Rawsec's CyberSecurity Inventory

An inventory of tools and resources about CyberSecurity.

Tools

Note: Paid softwares may exist in a free limited version or a demo version

Administration

Binary Exploitation

Name Website Source Description Programming language Price Online
ASLRay [Source] Tool for ASLR bypass with stack-spraying Shell Free False
libformatstr [Source] Library to simplify format string exploitation Python Free False
pwntools [Source] Framework and exploit development library Python Free False
ROPgadget [Website] [Source] Framework for ROP exploitation Python Free False

Code Analysis

Name Website Source Description Programming language Price Online
StaCoAn [Source] Mobile applications static code analysis tool Python Free False

Collaboration and Report

Name Website Source Description Programming language Price Online
Faraday [Website] [Source] Collaborative penetration test and vulnerability management platform Python Paid False
Serpico [Source] SimplE RePort wrIting and CollaboratiOn tool, penetration testing report generation and collaboration tool Ruby Free False
Vulnreport [Website] [Source] Pentesting management and automation platform Ruby Free False

Cracking

Name Website Source Description Programming language Price Online
Aircrack-Ng [Website] Suite of tools to assess WiFi network security (cracking WEP and WPA PSK) Free False
Hashcat [Website] [Source] Password cracking tool C Free False
Hydra [Website] [Source] Network login cracker C Free False
John The Ripper [Website] Password cracking tool C Free False
John the Ripper, Jumbo version [Website] [Source] Password cracking tool, community-enhanced version of John The Ripper C Free False
Medusa [Website] Network login cracker Free False
Medusa-gui [Source] GUI for Medusa Java Free False
Ncrack [Website] [Source] Network login cracker Cplusplus Free False
Nozzlr [Source] Bruteforce framework Python Free False
Ophcrack [Website] [Source] Windows password cracker based on rainbow tables Free False
Patator [Source] Multi-protocol bruteforce tool Python Free False

Cryptography

Name Website Source Description Programming language Price Online
Dcode [Website] Code and decode all kind of checksums, algorithms, codes or ciphers Free True
FeatherDuster [Source] Cryptanalysis tool and library Python Free False
PkCrack [Website] Tool for breaking PkZip encryption Free False
RSATool [Source] Tool to calculate RSA parameters Python Free False
XORTool [Source] Tool to analyze multi-byte xor cipher Python Free False

Digital Forensics

Name Website Source Description Programming language Price Online
Cerbero Profiler [Website] File analyzer and inspector Paid False
dnscat2 [Source] Encrypted command-and-control (C&C) channel over the DNS protocol, data exfiltration Cplusplus Free False
ExifTool [Website] [Source] Library and CLI tool for reading, writing and editing metadata for a lot of file types Perl Free False
extundelete [Website] [Source] Tool to recover deleted files from an ext3 or ext4 partition Free False
Fibratus [Source] Tool for exploration and tracing of the Windows kernel Python Free False
Foremost [Website] [Source] CLI tool to recover files based on their headers, footers, and internal data structures Free False
rekall [Website] [Source] Volatile memory extraction utility Python Free False
ResourcesExtract [Website] Scans dll/ocx/exe files and extract all resources found, Windows only Free False
shellbags [Source] Shellbag parser (Windows Registry Keys) Python Free False
volatility [Website] [Source] Volatile memory extraction utility Python Free False

Networking

Name Website Source Description Programming language Price Online
bettercap [Website] [Source] MITM framework Ruby Free False
Garfield [Source] Attack framework for distributed systems Python Free False
Masscan [Source] Port scanner for massive networks C Free False
NetworkMiner [Website] Network sniffer/packet capturing tool Free False
Nipe [Source] Script to make TOR as default gateway Perl Free False
Nmap [Website] [Source] Tool for network discovery and security auditing C Free False
polarbearscan [Website] [Source] Port scanner and banner grabber C Free False
Wireshark [Website] [Source] Network protocol analyzer Cplusplus Free False
yersinia [Source] Framework for layer 2 attacks C Free False
Zenmap [Website] [Source] GUI for Nmap Python Free False
Zmap [Website] [Source] Collection of tools to scan and study massive networks C Free False

OSINT and Reconnaissance

Name Website Source Description Programming language Price Online
Belati [Source] OSINT tool, collect data and document actively or passively Python Free False
datasploit [Website] [Source] OSINT framework, find, aggregate and export data Python Free False
FOCA [Website] [Source] OSINT framework and metadata analyser Csharp Free False
ODIN [Source] Observe, Detect, and Investigate Networks, Automated reconnaissance tool Python Free False
OSINT Framework [Website] [Source] A web-based collection of tools and ressources for OSINT Javascript Free True
Sandmap [Website] [Source] Network and system reconnaissance scanner using Nmap Shell Free False
Sn1per [Source] Automated reconnaissance scanner Shell Free False
spiderfoot [Website] [Source] OSINT framework, collect and manage data, scan target Python Free False

