MQCyberSec

Network security suite for monitoring, attacking, testing, and cracking WiFi networks with tools for all aspects of WiFi...

In-depth attack surface mapping and asset discovery tool that performs network mapping of attack surfaces and external a...

Powerful binary analysis framework for symbolic execution and program state exploration that automates vulnerability dis...

Online platform that performs multiple automated steganography analysis tools on uploaded images to reveal hidden data.

HTTP parameter discovery suite designed to find hidden GET and POST parameters in web applications.

Tool that retrieves organizations' Autonomous System Numbers (ASNs) and their network ranges to help identify additional...

Autopsy

A digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools, designed for d...

Interactive binary analysis platform with powerful disassembly, decompilation, and graphing capabilities for reverse eng...

Firmware analysis tool that scans binary files for embedded files and executable code, essential for IoT device analysis...

Tool for analyzing network traffic to identify and extract information from BitTorrent protocol communications.

Tool that allows querying blockchain wallets and transactions using SQL-like syntax for cryptocurrency investigations an...

Bloodhound

A graphical interface that uses graph theory to reveal hidden and often unintended relationships within Active Directory...

NirSoft utility that displays the browsing history of multiple web browsers, allowing forensic investigators to examine ...

NirSoft utility that displays browsing history databases from multiple browsers, providing a consolidated view for foren...

Burp Suite

An integrated platform for performing security testing of web applications, featuring a proxy server, scanner, intruder,...

Search engine and attack surface management platform that continuously monitors the internet to find exposures before at...

NirSoft utility that displays the contents of the Chrome web browser cache, allowing investigators to examine cached fil...

Tool for extracting passwords from Chrome browser, functioning as a standalone alternative to Mimikatz's dpapi::chrome m...

NirSoft tool for displaying the password history of Windows credentials stored by the Credential History feature, reveal...

Tool that demonstrates bypass techniques for Content Security Policy (CSP) restrictions on websites, useful for security...

Web app for encryption, encoding, compression and data analysis, offering a simple interface for complex operations on d...

Collection of cryptographic, mathematical, and puzzle-solving tools for decryption, encoding/decoding, and solving vario...

Windows local privilege escalation exploit that leverages DCOM for unauthorized privilege elevation on vulnerable system...

.NET deobfuscator and unpacker designed to undo the effects of various .NET code obfuscators, helping with malware analy...

Audio steganography tool that hides secret data inside audio files with support for various audio formats and encryption...

Program for determining file types, compilers, and packers used in binary executables with support for multiple formats ...

Free domain research tool that discovers hosts related to a domain through DNS records, finding subdomains and related d...

.NET debugger and assembly editor that enables debugging and editing of .NET applications even without source code, supp...

Online decompiler explorer that compares the output of various decompilers against the same binary to aid in reverse eng...

Free .NET decompiler and assembly browser from JetBrains that reconstructs source code from compiled assemblies with hig...

Forensic tool for analyzing Google Drive File Stream artifacts on Windows systems to recover file metadata and activity ...

Tool to parse and extract information from .DS_Store files, which can reveal directory structures and filenames on macOS...

Windows privilege escalation exploit that abuses the Encrypting File System Remote Protocol (MS-EFSRPC) to gain SYSTEM p...

OSINT platform for retrieving information about email addresses, social media accounts, and other digital identities for...

Windows Event Log parser that processes .evtx files and outputs CSV or JSON with comprehensive event data for forensic a...

Powerful metadata extraction and manipulation tool that reads, writes, and edits metadata in a wide variety of files.

A fast, simple, recursive content discovery tool written in Rust designed to enumerate hidden resources in web applicati...

A fast web fuzzer written in Go that allows for fuzzing of various parts of HTTP requests to discover content, parameter...

Password recovery tool for various browsers including Firefox, Chrome, and Internet Explorer, extracting stored credenti...

Tool for Flask session cookie manipulation that allows decoding and creating secure Flask session cookies for security t...

Open-source font editor that can be used in forensics to analyze and extract data from font files, or create steganograp...

Digital forensics tool for file carving and data recovery that can extract files from disk images based on headers, foot...

Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers to inject JavaScript into na...

Forensic imaging tool for creating forensically sound duplicates of digital evidence, previewing recoverable data, and m...

The GNU Project Debugger allows you to see what's happening inside a program while it executes, analyze memory, and trac...

Ghidra

A software reverse engineering framework developed by NSA that helps analyze malicious code and malware, featuring a dis...

