters.
- thc-ipv6: A comprehensive suite of tools for attacking the inherent protocol weaknesses of IPv6 and ICMP6, essential for modern network audits.
- netmask: A simple but useful tool for analyzing and managing IP subnets, converting between different netmask formats.
- httprobe: A tool to probe for working HTTP and HTTPS servers from a list of hosts.
- naabu: A fast port scanner written in Go that focuses on accuracy and simplicity.
- httpx: A fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Specialized tools for enumerating and analyzing specific network services.
- nbtscan: A scanner for NetBIOS name information, retrieving share lists, logged-in users, and MAC addresses from Windows hosts on a local network.
- smbmap: A handy SMB enumeration tool that allows pen testers to browse, upload, download, and execute commands on SMB shares, checking for common misconfigurations.
- smtp-user-enum: A tool for enumerating valid users on SMTP servers using techniques like VRFY, EXPN, and RCPT TO.
- swaks: The "Swiss Army Knife" for SMTP, a featureful, flexible, and scriptable tool for testing email servers and verifying mail relays.
- onesixtyone: A fast and simple SNMP scanner that sends multiple community strings to a range of IP addresses to identify devices with default or weak SNMP configurations.
- snmp-check: A Perl script that enumerates information from SNMP devices, including running processes, open TCP ports, network interfaces, and installed software.
- ike-scan: A command-line tool for discovering, fingerprinting, and testing IPsec VPN servers using IKE (Internet Key Exchange).
Tools for auditing and analyzing SSL/TLS configurations and certificates.
- sslscan: A fast SSL/TLS scanner that tests services for supported ciphers, protocols, and some common vulnerabilities like Heartbleed.
- sslyze: A powerful and fast SSL/TLS scanning library and tool that analyzes server configurations for weak ciphers, certificate issues, and protocol support.
- ssldump: An SSL/TLS network protocol analyzer that decodes and displays encrypted traffic, helping to identify the certificates and handshake details.
- sslh: A protocol multiplexer that allows multiple services (like HTTPS, SSH, and OpenVPN) to listen on the same port by probing for and forwarding connections.
Tools for detecting the presence of intrusion detection and prevention systems.
- lbd: A load balancer detector that analyzes server responses to HTTP requests to determine if a domain is behind a load-balancing solution.
- wafw00f: A Web Application Firewall (WAF) fingerprinting tool that sends a series of malicious requests to identify the specific WAF product protecting a website.
- amass: An in-depth attack surface mapping and subdomain enumeration tool that uses OWASP's Amass project for active and passive reconnaissance.
- dmitry: A simple but effective tool for gathering information on a target, including subdomains, email addresses, and system uptime.
- netcat: The "Swiss Army knife" of networking, used for reading from and writing to network connections, port scanning, and transferring files.
Tools for identifying security weaknesses and potential vulnerabilities in systems and applications.
- nikto: A comprehensive web server scanner that tests for dangerous files, outdated server software, and specific server misconfigurations.
- generic_chunked: A tool designed to test for vulnerabilities in chunked transfer encoding, a feature of HTTP/1.1.
- voiphopper: A tool that tests for VLAN hopping vulnerabilities in VoIP networks by spoofing 802.1q frames.
- unix-privesc-check: A shell script that runs on Unix systems to identify common misconfigurations that could allow local privilege escalation.
- legion: An automated, semi-automated, and fully automated network penetration testing framework, aiding in discovery and vulnerability scanning.
- nuclei: A fast and customizable vulnerability scanner based on a simple YAML-based templating language.
- vuls: A vulnerability scanner for Linux and FreeBSD, written in Go, with agentless architecture.
- clamav: An open-source antivirus engine for detecting trojans, viruses, malware, and other malicious threats.
- openvas: A full-featured vulnerability scanner that includes a comprehensive set of network vulnerability tests.
This section focuses on tools for assessing and attacking web applications.
- dirb: A classic web content scanner that uses a dictionary-based attack to find hidden directories and files on web servers.
- dirbuster: A multi-threaded, Java-based application for brute-forcing directories and files names on web/application servers.
- ffuf: A fast web fuzzer written in Go, allowing for directory discovery, parameter fuzzing, and vhost enumeration.
- gobuster: A multi-purpose brute-force tool for finding hidden directories, files, DNS subdomains, and virtual hosts.
- feroxbuster: A fast, simple, and recursive content discovery tool written in Rust.
- kiterunner: A contextual content discovery tool that uses common API paths and file extensions.
- whatweb: A next-generation web scanner that identifies the technology stack of a website, including CMS, blogging platforms, JavaScript libraries, and web servers.
