# Tool Index Quick reference to all tools mentioned throughout the pentest-book, organized by category. ## Reconnaissance ### Subdomain Enumeration | Tool | Description | Link | | ----------------- | ------------------------------- | ------------------------------------------------------- | | amass | In-depth DNS enumeration | [GitHub](https://github.com/owasp-amass/amass) | | subfinder | Fast subdomain discovery | [GitHub](https://github.com/projectdiscovery/subfinder) | | assetfinder | Find related domains | [GitHub](https://github.com/tomnomnom/assetfinder) | | findomain | Cross-platform subdomain finder | [GitHub](https://github.com/Findomain/Findomain) | | github-subdomains | Find subdomains in GitHub | [GitHub](https://github.com/gwen001/github-subdomains) | | crt.sh | Certificate transparency | [Website](https://crt.sh) | ### DNS Tools | Tool | Description | Link | | -------- | -------------------------------- | -------------------------------------------------- | | dnsrecon | DNS enumeration script | [GitHub](https://github.com/darkoperator/dnsrecon) | | dnsx | Fast DNS toolkit | [GitHub](https://github.com/projectdiscovery/dnsx) | | massdns | High-performance DNS resolver | [GitHub](https://github.com/blechschmidt/massdns) | | puredns | Fast domain resolver/bruteforcer | [GitHub](https://github.com/d3mondev/puredns) | ### Network Scanning | Tool | Description | Link | | -------- | ----------------------------------------- | ------------------------------------------------------ | | nmap | Network exploration and security auditing | [Website](https://nmap.org) | | masscan | Fast port scanner | [GitHub](https://github.com/robertdavidgraham/masscan) | | rustscan | Modern port scanner | [GitHub](https://github.com/RustScan/RustScan) | | naabu | Fast port scanner | [GitHub](https://github.com/projectdiscovery/naabu) | ### OSINT | Tool | Description | Link | | ------------ | -------------------------------- | -------------------------------------------------- | | theHarvester | Email, subdomain, IP gathering | [GitHub](https://github.com/laramies/theHarvester) | | Shodan | Internet-connected device search | [Website](https://shodan.io) | | Censys | Internet asset discovery | [Website](https://censys.io) | | SpiderFoot | OSINT automation | [GitHub](https://github.com/smicallef/spiderfoot) | ## Web Application Testing ### Scanners | Tool | Description | Link | | ---------- | ----------------------------- | ---------------------------------------------------- | | Burp Suite | Web security testing platform | [Website](https://portswigger.net/burp) | | OWASP ZAP | Web app security scanner | [Website](https://www.zaproxy.org) | | Nikto | Web server scanner | [GitHub](https://github.com/sullo/nikto) | | nuclei | Vulnerability scanner | [GitHub](https://github.com/projectdiscovery/nuclei) | | Caido | Modern web security tool | [Website](https://caido.io) | ### Fuzzing | Tool | Description | Link | | ----------- | -------------------------------- | ------------------------------------------------- | | ffuf | Fast web fuzzer | [GitHub](https://github.com/ffuf/ffuf) | | feroxbuster | Recursive content discovery | [GitHub](https://github.com/epi052/feroxbuster) | | gobuster | Directory/DNS/VHost brute-forcer | [GitHub](https://github.com/OJ/gobuster) | | dirsearch | Web path scanner | [GitHub](https://github.com/maurosoria/dirsearch) | | wfuzz | Web application fuzzer | [GitHub](https://github.com/xmendez/wfuzz) | ### SQL Injection | Tool | Description | Link | | -------- | ----------------------- | ------------------------------------------------- | | sqlmap | Automatic SQL injection | [GitHub](https://github.com/sqlmapproject/sqlmap) | | ghauri | Advanced SQL injection | [GitHub](https://github.com/r0oth3x49/ghauri) | | NoSQLMap | NoSQL injection | [GitHub](https://github.com/codingo/NoSQLMap) | ### XSS | Tool | Description | Link | | -------- | ------------------------------ | -------------------------------------------- | | XSStrike | XSS detection suite | [GitHub](https://github.com/s0md3v/XSStrike) | | dalfox | Parameter analysis/XSS scanner | [GitHub](https://github.com/hahwul/dalfox) | | kxss | Reflection checker | [GitHub](https://github.com/Emoe/kxss) | ### CMS Scanners | Tool | Description | Link | | ---------- | -------------------------- | ----------------------------------------------- | | WPScan | WordPress scanner | [GitHub](https://github.com/wpscanteam/wpscan) | | Droopescan | CMS scanner (Drupal, etc.) | [GitHub](https://github.com/SamJoan/droopescan) | | joomscan | Joomla scanner | [GitHub](https://github.com/OWASP/joomscan) | ## Exploitation ### Frameworks | Tool | Description | Link | | ------------- | ---------------------- | ------------------------------------------------- | | Metasploit | Exploitation framework | [Website](https://www.metasploit.com) | | Cobalt Strike | Adversary simulation | [Website](https://www.cobaltstrike.com) | | Sliver | Open-source C2 | [GitHub](https://github.com/BishopFox/sliver) | | Havoc | Modern C2 framework | [GitHub](https://github.com/HavocFramework/Havoc) | ### Binary Exploitation | Tool | Description | Link | | --------- | ----------------------- | ----------------------------------------------------- | | pwntools | CTF/exploit development | [GitHub](https://github.com/Gallopsled/pwntools) | | ROPgadget | ROP chain builder | [GitHub](https://github.com/JonathanSalwan/ROPgadget) | | ropper | ROP gadget finder | [GitHub](https://github.com/sashs/Ropper) | | GEF | GDB enhanced features | [GitHub](https://github.com/hugsy/gef) | | pwndbg | GDB for hackers | [GitHub](https://github.com/pwndbg/pwndbg) | ## Post-Exploitation ### Windows | Tool | Description | Link | | --------------- | ---------------------------- | -------------------------------------------------------- | | Mimikatz | Credential extraction | [GitHub](https://github.com/gentilkiwi/mimikatz) | | Rubeus | Kerberos abuse | [GitHub](https://github.com/GhostPack/Rubeus) | | SharpCollection | Compiled .NET tools | [GitHub](https://github.com/Flangvik/SharpCollection) | | Seatbelt | Host survey tool | [GitHub](https://github.com/GhostPack/Seatbelt) | | PowerSploit | PowerShell post-exploitation | [GitHub](https://github.com/PowerShellMafia/PowerSploit) | ### Linux | Tool | Description | Link | | -------- | -------------------------- | ------------------------------------------------- | | LinPEAS | Linux privilege escalation | [GitHub](https://github.com/carlospolop/PEASS-ng) | | linEnum | Linux enumeration | [GitHub](https://github.com/rebootuser/LinEnum) | | pspy | Process monitor (no root) | [GitHub](https://github.com/DominicBreuker/pspy) | | GTFOBins | Unix binary exploitation | [Website](https://gtfobins.github.io) | ### Active Directory | Tool | Description | Link | | -------------- | --------------------------- | ----------------------------------------------------- | | BloodHound | AD attack path mapping | [GitHub](https://github.com/BloodHoundAD/BloodHound) | | Impacket | Network protocols in Python | [GitHub](https://github.com/fortra/impacket) | | CrackMapExec | AD Swiss army knife | [GitHub](https://github.com/byt3bl33d3r/CrackMapExec) | | NetExec | CrackMapExec successor | [GitHub](https://github.com/Pennyw0rth/NetExec) | | Certipy | AD CS abuse | [GitHub](https://github.com/ly4k/Certipy) | | ldapdomaindump | AD LDAP dumper | [GitHub](https://github.com/dirkjanm/ldapdomaindump) | ### Pivoting | Tool | Description | Link | | ----------- | -------------------- | ------------------------------------------------ | | Chisel | TCP/UDP tunnel | [GitHub](https://github.com/jpillora/chisel) | | ligolo-ng | Tunneling/pivoting | [GitHub](https://github.com/nicocha30/ligolo-ng) | | proxychains | Proxy through chains | [GitHub](https://github.com/haad/proxychains) | | sshuttle | VPN over SSH | [GitHub](https://github.com/sshuttle/sshuttle) | ## Cloud Security ### AWS | Tool | Description | Link | | ----------- | -------------------------- | --------------------------------------------------- | | Pacu | AWS exploitation framework | [GitHub](https://github.com/RhinoSecurityLabs/pacu) | | Prowler | AWS security assessment | [GitHub](https://github.com/prowler-cloud/prowler) | | ScoutSuite | Multi-cloud auditing | [GitHub](https://github.com/nccgroup/ScoutSuite) | | CloudMapper | AWS visualization | [GitHub](https://github.com/duo-labs/cloudmapper) | ### Azure | Tool | Description | Link | | ---------- | -------------------- | ---------------------------------------------------- | | ROADtools | Azure AD recon | [GitHub](https://github.com/dirkjanm/ROADtools) | | AzureHound | BloodHound for Azure | [GitHub](https://github.com/BloodHoundAD/AzureHound) | | PowerZure | Azure exploitation | [GitHub](https://github.com/hausec/PowerZure) | | MicroBurst | Azure security tools | [GitHub](https://github.com/NetSPI/MicroBurst) | ### GCP | Tool | Description | Link | | -------------- | ---------------------- | ------------------------------------------------------------- | | GCPBucketBrute | GCS bucket brute-force | [GitHub](https://github.com/RhinoSecurityLabs/GCPBucketBrute) | | gcp\_scanner | GCP security scanner | [GitHub](https://github.com/google/gcp_scanner) | ### Kubernetes | Tool | Description | Link | | ----------- | ----------------------- | ----------------------------------------------------- | | kube-hunter | K8s penetration testing | [GitHub](https://github.com/aquasecurity/kube-hunter) | | kubeletctl | Kubelet exploitation | [GitHub](https://github.com/cyberark/kubeletctl) | | peirates | K8s pentest tool | [GitHub](https://github.com/inguardians/peirates) | | Trivy | Container scanner | [GitHub](https://github.com/aquasecurity/trivy) | ## Mobile ### Android | Tool | Description | Link | | --------- | -------------------------- | ------------------------------------------------------------------ | | Frida | Dynamic instrumentation | [Website](https://frida.re) | | Objection | Runtime mobile exploration | [GitHub](https://github.com/sensepost/objection) | | jadx | Dex to Java decompiler | [GitHub](https://github.com/skylot/jadx) | | apktool | APK reverse engineering | [GitHub](https://github.com/iBotPeaches/Apktool) | | MobSF | Mobile security framework | [GitHub](https://github.com/MobSF/Mobile-Security-Framework-MobSF) | ### iOS | Tool | Description | Link | | ---------- | -------------------------- | --------------------------------------------------- | | Frida | Dynamic instrumentation | [Website](https://frida.re) | | Objection | Runtime mobile exploration | [GitHub](https://github.com/sensepost/objection) | | ipatool | IPA download | [GitHub](https://github.com/majd/ipatool) | | ios-deploy | iOS app deployment | [GitHub](https://github.com/ios-control/ios-deploy) | ## Wireless ### WiFi | Tool | Description | Link | | ----------- | ------------------------ | ------------------------------------------------ | | aircrack-ng | WiFi security suite | [Website](https://www.aircrack-ng.org) | | Wifite2 | Automated WiFi auditing | [GitHub](https://github.com/derv82/wifite2) | | hcxdumptool | Capture PMKID/handshakes | [GitHub](https://github.com/ZerBea/hcxdumptool) | | Bettercap | MITM framework | [GitHub](https://github.com/bettercap/bettercap) | ### Bluetooth | Tool | Description | Link | | --------- | ------------------- | -------------------------------------------------------- | | Ubertooth | Bluetooth sniffing | [GitHub](https://github.com/greatscottgadgets/ubertooth) | | BlueHydra | Bluetooth discovery | [GitHub](https://github.com/pwnieexpress/blue_hydra) | ### RFID/NFC | Tool | Description | Link | | ------------ | ----------------- | -------------------------------------------------------- | | Proxmark3 | RFID/NFC research | [GitHub](https://github.com/RfidResearchGroup/proxmark3) | | Flipper Zero | Multi-tool | [Website](https://flipperzero.one) | ## Password Cracking | Tool | Description | Link | | --------------- | -------------------------- | ---------------------------------------------------- | | Hashcat | Advanced password recovery | [Website](https://hashcat.net) | | John the Ripper | Password cracker | [Website](https://www.openwall.com/john/) | | CeWL | Custom wordlist generator | [GitHub](https://github.com/digininja/CeWL) | | Hydra | Network login cracker | [GitHub](https://github.com/vanhauser-thc/thc-hydra) | ## Social Engineering | Tool | Description | Link | | ------------ | -------------------------- | --------------------------------------------------------------- | | Gophish | Phishing framework | [GitHub](https://github.com/gophish/gophish) | | Evilginx2 | MITM phishing | [GitHub](https://github.com/kgretzky/evilginx2) | | SET | Social engineering toolkit | [GitHub](https://github.com/trustedsec/social-engineer-toolkit) | | King Phisher | Phishing campaigns | [GitHub](https://github.com/rsmusllp/king-phisher) | ## Reporting | Tool | Description | Link | | ----------- | -------------------------- | ----------------------------------------------------- | | Ghostwriter | Engagement management | [GitHub](https://github.com/GhostManager/Ghostwriter) | | Pwndoc | Pentest report generation | [GitHub](https://github.com/pwndoc/pwndoc) | | PlexTrac | Pentest reporting platform | [Website](https://plextrac.com) | | Dradis | Collaboration/reporting | [Website](https://dradisframework.com) | ## Wordlists | Resource | Description | Link | | -------------------- | ------------------ | ------------------------------------------------------------- | | SecLists | Security wordlists | [GitHub](https://github.com/danielmiessler/SecLists) | | PayloadsAllTheThings | Useful payloads | [GitHub](https://github.com/swisskyrepo/PayloadsAllTheThings) | | fuzzdb | Attack patterns | [GitHub](https://github.com/fuzzdb-project/fuzzdb) | | wordlists | Common wordlists | [GitHub](https://github.com/kkrypt0nn/wordlists) | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.pentest-book.com/others/tool-index.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.