Tools

Screen

Ninjutsu OS for Pentesting/Red Teaming Tools kit

Expect updates here to any progress we may be making. Contributions are welcome.

Red Teaming

Information Gathering (Red Teaming)(100/Tools)

  • ADACLScanner
  • R3con1z3r-Web information gathering
  • ADExplorer
  • Recon-Dog
  • ADOffline
  • Recon-ng
  • ADRecon
  • Reconspider-Advanced (OSINT)
  • AdFind-Command line Active Directory query
  • Red Rabbit
  • Amass
  • RedRabbit-Red Team PowerShell Script
  • Aquatone
  • ScrapedIn- LinkedIn Scraper
  • Asset Finder
  • Searchsploit
  • Atscan
  • SharpHound
  • BaseQuery- Organize public combo-lists & data breaches
  • SharpHound
  • BeRoot
  • SharpView
  • Bettercap
  • Sherlock-Find usernames across social networks
  • BloodHound
  • ShodanSploit
  • Bloodhound-Custom-Queries
  • SpiderFoot
  • BridgeKeeper-Scrape employee names
  • SpoolerScanner
  • Censys Subdomain Finder
  • Sub Finder
  • CloudBunny-Find the real IP behind WAF
  • SubOver-Subdomain Takeover Tool
  • Cloud_Enum-Multi-cloud OSINT
  • Sublist3r
  • CrossLinked- LinkedIn enumeration tool
  • Sudomy-Powerful Subdomain Enumeration
  • Dirble- WebSite Directory Scanning
  • Turbolist3r
  • Dump Users
  • URLCrazy
  • Watson
  • Email extractor
  • WhatBreach-OSINT tool to find breached
  • Email-verify
  • WhatWAF
  • EmailHarvester
  • WhatWeb
  • EyeWitness
  • WhatsMyName- User Enumeration
  • FOCA v3.4.6.2
  • WinScanX GUI
  • Fierce
  • WinScanX-CL
  • Findomain
  • Windows Exploit Suggester
  • Get-ReconInfo
  • XCTR-Hacking-Tools
  • GoBuster
  • browseList
  • Gowitness-Web screenshot utility
  • ffuf - Fuzz Faster
  • Hunter
  • h8mail- Email OSINT and breach hunting
  • InSpy - LinkedIn enumeration
  • identYwaf
  • Lazagne- Credentials recovery
  • mimikatz
  • LinkedIn Recon Tool -LinkedInt
  • nbtscan
  • LittleBrother-Information gathering (OSINT)
  • nmap
  • MSOLSpray - A Password Spraying Tool
  • pockint
  • Maltego
  • recon-ng - Web
  • Mass-Maillist-Cleaner
  • srvinfo
  • NetRipper
  • subDomainsBrute
  • Nirsoft Launcher
  • subdomain-bruteforce
  • Nmap - Zenmap GUI
  • subjack-Subdomain Takeover tool
  • OneForAll - Subdomain Scanner
  • theHarvester
  • Photon-fast crawler designed for OSINT
  • wafw00f
  • PowerView
  • wePWNise
  • PowerView_dev
  • winfo
  • Prowl - Email harvesting tool
  • zenmap

Active Directory Tools (Red Teaming)(199/Tools):

  • Administration Tools
  • sqlcmd
  • Sysinternals

Evasion (Red Teaming)(22/Tools):

  • AVIATOR_x64
  • PSAttack
  • AVIator- Antivirus Evasion Project
  • PowerLessShell
  • CheckPlease
  • PowerShdll
  • DefenderCheck
  • PowerShell Armoury-Evading anti-virus
  • DotNetToJScript
  • StarFighters
  • Invoke-CradleCrafter
  • SysWhispers-AV-EDR evasion
  • Invoke-DOSfuscation
  • demiguise
  • Invoke-Obfuscation
  • nps
  • Invoke-Phant0m
  • pafishmacro
  • Macro Pack-Automatize Obfuscation & Generation of MS Office
  • tvasion - Anti virus evasion
  • PSAmsi
  • xencrypt-Anti-virus evasion Tool

Exploitation (Red Teaming) (64/Tools):