- wpscan: A black box WordPress security scanner used to enumerate users, themes, plugins, and identify potential vulnerabilities.
- cutycapt: A command-line utility that captures screenshots of web pages using WebKit, useful for visually documenting web applications.
- wappalyzer: A cross-platform utility that uncovers the technologies used on websites.
- burpsuite: An integrated platform for performing security testing of web applications, with tools for scanning, spidering, and exploiting vulnerabilities.
- sqlmap: An open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws.
- commix: A tool written in Python that automates the detection and exploitation of command injection vulnerabilities.
- skipfish: An active web application security reconnaissance tool that prepares an interactive sitemap for the target site by conducting a recursive crawl and dictionary-based probes.
- wapiti: A web application vulnerability scanner that performs "black-box" scans, injecting payloads to find vulnerabilities like XSS, SQLi, and file inclusions.
- xsstrike: An advanced XSS detection suite equipped with a powerful fuzzing engine and intelligent payload generator.
- jwt_tool: A toolkit for testing, attacking, and debugging JSON Web Tokens.
- corsy: A CORS misconfiguration scanner that identifies insecure cross-origin resource sharing policies.
- graphqlmap: A scripting engine to interact with a GraphQL endpoint for security testing purposes.
- dalfox: A parameter analysis and XSS scanner focused on speed and automation.
- cadaver: A command-line WebDAV client for Unix-like systems, supporting file operations like upload, download, and directory listings.
- davtest: A tool that scans a WebDAV-enabled web server to upload test files and determine if file uploads are possible and which file types are supported.
- webshells: A collection of web-based backdoors for various languages (ASP, PHP, JSP) to maintain access to a compromised web server.
- weevely3: A stealthy PHP web shell that provides a command-line interface for remote administration and post-exploitation.
Tools for auditing password security through various attack vectors.
- hydra: A powerful parallelized login cracker that supports numerous protocols for fast and flexible password brute-forcing.
- medusa: A massively parallel, modular, and login brute-forcer similar to Hydra, aiming for speed and stability.
- ncrack: A high-speed network authentication cracking tool designed to be fast and reliable for protocols like RDP, SSH, HTTP, and more.
- thc-pptp-bruter: A tool for performing brute-force attacks against PPTP VPN endpoints.
- patator: A multi-purpose brute-forcing tool with a modular design for various protocols and services.
- crowbar: A brute-forcing tool that supports OpenVPN, RDP, SSH, and VNC protocols with a focus on reliability.
- keimpx: A tool to check valid credentials across a network via SMB, RDP, and HTTP.
- john: A fast password cracker, also known as John the Ripper, used for detecting weak passwords through various attack modes.
- hashcat: The world's fastest and most advanced password recovery utility, supporting GPU acceleration and a wide variety of hash types.
- hash-identifier: A simple Python script to identify the different types of hashes used to encrypt data.
- hashid: Another tool for identifying hash types, functioning similarly to
hash-identifier. - ophcrack-cli: A command-line version of Ophcrack, a Windows password cracker based on rainbow tables for LM and NTLM hashes.
- samdump2: A utility to dump the password hashes from a Windows SAM (Security Account Manager) file.
- chntpw: A utility for resetting or changing passwords on Windows systems by modifying the SAM registry file.
- truecrack: A password cracking tool for TrueCrypt disk encryption volumes.
- crunch: A wordlist generator that can create custom wordlists based on character sets and a specified pattern.
- cewl: A tool that spiders a target website and creates a custom wordlist based on the words found on the site.
- rsmangler: A tool that takes a base wordlist and applies a series of common mutations (e.g., capitalization, leet speak, common appends) to create a new, more extensive list.
- wordlists: A directory containing various pre-compiled wordlists, such as rockyou.txt, for password cracking and dictionary attacks.
- seclists: A comprehensive collection of multiple types of lists used during security assessments, including usernames, passwords, URLs, and fuzzing payloads.
- probable-wordlists: A collection of curated and sorted password dictionaries based on real-world data.
- crackmapexec: A swiss army knife for pentesting Windows/Active Directory environments, automating tasks like credential validation and SMB enumeration.
- evil-winrm: A robust and customizable WinRM shell for remote administration and penetration testing of Windows hosts.
- mimikatz: A renowned tool for extracting plaintexts passwords, hashes, PINs, and Kerberos tickets from memory on Windows systems.
- smbmap: A handy SMB enumeration tool (also listed under service analysis) that is crucial for post-exploitation and lateral movement.
- xfreedp: A free implementation of the Remote Desktop Protocol (RDP) client, used for connecting to Windows systems, often in a post-exploitation context.
