Pentesting Tools [ Network Pentesting Tools [ scanners | ftp | tftp | ssh | smtp | TACACS+ | dns | finger | kerberos | ident | ntpmsrpc | netbios | smb ] ]
-
- Smap A drop-in replacement for Nmap.
- sandmap Sandmap is a tool supporting network and system reconnaissance using the massive Nmap engine.
- RustScan RustScan is a modern take on the port scanner. Sleek & fast. All while providing extensive extendability to you. Not to mention RustScan uses Adaptive Learning to improve itself over time, making it the best port scanner for you.
- naabu Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner. It is a really simple tool that does fast SYN/CONNECT/UDP scans on the host/list of hosts and lists all ports that return a reply.
- scanless This is a Python command-line utility and library for using websites that can perform port scans on your behalf.
- Silver masscan is fast, nmap can fingerprint software and vulners is a huge vulnerability database. Silver is a front-end that allows complete utilization of these programs by parsing data, spawning parallel processes, caching vulnerability data for faster scanning over time and much more.
- masscan This is an Internet-scale port scanner. It can scan the entire Internet in under 5 minutes, transmitting 10 million packets per second, from a single machine.
- furious Furious is a fast, lightweight, portable network scanner.
- Angry IP Scanner Angry IP scanner is a very fast IP address and port scanner.
- evilscan Nodejs Simple Network Scanner.
- NimScan Really fast port scanner (With filtered option - Windows support only).
- armanda Armada is a high performance TCP SYN scanner. This is equivalent to the type of scanning that nmap might perform when you use the -sS scan type. Armada's main goal is to answer the basic question "Is this port open?". It is then up to you, or your tooling, to dig further to identify what an open port is for.
- nmap Nmap - the Network Mapper.
- scapy Scapy is a powerful Python-based interactive packet manipulation program and library.
- hping hping3 is a network tool able to send custom TCP/IP packets and to display target replies like ping do with ICMP replies. hping3 can handle fragmentation, and almost arbitrary packet size and content, using the command line interface.
- pycurity A list of python hacking scripts.
- PortScanner A go-to tool for scanning network. Scan all the open ports for a given host with just one click.
- astsu A network scanner tool, developed in Python 3 using scapy.
- unicornscan archive of code from http://www.unicornscan.org/.
- zmap ZMap is a fast single packet network scanner designed for Internet-wide network surveys.
- opscan A open port scanner.
- NetProbe NetProbe is a tool you can use to scan for devices on your network. The program sends ARP requests to any IP address on your network and lists the IP addresses, MAC addresses, manufacturers, and device models of the responding devices.
- sx Fast, modern, easy-to-use network scanner.
- xmap XMap is a fast network scanner designed for performing Internet-wide IPv6 & IPv4 network research scanning.
- goscan GoScan is an interactive network scanner client, featuring auto-completion, which provides abstraction and automation over nmap.
- liwasc List, wake and scan nodes in a network.
- Network-Scanner A Python script that scans for the devices connected to a network.
- WatchYourLAN Lightweight network IP scanner with web GUI.
- tsunami-security-scanner Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
- webscan Browser-based network scanner & local-IP detection.
- NetworkSherlock NetworkSherlock: powerful and flexible port scanning tool With Shodan.
- network-scanner TCP Network Port Scanner written in Go, nmap style.
-
- ftp-fuzz The master of all master fuzzing scripts specifically targeted towards FTP server software.
- ftp-spider FTP investigation tool - Scans ftp server for the following: reveal entire directory tree structures, detect anonymous access, detect directories with write permissions, find user specified data within repository.
- ftpscout Scans ftps for anonymous access.
- ppscan Yet another port scanner with HTTP and FTP tunneling support.
- responder A LLMNR and NBT-NS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2 (multirelay version).
- dark-fantasy-hack-tool DDOS Tool: To take down small websites with HTTP FLOOD. Port scanner: To know the open ports of a site. FTP Password Cracker: To hack file system of websites.Banner Grabber: To get the service or software running on a port. (After knowing the software running google for its vulnerabilities.)
- Cyber-Sploit A framework like a metasploit containg a variety of modules for pentesting or ethical hacking. This repo willl be updated and new modules will be added time to time.
- FTPDumper FTPDumper is an easy-to-use yet advanced FTP server file stealer. It can be utilized in massive FTP brute-force attacks, supporting various formats such as combo, pipe input, CIDR, files, and even a single IP address.
- strongarm Simple tool to bruteforce (spray actually) different network protocols.
- FTPSSH_Killer Introducing FSK – your sophisticated brute-forcing tool tailored for SSH and FTP services. Unlike conventional brute-forcing, FSK emulates the "password spraying" approach by attempting three passwords per user. Once it exhausts the user list, it resumes by cycling through the next set of three passwords. This reduces the chance of lockouts and lost connections.
- FTP-Bruteforcer This is a Python script that implements an asynchronous FTP (File Transfer Protocol) bruteforcer. It utilizes asynchronous programming techniques to efficiently perform password guessing attacks on FTP servers.
- brutus Brutus is a fast and simple way to bruteforce authentication on network services such as SSH, FTP, IMAP, and more.
- redfox-ftp-brute-force Red Fox FTP Brute Force Script.
