Tool Index

Quick reference to all tools mentioned throughout the pentest-book, organized by category.

Reconnaissance

Subdomain Enumeration

Tool

Description

Link

amass

In-depth DNS enumeration

GitHub

subfinder

Fast subdomain discovery

GitHub

assetfinder

Find related domains

GitHub

findomain

Cross-platform subdomain finder

GitHub

github-subdomains

Find subdomains in GitHub

GitHub

crt.sh

Certificate transparency

Website

DNS Tools

Tool

Description

Link

dnsrecon

DNS enumeration script

GitHub

dnsx

Fast DNS toolkit

GitHub

massdns

High-performance DNS resolver

GitHub

puredns

Fast domain resolver/bruteforcer

GitHub

Network Scanning

Tool

Description

Link

nmap

Network exploration and security auditing

Website

masscan

Fast port scanner

GitHub

rustscan

Modern port scanner

GitHub

naabu

Fast port scanner

GitHub

OSINT

Tool

Description

Link

theHarvester

Email, subdomain, IP gathering

GitHub

Shodan

Internet-connected device search

Website

Censys

Internet asset discovery

Website

SpiderFoot

OSINT automation

GitHub

Web Application Testing

Scanners

Tool

Description

Link

Burp Suite

Web security testing platform

Website

OWASP ZAP

Web app security scanner

Website

Nikto

Web server scanner

GitHub

nuclei

Vulnerability scanner

GitHub

Caido

Modern web security tool

Website

Fuzzing

Tool

Description

Link

ffuf

Fast web fuzzer

GitHub

feroxbuster

Recursive content discovery

GitHub

gobuster

Directory/DNS/VHost brute-forcer

GitHub

dirsearch

Web path scanner

GitHub

wfuzz

Web application fuzzer

GitHub

SQL Injection

Tool

Description

Link

sqlmap

Automatic SQL injection

GitHub

ghauri

Advanced SQL injection

GitHub

NoSQLMap

NoSQL injection

GitHub

XSS

Tool

Description

Link

XSStrike

XSS detection suite

GitHub

dalfox

Parameter analysis/XSS scanner

GitHub

kxss

Reflection checker

GitHub

CMS Scanners

Tool

Description

Link

WPScan

WordPress scanner

GitHub

Droopescan

CMS scanner (Drupal, etc.)

GitHub

joomscan

Joomla scanner

GitHub

Exploitation

Frameworks

Tool

Description

Link

Metasploit

Exploitation framework

Website

Cobalt Strike

Adversary simulation

Website

Sliver

Open-source C2

GitHub

Havoc

Modern C2 framework

GitHub

Binary Exploitation

Tool

Description

Link

pwntools

CTF/exploit development

GitHub

ROPgadget

ROP chain builder

GitHub

ropper

ROP gadget finder

GitHub

GEF

GDB enhanced features

GitHub

pwndbg

GDB for hackers

GitHub

Post-Exploitation

Windows

Tool

Description

Link

Mimikatz

Credential extraction

GitHub

Rubeus

Kerberos abuse

GitHub

SharpCollection

Compiled .NET tools

GitHub

Seatbelt

Host survey tool

GitHub

PowerSploit

PowerShell post-exploitation

GitHub

Linux

Tool

Description

Link

LinPEAS

Linux privilege escalation

GitHub

linEnum

Linux enumeration

GitHub

pspy

Process monitor (no root)