- sprayhound: A password spraying tool integrated with BloodHound for Active Directory reconnaissance.
This category covers tools for auditing and attacking wireless networks.
- aircrack-ng: A complete suite of tools for assessing Wi-Fi network security, focusing on monitoring, attacking, testing, and cracking WEP and WPA/WPA2 keys.
- kismet: A wireless network detector, sniffer, and intrusion detection system that works with any wireless card which supports raw monitoring mode.
- wifite: An automated wireless attack tool for cracking WEP, WPA, and WPA2 networks.
- reaver: A tool for brute-forcing the WPS (Wi-Fi Protected Setup) PIN to recover WPA/WPA2 passphrases.
- bully: Another implementation of the WPS brute-force attack, written in C, designed to be more portable and efficient than Reaver.
- pixiwps: A tool for offline brute-forcing of WPS PINs by exploiting a computational flaw (Pixie Dust attack) in many routers.
- wash: A tool that scans for access points with WPS enabled, providing crucial information needed for attacks with Reaver or Bully.
- fern-wifi-cracker: A graphical user interface tool for wireless security testing, supporting various attacks like WEP/WPA cracking and WPS attacks.
- spooftooph: A tool designed for spoofing and manipulating Bluetooth devices and log files.
- bettercap: A powerful, modular, and portable MITM framework that can be used for Wi-Fi, Bluetooth, and network attacks.
- mdk4: A proof-of-concept tool to exploit common IEEE 802.11 protocol weaknesses.
- horst: A wireless network analysis tool that works as a spectrum analyzer and packet sniffer.
These tools are used to intercept, manipulate, and analyze network traffic.
- wireshark: The world's foremost and widely-used network protocol analyzer, enabling deep inspection of hundreds of protocols.
- tcpdump: A powerful command-line packet analyzer used for capturing and displaying network traffic.
- tshark: The command-line version of Wireshark, useful for scripting and remote packet capture.
- ettercap-pkexec: A comprehensive suite for man-in-the-middle attacks, supporting active and passive dissection of many protocols.
- responder: A tool for poisoning LLMNR, NBT-NS, and MDNS protocols to capture credentials on a local network.
- scapy: A powerful Python-based interactive packet manipulation program and library for crafting, sending, and sniffing network packets.
- dsniff: A collection of tools for network auditing and penetration testing, including tools for password sniffing and traffic interception.
- sslsplit: A tool for man-in-the-middle attacks against SSL/TLS encrypted network connections.
- dnschef: A highly configurable DNS proxy that can be used to manipulate DNS responses for testing purposes.
- netsniff-ng: A high-performance Linux networking toolkit for packet sniffing, traffic generation, and analysis.
- tcpreplay: A suite of tools to replay captured network traffic at various speeds, useful for testing network devices and security systems.
- dns-rebind: A tool for performing DNS rebinding attacks to bypass same-origin policy and access internal network resources.
- macchanger: A utility for viewing and changing the MAC address of network interfaces.
- minicom: A text-based modem control and terminal emulation program for communicating with serial devices.
Tools for developing, executing, and managing exploits against vulnerable targets.
- metasploit-framework: An advanced open-source platform for developing, testing, and executing exploits against remote targets.
- searchsploit: A command-line search tool for the Exploit Database, allowing you to find public exploits and shellcode.
- setoolkit: The Social-Engineer Toolkit (SET) is a framework for automating advanced social engineering attacks.
- sqlmap: (Also in Web Analysis) Automates the detection and exploitation of SQL injection flaws.
- crackmapexec: (Also in Password Attacks) A powerful tool for automating exploitation and post-exploitation of Windows networks.
- msfpc: The Metasploit Payload Creator, a quick way to generate various Meterpreter reverse shells.
Tools used after initial access to maintain persistence, move laterally, and exfiltrate data.
- proxychains4: A tool that forces any TCP connection made by a program to go through a proxy (or a chain of proxies).
- weeevely: A stealthy PHP web shell that provides a command-line interface for managing a compromised web server.
- powersploit: A collection of Microsoft PowerShell modules that can be used for post-exploitation tasks during penetration tests.
- evil-winrm: (Also in Password Attacks) A WinRM shell for Windows, often used for post-exploitation.
- stunnel4: A program that allows you to encrypt arbitrary TCP connections inside SSL/TLS.
- proxytunnel: A tool that connects stdin and stdout to a remote server via an HTTPS proxy.
- ptunnel: A tool for tunneling TCP connections over ICMP echo request and reply packets.
