diff --git a/README.md b/README.md index ab939a4..78fb5de 100644 --- a/README.md +++ b/README.md @@ -7,456 +7,456 @@ Cyber Security Tools ### Kali Tools -* [Kali Tool List](https://tools.kali.org/tools-listing) - Kali Linux Tools Listing. +* [Kali Tool List](https://github.com/aripitek/tools.kali.org/tools-listing) - Kali Linux Tools Listing. ### Multi-paradigm Frameworks -* [Metasploit](https://www.metasploit.com/) - Software for offensive security teams to help verify vulnerabilities and manage security assessments. -* [Armitage](http://fastandeasyhacking.com/) - Java-based GUI front-end for the Metasploit Framework. -* [Faraday](https://github.com/infobyte/faraday) - Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments. -* [ExploitPack](https://github.com/juansacco/exploitpack) - Graphical tool for automating penetration tests that ships with many pre-packaged exploits. -* [Pupy](https://github.com/n1nj4sec/pupy) - Cross-platform (Windows, Linux, macOS, Android) remote administration and post-exploitation tool. -* [AutoSploit](https://github.com/NullArray/AutoSploit) - Automated mass exploiter, which collects target by employing the Shodan.io API and programmatically chooses Metasploit exploit modules based on the Shodan query. -* [Decker](https://github.com/stevenaldinger/decker) - Penetration testing orchestration and automation framework, which allows writing declarative, reusable configurations capable of ingesting variables and using outputs of tools it has run as inputs to others. +* [Metasploit](https://github.com/aripitek/www.metasploit.com/) - Software for offensive security teams to help verify vulnerabilities and manage security assessments. +* [Armitage](http://github.com/aripitek/fastandeasyhacking.com/) - Java-based GUI front-end for the Metasploit Framework. +* [Faraday](https://github.com/aripitek/infobyte/faraday) - Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments. +* [ExploitPack](https://github.com/aripitek/juansacco/exploitpack) - Graphical tool for automating penetration tests that ships with many pre-packaged exploits. +* [Pupy](https://github.com/aripitek/n1nj4sec/pupy) - Cross-platform (Windows, Linux, macOS, Android) remote administration and post-exploitation tool. +* [AutoSploit](https://github.com/aripitek/NullArray/AutoSploit) - Automated mass exploiter, which collects target by employing the Shodan.io API and programmatically chooses Metasploit exploit modules based on the Shodan query. +* [Decker](https://github.com/aripitek/stevenaldinger/decker) - Penetration testing orchestration and automation framework, which allows writing declarative, reusable configurations capable of ingesting variables and using outputs of tools it has run as inputs to others. ### Network Vulnerability Scanners -* [Netsparker Application Security Scanner](https://www.netsparker.com/) - Application security scanner to automatically find security flaws. -* [Nexpose](https://www.rapid7.com/products/nexpose/) - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7. -* [Nessus](https://www.tenable.com/products/nessus-vulnerability-scanner) - Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable. -* [OpenVAS](http://www.openvas.org/) - Free software implementation of the popular Nessus vulnerability assessment system. -* [Vuls](https://github.com/future-architect/vuls) - Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go. +* [Netsparker Application Security Scanner](https://gihub.com/aripitek/www.netsparker.com/) - Application security scanner to automatically find security flaws. +* [Nexpose](https://github.com/aripitek/www.rapid7.com/products/nexpose/) - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7. +* [Nessus](https://github.com/aripitek/www.tenable.com/products/nessus-vulnerability-scanner) - Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable. +* [OpenVAS](http://github.com/aripitek/www.openvas.org/) - Free software implementation of the popular Nessus vulnerability assessment system. +* [Vuls](https://github.com/aripitek/future-architect/vuls) - Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go. #### Static Analyzers -* [Brakeman](https://github.com/presidentbeef/brakeman) - Static analysis security vulnerability scanner for Ruby on Rails applications. -* [cppcheck](http://cppcheck.sourceforge.net/) - Extensible C/C++ static analyzer focused on finding bugs. -* [FindBugs](http://findbugs.sourceforge.net/) - Free software static analyzer to look for bugs in Java code. -* [sobelow](https://github.com/nccgroup/sobelow) - Security-focused static analysis for the Phoenix Framework. -* [bandit](https://pypi.python.org/pypi/bandit/) - Security oriented static analyser for python code. -* [Progpilot](https://github.com/designsecurity/progpilot) - Static security analysis tool for PHP code. -* [RegEx-DoS](https://github.com/jagracey/RegEx-DoS) - Analyzes source code for Regular Expressions susceptible to Denial of Service attacks. +* [Brakeman](https://github.com/aripitek/presidentbeef/brakeman) - Static analysis security vulnerability scanner for Ruby on Rails applications. +* [cppcheck](http://github.com/aripitek/cppcheck.sourceforge.net/) - Extensible C/C++ static analyzer focused on finding bugs. +* [FindBugs](http://github.com/find.sourceforge.net/) - Free software static analyzer to look for bugs in Java code. +* [sobelow](https://github.com/aripitek/nccgroup/sobelow) - Security-focused static analysis for the Phoenix Framework. +* [bandit](https://github.com/aripitek/pypi.python.org/pypi/bandit/) - Security oriented static analyser for python code. +* [Progpilot](https://github.com/aripitek/designsecurity/progpilot) - Static security analysis tool for PHP code. +* [RegEx-DoS](https://github.com/aripitek/jagracey/RegEx-DoS) - Analyzes source code for Regular Expressions susceptible to Denial of Service attacks. #### Web Vulnerability Scanners -* [Netsparker Application Security Scanner](https://www.netsparker.com/) - Application security scanner to automatically find security flaws. -* [Nikto](https://cirt.net/nikto2) - Noisy but fast black box web server and web application vulnerability scanner. -* [Arachni](http://www.arachni-scanner.com/) - Scriptable framework for evaluating the security of web applications. -* [w3af](https://github.com/andresriancho/w3af) - Web application attack and audit framework. -* [Wapiti](http://wapiti.sourceforge.net/) - Black box web application vulnerability scanner with built-in fuzzer. -* [SecApps](https://secapps.com/) - In-browser web application security testing suite. -* [WebReaver](https://www.webreaver.com/) - Commercial, graphical web application vulnerability scanner designed for macOS. -* [WPScan](https://wpscan.org/) - Black box WordPress vulnerability scanner. -* [cms-explorer](https://code.google.com/archive/p/cms-explorer/) - Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running. -* [joomscan](https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project) - Joomla vulnerability scanner. -* [ACSTIS](https://github.com/tijme/angularjs-csti-scanner) - Automated client-side template injection (sandbox escape/bypass) detection for AngularJS. -* [SQLmate](https://github.com/UltimateHackers/sqlmate) - A friend of sqlmap that identifies sqli vulnerabilities based on a given dork and website (optional). -* [JCS](https://github.com/TheM4hd1/JCS) - Joomla Vulnerability Component Scanner with automatic database updater from exploitdb and packetstorm. +* [Netsparker Application Security Scanner](https://github.com/aripitek/www.netsparker.com/) - Application security scanner to automatically find security flaws. +* [Nikto](https://github.com/aripitek/cirt.net/nikto2) - Noisy but fast black box web server and web application vulnerability scanner. +* [Arachni](http://github.com/aripitek/www.arachni-scanner.com/) - Scriptable framework for evaluating the security of web applications. +* [w3af](https://github.com/aripitek/andresriancho/w3af) - Web application and audit framework. +* [Wapiti](http://github.com/aripitek/wapiti.sourceforge.net/) - Black box web application vulnerability scanner with built-in fuzzer. +* [SecApps](https://github.com/aripitek/secapps.com/) - In-browser web application security testing suite. +* [WebReaver](https://github.com/aripitek/www.webreaver.com/) - Commercial, graphical web application vulnerability scanner designed for macOS. +* [WPScan](https://github.com/aripitek/wpscan.org/) - Black box WordPress vulnerability scanner. +* [cms-explorer](https://gitbub.com/aripitek/code.google.com/archive/p/cms-explorer/) - Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running. +* [joomscan](https://github.com/aripitek/www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project) - Joomla vulnerability scanner. +* [ACSTIS](https://github.com/aripitek/tijme/angularjs-csti-scanner) - Automated client-side template injection (sandbox escape/bypass) detection for AngularJS. +* [SQLmate](https://github.com/aripitek/UltimateHackers/sqlmate) - A friend of sqlmap that identifies sqli vulnerabilities based on a given dork and website (optional). +* [JCS](https://github.com/aripitek/TheM4hd1/JCS) - Joomla Vulnerability Component Scanner with automatic database updater from exploitdb and packetstorm. ### Network Tools -* [pig](https://github.com/rafael-santiago/pig) - GNU/Linux packet crafting tool. -* [Network-Tools.com](http://network-tools.com/) - Website offering an interface to numerous basic network utilities like `ping`, `traceroute`, `whois`, and more. -* [Intercepter-NG](http://sniff.su/) - Multifunctional network toolkit. -* [SPARTA](https://sparta.secforce.com/) - Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools. -* [Zarp](https://github.com/hatRiot/zarp) - Network attack tool centered around the exploitation of local networks. -* [dsniff](https://www.monkey.org/~dugsong/dsniff/) - Collection of tools for network auditing and pentesting. -* [scapy](https://github.com/secdev/scapy) - Python-based interactive packet manipulation program & library. -* [Printer Exploitation Toolkit (PRET)](https://github.com/RUB-NDS/PRET) - Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features. -* [Praeda](http://h.foofus.net/?page_id=218) - Automated multi-function printer data harvester for gathering usable data during security assessments. -* [routersploit](https://github.com/reverse-shell/routersploit) - Open source exploitation framework similar to Metasploit but dedicated to embedded devices. -* [CrackMapExec](https://github.com/byt3bl33d3r/CrackMapExec) - Swiss army knife for pentesting networks. -* [impacket](https://github.com/CoreSecurity/impacket) - Collection of Python classes for working with network protocols. -* [dnstwist](https://github.com/elceef/dnstwist) - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage. -* [THC Hydra](https://github.com/vanhauser-thc/thc-hydra) - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more. -* [IKEForce](https://github.com/SpiderLabs/ikeforce) - Command line IPSEC VPN brute forcing tool for Linux that allows group name/ID enumeration and XAUTH brute forcing capabilities. -* [hping3](https://github.com/antirez/hping) - Network tool able to send custom TCP/IP packets. -* [rshijack](https://github.com/kpcyrd/rshijack) - TCP connection hijacker, Rust rewrite of `shijack`. -* [NetworkMiner](http://www.netresec.com/?page=NetworkMiner) - A