GitHub

GTFOBins

Unix binary exploitation

Website

Active Directory

Tool

Description

Link

BloodHound

AD attack path mapping

GitHub

Impacket

Network protocols in Python

GitHub

CrackMapExec

AD Swiss army knife

GitHub

NetExec

CrackMapExec successor

GitHub

Certipy

AD CS abuse

GitHub

ldapdomaindump

AD LDAP dumper

GitHub

Pivoting

Tool

Description

Link

Chisel

TCP/UDP tunnel

GitHub

ligolo-ng

Tunneling/pivoting

GitHub

proxychains

Proxy through chains

GitHub

sshuttle

VPN over SSH

GitHub

Cloud Security

AWS

Tool

Description

Link

Pacu

AWS exploitation framework

GitHub

Prowler

AWS security assessment

GitHub

ScoutSuite

Multi-cloud auditing

GitHub

CloudMapper

AWS visualization

GitHub

Azure

Tool

Description

Link

ROADtools

Azure AD recon

GitHub

AzureHound

BloodHound for Azure

GitHub

PowerZure

Azure exploitation

GitHub

MicroBurst

Azure security tools

GitHub

GCP

Tool

Description

Link

GCPBucketBrute

GCS bucket brute-force

GitHub

gcp_scanner

GCP security scanner

GitHub

Kubernetes

Tool

Description

Link

kube-hunter

K8s penetration testing

GitHub

kubeletctl

Kubelet exploitation

GitHub

peirates

K8s pentest tool

GitHub

Trivy

Container scanner

GitHub

Mobile

Android

Tool

Description

Link

Frida

Dynamic instrumentation

Website

Objection

Runtime mobile exploration

GitHub

jadx

Dex to Java decompiler

GitHub

apktool

APK reverse engineering

GitHub

MobSF

Mobile security framework

GitHub

iOS

Tool

Description

Link

Frida

Dynamic instrumentation

Website

Objection

Runtime mobile exploration

GitHub

ipatool

IPA download

GitHub

ios-deploy

iOS app deployment

GitHub

Wireless

WiFi

Tool

Description

Link

aircrack-ng

WiFi security suite

Website

Wifite2

Automated WiFi auditing

GitHub

hcxdumptool

Capture PMKID/handshakes

GitHub

Bettercap

MITM framework

GitHub

Bluetooth

Tool

Description

Link

Ubertooth

Bluetooth sniffing

GitHub

BlueHydra

Bluetooth discovery

GitHub

RFID/NFC

Tool

Description

Link

Proxmark3

RFID/NFC research

GitHub

Flipper Zero

Multi-tool

Website

Password Cracking

Tool

Description

Link

Hashcat

Advanced password recovery

Website

John the Ripper

Password cracker

Website

CeWL

Custom wordlist generator

GitHub

Hydra

Network login cracker

GitHub

Tool

Description

Link

Gophish

Phishing framework

GitHub

Evilginx2

MITM phishing

GitHub

SET

Social engineering toolkit

GitHub

King Phisher

Phishing campaigns

GitHub

Reporting

Tool

Description

Link

Ghostwriter

Engagement management

GitHub

Pwndoc

Pentest report generation

GitHub

PlexTrac

Pentest reporting platform

Website

Dradis

Collaboration/reporting

Website

Wordlists

Resource

Description

Link

SecLists

Security wordlists

GitHub

PayloadsAllTheThings

Useful payloads

GitHub

fuzzdb

Attack patterns

GitHub

wordlists

Common wordlists

GitHub

PreviousBrowser Extension Security NextAttack Index

Last updated 8 days ago

Was this helpful?

hashtagReconnaissance

hashtagSubdomain Enumeration

hashtagDNS Tools

hashtagNetwork Scanning

hashtagOSINT

hashtagWeb Application Testing

hashtagScanners

hashtagFuzzing

hashtagSQL Injection

hashtagXSS

hashtagCMS Scanners

hashtagExploitation

hashtagFrameworks

hashtagBinary Exploitation

hashtagPost-Exploitation

hashtagWindows

hashtagLinux

hashtagActive Directory

hashtagPivoting

hashtagCloud Security

hashtagAWS

hashtagAzure

hashtagGCP

hashtagKubernetes

hashtagMobile

hashtagAndroid

hashtagiOS

hashtagWireless

hashtagWiFi

hashtagBluetooth

hashtagRFID/NFC

hashtagPassword Cracking

hashtagSocial Engineering

hashtagReporting

hashtagWordlists

Reconnaissance

Subdomain Enumeration

DNS Tools

Network Scanning

OSINT

Web Application Testing

Scanners

Fuzzing

SQL Injection

XSS

CMS Scanners

Exploitation

Frameworks

Binary Exploitation

Post-Exploitation

Windows

Linux

Active Directory

Pivoting

Cloud Security

AWS

Azure

GCP

Kubernetes

Mobile

Android

iOS

Wireless

WiFi

Bluetooth

RFID/NFC

Password Cracking

Social Engineering

Reporting

Wordlists