Other

Name Website Source Description Programming language Price Online
inlite [Website] Scan QR-code, 1D, DataMatrix, Postal, PDF417, and more Free True
Metasploit [Website] [Source] Tool and framework for pentesting system, web and many more, contains a lot a ready to use exploit, 4 versions: Pro (paid), Express (paid), Community (free with GUI but on request), Framework (free, open source, CLI) Ruby Paid False
v0lt [Source] CTF toolkit / framework Python Free False
webqr [Website] Scan & create QR-code Free True

Reverse Engineering

Name Website Source Description Programming language Price Online
AndroBugs Framework [Source] Android APK vulnerability analyzer Python Free False
androguard [Source] Tool for reverse engineering and malware analysis of Android applications Python Free False
angr [Source] Platform-agnostic binary analysis framework Python Free False
Apk2Gold [Source] Android decompiler (wrapper for apktool, dex2jar, and jd-gui) Shell Free False
Apktool [Website] [Source] Android disassembler and rebuilder Java Free False
Barf [Source] Binary Analysis and Reverse engineering Framework Python Free False
Binary Ninja [Website] Crossplatform binary analysis framework Python Paid False
binutils [Website] [Source] GNU collection of binary tools C Free False
binwalk [Source] Analyze, reverse engineer and extract firmware images (and other files, also usefull for Digital Forensics) Python Free False
boomerang [Source] x86 binaries to C decompiler Cplusplus Free False
ctf_import [Website] [Source] Library to run basic functions from stripped binaries C Free False
CFF Explorer [Website] PE Editor Free False
Droidefense [Website] [Source] Android apps/malware analysis/reversing tool Java Free False
GDB [Website] [Source] GNU debugger Cplusplus Free False
GEF [Source] GDB Enhanced Features, multi-architecture GDB plugin Python Free False
Hopper [Website] Disassembler, decompiler and debugger Paid False
IDA Pro [Website] Disassembler and debugger Paid False
jadx [Source] DEX to Java decompiler Java Free False
Java Decompilers [Website] .JAR and .Class to Java decompiler Free True
JEB [Website] Disassembler, decompiler and debugger Paid False
JSDetox [Website] [Source] Javascript deobfustcator Ruby Free False
Krakatau [Source] Java decompiler, assembler, and disassembler Java Free False
MobSF [Source] Android APK vulnerability analyzer Python Free False
NodeJsScan [Source] Static security code scanner for Node.js applications Python Free False
OllyDbg [Website] Windows debugger Free False
PE Insider [Website] PE viewer, closed source and windows only Free False
PEDA [Source] Python Exploit Development Assistance, GDB plugin (only python2.7) Python Free False
Plasma [Source] x86/ARM/MIPS interactive disassembler Python Free False
Pwndbg [Source] enhance GDB, GDB plugin Python Free False
QARK [Source] Android APK vulnerability analyzer Python Free False
Qira [Website] [Source] Timeless debugger (QIRA = QEMU Interactive Runtime Analyser) C Free False
RABCDAsm [Website] [Source] ActionScript disassembler D Free False
radare2 [Website] [Source] Crossplatform binary analysis framework, disassembler, decompiler and debugger, support collaborative analysis C Free False
strace [Source] Debugger for Linux Free False
SUPER [Website] [Source] Android APK vulnerability analyzer Rust Free False
Swftools [Website] [Source] Collection of utilities to work with SWF files C Free False
Triton [Website] [Source] Dynamic binary analysis framework, automate reverse engineering Cplusplus Free False
UglifyJS2 [Website] [Source] JavaScript obfuscator or beautifier toolkit JavaScript Free False
uncompyle [Source] Python 2.7 binaries (.pyc) decompiler Python Free False
uncompyle6 [Source] Python 1.5, 2.1 to 2.7, 3.1 to 3.6 binaries (.pyc) decompiler Python Free False
WinDbg [Website] Windows debugger Free False
xxxswf [Source] Small script for carving, scanning, compressing, decompressing and analyzing SWF files Python Free False

Steganography

Name Website Source Description Programming language Price Online
Audacity [Website] [Source] Tool to edit and analyze audio tracks Free False
exif [Source] Shows EXIF information for JPEG files only C Free False
ExifTool [Website] [Source] Library and CLI tool to read and write meta information (EXIF, GPS, IPTC, XMP, JFIF, …) in files (JPEG, PNG, SVG, MPEG, …) Perl Free False
Exiv2 [Website] [Source] Library and CLI tool to read and write meta information (Exif, IPTC & XMP metadata and ICC Profile) in images (JPEG, TIFF, PNG, …) Cplusplus Free False
ImageMagick [Website] [Source] Software suite and library to create, edit, compose, or convert images C Free False
Outguess Tool to hide messages in files (website down since 2004) Free False
PNGtools [Website] [Source] Suite of tools to work with PNG images C Free False
SmartDeblur [Source] To to restore defocused and blurred images (update binary only for Windows, Mac OS binary out of date) Cplusplus Free False
Sonic Visualiser [Website] [Source] Tool to edit and analyze audio tracks Free False
Steganabara [Source] Steganography analysis tool Java Free False
Steghide [Website] [Source] Tool to hide messages in images Free False
StegoVeritas [Source] Tool to unhide data in images Python Free False
StegSolve GUI tool to analyse images Java Free False
zsteg [Source] Tool to detect hidden data in PNG and BMP Ruby Free False