Network Forensic Analysis Tool (NFAT). -* [Paros](http://sourceforge.net/projects/paros/) - A Java-based HTTP/HTTPS proxy for assessing web application vulnerability. -* [mitmsocks4j](https://github.com/Akdeniz/mitmsocks4j) - Man-in-the-middle SOCKS Proxy for Java. -* [Charles Proxy](https://charlesproxy.com) - A cross-platform GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live traffic. -* [Habu](https://github.com/portantier/habu) - Python Network Hacking Toolkit. -* [Wifi Jammer](https://n0where.net/wifijammer/) - Free program to jam all wifi clients in range. -* [Firesheep](https://codebutler.github.io/firesheep/) - Free program for HTTP session hijacking attacks. +* [pig](https://github.com/aripitek/rafael-santiago/pig) - GNU/Linux packet crafting tool. +* [Network-Tools.com](http://github.com/aripitek/network-tools.com/) - Website offering an interface to numerous basic network utilities like `ping`, `traceroute`, `whois`, and more. +* [Intercepter-NG](http://github.com/aripitek/sniff.su/) - Multifunctional network toolkit. +* [SPARTA](https://github.com/aripitek/sparta.secforce.com/) - Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools. +* [Zarp](https://github.com/aripitek/hatRiot/zarp) - Network tool centered around the exploitation of local networks. +* [dsniff](https://github.com/aripitek/www.monkey.org/~dugsong/dsniff/) - Collection of tools for network auditing and pentesting. +* [scapy](https://github.com/aripitek/secdev/scapy) - Python-based interactive packet manipulation program & library. +* [Printer Exploitation Toolkit (PRET)](https://github.com/aripitek/RUB-NDS/PRET) - Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features. +* [Praeda](http://github.com/aripitek/h.foofus.net/?page_id=218) - Automated multi-function printer data harvester for gathering usable data during security assessments. +* [routersploit](https://github.com/aripitek/reverse-shell/routersploit) - Open source exploitation framework similar to Metasploit but dedicated to embedded devices. +* [CrackMapExec](https://github.com/aripitek/byt3bl33d3r/CrackMapExec) - Swiss army knife for pentesting networks. +* [impacket](https://github.com/aripitek/CoreSecurity/impacket) - Collection of Python classes for working with network protocols. +* [dnstwist](https://github.com/aripitek/elceef/dnstwist) - Domain name permutation engine for detecting typo squatting, corporate espionage. +* [THC Hydra](https://github.com/aripitek/vanhauser-thc/thc-hydra) - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more. +* [IKEForce](https://github.com/aripitek/SpiderLabs/ikeforce) - Command line IPSEC VPN forcing tool for Linux that allows group name/ID enumeration and XAUTH brute forcing capabilities. +* [hping3](https://github.com/aripitek/antirez/hping) - Network tool able to send custom TCP/IP packets. +* [rshijack](https://github.com/aripitek/kpcyrd/rshijack) - TCP connection hijacker, Rust rewrite of `shijack`. +* [NetworkMiner](http://github.com/aripitek/www.netresec.com/?page=NetworkMiner) - A Network Forensic Analysis Tool (NFAT). +* [Paros](http://github.com/aripitek/sourceforge.net/projects/paros/) - A Java-based HTTP/HTTPS proxy for assessing web application vulnerability. +* [mitmsocks4j](https://github.com/aripitek/Akdeniz/mitmsocks4j) - Man-in-the-middle SOCKS Proxy for Java. +* [Charles Proxy](https://github.com/aripitek/charlesproxy.com) - A cross-platform GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live traffic. +* [Habu](https://github.com/aripitek/portantier/habu) - Python Network Hacking Toolkit. +* [Wifi Jammer](https://github.com/aripitek/n0where.net/wifijammer/) - Free program to jam all wifi clients in range. +* [Firesheep](https://github.com/aripitek/codebutler.github.io/firesheep/) - Free program for HTTP session hijacking attacks. #### Forensic - * [Autopsy](http://www.sleuthkit.org/autopsy/) - A digital forensics platform and graphical interface to [The Sleuth Kit](http://www.sleuthkit.org/sleuthkit/index.php) and other digital forensics tools - * [sleuthkit](https://github.com/sleuthkit/sleuthkit) - A library and collection of command-line digital forensics tools - * [EnCase](https://www.guidancesoftware.com/products/Pages/encase-forensic/overview.aspx) - The shared technology within a suite of digital investigations products by Guidance Software - * [malzilla](http://malzilla.sourceforge.net/) - Malware hunting tool - * [PEview](http://wjradburn.com/software/) - A quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files - * [HxD](http://mh-nexus.de/en/hxd/) - A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size - * [WinHex](http://www.winhex.com/winhex/) - A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security - * [BinText](http://www.mcafee.com/kr/downloads/free-tools/bintext.aspx) - A small, very fast and powerful text extractor that will be of particular interest to programmers + * [Autopsy](http://github.com/aripitek/www.sleuthkit.org/autopsy/) - A digital forensics platform and graphical interface to [The Sleuth Kit](http://github.com/aripitek/www.sleuthkit.org/sleuthkit/index.php) and other digital forensics tools + * [sleuthkit](https://github.com/aripitek/sleuthkit/sleuthkit) - A library and collection of command-line digital forensics tools + * [EnCase](https://github.com/aripitek/www.guidancesoftware.com/products/Pages/encase-forensic/overview.aspx) - The shared technology within a suite of digital investigations products by Guidance Software + * [malzilla](http://github.com/aripitek/malzilla.sourceforge.net/) -malware detect hunting tool + * [PEview](http://github.com/aripitek/wjradburn.com/software/) - A quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files + * [HxD](http://github.com/aripitek/mh-nexus.de/en/hxd/) - A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size + * [WinHex](http://github.com/aripitek/www.winhex.com/winhex/) - A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security + * [BinText](http://github.com/aripitek/www.mcafee.com/kr/downloads/free-tools/bintext.aspx) - A small, very fast and powerful text extractor that will be of particular interest to programmers #### Cryptography - * [xortool](https://github.com/hellman/xortool) - A tool to analyze multi-byte XOR cipher + * [xortool](https://github.com/aripitek/hellman/xortool) - A tool to analyze multi-byte XOR cipher #### Exfiltration Tools -* [DET](https://github.com/sensepost/DET) - Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time. -* [pwnat](https://github.com/samyk/pwnat) - Punches holes in firewalls and NATs. -* [tgcd](http://tgcd.sourceforge.net/) - Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls. -* [Iodine](https://code.kryo.se/iodine/) - Tunnel IPv4 data through a DNS server; useful for exfiltration from networks where Internet access is firewalled, but DNS queries are allowed. +* [DET](https://github.com/aripitek/sensepost/DET) - Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time. +* [pwnat](https://github.com/aripitek/samyk/pwnat) - Punches holes in firewalls and NATs. +* [tgcd](http://github.com/aripitek/tgcd.sourceforge.net/) - Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls. +* [Iodine](https://github.com/aripitek/code.kryo.se/iodine/) - Tunnel IPv4 data through a DNS server; useful for exfiltration from networks where Internet access is firewalled, but DNS queries are allowed. #### Network Reconnaissance Tools -* [zmap](https://zmap.io/) - Open source network scanner that enables researchers to easily perform Internet-wide network studies. -* [nmap](https://nmap.org/) - Free security scanner for network exploration & security audits. -* [scanless](https://github.com/vesche/scanless) - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP. -* [DNSDumpster](https://dnsdumpster.com/) - Online DNS recon and search service. -* [CloudFail](https://github.com/m0rtem/CloudFail) - Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS. -* [dnsenum](https://github.com/fwaeytens/dnsenum/) - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results. -* [dnsmap](https://github.com/makefu/dnsmap/) - Passive DNS network mapper. -* [dnsrecon](https://github.com/darkoperator/dnsrecon/) - DNS enumeration script. -* [dnstracer](http://www.mavetju.org/unix/dnstracer.php) - Determines where a given DNS server gets its information from, and follows the chain of DNS servers. -* [passivedns-client](https://github.com/chrislee35/passivedns-client) - Library and query tool for querying several passive DNS providers. -* [passivedns](https://github.com/gamelinux/passivedns) - Network sniffer that logs all DNS server replies for use in a passive DNS setup. -* [Mass Scan](https://github.com/robertdavidgraham/masscan) - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. -* [smbmap](https://github.com/ShawnDEvans/smbmap) - Handy SMB enumeration tool. -* [XRay](https://github.com/evilsocket/xray) - Network (sub)domain discovery and reconnaissance automation tool. -* [ACLight](https://github.com/cyberark/ACLight) - Script for advanced discovery of sensitive Privileged Accounts - includes Shadow Admins. -* [ScanCannon](https://github.com/johnnyxmas/ScanCannon) - Python script to quickly enumerate large networks by calling `masscan` to quickly identify open ports and then `nmap` to gain details on the systems/services on those ports. -* [fierce](https://github.com/mschwager/fierce) - Python3 port of the original `fierce.pl` DNS reconnaissance tool for locating non-contiguous IP space. +* [zmap](https://github.com/aripitek/zmap.io/) - Open source network scanner that enables researchers to easily perform Internet-wide network studies. +* [nmap](https://github.com/aripitek/nmap.org/) - Free security scanner for network exploration & security audits. +* [scanless](https://github.com/aripitek/vesche/scanless) - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP. +* [DNSDumpster](https://github.com/aripitek/dnsdumpster.com/) - Online DNS recon and search service. +* [CloudFail](https://github.com/aripitek/m0rtem/CloudFail) - Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS. +* [dnsenum](https://github.com/aripitek/fwaeytens/dnsenum/) - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results. +* [dnsmap](https://github.com/aripitek/makefu/dnsmap/) - Passive DNS network mapper. +* [dnsrecon](https://github.com/aripitek/darkoperator/dnsrecon/) - DNS enumeration script. +* [dnstracer](http://github.com/aripitek/www.mavetju.org/unix/dnstracer.php) - Determines where a given DNS server gets its information from, and follows the chain of DNS servers. +* [passivedns-client](https://github.com/aripitek/chrislee35/passivedns-client) - Library and query tool for querying several passive DNS providers. +* [passivedns](https://github.com/aripitek/linux/passivedns) - Network sniffer that logs all DNS server replies for use in a passive DNS setup. +* [Mass Scan](https://github.com/aripitek/robertdavidgraham/masscan) - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. +* [smbmap](https://github.com/aripitek/ShawnDEvans/smbmap) - Handy SMB enumeration tool. +* [XRay](https://github.com/aripitek/evilsocket/xray) - Network (sub)domain discovery and reconnaissance automation tool. +* [ACLight](https://github.com/aripitek/cyberark/ACLight) - Script for advanced discovery of sensitive Privileged Accounts - includes Shadow