  • ADAPE
  • PowerShell-Suite
  • API Monitor x64
  • PowerSploit
  • API Monitor x86
  • PowerUpSQL
  • BetterBackdoor-create & Control a backdoor
  • PowerZure- Assessing Azure security
  • CVE-2019-1040-Scanner
  • PrivExchange
  • Chisel - Fast TCP tunnel over HTTP
  • PrivescCheck Win -Privilege Escalation Enumeration
  • CrackMapExecWin
  • Privilege-Escalation-Awesome-Scripts-Suite
  • CredsLeaker-credentials stealer
  • ROADtools - Azure AD Exploration Framework
  • DAMP
  • ROADtools-GUI - Azure AD Exploration Framework
  • Dumpert
  • RedTeam CSharp Scripts
  • Evil-Winrm-Ultimate WinRM shell for pentesting
  • RedTeam Powershell Scripts
  • EvilClippy
  • Red_Team - Useful Scripts
  • EvilURL- Generate unicode domains
  • ReverseTCPShell- PowerShell ReverseTCP Shell
  • Eviloffice
  • RottenPotatoNG
  • Exchange-AD-Privesc
  • Sharp-Suite
  • GadgetToJScript
  • SharpClipHistory
  • Generate-Macro
  • SharpExchangePriv
  • GhostPack
  • SharpExec
  • Invoke-ACLPwn
  • SharpSploit
  • Invoke-DCOM
  • Shellerator-bind-reverse shell Generater
  • Invoke-GoFetch
  • SpoolSample
  • Invoke-PSImage
  • UACME
  • Invoke-PowerThIEf
  • impacket-examples-windows
  • Jalesc-Linux Privileges Escalating
  • juicy-potato
  • Meterpeter-C2 Powershell Command & Control Framework
  • kali-windows-binaries
  • MicroBurst - PowerShell Toolkit for Attacking Azure
  • lsassy-Extract credentials from lsass remotely
  • NetshHelperBeacon
  • luckystrike
  • Orca
  • metatwin
  • PSReflect
  • nishang
  • PowerLurk
  • ruler
  • PowerPriv
  • vssown
  • PowerSharpPack-Usefull offensive CSharp Projects
  • vulcan

Password Attacks (Red Teaming) (18/Tools):

  • ADFSpray - MS Password Spray Attack
  • Get-LAPSPasswords
  • LAPSToolkit
  • ASREPRoast
  • Internal-Monologue
  • MSOLSpray - A Password Spraying Tool
  • Check-LocalAdminHash
  • Inveigh
  • MailSniper
  • CredNinja
  • Invoke-TheHash
  • RiskySPN
  • DSInternals
  • KeeFarce
  • SessionGopher
  • DomainPasswordSpray
  • KeeThief
  • mimikittenz

Vulnerability Analysis (Red Teaming) (6/Tools):

  • AD Control Paths
  • Grouper2
  • PowerSharpPack-Usefull offensive CSharp Projects
  • Egress-Assess
  • NtdsAudit
  • zBang

Information Gathering (119/Tools):