- Ftp User enumeration script Ftp User enumeration with github script.
- TheSmartool The Smartool tool is a hacking script developed by me, your hacking courses will be easier.
- ftpbrute A simple script for checking anonymous login as well as bruteforcing ftp accounts.
- Q-FTPBREAKER Brute force for multithreaded FTP capable of analyzing thousands of ftp in a few seconds and finding their passwords.
- Q-FTPBREAKER-GUI Brute force for multithreaded FTP capable of analyzing thousands of ftp in a few seconds and finding their passwords. It breaks Ftp in a few seconds and performs a bulk scan randomly or by defining a range.
- FTPBruteForce FTPBruteForce - A faster & simpler way to bruteforce FTP server.
- Q-VISION Port Scanner And break FTP.
- FTP-exploits FTP-exploits is a tool which is used for Penetration Testing that can run many kinds of exploits on port 21(FTP).
- BruteX Automatically brute force all services running on a target.
-
- ssh-audit SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc).
- ssh-audit SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc).
- against A very fast ssh attacking script which includes a multithreaded port scanning module (tcp connect) for discovering possible targets and a multithreaded brute-
forcing module
which attacks parallel all discovered hosts or given ip addresses from a list. - beleth Multi-threaded SSH Password Auditor.
- check-weak-dh-ssh Debian OpenSSL weak client Diffie-Hellman Exchange checker.
- Shreder Shreder is a powerful multi-threaded SSH protocol password brute-force tool.
- ssh-privkey-crack A SSH private key cracker.
- sshatter Password bruteforcer for SSH.
- sshfuzz shfuzz is a SSH Fuzzing utility written in Perl that uses Net::SSH2.
- sshscan A horizontal SSH scanner that scans large swaths of IPv4 space for a single SSH user and pass.
- crowbar Crowbar is brute forcing tool that can be used during penetration tests. It is developed to support protocols that are not currently supported by thc-hydra and other popular brute forcing tools.
- ssh-snake SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
- SSHScan SSHScan is a testing tool that enumerates SSH Ciphers. Using SSHScan, weak ciphers can be easily detected.
-
- smtp-test Automated testing of SMTP servers for penetration testing.
- MailRipV2 Improved SMTP Checker / SMTP Cracker with proxy-support, inbox test and many more features.
- Smtp-Craker Simple Mail Transfer Protocol (SMTP) CHECKER - CRACKER Tool V2.
- mailtools Perfect scripts for all the hustle we have with mailing.
- Mass-Mailer-toolkit All-in-one mailing tool.
- Mess-SMTP-Checker MASS SMTP VALID INVALID CHECKER.
- SMTP-CHECKER A tool to check the correctness of email and password.
- BrokenSMTP Small python script to look for common vulnerabilities on SMTP server.
- swaks Swaks - Swiss Army Knife for SMTP.
-
- Loki This is a special tool designed to analyze the security of L2/L3 protocols.
-
- DNSrecon-gui DNSrecon tool with GUI for Kali Linux.
- dnsx dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.
- massdns A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration).
- dnscan dnscan is a python wordlist-based DNS subdomain scanner.
- dig query the DNS in various ways.
- dnsenum Dnsenum is a multithreaded perl script to enumerate DNS information of a domain and to discover non-contiguous ip blocks.
- dnsrecon handy python script to perform DNS reconnaissance over remote hosts.
- fierce Fierce is a DNS reconnaissance tool for locating non-contiguous IP space.
- dnsrevenum6 Simple and fast Reverse DNS Enumerator for IPv6.
- dnsscope Takes a list of IPs and TLDs in scope and automates DNS enumeration.
- dnsdumpster A tool to perform DNS reconnaissance on target networks. Among the DNS information got from include subdomains, mx records, web application firewall detection and more fingerprinting and lookups.
- dnsdumpster.com dns recon & research, find & lookup dns records.
-
- finger-user-enum Username guessing tool primarily for use against the default Solaris finger service.
-
- rubeus Rubeus is a C# toolset for raw Kerberos interaction and abuses.
- kerbrute A tool to quickly bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication.
- PowershellKerberos Some scripts to abuse kerberos using Powershell.
- Ticket Injector Manual tickets injection tool.
- Cerbere A project to play a little bit with Kerberos on Windows.
-
- ident-user-enum ident-user-enum is a simple PERL script to query the ident service (113/TCP) in order to determine the owner of the process listening on each TCP port of a target system.
-
- ntp-dos-script ntp dos script in python.
-
- rpctools They are demostration programs for the Null Session and MSRPC concepts discussed at BlackHat Windows 2000.
-
- enum4linux enum4Linux is a Linux alternative to enum.exe for enumerating data from Windows and Samba hosts
- smbmap SMBMap is a handy SMB enumeration tool.
- Nim-SMBExec SMBExec implementation in Nim - SMBv2 using NTLM Authentication with Pass-The-Hash technique.
- SMBetray SMB MiTM tool with a focus on attacking clients through file content swapping, lnk swapping, as well as compromising any data passed over the wire in cleartext.
- nullinux Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
- SharpSMBSpray Spray a hash via smb to check for local administrator access.
- NetExec The Network Execution Tool.
- MANSPIDER Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported.
- enum4linux-ng A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
Note
Tools are getting added daily.