An OSINT tool to extract information from Google accounts, such as name, profile picture, and linked services using mini...

OSINT investigation tool for GitHub that helps gather information about users, organizations, and repositories for secur...

Collection of tools for finding, downloading, and extracting Git repositories from websites with exposed .git directorie...

Fast directory/file/DNS/vhost/S3 bucket enumeration tool written in Go that helps with web application discovery and inf...

Windows local privilege escalation exploit that uses DCOM for unauthorized access escalation to SYSTEM privileges on Win...

Curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions and obtain priv...

CLI tool that identifies hash types based on their structure, supporting over 270 hash types for use in CTFs and penetra...

World's fastest password recovery tool supporting multiple algorithms with advanced features like rule-based attacks and...

Python tool that identifies different types of hashes used to encrypt data, particularly passwords, supporting over 220 ...

Tool for extracting and analyzing web browsing data from Chrome, Chromium, and other Chromium-based browsers for forensi...

Tool that checks if an email address is registered on various websites, helping to find user information across differen...

Fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library, supporting HTTP...

Industry-standard interactive disassembler and debugger for software reverse engineering that supports multiple processo...

Collection of Python classes for working with network protocols, providing programmatic access to low-level packet creat...

Search engine and data archive that provides access to leaked data, darknet information, and historical internet content...

Professional reverse engineering platform that decompiles various binary formats including WASM, Android, iOS, and deskt...

JBoss verification and exploitation tool that detects and exploits vulnerabilities in JBoss Application Server and relat...

Advanced automated malware analysis platform that detects and analyzes malicious files, URLs, and other threats with det...

Popular password cracking tool that combines several cracking modes in one package, supporting hundreds of hash and ciph...

Toolkit for testing, analyzing, and manipulating JSON Web Tokens for security vulnerabilities like weak signatures and i...

A specialized tool that recovers public keys used to sign JSON Web Tokens (JWTs) for security assessment and vulnerabili...

Tool for performing Kerberos pre-auth bruteforcing, account enumeration, and password spraying against Active Directory.

NirSoft utility that displays a timeline of user and system actions including file operations, application execution, an...

Credential recovery tool that can retrieve passwords stored on local computers from various sources including browsers, ...

Tool that identifies leaked process handles in Windows systems, which could potentially be exploited for privilege escal...

Open platform that indexes data leaks and vulnerable services discovered through internet scanning, helping identify exp...

Living Off The Land Binaries and Scripts - documentation of Windows binaries, scripts, and libraries that can be used fo...

Maltego

A visual link analysis tool that connects information in meaningful ways to reveal hidden connections in data for intell...

MetaSploit

A penetration testing framework that makes discovering, exploiting, and sharing vulnerabilities quick and straightforwar...

Parser for $MFT, $Boot, $J, $SDS, and $LogFile that extracts critical file system metadata from NTFS artifacts.

Powerful post-exploitation tool that extracts plaintext passwords, hashes, and Kerberos tickets from memory, among many ...

Open source web server scanner that performs comprehensive tests against web servers for multiple vulnerabilities and se...

Nmap

Powerful network scanner for discovering hosts, services, and vulnerabilities on computer networks through port scanning...

Nuclei

A fast, template-based vulnerability scanner designed to probe for security issues using its extensive library of templa...

A package of Python tools to analyze Microsoft OLE2 files (Structured Storage, Compound File Binary Format) for maliciou...

Powerful subdomain enumeration tool that integrates multiple data sources and methods to find as many subdomains as poss...

Open-source AWS exploitation framework designed for offensive security testing against cloud environments with numerous ...

NirSoft tool that extracts the stored usernames and passwords from Mozilla Firefox profiles, useful for forensic investi...

Collection of payloads, bypass techniques, and methodologies for various security scenarios including web app security, ...

Python library for analyzing and extracting information from PDF documents, useful for forensic analysis and malicious P...

Prefetch parser that extracts execution artifacts from Windows Prefetch files to determine program execution history and...

PoC exploit tool that forces Windows domain controllers to authenticate to arbitrary NTLM relays using MS-EFSRPC protoco...

Tool for breaking PkZip encryption using known-plaintext attacks, useful for recovering password-protected zip archives ...

Suite of tools for working with PNG images, allowing manipulation, analysis, and extraction of metadata and hidden conte...

PowerShell-based post-exploitation framework with modules for privilege escalation, reconnaissance, and exfiltration in ...

Unprivileged Linux process snooper that allows monitoring processes without root permissions, useful for privilege escal...

Python Utilities Kit that provides a collection of utility functions for security professionals, including data manipula...