  • AWSBucketDump
  • AdFind-Command line Active Directory query
  • Amass
  • Aquatone
  • Asset Finder
  • Atscan
  • BaseQuery- Organize public combo-lists & data breaches
  • Bettercap
  • BridgeKeeper-Scrape employee names
  • Bucket-Stream-Find Amazon S3 Bucket
  • Cansina - Web Content Discovery
  • Censys Subdomain Finder
  • CloudBunny-Find the real IP behind WAF
  • Cloud_Enum-Multi-cloud OSINT
  • Cloudfail
  • Cloudmare
  • CrossLinked- LinkedIn enumeration tool
  • DNS Recon
  • DirBuster
  • Dirble- WebSite Directory Scanning
  • Dirsearch- Web path scanner
  • Droopescan
  • Dump Users
  • ESmai
  • Email extractor
  • Email-verify
  • EmailHarvester
  • Essential NetTools
  • EyeWitness
  • FOCA v3462
  • Fierce
  • FinalRecon- All-In-One Web Reconnaissance
  • Findomain
  • Fprobe-Scan Domains Subdomains for http-https
  • Git-Hound
  • Git-Leak
  • GitHack-Git folder disclosure exploit
  • GitMiner-Advanced mining for content Github
  • Github-Dork
  • Gitrob
  • Gobuster
  • Goby - Attack surface mapping
  • Gowitness-Web screenshot Utility
  • Hunter
  • InSpy - LinkedIn enumeration
  • IoTSeeker
  • Kicks3-S3 bucket finder
  • Lazagne- Credentials recovery
  • LinkedIn Recon Tool -LinkedInt
  • LittleBrother-Information gathering (OSINT)
  • Leetlinked - Scraping tool for LinkedIn
  • Maltego
  • Mass-Maillist-Cleaner
  • Masscan
  • Nirsoft Launcher
  • Nmap - Zenmap GUI
  • OneForAll - Subdomain Scanner
  • Pacu - AWS exploitation framework
  • Pathbrute-Directory Discovery Tool
  • Photon-fast crawler designed for OSINT
  • Prowl - Email harvesting tool
  • R3con1z3r-Web information gathering
  • Recon-Dog
  • Recon-ng
  • Reconspider-Advanced (OSINT)
  • RastLeak - Find leak information
  • Recurse Buster
  • RedRabbit-Red Team PowerShell Script
  • S3Scanner- Scan s3 buckets for security issues
  • SSL-Scan
  • ScrapedIn- LinkedIn Scraper
  • Searchsploit
  • Sherlock-Find usernames across social networks
  • ShodanSploit
  • Shuffledns- Enumerate valid subdomains
  • Slurp- Enumerates S3 buckets
  • Snoop - Nickname Search Tools OSINT
  • Spaghetti
  • SpiderFoot
  • Sub Finder
  • SubOver-Subdomain Takeover Tool
  • Sublist3r
  • Sudomy-Powerful Subdomain Enumeration
  • Turbolist3r
  • URLCrazy
  • WhatBreach-OSINT tool to find breached
  • WhatWAF
  • WhatWeb
  • WhatsMyName- User Enumeration
  • WinScanX GUI
  • WinScanX-CL
  • Windows Exploit Suggester
  • XCTR-Hacking-Tools
  • browseList
  • ffuf - Fuzz Faster
  • gau (GetAllURLs)
  • git Graber
  • h8mail- Email OSINT and breach hunting
  • hakrevdns - Reverse DNS lookups
  • hping
  • httprecon
  • httprobe - Scan Domains Subdomains for http-https
  • identYwaf
  • inSp3ctor-AWS S3 Bucket Finder
  • mimikatz
  • nbtscan
  • nc
  • nc64
  • nmap
  • pockint
  • recon-ng - Web
  • s3recon-Amazon S3 bucket finder and crawler
  • shhgit-Find GitHub secrets
  • srvinfo
  • sslyze
  • subDomainsBrute
  • subjack-Subdomain Takeover tool
  • theHarvester
  • trufflehog- Searches through git repositories for secrets
  • wafw00f
  • winfo

Web Application Attack (80/Tools):