System Exploitation

Name Website Source Description Programming language Price Online
bkhive [Source] Dump the syskey bootkey from a Windows NT/2K/XP system hive, often used with samdump2, part of the ophcrack project Free False
creddump [Source] Dump windows credentials Python Free False
DLLInjector [Source] Dll injection tool Cplusplus Free False
LaZagne [Source] Password retriever Python Free False
lynis [Website] [Source] Security auditing and hardening tool, for UNIX-based systems Shell Free False
Nishang [Source] Framework, collection of scripts and payloads in PowerShell for offensive security, penetration testing and red teaming PowerShell Free False
PowerSploit [Source] Powershell exploitation framework Powershell Free False
samdump2 [Source] Retrieves syskey and extract hashes from Windows 2k/NT/XP/Vista SAM, often used with bkhive, part of the ophcrack project Free False

Vulnerability Assessment

Name Website Source Description Programming language Price Online
cvss-suite [Source] CVSS calculator library Ruby Free False

Web Application Exploitation

Name Website Source Description Programming language Price Online
Acunetix [Website] Web application security scanner Paid True
Arachni [Website] [Source] Web application security scanner framework Ruby Free False
Burp Suite [Website] Intercepting proxy to replay, inject, scan and fuzz HTTP requests (a limited free version exists) Java Paid False
commix [Website] [Source] Web-based command injection tester Python Free False
CSWSH [Website] Cross-Site WebSocket Hijacking Tester Free False
dirb [Website] [Source] Web content scanner (dictionary based) Free False
DotDotPwn [Website] [Source] Directory Traversal fuzzer Perl Free False
dvcs-ripper [Source] Dump web accessible (distributed) version control systems (DVCS/VCS): SVN, GIT, Mercurial/hg, Bazaar/bzr, … Perl Free False
DVWA [Website] [Source] Damn Vulnerable Web Application, insecure webapp for security trainings PHP Free False
git-dump [Source] Dump the contents of a remote git repository without directory listing enabled JavaScript Free False
GitTools [Source] 3 tools: Finder (find websites with .git repository exposed), Dumper (dump exposed .git), Extractor (extract commits and their content from a broken repository) Shell Free False
Hackbar [Website] Firefox addon to manipulate HTTP requests (not compatible with Quantum) Free False
Hookbin [Website] [Source] HTTP request collector and inspector Java Free True
IronWASP [Website] [Source] Web security/vulnerability scanner (native for Windows only) C Free False
LFI Freak [Source] LFI scan and exploit tool Python Free False
Kadimus [Source] LFI, RFI, RCE scanner C Free False
Malzilla [Website] [Source] Web oriented deobfuscating tool Free False
Mockbin [Website] [Source] HTTP request collector and inspector JavaScript Free True
Netsparker [Website] Web application security scanner Paid True
nikto [Website] [Source] Web security scanner Perl Free False
Nosql-Exploitation-Framework [Source] NoSQL scanning and exploitation framework Python Free False
OWASP Juice Shop CTF [Website] [Source] Insecure webapp for security trainings JavaScript Free False
OWASP ZAP [Website] [Source] OWASP Zed Attack Proxy, intercepting proxy to replay, inject, scan and fuzz HTTP requests Java Free False
Panoptic [Website] [Source] Automatic LFI and Path Traversal exploitation tool Python Free False
RequestBin [Website] [Source] HTTP request collector and inspector Free True
Simple Local File Inclusion Exploiter [Website] [Source] LFI exploit tool Python Free False
Spaghetti [Source] Web application security scanner Python Free False
sqlmap [Website] [Source] Automatic SQL injection tool Python Free False
SQLiv [Source] SQL injection scanner, find vulnerable entry points Python Free False
V3n0M [Source] Web dork and vulnerability scanner Python Free False
w3af [Website] [Source] Web application attack and audit framework, web-oriented security scanner Python Free False
wapiti [Website] [Source] Web-oriented vulnerability scanner, can generates reports Free False
Xenotix [Website] [Source] XSS detection and exploit framework (Windows only) Python Free False
XSSer [Website] [Source] XSS automatic scanner and exploiter Python Free False
XSSor [Source] XSS scanner plugin for Burp Suite Python Free False
XSS'OR [Website] [Source] Multi-purpose tool for XSS or JavaScript analysis JavaScript Free True
XSS'OR 2 [Website] [Source] Multi-purpose tool for XSS or JavaScript analysis JavaScript Free True