A GDB plug-in that makes debugging with GDB easier while doing exploit development, providing enhanced disassembly, memo...

CTF framework and exploit development library for Python that simplifies the process of writing exploits and interacting...

Pure Python implementation of Mimikatz capable of extracting credentials from Windows memory dumps without requiring Win...

Tool for manipulating Shadow Credentials in Active Directory to perform resource-based constrained delegation attacks.

Open-source reverse engineering framework providing disassembly, debugging, analysis, and manipulation of binary files.

Advanced Windows Registry editor with enhanced features for searching, comparing, and modifying registry structures for ...

Tool for attacking RSA encryption in CTF challenges, supporting various attack methods against weak keys and implementat...

C# toolset for raw Kerberos interaction and abuses, useful for attacking Kerberos in Active Directory environments.

Tool for identifying privilege escalation opportunities in Microsoft's System Center Configuration Manager (SCCM) enviro...

Collection of multiple types of lists used during security assessments, including usernames, passwords, URLs, sensitive ...

NirSoft utility that reveals the security questions and answers stored by Windows 10 for local user accounts, useful for...

C# port of PowerUp privilege escalation checks that helps identify potential privilege escalation vectors on Windows sys...

Search engine for internet-connected devices, services, and systems, allowing users to find specific types of computers ...

Steganography tool that embeds and extracts data from image and audio files using LSB (Least Significant Bit) techniques...

Tool for extracting and analyzing data from Slack workspaces, including messages, files, and user information for forens...

Tool for fixing blurry, defocused, and motion-blurred images using deconvolution algorithms and specialized filters.

Application for viewing and analyzing the contents of audio files, revealing hidden patterns and data through visualizat...

Automatic SQL injection and database takeover tool that detects, exploits, and extracts data from vulnerable web applica...

Tool for hiding text within text using invisible unicode characters, allowing steganography with no visible changes to t...

Comprehensive steganography tool that automates the process of detecting and extracting hidden information from image fi...

Lightning fast steganography cracker that detects hidden data in files protected with steghide, significantly faster tha...

Tool for hiding messages in ASCII text by appending whitespace characters, creating steganography that's virtually invis...

Local privilege escalation tool that combines different known Windows privilege escalation techniques with a focus on se...

An incident response Swiss Army knife that automates memory forensics, event log analysis, and system artifact collectio...

Comprehensive collection of wordlists organized by categories for various security testing scenarios including passwords...

Advanced secret scanning tool that finds credentials, API keys, and other sensitive information in Git repositories and ...

A tool that reverses pixelation/blurring to reveal redacted information in images and documents through machine learning...

Forensic tool for analyzing USB device artifacts and history on Windows systems, helping track USB activity and data tra...

NirSoft tool that lists all USB devices currently connected or previously connected to the system, providing detailed in...

Tool for generating username lists from real names to use in security assessments, supporting various username formats a...

NirSoft utility that extracts and displays passwords stored in the Windows Credential Manager vault, including web crede...

Volatility2

Classic memory forensics framework (version 2) for analyzing RAM dumps with Python 2 compatibility and a robust plugin e...

Volatility3

Rewritten memory forensics framework with improved performance, object-oriented architecture, and Python 3 support for m...

The WebAssembly Binary Toolkit providing tools to translate between WebAssembly text and binary formats, with focus on w...

Interactive cheat sheet of commands for Windows/AD security assessments and privilege escalation, organized by attack te...

Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal & Intelligence X!

NirSoft password recovery tool that reveals saved passwords from multiple web browsers including Chrome, Firefox, Opera,...

Web application fuzzer that can be used to find resources, discover parameters, and identify vulnerabilities in web appl...

Automated wireless attack tool designed to simplify WiFi penetration testing by automating attacks against multiple wire...

Database and mapping platform of wireless networks with statistics and information gathered by community wardriving and ...

NirSoft utility that reads the prefetch files stored in Windows, providing insights into application execution history a...

NirSoft utility that recovers all wireless network security keys/passwords stored on the computer by the Wireless Zero C...

Wireshark

The world's foremost network protocol analyzer that lets you see what's happening on your network at a microscopic level...

WordPress security scanner that identifies vulnerabilities, enumerates users, plugins, themes, and performs brute force ...

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization, allowing remote code ex...

A proof-of-concept tool for generating payloads that exploit unsafe .NET object deserialization, enabling remote code ex...

Tool for detecting hidden data in PNG and BMP images using various steganography techniques with focus on the least sign...