  • Aquatone
  • SQLi-Hunter-SQLMAP API wrapper
  • Arjun
  • SQLmap
  • Atlas- Quick SQLMap Tamper Suggester
  • SSL-Scan
  • Atlas-Quick SQLMap Tamper Suggester
  • SSRFmap-SSRF Scanner
  • Atscan
  • See-SURF- find potential SSRF parameters
  • BSQLGUI
  • Shuriken-XSS
  • BruteXMLRPC
  • SleuthQL
  • BruteXSS
  • SoapUI 5.5.0
  • BurpSuite Free Edition
  • Spaghetti
  • CMSeeK- CMS Detection and Exploitation suite
  • TestSSL.sh
  • Cansina - Web Content Discovery
  • VBscan - vBulletin Vulnerability Scanner
  • Commix - Command injection exploit
  • Vega - Web vulnerability scanner
  • Corsy-CORS Misconfiguration Scanner
  • WAScan - Web Application Scanner
  • DSSS-sql-injection
  • WPScan-WordPress Vulnerability Scanner
  • Dalfox - XSS Scanning
  • Wapiti-Web Vulnerability Scanner
  • WebCruiser Scanner
  • DirBuster
  • Weblogic-Scanner
  • Dirble- WebSite Directory Scanning
  • WhatWAF - advanced firewall detection tool
  • Dirsearch- Web path scanner
  • WhatWeb
  • Droopescan
  • Wordpress Exploit Framework
  • ExploitMyUnion
  • XBruteForcer (CMS)
  • Eyewitness
  • XMLrpc-bruteforcer
  • Findom-XSS
  • XSS-Freak
  • Fuxploider-File upload scanner and exploitation
  • XSS-Loader Tools
  • Golismero
  • XSSfork - XSS Vulnerability Scan
  • Gowitness-Web screenshot utility
  • XSSpwn
  • IIS-ShortName-Scanner
  • XSSsniper
  • IIS-Shortname-Scan (Python)
  • XSStrike
  • Joomscan
  • XSpear-XSS Scanning
  • Link JS Find - Extract URL Websites
  • bWAPP- vulnerable web-application
  • LinkFinder
  • dotdotpwn - Directory Traversal Fuzzer
  • Nikto
  • ffuf - Fuzz Faster
  • NoSQLMap
  • httprecon
  • Nuclei - Web Scanner based on templates
  • identYwaf
  • OWASP Mutillidae- Vulnerable web-application
  • jsql-injection-GUI
  • OWASP ZAP Proxy
  • jwtcat - Cracking JSON Web Token
  • Quick-SQL
  • pentest-tools
  • R3con1z3r-Web information gathering
  • sslyze
  • Recurse Buster
  • wafw00f
  • SPartan-Sharepoint
  • wfuzz
  • SQLMap-GUI

Wireless Attacks (36/Tools):

  • Airbase-ng
  • Airserv-ng
  • Easside-ng
  • Tkiptun-ng
  • Wpaclean
  • Aircrack-ng-GUI
  • Airtun-ng
  • Evil FOCA
  • WNetWatcher
  • ettercapNG
  • Aircrack-ng
  • Airventriloquist-ng
  • Jumpstart
  • Waircut
  • ivstools
  • Airdecap-ng
  • Besside-ng
  • Kstats
  • Wesside-ng
  • wifi-perfiles
  • Airdecloak-ng
  • Bettercap
  • Makeivs-ng
  • WifiChannelMonitor
  • Aireplay-ng
  • Buddy-ng
  • Packetforge-ng
  • WifiInfoView
  • Airodump-ng
  • Cain and abel
  • RouterScan
  • WirelessNetView
  • Airolib-ng
  • Dumpper
  • SSL-Strip
  • Wireshark

Exploitation Tools (35/Tools):

  • BSQLGUI
  • Shellerator-bind-reverse shell Generater
  • CVE-2019-1040-Scanner
  • Shuriken-XSS
  • Chisel - Fast TCP tunnel over HTTP
  • VBscan
  • DSSS-sql-injection
  • WebCruiser Scanner
  • EvilURL- Generate unicode domains
  • WinScanX GUI
  • Eviloffice
  • Windows Exploit Suggester
  • ExploitMyUnion
  • XSS-Loader Tools
  • Goby - Attack surface mapping
  • XSSpwn
  • Jalesc-Linux Privileges Escalating
  • XSSsniper
  • Metasploit
  • XSStrike
  • MicroBurst - PowerShell Toolkit for Attacking Azure
  • hjsplit
  • Nikto
  • jsql-injection-GUI
  • NoSQLMap
  • mimikatz
  • PowerZure- Assessing Azure security
  • nc
  • Privilege-Escalation-Awesome-Scripts-Suite
  • nc64
  • ROADtools - Azure AD Exploration Framework
  • subdomain-bruteforcer(SubBrute)
  • ROADtools-GUI - Azure AD Exploration Framework
  • wePWNise
  • SQLmap

Vulnerability Analysis (33/Tools):