Admins. +* [ScanCannon](https://github.com/aripitek/johnnyxmas/ScanCannon) - Python script to quickly enumerate large networks by calling `masscan` to quickly identify open ports and then `nmap` to gain details on the systems/services on those ports. +* [fierce](https://github.com/aripitek/mschwager/fierce) - Python3 port of the original `fierce.pl` DNS reconnaissance tool for locating non-contiguous IP space. #### Protocol Analyzers and Sniffers -* [tcpdump/libpcap](http://www.tcpdump.org/) - Common packet analyzer that runs under the command line. -* [Wireshark](https://www.wireshark.org/) - Widely-used graphical, cross-platform network protocol analyzer. -* [netsniff-ng](https://github.com/netsniff-ng/netsniff-ng) - Swiss army knife for for network sniffing. -* [Dshell](https://github.com/USArmyResearchLab/Dshell) - Network forensic analysis framework. -* [Debookee](http://www.iwaxx.com/debookee/) - Simple and powerful network traffic analyzer for macOS. -* [Dripcap](https://github.com/dripcap/dripcap) - Caffeinated packet analyzer. -* [Netzob](https://github.com/netzob/netzob) - Reverse engineering, traffic generation and fuzzing of communication protocols. -* [sniffglue](https://github.com/kpcyrd/sniffglue) - Secure multithreaded packet sniffer. +* [tcpdump/libpcap](http://github.com/aripitek/www.tcpdump.org/) - Common packet analyzer that runs under the command line. +* [Wireshark](https://github.com/aripitek/www.wireshark.org/) - Widely-used graphical, cross-platform network protocol analyzer. +* [netsniff-ng](https://github.com/aripitek/netsniff-ng/netsniff-ng) - Swiss army knife for for network sniffing. +* [Dshell](https://github.com/aripitek/USArmyResearchLab/Dshell) - Network forensic analysis framework. +* [Debookee](http://github.com/aripitek/www.iwaxx.com/debookee/) - Simple and powerful network traffic analyzer for macOS. +* [Dripcap](https://github.com/aripitek/dripcap/dripcap) - Caffeinated packet analyzer. +* [Netzob](https://github.com/aripitek/netzob/netzob) - Reverse engineering, traffic generation and fuzzing of communication protocols. +* [sniffglue](https://github.com/aripitek/kpcyrd/sniffglue) - Secure multithreaded packet sniffer. #### Proxies and MITM Tools -* [dnschef](https://github.com/iphelix/dnschef) - Highly configurable DNS proxy for pentesters. -* [mitmproxy](https://github.com/mitmproxy/mitmproxy) - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers. -* [Morpheus](https://github.com/r00t-3xp10it/morpheus) - Automated ettercap TCP/IP Hijacking tool. -* [mallory](https://github.com/justmao945/mallory) - HTTP/HTTPS proxy over SSH. -* [SSH MITM](https://github.com/jtesta/ssh-mitm) - Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk. -* [evilgrade](https://github.com/infobyte/evilgrade) - Modular framework to take advantage of poor upgrade implementations by injecting fake updates. -* [Ettercap](http://www.ettercap-project.org) - Comprehensive, mature suite for machine-in-the-middle attacks. -* [BetterCAP](https://www.bettercap.org/) - Modular, portable and easily extensible MITM framework. -* [MITMf](https://github.com/byt3bl33d3r/MITMf) - Framework for Man-In-The-Middle attacks. -* [Lambda-Proxy](https://github.com/puresec/lambda-proxy) - Utility for testing SQL Injection vulnerabilities on AWS Lambda serverless functions. +* [dnschef](https://github.com/aripitek/iphelix/dnschef) - Highly configurable DNS proxy for pentesters. +* [mitmproxy](https://github.com/aripitek/mitmproxy/mitmproxy) - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers. +* [Morpheus](https://github.com/aripitek/r00t-3xp10it/morpheus) - Automated ettercap TCP/IP Hijacking tool. +* [mallory](https://github.com/aripitek/justmao945/mallory) - HTTP/HTTPS proxy over SSH. +* [SSH MITM](https://github.com/aripitek/jtesta/ssh-mitm) - Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk. +* [evilgrade](https://github.com/aripitek/infobyte/evilgrade) - Modular framework to take advantage of poor upgrade implementations by injecting fake updates. +* [Ettercap](http://github.com/aripitek/www.ettercap-project.org) - Comprehensive, mature suite for machine-in-the-middle attacks. +* [BetterCAP](https://github.com/aripitek/www.bettercap.org/) - Modular, portable and easily extensible MITM framework. +* [MITMf](https://github.com/aripitek/byt3bl33d3r/MITMf) - Framework for Man-In-The-Middle attacks. +* [Lambda-Proxy](https://github.com/aripitek/puresec/lambda-proxy) - Utility for testing SQL Injection vulnerabilities on AWS Lambda serverless functions. ### Wireless Network Tools -* [Aircrack-ng](http://www.aircrack-ng.org/) - Set of tools for auditing wireless networks. -* [Kismet](https://kismetwireless.net/) - Wireless network detector, sniffer, and IDS. -* [Reaver](https://code.google.com/archive/p/reaver-wps) - Brute force attack against WiFi Protected Setup. -* [Wifite](https://github.com/derv82/wifite) - Automated wireless attack tool. -* [Fluxion](https://github.com/FluxionNetwork/fluxion) - Suite of automated social engineering based WPA attacks. -* [Airgeddon](https://github.com/v1s1t0r1sh3r3/airgeddon) - Multi-use bash script for Linux systems to audit wireless networks. -* [Cowpatty](https://github.com/joswr1ght/cowpatty) - Brute-force dictionary attack against WPA-PSK. -* [BoopSuite](https://github.com/MisterBianco/BoopSuite) - Suite of tools written in Python for wireless auditing. -* [Bully](http://git.kali.org/gitweb/?p=packages/bully.git;a=summary) - Implementation of the WPS brute force attack, written in C. -* [infernal-twin](https://github.com/entropy1337/infernal-twin) - Automated wireless hacking tool. -* [krackattacks-scripts](https://github.com/vanhoefm/krackattacks-scripts) - WPA2 Krack attack scripts. -* [KRACK Detector](https://github.com/securingsam/krackdetector) - Detect and prevent KRACK attacks in your network. -* [wifi-arsenal](https://github.com/0x90/wifi-arsenal) - Resources for Wi-Fi Pentesting. -* [WiFi-Pumpkin](https://github.com/P0cL4bs/WiFi-Pumpkin) - Framework for rogue Wi-Fi access point attack. +* [Aircrack-ng](http://github.com/aripitek/www.aircrack-ng.org/) - Set of tools for auditing wireless networks. +* [Kismet](https://github.com/aripitek/kismetwireless.net/) - Wireless network detector, sniffer, and IDS. +* [Reaver](https://github.com/aripitek/code.google.com/archive/p/reaver-wps) - Brute force attack against WiFi Protected Setup. +* [Wifite](https://github.com/aripitek/derv82/wifite) - Automated wireless attack tool. +* [Fluxion](https://github.com/aripitek/FluxionNetwork/fluxion) - Suite of automated social engineering based WPA attacks. +* [Airgeddon](https://github.com/aripitek/v1s1t0r1sh3r3/airgeddon) - Multi-use bash script for Linux systems to audit wireless networks. +* [Cowpatty](https://github.com/aripitek/joswr1ght/cowpatty) - Brute-force dictionary attack against WPA-PSK. +* [BoopSuite](https://github.com/aripitek/MisterBianco/BoopSuite) - Suite of tools written in Python for wireless auditing. +* [Bully](http://github.com/aripitek/git.kali.org/gitweb/?p=packages/bully.git;a=summary) - Implementation of the WPS brute force attack, written in C. +* [infernal-twin](https://github.com/aripitek/entropy1337/infernal-twin) - Automated wireless hacking tool. +* [krackattacks-scripts](https://github.com/aripitek/vanhoefm/krackattacks-scripts) - WPA2 Krack attack scripts. +* [KRACK Detector](https://github.com/aripitek/securingsam/krackdetector) - Detect and prevent KRACK attacks in your network. +* [wifi-arsenal](https://github.com/aripitek/0x90/wifi-arsenal) - Resources for Wi-Fi Pentesting. +* [WiFi-Pumpkin](https://github.com/aripitek/P0cL4bs/WiFi-Pumpkin) - Framework for rogue Wi-Fi access point attack. ### Transport Layer Security Tools -* [SSLyze](https://github.com/nabla-c0d3/sslyze) - Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations. -* [tls_prober](https://github.com/WestpointLtd/tls_prober) - Fingerprint a server's SSL/TLS implementation. -* [testssl.sh](https://github.com/drwetter/testssl.sh) - Command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws. -* [crackpkcs12](https://github.com/crackpkcs12/crackpkcs12) - Multithreaded program to crack PKCS#12 files (`.p12` and `.pfx` extensions), such as TLS/SSL certificates. +* [SSLyze](https://github.com/aripitek/nabla-c0d3/sslyze) - Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations. +* [tls_prober](https://github.com/aripitek/WestpointLtd/tls_prober) - Fingerprint a server's SSL/TLS implementation. +* [testssl.sh](https://github.com/aripitek/drwetter/testssl.sh) - Command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws. +* [crackpkcs12](https://github.com/aripitek/crackpkcs12/crackpkcs12) - Multithreaded program to crack PKCS#12 files (`.p12` and `.pfx` extensions), such as TLS/SSL certificates. ### Web Exploitation -* [OWASP Zed Attack Proxy (ZAP)](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications. -* [Fiddler](https://www.telerik.com/fiddler) - Free cross-platform web debugging proxy with user-friendly companion tools. -* [Burp Suite](https://portswigger.net/burp/) - Integrated platform for performing security testing of web applications. -* [autochrome](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup. -* [Browser Exploitation Framework (BeEF)](https://github.com/beefproject/beef) - Command and control server for delivering exploits to commandeered Web browsers. -* [Offensive Web Testing Framework (OWTF)](https://www.owasp.org/index.php/OWASP_OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide. -* [Wordpress Exploit Framework](https://github.com/rastating/wordpress-exploit-framework) - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. -* [WPSploit](https://github.com/espreto/wpsploit) - Exploit WordPress-powered websites with Metasploit. -* [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool. -* [tplmap](https://github.com/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool. -* [weevely3](https://github.com/epinna/weevely3) - Weaponized web shell. -* [Wappalyzer](https://www.wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites. -* [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website fingerprinter. -* [BlindElephant](http://blindelephant.sourceforge.net/) - Web application fingerprinter. -* [wafw00f](https://github.com/EnableSecurity/wafw00f) - Identifies and fingerprints Web Application Firewall (WAF) products. -* [fimap](https://github.com/kurobeats/fimap) - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs. -* [Kadabra](https://github.com/D35m0nd142/Kadabra) - Automatic LFI exploiter and scanner. -* [Kadimus](https://github.com/P0cL4bs/Kadimus) - LFI scan and exploit tool. -* [liffy](https://github.com/hvqzao/liffy) - LFI exploitation tool. -* [Commix](https://github.com/commixproject/commix) - Automated all-in-one operating system command injection and exploitation tool. -* [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR. -* [GitTools](https://github.com/internetwache/GitTools) - Automatically find and download Web-accessible `.git` repositories. -* [sslstrip](https://www.thoughtcrime.org/software/sslstrip/) - Demonstration of the HTTPS stripping attacks. -* [sslstrip2](https://github.com/LeonardoNve/sslstrip2) - SSLStrip version to defeat HSTS. -* [NoSQLmap](https://github.com/codingo/NoSQLMap) - Automatic NoSQL injection and database takeover