ZAP Proxy
Open-source scanner to find web app vulnerabilities, useful for developers and pentesters.
HTTP Toolkit
Open-source tool to intercept, inspect, and modify HTTP(S) traffic for testing and debugging.
Container Penetration Toolkit
Toolkit for container exploitation and escaping to compromise Kubernetes clusters.
WPCracker
Enumerates users and brute forces WordPress logins with adjustable attack aggressiveness.
MetaFinder
Searches domain documents via search engines to extract relevant metadata.
RunasCs
Runs processes with alternate credentials in Windows, improving on runas.exe limitations.
Kerbrute
Bruteforce and enumerate AD accounts via flaws in Kerberos Pre-Authentication.
LaZagne
Extracts locally stored passwords from popular software on the compromised system.
SecLists
Collection of useful lists for security testing: passwords, usernames, fuzzing, payloads, etc.
Reverse Shell Generator
Generates reverse shell commands in various languages for easy C2 connections.
commix
Tool for automatic detection and exploitation of command injection vulnerabilities.
Nishang
Nishang is a PowerShell toolkit for post-exploitation and offensive security testing.
Responder
Responder is a LLMNR, NBT-NS, and mDNS poisoner used to capture credentials and perform SMB attacks in local networks.
PRISMX
Cloud security dashboard based on AWS CIS Benchmarks. Provides executive overview and actionable insights for technical contributors.
Scout Suite
Scout Suite assesses security posture in multi-cloud environments by collecting configuration data via cloud provider APIs and highlighting risks.
AAweRT
Recon framework automating phases of info gathering and vulnerability assessment, with organized session folders for each run.
ZEROPATH
AI scans code to detect broken auth, logic flaws, outdated dependencies, and more for developers.
HackTheLan
Automated offensive toolkit for LAN/WLAN attacks and on-site network reconnaissance.
RAWPA
Interactive assistant with methodology and workflows for pentesting and security research.
CAI
Lightweight framework to build cybersecurity AIs (CAIs), optimized for bug bounty hunting and vulnerability analysis.
ZERO Threat
AI-powered continuous pentest platform detecting 40,000+ vulnerabilities in real time.
WuppieFuzz
WuppieFuzz is a coverage-guided REST API fuzzer focused on usability, flaw explainability, and modularity.
Wapiti
Wapiti performs black-box scans on web apps, injecting payloads to identify vulnerabilities.