- pwnat: A tool that punches holes through NATs and firewalls, allowing clients to directly connect to a server behind NAT without port forwarding.
- udptunnel: A tool to tunnel UDP packets over a TCP connection, useful for bypassing firewalls.
- dns2tcpc: A client tool for tunneling TCP traffic over DNS.
- dns2tcpd: The server-side component for the DNS2TCP tunneling tool.
- iodine-client-start: A client for the Iodine DNS tunneling tool, which creates an IP tunnel over DNS.
- miredo: A Teredo tunneling client that provides IPv6 connectivity behind NAT devices over IPv4 networks.
- laudanum: A collection of injectable files, intended to be used as a covert channel or for data exfiltration.
- dbd: A tool for creating and managing database dumps, often used in post-exploitation to exfiltrate data.
- sbd: A tool that creates a backdoor and can communicate over AES-encrypted raw sockets or DNS.
- exe2hex: A tool for converting executable files into a hexadecimal representation that can be pasted into a shell.
- sslh: (Also in SSL Analysis) A protocol multiplexer useful for hiding SSH traffic on port 443.
- empire: A post-exploitation framework that uses PowerShell agents without powershell.exe.
- pwncat: A netcat-like tool with advanced features like auto-completion and scriptable interaction.
- chisel: A fast TCP tunnel over HTTP, useful for tunneling through firewalls.
- ligolo-ng: An advanced tunneling tool that creates a network tunnel from a reverse connection.
Tools for analyzing and understanding the inner workings of software binaries.
- radare2: A complete framework for reverse-engineering and analyzing binaries, featuring a powerful command-line interface.
- clang: A compiler front end for the C family of languages, useful for analyzing compilation processes.
- clang++: The C++ compiler front end of the Clang project.
- msf-nasm_shell: A Metasploit tool that acts as a NASM-compatible assembler and disassembler, helpful for creating shellcode.
- ghidra: A software reverse engineering (SRE) suite of tools developed by the NSA, supporting a wide range of processors and executables.
- gdb: The GNU Project debugger, allowing you to see what is going on 'inside' a program while it executes.
- ida-free: The freeware version of IDA Pro, a powerful disassembler and debugger.
- x64dbg: An open-source Windows debugger for 64-bit applications.
- ollydbg: A 32-bit assembler-level debugger for Windows with a focus on binary code analysis.
- cutter: A GUI for radare2, making reverse engineering more accessible.
- angr: A platform-agnostic binary analysis framework developed at UCSB's Seclab.
Tools for investigating, analyzing, and recovering data from digital media.
- autopsy: A digital forensics platform and graphical interface to The Sleuth Kit, used for analyzing hard drives and smartphones.
- binwalk: A tool for searching binary images for embedded files and executable code, commonly used for firmware analysis.
- bulk_extractor: A high-performance digital forensics tool that scans disk images and extracts important information without parsing the file system.
- magicrescue: A tool for recovering files from damaged or corrupted filesystems by scanning block devices for known file types.
- scalpel: A fast file carver that reads a database of header and footer definitions and extracts matching files from a set of image files.
- scrounge-ntfs: A data recovery utility for NTFS filesystems that can reconstruct data from a damaged partition.
- guymager: A fast and user-friendly forensic imager for creating disk images and verifying their integrity with hashes.
- pdf-parser: A tool to parse and analyze PDF files, extracting key information about their structure without rendering them.
- pdfid: A simple tool to scan a PDF file for certain keywords and characteristics, useful for detecting potentially malicious PDFs.
- hashdeep: A program for computing, matching, and auditing hash sets of files, ensuring data integrity and aiding in file identification.
- volatility: An advanced memory forensics framework for analyzing RAM dumps.
- foremost: A console program to recover files based on their headers, footers, and internal data structures.
- sleuthkit: A collection of command-line tools for forensic analysis of disk images.
- dcfldd: An enhanced version of dd with features useful for forensics and security.
- regripper: A tool for extracting and analyzing Windows registry data.
- xplico: A network forensics analysis tool that reconstructs the contents of captured data.
Tools for analyzing and testing mobile applications and devices.
- apktool: A tool for reverse engineering Android apps, allowing you to decode resources and rebuild them.
- dex2jar: A tool to convert Android .dex files to .class files (JAR format).
- jadx: A Dex to Java decompiler that produces readable Java source code from APK files.
- mobsf: An automated mobile app security testing framework for Android and iOS.
- objection: A runtime mobile exploration toolkit powered by Frida for security testing.
- frida: A dynamic instrumentation toolkit for developers and reverse engineers on multiple platforms.
- androguard: A full Python tool for reverse engineering Android applications.