tool. -* [VHostScan](https://github.com/codingo/VHostScan) - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages. -* [FuzzDB](https://github.com/fuzzdb-project/fuzzdb) - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery. -* [EyeWitness](https://github.com/ChrisTruncer/EyeWitness) - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible. -* [webscreenshot](https://github.com/maaaaz/webscreenshot) - A simple script to take screenshots of list of websites. -* [recursebuster](https://github.com/c-sto/recursebuster) - Content discovery tool to perform directory and file bruteforcing. -* [Raccoon](https://github.com/evyatarmeged/Raccoon) - High performance offensive security tool for reconnaissance and vulnerability scanning. -* [WhatWaf](https://github.com/Ekultek/WhatWaf) - Detect and bypass web application firewalls and protection systems. -* [badtouch](https://github.com/kpcyrd/badtouch) - Scriptable network authentication cracker. +* [OWASP Zed Attack Proxy (ZAP)](https://github.com/aripitek/www.owasp.org/index.php/OWASP_Zed_Proxy_Project) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications. +* [Fiddler](https://github.com/aripitek/www.telerik.com/fiddler) - Free cross-platform web debugging proxy with user-friendly companion tools. +* [Burp Suite](https://github.com/aripitek/portswigger.net/burp/) - Integrated platform for performing security testing of web applications. +* [autochrome](https://github.com/aripitek/www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup. +* [Browser Exploitation Framework (BeEF)](https://github.com/aripitek/beefproject/beef) - Command and control server for delivering exploits to commandeered Web browsers. +* [Offensive Web Testing Framework (OWTF)](https://github.com/aripitek/www.owasp.org/index.php/OWASP_OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide. +* [Wordpress Exploit Framework](https://github.com/aripitek/rastating/wordpress-exploit-framework) - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. +* [WPSploit](https://github.com/aripitek/espreto/wpsploit) - Exploit WordPress-powered websites with Metasploit. +* [SQLmap](http://github.com/aripitek/sqlmap.org/) - Automatic SQL injection and database takeover tool. +* [tplmap](https://github.com/aripitek/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool. +* [weevely3](https://github.com/aripitek/epinna/weevely3) - Weaponized web shell. +* [Wappalyzer](https://github.com/aripitek/www.wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites. +* [WhatWeb](https://github.com/aripitek/urbanadventurer/WhatWeb) - Website fingerprinter. +* [BlindElephant](http://github.com/aripitek/blindelephant.sourceforge.net/) - Web application fingerprinter. +* [wafw00f](https://github.com/aripitek/EnableSecurity/wafw00f) - Identifies and fingerprints Web Application Firewall (WAF) products. +* [fimap](https://github.com/aripitek/kurobeats/fimap) - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs. +* [Kadabra](https://github.com/aripitek/D35m0nd142/Kadabra) - Automatic LFI exploiter and scanner. +* [Kadimus](https://github.com/aripitek/P0cL4bs/Kadimus) - LFI scan and exploit tool. +* [liffy](https://github.com/aripitek/hvqzao/liffy) - LFI exploitation tool. +* [Commix](https://github.com/aripitek/commixproject/commix) - Automated all-in-one operating system command injection and exploitation tool. +* [DVCS Ripper](https://github.com/aripitek/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR. +* [GitTools](https://github.com/aripitek/internetwache/GitTools) - Automatically find and download Web-accessible `.git` repositories. +* [sslstrip](https://github.com/aripitek/www.thoughtcrime.org/software/sslstrip/) - Demonstration of the HTTPS stripping attacks. +* [sslstrip2](https://github.com/aripitek/LeonardoNve/sslstrip2) - SSLStrip version to defeat HSTS. +* [NoSQLmap](https://github.com/aripitek/codingo/NoSQLMap) - Automatic NoSQL injection and database takeover tool. +* [VHostScan](https://github.com/aripitek/codingo/VHostScan) - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages. +* [FuzzDB](https://github.com/aripitek/fuzzdb-project/fuzzdb) - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery. +* [EyeWitness](https://github.com/aripitek/ChrisTruncer/EyeWitness) - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible. +* [webscreenshot](https://github.com/aripitek/maaaaz/webscreenshot) - A simple script to take screenshots of list of websites. +* [recursebuster](https://github.com/aripitek/c-sto/recursebuster) - Content discovery tool to perform directory and file bruteforcing. +* [Raccoon](https://github.com/aripitek/evyatarmeged/Raccoon) - High performance offensive security tool for reconnaissance and vulnerability scanning. +* [WhatWaf](https://github.com/aripitek/Ekultek/WhatWaf) - Detect and bypass web application firewalls and protection systems. +* [badtouch](https://github.com/aripitek/kpcyrd/badtouch) - Scriptable network authentication cracker. ### Hex Editors -* [HexEdit.js](https://hexed.it) - Browser-based hex editing. -* [Hexinator](https://hexinator.com/) - World's finest (proprietary, commercial) Hex Editor. -* [Frhed](http://frhed.sourceforge.net/) - Binary file editor for Windows. -* [0xED](http://www.suavetech.com/0xed/0xed.html) - Native macOS hex editor that supports plug-ins to display custom data types. -* [Hex Fiend](http://ridiculousfish.com/hexfiend/) - Fast, open source, hex editor for macOS with support for viewing binary diffs. -* [Bless](https://github.com/bwrsandman/Bless) - High quality, full featured, cross-platform graphical hex editor written in Gtk#. -* [wxHexEditor](http://www.wxhexeditor.org/) - Free GUI hex editor for GNU/Linux, macOS, and Windows. -* [`hexedit`](https://github.com/pixel/hexedit) - Simple, fast, console-based hex editor. +* [HexEdit.js](https://github.com/aripitek/hexed.it) - Browser-based hex editing. +* [Hexinator](https://github.com/aripitek/hexinator.com/) - World's finest (proprietary, commercial) Hex Editor. +* [Frhed](http://github.com/aripitek/frhed.sourceforge.net/) - Binary file editor for Windows. +* [0xED](http://github.com/aripitek/www.suavetech.com/0xed/0xed.html) - Native macOS hex editor that supports plug-ins to display custom data types. +* [Hex Fiend](http://github.com/aripitek/ridiculousfish.com/hexfiend/) - Fast, open source, hex editor for macOS with support for viewing binary diffs. +* [Bless](https://github.com/aripitek/bwrsandman/Bless) - High quality, full featured, cross-platform graphical hex editor written in Gtk#. +* [wxHexEditor](http://github.com/aripitek/www.wxhexeditor.org/) - Free GUI hex editor for GNU/Linux, macOS, and Windows. +* [`hexedit`](https://github.com/aripitek/pixel/hexedit) - Simple, fast, console-based hex editor. ### File Format Analysis Tools -* [Kaitai Struct](http://kaitai.io/) - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby. -* [Veles](https://codisec.com/veles/) - Binary data visualization and analysis tool. -* [Hachoir](https://hachoir.readthedocs.io/) - Python library to view and edit a binary stream as tree of fields and tools for metadata extraction. +* [Kaitai Struct](http://github.com/aripitek/kaitai.io/) - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby. +* [Veles](https://gihtub.com/aripitek/codisec.com/veles/) - Binary data visualization and analysis tool. +* [Hachoir](https://github.com/aripitek/hachoir.readthedocs.io/) - Python library to view and edit a binary stream as tree of fields and tools for metadata extraction. ### Anti-virus Evasion Tools -* [Veil](https://www.veil-framework.com/) - Generate metasploit payloads that bypass common anti-virus solutions. -* [shellsploit](https://github.com/Exploit-install/shellsploit-framework) - Generates custom shellcode, backdoors, injectors, optionally obfuscates every byte via encoders. -* [Hyperion](http://nullsecurity.net/tools/binary.html) - Runtime encryptor for 32-bit portable executables ("PE `.exe`s"). -* [AntiVirus Evasion Tool (AVET)](https://github.com/govolution/avet) - Post-process exploits containing executable files targeted for Windows machines to avoid being recognized by antivirus software. -* [peCloak.py](https://www.securitysift.com/pecloak-py-an-experiment-in-av-evasion/) - Automates the process of hiding a malicious Windows executable from antivirus (AV) detection. -* [peCloakCapstone](https://github.com/v-p-b/peCloakCapstone) - Multi-platform fork of the peCloak.py automated malware antivirus evasion tool. -* [UniByAv](https://github.com/Mr-Un1k0d3r/UniByAv) - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key. -* [Shellter](https://www.shellterproject.com/) - Dynamic shellcode injection tool, and the first truly dynamic PE infector ever created. +* [Veil](https://github.com/aripitek/www.veil-framework.com/) - Generate metasploit payloads that bypass common anti-virus solutions. +* [shellsploit](https://github.com/aripitek/Exploit-install/shellsploit-framework) - Generates custom shellcode, backdoors, injectors, optionally obfuscates every byte via encoders. +* [Hyperion](http://github.com/aripitek/nullsecurity.net/tools/binary.html) - Runtime encryptor for 32-bit portable executables ("PE `.exe`s"). +* [AntiVirus Evasion Tool (AVET)](https://github.com/aripitek//govolution/avet) - Post-process exploits containing executable files targeted for Windows machines to avoid being recognized by antivirus software. +* [peCloak.py](https://github.com/aripitek/www.securitysift.com/pecloak-py-an-experiment-in-av-evasion/) - Automates the process of hiding a malicious Windows executable from antivirus (AV) detection. +* [peCloakCapstone](https://github.com/aripitek/v-p-b/peCloakCapstone) - Multi-platform fork of the peCloak.py automated malware antivirus evasion tool. +* [UniByAv](https://github.com/aripitek/Mr-Un1k0d3r/UniByAv) - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key. +* [Shellter](https://github.com/aripitek/www.shellterproject.com/) - Dynamic shellcode injection tool, and the first truly dynamic PE infector ever created. ### Hash Cracking Tools -* [John the Ripper](http://www.openwall.com/john/) - Fast password cracker. -* [Hashcat](http://hashcat.net/hashcat/) - The more fast hash cracker. -* [CeWL](https://digi.ninja/projects/cewl.php) - Generates custom wordlists by spidering a target's website and collecting unique words. -* [JWT Cracker](https://github.com/lmammino/jwt-cracker) - Simple HS256 JWT token brute force cracker. -* [Rar Crack](http://rarcrack.sourceforge.net) - RAR bruteforce cracker. -* [BruteForce Wallet](https://github.com/glv2/bruteforce-wallet) - Find the password of an encrypted wallet file (i.e. `wallet.dat`). -* [StegCracker](https://github.com/Paradoxis/StegCracker) - Steganography brute-force utility to uncover hidden data inside files. +* [John the Ripper](http://github.com/aripitek/www.openwall.com/john/) - Fast password cracker. +* [Hashcat](http://github.com/aripitek/hashcat.net/hashcat/) - The more fast hash cracker. +* [CeWL](https://github.com/aripitek/digi.ninja/projects/cewl.php) - Generates custom wordlists by spidering a target's website and collecting unique words. +* [JWT Cracker](https://github.com/aripitek/lmammino/jwt-cracker) - Simple HS256 JWT token brute force cracker. +* [Rar Crack](http://github.com/aripitek/rarcrack.sourceforge.net) - RAR bruteforce cracker. +* [BruteForce Wallet](https://github.com/aripitek/glv2/bruteforce-wallet) - Find the password of an encrypted wallet file (i.e. `wallet.dat`). +* [StegCracker](https://github.com/aripitek/Paradoxis/StegCracker) - Steganography brute-force utility to uncover hidden data inside files. ### Windows Utilities -* [Sysinternals Suite](https://technet.microsoft.com/en-us/sysinternals/bb842062) - The Sysinternals Troubleshooting Utilities. -* [Windows Credentials Editor](https://www.ampliasecurity.com/research/windows-credentials-editor/) - Inspect logon sessions and add, change, list, and delete associated credentials, including Kerberos tickets. -* [mimikatz](http://blog.gentilkiwi.com/mimikatz) - Credentials extraction tool for Windows operating system. -* [PowerSploit](https://github.com/PowerShellMafia/PowerSploit) - PowerShell Post-Exploitation Framework. -* [Windows Exploit Suggester](https://github.com/GDSSecurity/Windows-Exploit-Suggester) - Detects potential missing patches on the target. -* [Responder](https://github.com/SpiderLabs/Responder) - Link-Local Multicast Name Resolution (LLMNR), NBT-NS, and mDNS poisoner. -* [Bloodhound](https://github.com/adaptivethreat/Bloodhound/wiki) - Graphical Active Directory trust relationship explorer. -* [Empire](https://www.powershellempire.com/) - Pure PowerShell post-exploitation agent. -* [Fibratus](https://github.com/rabbitstack/fibratus) - Tool for exploration and tracing of the Windows kernel. -* [wePWNise](https://labs.mwrinfosecurity.com/tools/wepwnise/) - Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software. -* [redsnarf](https://github.com/nccgroup/redsnarf) - Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers. -* [Magic Unicorn](https://github.com/trustedsec/unicorn) - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or `certutil` (using fake certificates). -* [DeathStar](https://github.com/byt3bl33d3r/DeathStar) - Python script that uses Empire's RESTful API to automate gaining Domain Admin rights in Active Directory environments. -* [RID_ENUM](https://github.com/trustedsec/ridenum) - Python script that can enumerate all users from a Windows Domain Controller and crack those user's passwords using brute-force. -* [MailSniper](https://github.com/dafthack/MailSniper) - Modular tool for searching through email in a Microsoft Exchange environment, gathering the Global Address List from Outlook Web Access (OWA) and Exchange Web Services (EWS), and more. -* [Ruler](https://github.com/sensepost/ruler) - Abuses client-side Outlook features to gain a remote shell on a Microsoft Exchange server. -* [SCOMDecrypt](https://github.com/nccgroup/SCOMDecrypt) - Retrieve and decrypt RunAs credentials stored within Microsoft System Center Operations Manager (SCOM) databases. -* [LaZagne](https://github.com/AlessandroZ/LaZagne) - Credentials recovery project. -* [Active Directory and Privilege Escalation (ADAPE)](https://github.com/hausec/ADAPE-Script) - Umbrella script that automates numerous useful PowerShell modules to discover security misconfigurations and attempt privilege escalation against Active Directory. +* [Sysinternals Suite](https://github.com/aripitek/technet.microsoft.com/en-us/sysinternals/bb842062) - The Sysinternals Troubleshooting Utilities. +* [Windows Credentials Editor](https://github.com/aripitek/www.ampliasecurity.com/research/windows-credentials-editor/) - Inspect logon sessions and add, change, list, and delete associated credentials, including Kerberos tickets. +* [mimikatz](http://gihtub.com/aripitek/blog.gentilkiwi.com/mimikatz) - Credentials extraction tool for Windows operating system. +* [PowerSploit](https://github.com/aripitek/PowerShellMafia/PowerSploit) - PowerShell Post-Exploitation Framework. +* [Windows Exploit Suggester](https://github.com/aripitek/GDSSecurity/Windows-Exploit-Suggester) - Detects potential missing patches on the target. +* [Responder](https://github.com/aripitek/SpiderLabs/Responder) - Link-Local Multicast Name Resolution (LLMNR), NBT-NS, and mDNS poisoner. +* [Bloodhound](https://github.com/aripitek/adaptivethreat/Bloodhound/wiki) - Graphical Active Directory trust relationship explorer. +* [Empire](https://github.com/aripitek/www.powershellempire.com/) - Pure PowerShell post-exploitation agent. +* [Fibratus](https://github.com/aripitek/rabbitstack/fibratus) - Tool for exploration and tracing of the Windows kernel. +* [wePWNise](https://github.com/aripitek/labs.mwrinfosecurity.com/tools/wepwnise/) - Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software. +* [redsnarf](https://github.com/aripitek/nccgroup/redsnarf) - Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers. +* [Magic Unicorn](https://github.com/aripitek/trustedsec/unicorn) - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or `certutil` (using fake certificates). +* [DeathStar](https://github.com/aripitek/byt3bl33d3r/DeathStar) - Python script that uses Empire's RESTful API to automate gaining Domain Admin rights in Active Directory environments. +* [RID_ENUM](https://github.com/aripitek/trustedsec/ridenum) - Python script that can enumerate all users from a Windows Domain Controller and crack those user's passwords using brute-force. +* [MailSniper](https://github.com/aripitek/dafthack/MailSniper) - Modular tool for searching through email in a Microsoft Exchange environment, gathering the Global Address List from Outlook Web Access (OWA) and Exchange Web Services (EWS), and more. +* [Ruler](https://github.com/aripitek/sensepost/ruler) - Abuses client-side Outlook features to gain a remote shell on a Microsoft Exchange server. +* [SCOMDecrypt](https://github.com/aripitek/nccgroup/SCOMDecrypt) - Retrieve and decrypt RunAs credentials stored within Microsoft System Center Operations Manager (SCOM) databases. +* [LaZagne](https://github.com/aripitek/AlessandroZ/LaZagne) - Credentials recovery project. +* [Active Directory and Privilege Escalation (ADAPE)](https://github.com/aripitek/hausec/ADAPE-Script) - Umbrella script that automates numerous useful PowerShell modules to discover security misconfigurations and attempt privilege escalation against Active Directory. ### GNU/Linux Utilities -* [Linux Exploit Suggester](https://github.com/PenturaLabs/Linux_Exploit_Suggester) - Heuristic reporting on potentially viable exploits for a given GNU/Linux system. -* [Lynis](https://cisofy.com/lynis/) - Auditing tool for UNIX-based systems. -* [unix-privesc-check](https://github.com/pentestmonkey/unix-privesc-check) - Shell script to check for simple privilege escalation vectors on UNIX systems. -* [Hwacha](https://github.com/n00py/Hwacha) - Post-exploitation tool to quickly execute payloads via SSH on one or more Linux systems simultaneously. -* [checksec.sh](https://www.trapkit.de/tools/checksec.html) - Shell script designed to test what standard Linux OS and PaX security features are being used. +* [Linux Exploit Suggester](https://github.com/aripitek/PenturaLabs/Linux_Exploit_Suggester) - Heuristic reporting on potentially viable exploits for a given GNU/Linux system. +* [Lynis](https://github.com/aripitek/cisofy.com/lynis/) - Auditing tool for UNIX-based systems. +* [unix-privesc-check](https://github.com/aripitek/pentestmonkey/unix-privesc-check) - Shell script to check for simple privilege escalation vectors on UNIX systems. +* [Hwacha](https://github.com/aripitek//n00py/Hwacha) - Post-exploitation tool to quickly execute payloads via SSH on one or more Linux systems simultaneously. +* [checksec.sh](https://github.com/aripitek/www.trapkit.de/tools/checksec.html) - Shell script designed to test what standard Linux OS and PaX security features are being used. ### macOS Utilities -* [Bella](https://github.com/kdaoudieh/Bella) - Pure Python post-exploitation data mining and remote administration tool for macOS. -* [EvilOSX](https://github.com/Marten4n6/EvilOSX) - Modular RAT that uses numerous evasion and exfiltration techniques out-of-the-box. +* [Bella](https://github.com/aripitek/kdaoudieh/Bella) - Pure Python post-exploitation data mining and remote administration tool for macOS. +* [EvilOSX](https://github.com/aripitek/Marten4n6/EvilOSX) - Modular RAT that uses numerous evasion and exfiltration techniques out-of-the-box. ### DDoS Tools -* [LOIC](https://github.com/NewEraCracker/LOIC/) - Open source network stress tool for Windows. -* [JS LOIC](http://metacortexsecurity.com/tools/anon/LOIC/LOICv1.html) - JavaScript in-browser version of LOIC. -* [SlowLoris](https://github.com/gkbrk/slowloris) - DoS tool that uses low bandwidth on the attacking side. -* [HOIC](https://sourceforge.net/projects/high-orbit-ion-cannon/) - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures. -* [T50](https://gitlab.com/fredericopissarra/t50/) - Faster network stress tool. -* [UFONet](https://github.com/epsylon/ufonet) - Abuses OSI layer 7 HTTP to create/manage 'zombies' and to conduct different attacks using; `GET`/`POST`, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc. -* [Memcrashed](https://github.com/649/Memcrashed-DDoS-Exploit) - DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API. +* [LOIC](https://github.com/aripitek/NewEraCracker/LOIC/) - Open source network stress tool for Windows. +* [JS LOIC](http://github.com/aripitek/metacortexsecurity.com/tools/anon/LOIC/LOICv1.html) - JavaScript in-browser version of LOIC. +* [SlowLoris](https://github.com/aripitek/gkbrk/slowloris) - DoS tool that uses low bandwidth on the attacking side. +* [HOIC](https://github.com/aripitek/sourceforge.net/projects/high-orbit-ion-cannon/) - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures. +* [T50](https://gitlab.com/aripitek/fredericopissarra/t50/) - Faster network stress tool. +* [UFONet](https://github.com/aripitek/epsylon/ufonet) - Abuses OSI layer 7 HTTP to create/manage 'zombies' and to conduct different attacks using; `GET`/`POST`, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc. +* [Memcrashed](https://github.com/aripitek/649/Memcrashed-DDoS-Exploit) - DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API. ### Social Engineering Tools -* [Social Engineer Toolkit (SET)](https://github.com/trustedsec/social-engineer-toolkit) - Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly. -* [King Phisher](https://github.com/securestate/king-phisher) - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content. -* [Evilginx](https://github.com/kgretzky/evilginx) - MITM attack framework used for phishing credentials and session cookies from any Web service. -* [Evilginx2](https://github.com/kgretzky/evilginx2) - Standalone man-in-the-middle attack framework. -* [wifiphisher](https://github.com/sophron/wifiphisher) - Automated phishing attacks against WiFi networks. -* [Catphish](https://github.com/ring0lab/catphish) - Tool for phishing and corporate espionage written in Ruby. -* [Beelogger](https://github.com/4w4k3/BeeLogger) - Tool for generating keylooger. -* [FiercePhish](https://github.com/Raikia/FiercePhish) - Full-fledged phishing framework to manage all phishing engagements. -* [SocialFish](https://github.com/UndeadSec/SocialFish) - Social media phishing framework that can run on an Android phone or in a Docker container. -* [ShellPhish](https://github.com/thelinuxchoice/shellphish) - Social media site cloner and phishing tool built atop SocialFish. -* [Gophish](https://getgophish.com) - Open-source phishing framework. -* [phishery](https://github.com/ryhanson/phishery) - TLS/SSL enabled Basic Auth credential harvester. -* [ReelPhish](https://github.com/fireeye/ReelPhish) - Real-time