  • BSQLGUI
  • SQLmap
  • Weblogic-Scanner
  • DSSS-sql-injection
  • SSH Scan
  • WinScanX GUI
  • Droopescan
  • SSL-Scan
  • WinScanX-CL
  • ExploitMyUnion
  • Searchsploit
  • XSS-Freak
  • Golismero
  • Shuriken-XSS
  • XSS-Loader Tools
  • Joomscan
  • SleuthQL
  • XSSpwn
  • Nikto
  • Spaghetti
  • XSSsniper
  • NoSQLMap
  • TestSSL.sh
  • XSStrike
  • OWASP Mutillidae- Vulnerable web-application
  • VBscan
  • XSpear-XSS Scanning
  • OWASP ZAP Proxy
  • WAScan
  • bWAPP- vulnerable web-application
  • SMBGhost-CVE-2020-0796
  • WebCruiser Scanner
  • jsql-injection-GUI

Malware analysis (45/Tools):

  • Autoruns
  • LockHunter
  • Task Explorer x64
  • exeinfope
  • Binwalk
  • Microsoft Sysinternals
  • Task Explorer
  • exiftool
  • Comodo Cleaning Essentials
  • PE Detective
  • UPXEasyGUI
  • loki-upgrader
  • CrowdInspect
  • PPEE
  • UniExtract
  • loki
  • CrowdInspect64
  • Process Hacker 2
  • VirusTotal Uploader 22
  • ollydbg
  • Detect It Easy
  • ProcessActivityView
  • Volatility-CL
  • pdbripper
  • FLOSS
  • ProcessHacker
  • VolatilityWorkbench-gui
  • pestudio
  • FolderChangesView
  • Registry Changes View
  • Winja (VirusTotal Uploader)
  • peview
  • HijackCleaner64
  • Regshot-x64-ANSI
  • Wireshark
  • windump
  • ILProtectorUnpacker
  • Regshot-x64-Unicode
  • apateDNS
  • IREC-1916
  • RunPEDetector32
  • dnSpy-x86
  • KillSwitch
  • Sandboxed Web Browser
  • dnSpy

Mobile Security Tools (26/Tools):

  • APK Easy Tool
  • Drozer
  • GDA-android-reversing-Tool
  • dex2smali
  • APK Editor Studio
  • Frida-discover
  • Mobile Security Framework (MobSF)
  • frida-objection
  • Android Debug Bridge (adb)
  • Frida-kill
  • Multi-Drive
  • frida-pygmentize
  • Apkid
  • Frida-ls-devices
  • Nox
  • jadx-gui
  • Apktool
  • Frida-ps
  • OWASP ZAP Proxy
  • vulnerable apk
  • Bytecode-Viewer
  • Frida-trace
  • appmon
  • DB Browser for SQLite
  • Frida
  • dex2jar

Network Attack (32/Tools):

  • Bettercap
  • FindSQLSrv-Python
  • Responder-Python
  • WinScanX GUI
  • BeyondTrustDiscoveryTool
  • Goby - Attack surface mapping
  • Responde
  • Wireshark
  • BrowserListener-Python
  • Icmp-Redirect-Python
  • RouterScan
  • ettercapNG
  • Cain
  • Jumpstart
  • RunFinger-Python
  • nc
  • Dumpper
  • MultiRelay-Python
  • SSH Scan
  • nc64
  • Essential NetTools
  • MultiRela
  • SSL-Strip
  • odict-Python
  • Evil FOCA
  • NetworkMiner
  • SnmpWalk
  • snmptest
  • FindSMB2UPTime-python
  • Nirsoft Launcher
  • Waircut
  • sslyze

Password Attacks (48/Tools):

  • Get-LAPSPasswords
  • LAPSToolkit
  • ASREPRoast
  • Internal-Monologue
  • Check-LocalAdminHash
  • Inveigh
  • MailSniper
  • CredNinja
  • Invoke-TheHash
  • RiskySPN
  • DSInternals
  • KeeFarce
  • SessionGopher
  • DomainPasswordSpray
  • KeeThief
  • mimikittenz
  • ADFSpray - MS Password Spray Attack
  • MSOLSpray - A Password Spraying Tool
  • BruteXMLRPC
  • Md5Cracker
  • Bruter
  • Password Recovery
  • Cain
  • Patator - Brute-force
  • CeWL-Creating Custom Wordlists
  • Smtp-Cracker
  • Crunch
  • WinScanX GUI
  • Fast-RDP-Bruteforce
  • WinScanX-CL
  • Go-jwt-cracker
  • XBruteForcer (CMS)
  • Hash-Buster- Online Crack hashes
  • XMLrpc-bruteforcer
  • Hash-identifier
  • cap2hccap
  • Hashcat CLI
  • cap2hccapx
  • Hashcat GUI
  • jwtcat - Cracking JSON Web Token
  • IMAP Bruteforce
  • pydictor-dictionary builder for brute-force
  • John the Ripper
  • rainbowcrack-cl
  • John the Ripper GUI
  • rcrack-gui
  • Kraken-Password crack RAR ZIP 7z
  • thc-hydra-BruteForce