- adb: The Android Debug Bridge, a versatile command-line tool for communicating with Android devices.
Tools for auditing and securing cloud infrastructure.
- pacu: An AWS exploitation framework designed for testing the security of AWS environments.
- cloudsploit: A cloud security scanning tool for AWS, Azure, and Google Cloud.
- scoutsuite: A multi-cloud security auditing tool that assesses the security posture of cloud environments.
- s3scanner: A tool for scanning and enumerating AWS S3 buckets.
- cloudsplaining: An AWS IAM security assessment tool that identifies violations of least privilege.
- kube-hunter: A tool for hunting security weaknesses in Kubernetes clusters.
- trivy: A comprehensive vulnerability scanner for containers and other artifacts.
- docker-bench-security: A script that checks for dozens of common best-practices around deploying Docker containers in production.
- falco: A cloud-native runtime security project for Kubernetes and container environments.
Specialized tools for container security assessment.
- grype: A vulnerability scanner for container images and filesystems.
- dockle: A container image linter for security, helping to identify best practice violations.
- kubeaudit: A command-line tool to audit Kubernetes clusters for security issues.
- kube-bench: A tool that checks Kubernetes clusters against the CIS Kubernetes Benchmark.
- kubesec: A security risk analysis tool for Kubernetes resources.
Tools for testing physical security devices and hardware.
- wifipumpkin3: A powerful framework for creating rogue access points and MITM attacks.
- fluxion: A tool for creating evil twin attacks to capture WPA handshakes.
- wifiphisher: A rogue Access Point framework for conducting red team engagements.
- proxmark3: A RFID/NFC cloning and analysis tool.
- hcitool: A Bluetooth testing tool included in the BlueZ package.
- ubertooth: An open-source 2.4 GHz wireless development platform for Bluetooth experimentation.
Tools for hiding and discovering hidden data within files.
- steghide: A steganography program that hides data in various image and audio files.
- zsteg: A tool for detecting steganography in PNG and BMP files.
- stegsolve: A tool for solving steganography challenges by applying various transformations.
- outguess: A steganography tool for hiding data in the redundant bits of data sources.
- stegdetect: An automated tool for detecting steganographic content in image files.
- exiftool: A tool for reading, writing, and editing metadata in files.
Tools for maintaining anonymity during security assessments.
- torbrowser-launcher: A tool to download and launch the Tor Browser Bundle.
- torsocks: A wrapper to safely torify applications.
- nyx: A command-line monitor for the Tor status and bandwidth usage.
- onionprobe: A tool for monitoring the status of Onion services.
- anonsurf: A tool for anonymizing the entire system by routing traffic through Tor.
Tools to assist in documenting findings and creating professional penetration test reports.
- cherrytree: A hierarchical note-taking application that allows you to organize information in a tree structure, ideal for pentest documentation.
- cutycapt: (Also in Web Analysis) A tool for capturing screenshots of web pages, which can be embedded in reports for visual evidence.
- pipal: A statistical analysis tool for password dumps that provides metrics to include in reports about password strength and complexity.
- dradis: A collaboration and reporting platform for security assessments.
- faraday: An integrated pentest environment that helps with collaboration and reporting.
- serpico: A penetration testing collaboration and reporting tool.
Tools focused on human interaction and deception to gain access.
- setoolkit: (Also in Exploitation Tools) The Social-Engineer Toolkit, a framework for attacks like spear-phishing, credential harvesting, and website cloning.
- msfpc: (Also in Exploitation Tools) The Metasploit Payload Creator, used to generate payloads for social engineering campaigns.
- Phishing - zphisher: An automated, feature-rich phishing tool with a wide variety of pre-made templates for popular websites.
- gophish: An open-source phishing framework that makes it easy to launch and track phishing campaigns.
- kingphisher: A tool for creating and managing multiple simultaneous phishing attacks.
- evilginx2: A man-in-the-middle attack framework for phishing credentials and session cookies with 2FA bypass.
- modlishka: A flexible and powerful reverse proxy for phishing campaigns.
- hiddeneye: A phishing tool with modern techniques and security bypass methods.
- blackeye: A phishing toolkit with many website templates.
Comprehensive collections for password attacks and content discovery.
- seclists: The most comprehensive collection of wordlists for security assessments.
- probable-wordlists: A collection of curated and sorted password dictionaries based on real-world data.
- fuzzdb: A dictionary of attack patterns and discovery wordlists for fuzzing.
- rockyou: The famous RockYou password wordlist from the 2009 data breach.
- assetnote-wordlists: A collection of wordlists for content discovery and subdomain enumeration.