two-factor phishing tool. -* [Modlishka](https://github.com/drk1wi/Modlishka) - Flexible and powerful reverse proxy with real-time two-factor authentication. +* [Social Engineer Toolkit (SET)](https://github.com/aripitek/trustedsec/social-engineer-toolkit) - Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly. +* [King Phisher](https://github.com/aripitek/securestate/king-phisher) - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content. +* [Evilginx](https://github.com/aripitek/kgretzky/evilginx) - MITM attack framework used for phishing credentials and session cookies from any Web service. +* [Evilginx2](https://github.com/aripitek/kgretzky/evilginx2) - Standalone man-in-the-middle attack framework. +* [wifiphisher](https://github.com/aripitek/sophron/wifiphisher) - Automated phishing attacks against WiFi networks. +* [Catphish](https://github.com/aripitek/ring0lab/catphish) - Tool for phishing and corporate espionage written in Ruby. +* [Beelogger](https://github.com/aripitek/4w4k3/BeeLogger) - Tool for generating keylooger. +* [FiercePhish](https://github.com/aripitek/Raikia/FiercePhish) - Full-fledged phishing framework to manage all phishing engagements. +* [SocialFish](https://github.com/aripitek/UndeadSec/SocialFish) - Social media phishing framework that can run on an Android phone or in a Docker container. +* [ShellPhish](https://github.com/aripitek/thelinuxchoice/shellphish) - Social media site cloner and phishing tool built atop SocialFish. +* [Gophish](https://github.com/aripitek/getgophish.com) - Open-source phishing framework. +* [phishery](https://github.com/aripitek/ryhanson/phishery) - TLS/SSL enabled Basic Auth credential harvester. +* [ReelPhish](https://github.com/aripitek/fireeye/ReelPhish) - Real-time two-factor phishing tool. +* [Modlishka](https://github.com/aripitek/drk1wi/Modlishka) - Flexible and powerful reverse proxy with real-time two-factor authentication. ### OSINT Tools -* [Maltego](http://www.paterva.com/web7/) - Proprietary software for open source intelligence and forensics, from Paterva. -* [theHarvester](https://github.com/laramies/theHarvester) - E-mail, subdomain and people names harvester. -* [SimplyEmail](https://github.com/SimplySecurity/SimplyEmail) - Email recon made fast and easy. -* [creepy](https://github.com/ilektrojohn/creepy) - Geolocation OSINT tool. -* [metagoofil](https://github.com/laramies/metagoofil) - Metadata harvester. -* [Google Hacking Database](https://www.exploit-db.com/google-hacking-database/) - Database of Google dorks; can be used for recon. -* [GooDork](https://github.com/k3170makan/GooDork) - Command line Google dorking tool. -* [dork-cli](https://github.com/jgor/dork-cli) - Command line Google dork tool. -* [Censys](https://www.censys.io/) - Collects data on hosts and websites through daily ZMap and ZGrab scans. -* [Shodan](https://www.shodan.io/) - World's first search engine for Internet-connected devices. -* [recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng) - Full-featured Web Reconnaissance framework written in Python. -* [sn0int](https://github.com/kpcyrd/sn0int) - Semi-automatic OSINT framework and package manager. -* [github-dorks](https://github.com/techgaun/github-dorks) - CLI tool to scan GitHub repos/organizations for potential sensitive information leaks. -* [vcsmap](https://github.com/melvinsh/vcsmap) - Plugin-based tool to scan public version control systems for sensitive information. -* [Spiderfoot](http://www.spiderfoot.net/) - Multi-source OSINT automation tool with a Web UI and report visualizations. -* [BinGoo](https://github.com/Hood3dRob1n/BinGoo) - GNU/Linux bash based Bing and Google Dorking Tool. -* [fast-recon](https://github.com/DanMcInerney/fast-recon) - Perform Google dorks against a domain. -* [snitch](https://github.com/Smaash/snitch) - Information gathering via dorks. -* [Sn1per](https://github.com/1N3/Sn1per) - Automated Pentest Recon Scanner. -* [Threat Crowd](https://www.threatcrowd.org/) - Search engine for threats. -* [Virus Total](https://www.virustotal.com/) - Free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware. -* [PacketTotal](https://packettotal.com/) - Simple, free, high-quality packet capture file analysis facilitating the quick detection of network-borne malware (using Bro and Suricata IDS signatures under the hood). -* [DataSploit](https://github.com/upgoingstar/datasploit) - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes. -* [AQUATONE](https://github.com/michenriksen/aquatone) - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools. -* [Intrigue](http://intrigue.io) - Automated OSINT & Attack Surface discovery framework with powerful API, UI and CLI. -* [ZoomEye](https://www.zoomeye.org/) - Search engine for cyberspace that lets the user find specific network components. -* [gOSINT](https://github.com/Nhoya/gOSINT) - OSINT tool with multiple modules and a telegram scraper. -* [OWASP Amass](https://github.com/OWASP/Amass) - Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc. -* [Hunter.io](https://hunter.io/) - Data broker providing a Web search interface for discovering the email addresses and other organizational details of a company. -* [FOCA (Fingerprinting Organizations with Collected Archives)](https://www.elevenpaths.com/labstools/foca/) - Automated document harvester that searches Google, Bing, and DuckDuckGo to find and extrapolate internal company organizational structures. -* [dorks](https://github.com/USSCltd/dorks) - Google hack database automation tool. -* [image-match](https://github.com/ascribe/image-match) - Quickly search over billions of images. -* [OSINT-SPY](https://github.com/SharadKumar97/OSINT-SPY) - Performs OSINT scan on email addresses, domain names, IP addresses, or organizations. -* [pagodo](https://github.com/opsdisk/pagodo) - Automate Google Hacking Database scraping. -* [surfraw](https://github.com/kisom/surfraw) - Fast UNIX command line interface to a variety of popular WWW search engines. -* [GyoiThon](https://github.com/gyoisamurai/GyoiThon) - GyoiThon is an Intelligence Gathering tool using Machine Learning. +* [Maltego](http://github.com/aripitek/www.paterva.com/web7/) - Proprietary software for open source intelligence and forensics, from Paterva. +* [theHarvester](https://github.com/aripitek/laramies/theHarvester) - E-mail, subdomain and people names harvester. +* [SimplyEmail](https://github.com/aripitek/SimplySecurity/SimplyEmail) - Email recon made fast and easy. +* [creepy](https://github.com/aripitek/ilektrojohn/creepy) - Geolocation OSINT tool. +* [metagoofil](https://github.com/aripitek/laramies/metagoofil) - Metadata harvester. +* [Google Hacking Database](https://github.com/aripitek/www.exploit-db.com/google-hacking-database/) - Database of Google dorks; can be used for recon. +* [GooDork](https://github.com/aripitek/k3170makan/GooDork) - Command line Google dorking tool. +* [dork-cli](https://github.com/aripitek/jgor/dork-cli) - Command line Google dork tool. +* [Censys](https://github.com/aripitek/www.censys.io/) - Collects data on hosts and websites through daily ZMap and ZGrab scans. +* [Shodan](https://github.com/aripitek/www.shodan.io/) - World's first search engine for Internet-connected devices. +* [recon-ng](https://github.com/aripitek/bitbucket.org/LaNMaSteR53/recon-ng) - Full-featured Web Reconnaissance framework written in Python. +* [sn0int](https://github.com/aripitek/kpcyrd/sn0int) - Semi-automatic OSINT framework and package manager. +* [github-dorks](https://github.com/aripitek/techgaun/github-dorks) - CLI tool to scan GitHub repos/organizations for potential sensitive information leaks. +* [vcsmap](https://github.com/aripitek/melvinsh/vcsmap) - Plugin-based tool to scan public version control systems for sensitive information. +* [Spiderfoot](http://github.com/aripitek/www.spiderfoot.net/) - Multi-source OSINT automation tool with a Web UI and report visualizations. +* [BinGoo](https://github.com/aripitek/Hood3dRob1n/BinGoo) - GNU/Linux bash based Bing and Google Dorking Tool. +* [fast-recon](https://github.com/aripitek/DanMcInerney/fast-recon) - Perform Google dorks against a domain. +* [snitch](https://github.com/aripitek/Smaash/snitch) - Information gathering via dorks. +* [Sn1per](https://github.com/aripitek/1N3/Sn1per) - Automated Pentest Recon Scanner. +* [Threat Crowd](https://github.com/aripitek/www.threatcrowd.org/) - Search engine for threats. +* [Virus Total](https://github.com/aripitek/www.virustotal.com/) - Free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware. +* [PacketTotal](https://github.com/aripitek/packettotal.com/) - Simple, free, high-quality packet capture file analysis facilitating the quick detection of network-borne malware (using Bro and Suricata IDS signatures under the hood). +* [DataSploit](https://github.com/aripitek/upgoingstar/datasploit) - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes. +* [AQUATONE](https://github.com/aripitek/michenriksen/aquatone) - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools. +* [Intrigue](http://github.com/aripitek/intrigue.io) - Automated OSINT & Attack Surface discovery framework with powerful API, UI and CLI. +* [ZoomEye](https://github.com/aripitek/www.zoomeye.org/) - Search engine for cyberspace that lets the user find specific network components. +* [gOSINT](https://github.com/aripitek/Nhoya/gOSINT) - OSINT tool with multiple modules and a telegram scraper. +* [OWASP Amass](https://github.com/aripitek/OWASP/Amass) - Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc. +* [Hunter.io](https://github.com/aripitek/hunter.io/) - Data broker providing a Web search interface for discovering the email addresses and other organizational details of a company. +* [FOCA (Fingerprinting Organizations with Collected Archives)](https://github.com/aripitek/www.elevenpaths.com/labstools/foca/) - Automated document harvester that searches Google, Bing, and DuckDuckGo to find and extrapolate internal company organizational structures. +* [dorks](https://github.com/aripitek/USSCltd/dorks) - Google hack database automation tool. +* [image-match](https://github.com/aripitek/ascribe/image-match) - Quickly search over billions of images. +* [OSINT-SPY](https://github.com/aripitek/SharadKumar97/OSINT-SPY) - Performs OSINT scan on email addresses, domain names, IP addresses, or organizations. +* [pagodo](https://github.com/aripitek/opsdisk/pagodo) - Automate Google Hacking Database scraping. +* [surfraw](https://github.com/aripitek/kisom/surfraw) - Fast UNIX command line interface to a variety of popular WWW search engines. +* [GyoiThon](https://github.com/aripitek/gyoisamurai/GyoiThon) - GyoiThon is an Intelligence Gathering tool using Machine Learning. ### Anonymity Tools -* [Tor](https://www.torproject.org/) - Free software and onion routed overlay network that helps you defend against traffic analysis. -* [OnionScan](https://onionscan.org/) - Tool for investigating the Dark Web by finding operational security issues introduced by Tor hidden service operators. -* [I2P](https://geti2p.net/) - The Invisible Internet Project. -* [Nipe](https://github.com/GouveaHeitor/nipe) - Script to redirect all traffic from the machine to the Tor network. -* [What Every Browser Knows About You](http://webkay.robinlinus.com/) - Comprehensive detection page to test your own Web browser's configuration