Password Recovery (17/Tools):

  • BulletsPassView
  • OperaPassView
  • RouterPassView
  • WebBrowserPassView
  • mailpv
  • pspv
  • ChromePass
  • PasswordFox
  • SniffPass
  • WirelessKeyView
  • mspass
  • rdpv
  • Dialupass
  • PstPassword
  • VNCPassView
  • iepv
  • netpass

Wordlists :

  • Payload-List
  • PayloadsAllTheThings
  • Probable-Wordlists
  • RobotsDisallowed
  • SecLists
  • fuzzdb

Reverse Engineering (13/Tools):

  • APK Easy Tool
  • Bytecode-Viewer
  • de4dot-net35
  • dnSpy-x86
  • ollydbg
  • Apktool
  • ResourceHacker
  • de4dot-net45-x64
  • dnSpy
  • Binwalk
  • de4dot-net35-x64
  • de4dot-net45
  • jadx-gui

Stress Testing (13/Tools):

  • DDos-Attack (Python)
  • Saddam-DDoS Amplification Tool
  • WhatWAF
  • DDos-Attackv1 (Python)
  • Slowloris HTTP DoS IPv6
  • identYwaf
  • HostDown- DDos Attack
  • Slowloris HTTP DoS
  • wafw00f
  • Impulse Denial-of-service ToolKit
  • THC-SSL-Dos
  • Perl Flood Script (DDoS)
  • TheDoomsday- Test DOS sustainablity

Proxy and Privacy Tools (8/Tools):

  • Epic Privacy Browser
  • Proxy-Scraper
  • Simple DnsCrypt
  • W10Privacy
  • OOSU10
  • ProxyCap
  • Tor Browser
  • WPD

Others

  • bWAPP, a buggy web application!
  • OWASP Mutillidae
  • OSINT Websites
  • Cheat Sheets Repositories

Remote Control Tools (13/Tools):

  • AnyDesk
  • OpenVPN GUI
  • nc
  • pageant
  • pscp
  • putty
  • telnet
  • HeidiSQL
  • TeamViewer
  • nc64
  • plink
  • psftp
  • puttygen

Utility Tools (57/Tools):

  • 7-Zip File Manager
  • HeidiSQL
  • Search Everything
  • AnyDesk
  • HostsFileEditor
  • Simple DnsCrypt
  • AutoIt3
  • HxD
  • SumatraPDF
  • Boxstarter Shell
  • KeepNote
  • Task Explorer x64
  • CFF Explorer
  • KeepPass
  • Task Explorer
  • Chrome -with XSS Auditor disabled
  • MarkdownEdit
  • TeamViewer
  • Chrome
  • MobaXterm
  • Tor Browser
  • CyberChef
  • Mysql
  • Wireshark
  • DB Browser for SQLite
  • Neo4j_start.bat
  • cmder
  • Email extractor
  • Neo4j_stop.bat
  • hjsplit
  • Email-verify
  • NetworkMiner
  • neo4j-community
  • Epic Privacy Browser
  • Nirsoft Launcher
  • ngrok- reverse proxy
  • Essential NetTools
  • OpenVPN GUI
  • notepad++
  • FLOSS
  • PE Detective
  • peview
  • Fiddler
  • PHP
  • qBittorrent
  • FileZilla Server Interface
  • ProcessHacker
  • services
  • Firefox
  • Rainmeter
  • shellcode_launcher
  • Greenshot
  • RunAsDate
  • vlc
  • HTTP File Server (HFS)
  • ScreenToGif
  • xampp-control

Comments