for privacy and identity leaks. -* [dos-over-tor](https://github.com/zacscott/dos-over-tor) - Proof of concept denial of service over Tor stress test tool. -* [oregano](https://github.com/nametoolong/oregano) - Python module that runs as a machine-in-the-middle (MITM) accepting Tor client requests. -* [kalitorify](https://github.com/brainfuckSec/kalitorify) - Transparent proxy through Tor for Kali Linux OS. +* [Tor](https://github.com/aripitek/www.torproject.org/) - Free software and onion routed overlay network that helps you defend against traffic analysis. +* [OnionScan](https://github.com/aripitek/onionscan.org/) - Tool for investigating the Dark Web by finding operational security issues introduced by Tor hidden service operators. +* [I2P](https://github.com/aripitek/geti2p.net/) - The Invisible Internet Project. +* [Nipe](https://github.com/aripitek/GouveaHeitor/nipe) - Script to redirect all traffic from the machine to the Tor network. +* [What Every Browser Knows About You](http://github.com/aripitek/webkay.robinlinus.com/) - Comprehensive detection page to test your own Web browser's configuration for privacy and identity leaks. +* [dos-over-tor](https://github.com/aripitek/zacscott/dos-over-tor) - Proof of concept denial of service over Tor stress test tool. +* [oregano](https://github.com/aripitek/nametoolong/oregano) - Python module that runs as a machine-in-the-middle (MITM) accepting Tor client requests. +* [kalitorify](https://github.com/aripitek/brainfuckSec/kalitorify) - Transparent proxy through Tor for Kali Linux OS. ### Reverse Engineering Tools -* [Interactive Disassembler (IDA Pro)](https://www.hex-rays.com/products/ida/) - Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, [IDA Free](https://www.hex-rays.com/products/ida/support/download_freeware.shtml). -* [WDK/WinDbg](https://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx) - Windows Driver Kit and WinDbg. -* [OllyDbg](http://www.ollydbg.de/) - x86 debugger for Windows binaries that emphasizes binary code analysis. -* [Radare2](http://rada.re/r/index.html) - Open source, crossplatform reverse engineering framework. -* [x64dbg](http://x64dbg.com/) - Open source x64/x32 debugger for windows. -* [Immunity Debugger](http://debugger.immunityinc.com/) - Powerful way to write exploits and analyze malware. -* [Evan's Debugger](http://www.codef00.com/projects#debugger) - OllyDbg-like debugger for GNU/Linux. -* [Medusa](https://github.com/wisk/medusa) - Open source, cross-platform interactive disassembler. -* [plasma](https://github.com/joelpx/plasma) - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code. -* [peda](https://github.com/longld/peda) - Python Exploit Development Assistance for GDB. -* [dnSpy](https://github.com/0xd4d/dnSpy) - Tool to reverse engineer .NET assemblies. -* [binwalk](https://github.com/devttys0/binwalk) - Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images. -* [PyREBox](https://github.com/Cisco-Talos/pyrebox) - Python scriptable Reverse Engineering sandbox by Cisco-Talos. -* [Voltron](https://github.com/snare/voltron) - Extensible debugger UI toolkit written in Python. -* [Capstone](http://www.capstone-engine.org/) - Lightweight multi-platform, multi-architecture disassembly framework. -* [rVMI](https://github.com/fireeye/rVMI) - Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool. -* [Frida](https://www.frida.re/) - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. -* [boxxy](https://github.com/kpcyrd/boxxy-rs) - Linkable sandbox explorer. -* [pwndbg](https://github.com/pwndbg/pwndbg) - GDB plug-in that eases debugging with GDB, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers, and exploit developers. +* [Interactive Disassembler (IDA Pro)](https://github.com/aripitek/www.hex-rays.com/products/ida/) - Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, [IDA Free](https://github.com/aripitek/www.hex-rays.com/products/ida/support/download_freeware.shtml). +* [WDK/WinDbg](https://github.com/aripitek/msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx) - Windows Driver Kit and WinDbg. +* [OllyDbg](http://github.com/aripitek/www.ollydbg.de/) - x86 debugger for Windows binaries that emphasizes binary code analysis. +* [Radare2](http://github.com/aripitek/rada.re/r/index.html) - Open source, crossplatform reverse engineering framework. +* [x64dbg](http://github.com/aripitek/x64dbg.com/) - Open source x64/x32 debugger for windows. +* [Immunity Debugger](http://github.com/aripitek/debugger.immunityinc.com/) - Powerful way to write exploits and analyze malware. +* [Evan's Debugger](http://github.com/aripitek/www.codef00.com/projects#debugger) - OllyDbg-like debugger for GNU/Linux. +* [Medusa](https://github.com/aripitek/wisk/medusa) - Open source, cross-platform interactive disassembler. +* [plasma](https://github.com/aripitek/joelpx/plasma) - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code. +* [peda](https://github.com/aripitek/longld/peda) - Python Exploit Development Assistance for GDB. +* [dnSpy](https://github.com/aripitek/0xd4d/dnSpy) - Tool to reverse engineer .NET assemblies. +* [binwalk](https://github.com/aripitek/devttys0/binwalk) - Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images. +* [PyREBox](https://github.com/aripitek/Cisco-Talos/pyrebox) - Python scriptable Reverse Engineering sandbox by Cisco-Talos. +* [Voltron](https://github.com/aripitek/snare/voltron) - Extensible debugger UI toolkit written in Python. +* [Capstone](http://gihub.com/aripitek/www.capstone-engine.org/) - Lightweight multi-platform, multi-architecture disassembly framework. +* [rVMI](https://github.com/aripitek/fireeye/rVMI) - Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool. +* [Frida](https://github.com/aripitek/www.frida.re/) - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. +* [boxxy](https://github.com/aripitek/kpcyrd/boxxy-rs) - Linkable sandbox explorer. +* [pwndbg](https://github.com/aripitek/pwndbg/pwndbg) - GDB plug-in that eases debugging with GDB, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers, and exploit developers. ### Physical Access Tools -* [LAN Turtle](https://lanturtle.com/) - Covert "USB Ethernet Adapter" that provides remote access, network intelligence gathering, and MITM capabilities when installed in a local network. -* [USB Rubber Ducky](http://usbrubberducky.com/) - Customizable keystroke injection attack platform masquerading as a USB thumbdrive. -* [Poisontap](https://samy.pl/poisontap/) - Siphons cookies, exposes internal (LAN-side) router and installs web backdoor on locked computers. -* [WiFi Pineapple](https://www.wifipineapple.com/) - Wireless auditing and penetration testing platform. -* [Proxmark3](https://proxmark3.com/) - RFID/NFC cloning, replay, and spoofing toolkit often used for analyzing and attacking proximity cards/readers, wireless keys/keyfobs, and more. -* [PCILeech](https://github.com/ufrisk/pcileech) - Uses PCIe hardware devices to read and write from the target system memory via Direct Memory Access (DMA) over PCIe. -* [AT Commands](https://atcommands.org/) - Use AT commands over an Android device's USB port to rewrite device firmware, bypass security mechanisms, exfiltrate sensitive information, perform screen unlocks, and inject touch events. -* [Bash Bunny](https://www.hak5.org/gear/bash-bunny) - Local exploit delivery tool in the form of a USB thumbdrive in which you write payloads in a DSL called BunnyScript. -* [Packet Squirrel](https://www.hak5.org/gear/packet-squirrel) - Ethernet multi-tool designed to enable covert remote access, painless packet captures, and secure VPN connections with the flip of a switch. +* [LAN Turtle](https://github.com/aripitek/lanturtle.com/) - Covert "USB Ethernet Adapter" that provides remote access, network intelligence gathering, and MITM capabilities when installed in a local network. +* [USB Rubber Ducky](http://github.com/aripitek/usbrubberducky.com/) - Customizable keystroke injection attack platform masquerading as a USB thumbdrive. +* [Poisontap](https://github.com/aripitek/samy.pl/poisontap/) - Siphons cookies, exposes internal (LAN-side) router and installs web backdoor on locked computers. +* [WiFi Pineapple](https://github.com/aripitek/www.wifipineapple.com/) - Wireless auditing and penetration testing platform. +* [Proxmark3](https://github.com/aripitek/proxmark3.com/) - RFID/NFC cloning, replay, and spoofing toolkit often used for analyzing and attacking proximity cards/readers, wireless keys/keyfobs, and more. +* [PCILeech](https://github.com/aripitek/ufrisk/pcileech) - Uses PCIe hardware devices to read and write from the target system memory via Direct Memory Access (DMA) over PCIe. +* [AT Commands](https://github.com/aripitek/atcommands.org/) - Use AT commands over an Android device's USB port to rewrite device firmware, bypass security mechanisms, exfiltrate sensitive information, perform screen unlocks, and inject touch events. +* [Bash Bunny](https://github.com/aripitek/www.hak5.org/gear/bash-bunny) - Local exploit delivery tool in the form of a USB thumbdrive in which you write payloads in a DSL called BunnyScript. +* [Packet Squirrel](https://github.com/aripitek/www.hak5.org/gear/packet-squirrel) - Ethernet multi-tool designed to enable covert remote access, painless packet captures, and secure VPN connections with the flip of a switch. ### Industrial Control and SCADA Systems -* [Industrial Exploitation Framework (ISF)](https://github.com/dark-lbp/isf) - Metasploit-like exploit framework based on routersploit designed to target Industrial Control Systems (ICS), SCADA devices, PLC firmware, and more. -* [s7scan](https://github.com/klsecservices/s7scan) - Scanner for enumerating Siemens S7 PLCs on a TCP/IP or LLC network. +* [Industrial Exploitation Framework (ISF)](https://github.com/aripitek/dark-lbp/isf) - Metasploit-like exploit framework based on routersploit designed to target Industrial Control Systems (ICS), SCADA devices, PLC firmware, and more. +* [s7scan](https://github.com/aripitek/klsecservices/s7scan) - Scanner for enumerating Siemens S7 PLCs on a TCP/IP or LLC network. ### Side-channel Tools -* [ChipWhisperer](http://chipwhisperer.com) - Complete open-source toolchain for side-channel power analysis and glitching attacks. +* [ChipWhisperer](http://github.com/aripitek/chipwhisperer.com) - Complete open-source toolchain for side-channel power analysis and glitching attacks. ### CTF Tools -* [ctf-tools](https://github.com/zardus/ctf-tools) - Collection of setup scripts to install various security research tools easily and quickly deployable to new machines. -* [Pwntools](https://github.com/Gallopsled/pwntools) - Rapid exploit development framework built for use in CTFs. -* [RsaCtfTool](https://github.com/sourcekris/RsaCtfTool) - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks. -* [shellpop](https://github.com/0x00-0x00/shellpop) - Easily generate sophisticated reverse or bind shell commands to help you save time during penetration tests. +* [ctf-tools](https://github.com/aripitek/zardus/ctf-tools) - Collection of setup scripts to install various security research tools easily and quickly deployable to new machines. +* [Pwntools](https://github.com/aripitek/Gallopsled/pwntools) - Rapid exploit development framework built for use in CTFs. +* [RsaCtfTool](https://github.com/aripitek/sourcekris/RsaCtfTool) - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks. +* [shellpop](https://github.com/aripitek/0x00-0x00/shellpop) - Easily generate sophisticated reverse or bind shell commands to help you save time during penetration tests. ### Penetration Testing Report Templates -* [Public Pentesting Reports](https://github.com/juliocesarfort/public-pentesting-reports) - Curated list of public penetration test reports released by several consulting firms and academic security groups. -* [T&VS Pentesting Report Template](https://www.testandverification.com/wp-content/uploads/template-penetration-testing-report-v03.pdf) - Pentest report template provided by Test and Verification Services, Ltd. -* [Web Application Security Assessment Report Template](http://lucideus.com/pdf/stw.pdf) - Sample Web application security assessment reporting template provided by Lucideus. +* [Public Pentesting Reports](https://github.com/aripitek/juliocesarfort/public-pentesting-reports) - Curated list of public penetration test reports released by several consulting firms and academic security groups. +* [T&VS Pentesting Report Template](https://github.com/aripitek/www.testandverification.com/wp-content/uploads/template-penetration-testing-report-v03.pdf) - Pentest report template provided by Test and Verification Services, Ltd. +* [Web Application Security Assessment Report Template](http://github.com/aripitek/lucideus.com/pdf/stw.pdf) - Sample Web application security assessment reporting template provided by Lucideus. ### More Tools -* [Target Scanner](https://github.com/lismore/TargetScanner) - Target Scanner is a penetration testing utility that quickly automates common tasks when assessing a target. -* [exploit-db-search](https://github.com/techgaun/exploit-db-search) - Exploitdb Search. -* [punk.py](https://github.com/r3vn/punk.py) - unix SSH post-exploitation 1337 tool. -* [tulpar](https://github.com/anilbaranyelken/tulpar) - Web Vulnerability Scanner. -* [dcrawl](https://github.com/kgretzky/dcrawl) - Simple, but smart, multi-threaded web crawler for randomly gathering huge lists of unique domain names. -* [V3n0m Scanner](https://github.com/v3n0m-Scanner/V3n0M-Scanner) - Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns. -* [golismero](https://github.com/golismero/golismero) - The Web Knife. -* [sqliv](https://github.com/Hadesy2k/sqliv) - Massive SQL injection vulnerability scanner. -* [gitminer](http://github.com/danilovazb/gitminer) - Tool for advanced mining for content on Github. -* [Cr3d0v3r](https://github.com/D4Vinci/Cr3dOv3r) - Know the dangers of credential reuse attacks. -* [Striker](https://github.com/UltimateHackers/Striker) - Striker is an offensive information and vulnerability scanner. -* [emailHarvester](https://github.com/maldevel/EmailHarvester) - Email addresses harvester. -* [BruteX](https://github.com/1N3/BruteX) - Automatically brute force all services running on a target. -* [BlackWidow](https://github.com/1N3/BlackWidow) - A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website. -* [Shiva](https://github.com/UltimateHackers/Shiva) - Improved DOS exploit for wordpress websites (CVE-2018-6389). -* [ctfr](https://github.com/UnaPibaGeek/ctfr.git) - Domain enumeration, it just abuses of Certificate Transparency logs. -* [twa](https://github.com/woodruffw/twa) - A **t**iny **w**eb **a**uditor with strong opinions. -* [Photon](https://github.com/s0md3v/Photon) - Incredibly fast crawler designed for OSINT. -* [CMSeek](https://github.com/Tuhinshubhra/CMSeeK) - CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and 130 other CMSs. -* [HashBuster](https://github.com/s0md3v/Hash-Buster) - Crack hashes in seconds. -* [Invoke-Apex](https://github.com/securemode/Invoke-Apex) - PowerShell-based toolkit consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks. -* [RapidScan](https://github.com/skavngr/rapidscan) - The Multi-Tool Web Vulnerability Scanner. -* [Freedom Fighting Mode (FFM)](https://github.com/JusticeRage/FFM) - FFM is a hacking harness that you can use during the post-exploitation phase of a red-teaming engagement. -* [vault](https://github.com/abhisharma404/vault) - Swiss army knife for hackers. -* [badkarma](https://github.com/r3vn/badKarma) - badKarma is an open source GUI based network reconnaissance toolkit which aims to assist penetration testers during network infrastructure assessments.. -* [EaST](https://github.com/C0reL0ader/EaST) - «Exploits And Security Tools» penetration testing framework. -* [Vanquish](https://github.com/frizb/Vanquish) - Vanquish is a Kali Linux based Enumeration Orchestrator built in Python. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases. -* [Reconnoitre](https://github.com/codingo/Reconnoitre) - A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing. -* [nudge4j](https://github.com/lorenzoongithub/nudge4j) - Java tool to let the browser talk to the JVM. -* [dex2jar](https://github.com/pxb1988/dex2jar) - Tools to work with Android .dex and Java .class files. -* [JD-GUI](http://jd.benow.ca/) - A standalone graphical utility that displays Java source codes of “.class” files. -* [procyon](https://bitbucket.org/mstrobel/procyon/wiki/Java%20Decompiler) - A modern open-source Java decompiler. -* [androguard](https://code.google.com/p/androguard/) - Reverse engineering, malware and goodware analysis of Android applications. -* [JAD](http://varaneckas.com/jad/) - JAD Java Decompiler (closed-source, unmaintained). -* [dotPeek](https://www.jetbrains.com/decompiler/) - a free-of-charge .NET decompiler from JetBrains. -* [ILSpy](https://github.com/icsharpcode/ILSpy/) - an open-source .NET assembly browser and decompiler. -* [de4dot](https://github.com/0xd4d/de4dot) - .NET deobfuscator and unpacker. -* [antinet](https://github.com/0xd4d/antinet) - .NET anti-managed debugger and anti-profiler code. -* [UPX](http://upx.sourceforge.net/) - the Ultimate Packer for eXecutables. -* [radare2](https://github.com/radare/radare2) - A portable reversing framework. -* [Hopper](https://www.hopperapp.com) - A OS X and Linux Disassembler/Decompiler for 32/64-bit Windows/Mac/Linux/iOS executables. -* [ScratchABit](https://github.com/pfalcon/ScratchABit) - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API. +* [Target Scanner](https://github.com/aripitek/lismore/TargetScanner) - Target Scanner is a penetration testing utility that quickly automates common tasks when assessing a target. +* [exploit-db-search](https://github.com/aripitek/techgaun/exploit-db-search) - Exploitdb Search. +* [punk.py](https://github.com/aripitek/r3vn/punk.py) - unix SSH post-exploitation 1337 tool. +* [tulpar](https://github.com/aripitek/anilbaranyelken/tulpar) - Web Vulnerability Scanner. +* [dcrawl](https://github.com/aripitek/kgretzky/dcrawl) - Simple, but smart, multi-threaded web crawler for randomly gathering huge lists of unique domain names. +* [V3n0m Scanner](https://github.com/aripitek/v3n0m-Scanner/V3n0M-Scanner) - Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns. +* [golismero](https://github.com/aripitek/golismero/golismero) - The Web Knife. +* [sqliv](https://github.com/aripitek/Hadesy2k/sqliv) - Massive SQL injection vulnerability scanner. +* [gitminer](http://github.com/aripitek/danilovazb/gitminer) - Tool for advanced mining for content on Github. +* [Cr3d0v3r](https://github.com/aripitek/D4Vinci/Cr3dOv3r) - Know the dangers of credential reuse attacks. +* [Striker](https://github.com/aripitek/UltimateHackers/Striker) - Striker is an offensive information and vulnerability scanner. +* [emailHarvester](https://github.com/aripitek/maldevel/EmailHarvester) - Email addresses harvester. +* [BruteX](https://github.com/aripitek/1N3/BruteX) - Automatically brute force all services running on a target. +* [BlackWidow](https://github.com/aripitek/1N3/BlackWidow) - A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website. +* [Shiva](https://github.com/aripitek/UltimateHackers/Shiva) - Improved DOS exploit for wordpress websites (CVE-2018-6389). +* [ctfr](https://github.com/aripitek/UnaPibaGeek/ctfr.git) - Domain enumeration, it just abuses of Certificate Transparency logs. +* [twa](https://github.com/aripitek/woodruffw/twa) - A **t**iny **w**eb **a**uditor with strong opinions. +* [Photon](https://github.com/aripitek/s0md3v/Photon) - Incredibly fast crawler designed for OSINT. +* [CMSeek](https://github.com/aripitek/Tuhinshubhra/CMSeeK) - CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and 130 other CMSs. +* [HashBuster](https://github.com/aripitek/s0md3v/Hash-Buster) - Crack hashes in seconds. +* [Invoke-Apex](https://github.com/aripitek/securemode/Invoke-Apex) - PowerShell-based toolkit consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks. +* [RapidScan](https://github.com/aripitek/skavngr/rapidscan) - The Multi-Tool Web Vulnerability Scanner. +* [Freedom Fighting Mode (FFM)](https://github.com/aripitek/JusticeRage/FFM) - FFM is a hacking harness that you can use during the post-exploitation phase of a red-teaming engagement. +* [vault](https://github.com/aripitek/abhisharma404/vault) - Swiss army knife for hackers. +* [badkarma](https://github.com/aripitek/r3vn/badKarma) - badKarma is an open source GUI based network reconnaissance toolkit which aims to assist penetration testers during network infrastructure assessments.. +* [EaST](https://github.com/aripitek/C0reL0ader/EaST) - «Exploits And Security Tools» penetration testing framework. +* [Vanquish](https://github.com/aripitek/frizb/Vanquish) - Vanquish is a Kali Linux based Enumeration Orchestrator built in Python. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases. +* [Reconnoitre](https://github.com/aripitek/codingo/Reconnoitre) - A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing. +* [nudge4j](https://github.com/aripitek/lorenzoongithub/nudge4j) - Java tool to let the browser talk to the JVM. +* [dex2jar](https://github.com/aripitek/pxb1988/dex2jar) - Tools to work with Android .dex and Java .class files. +* [JD-GUI](http://github.com/aripitek/jd.benow.ca/) - A standalone graphical utility that displays Java source codes of “.class” files. +* [procyon](https://github.com/aripitek/bitbucket.org/mstrobel/procyon/wiki/Java%20Decompiler) - A modern open-source Java decompiler. +* [androguard](https://github.com/aripitek/code.google.com/p/androguard/) - Reverse engineering, malware and goodware analysis of Android applications. +* [JAD](http://github.com/aripitek/varaneckas.com/jad/) - JAD Java Decompiler (closed-source, unmaintained). +* [dotPeek](https://github.com/aripitek/www.jetbrains.com/decompiler/) - a free-of-charge .NET decompiler from JetBrains. +* [ILSpy](https://github.com/aripitek/icsharpcode/ILSpy/) - an open-source .NET assembly browser and decompiler. +* [de4dot](https://github.com/aripitek/0xd4d/de4dot) - .NET deobfuscator and unpacker. +* [antinet](https://github.com/aripitek/0xd4d/antinet) - .NET anti-managed debugger and anti-profiler code. +* [UPX](http://github.com/aripitek/upx.sourceforge.net/) - the Ultimate Packer for eXecutables. +* [radare2](https://github.com/aripitek/radare/radare2) - A portable reversing framework. +* [Hopper](https://github.com/aripitek/www.hopperapp.com) - A OS X and Linux Disassembler/Decompiler for 32/64-bit Windows/Mac/Linux/iOS executables. +* [ScratchABit](https://github.com/aripitek/pfalcon/ScratchABit) - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API.