In the following tables, you can find the tools you need according to the heading.
- Installation
- Usage
- Pwn Windows
- Android
- Bug Bounty
- API Tools
- CMS Scanners
- Directory Fuzzers
- DNS Resolver
- Frameworks
- Git Hunting Tools
- HTTP Parameter Tools
- HTTP Probe Tools
- JavaScript Inspection Tools
- JavaScript Hunting Tools
- Local File Inclusion (LFI) Tools
- Network Scanners
- Open Redirect
- Sensitive Finding
- Request Smuggling
- SQL Tools
- SSRF Tools
- SSTI Tools
- Subdomain Enumeration Tools
- Useful Tools
- Visual Tools
- Vulnerability Scanners Tools
- Web Crawling Tools
- Web Technologies
- Wordlists
- XSS Tools
Before using this tool, you need to install Ansible. Here are the steps to install Ansible on a Linux machine:
# Update the system
sudo apt update
# Install software-properties-common (if not installed)
sudo apt install software-properties-common
# Add Ansible PPA
sudo apt-add-repository --yes --update ppa:ansible/ansible
# Install Ansible
sudo apt install ansible
# Clone the repo
git clone [email protected]:regex-33/Security-Engineer-Toolkit.git
# Make sure we have a sudo token
sudo whoamiThis tool uses Ansible, a powerful automation tool for IT operations. You can specify what tasks to run with the --tags option.
For example, if you want to install the tools related to Windows, you can use the following command:
sudo ansible-playbook playbooks/main.yml --tags "windows"to install tools related to configuration, you can use the following command:
sudo ansible-playbook playbooks/main.yml --tags "config"The --tags "config" option will configure the browser, terminal, Vim, Tmux, and logging as part of the IppSec build, including Firefox extensions.
to install tools related to bug bounty, you can use the following command:
sudo ansible-playbook playbooks/main.yml --tags "bugbounty"If you want to install all tools except those with certain tags, you can use the --skip-tags option:
sudo ansible-playbook playbooks/main.yml --skip-tags "windows,config"If you want to install all tools, you can use the following command:
sudo ansible-playbook playbooks/main.ymlPwn Windows Tools
| Name | Descriptions | Download Link |
|---|---|---|
| Empire | A post-exploitation framework that includes a pure-PowerShell Windows agent. | Download |
| BloodHound | A single page Javascript web application, built on top of Linkurious, compiled with Electron, with a Neo4j database fed by a C# ingestor. | Download |
| CrackMapExec | A swiss army knife for pentesting networks. | Download |
| Evil-WinRM | The ultimate WinRM shell for hacking/pentesting. | Download |
| Unicorn | A simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. | Download |
| Certipy | A tool for abusing Active Directory Certificate Services (AD CS). | Download |
| Responder | An LLMNR, NBT-NS, and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server. | Download |
| PowerSploit | A collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. | Download |
| Covenant | A collaborative .NET C2 framework for red teamers. | Download |
| LDAPDomainDump | A Python script to enumerate users, groups, computers, and trusts in an Active Directory domain. | Download |
| SharpCollection | A collection of .NET tools for red teaming and post-exploitation. | Download |
| ADRecon | A tool for gathering detailed information about an Active Directory environment. | Download |
| Spraykatz | A tool to spray and dump credentials from a number of different data sources on a Windows machine. | Download |
| nishang | Offensive PowerShell for red team, penetration testing and offensive security. | Download |
| pyGPOAbuse | A Python tool to abuse Group Policy Objects in Active Directory. | Download |
| Ghostpack | A collection of C# tools for red teaming and offensive security. | Download |
| Invoke-Obfuscation | A PowerShell v3+ cmdlet that obfuscates existing PowerShell scripts to evade antivirus. | Download |
| PowerSharpPack | Many useful offensive C# tools wrapped into one project. | Download |
| PSAmsi | A module to bypass AMSI (Antimalware Scan Interface) in PowerShell. | Download |
| PoshC2 | A proxy aware C2 framework used to aid red team operations, post-exploitation, and lateral movement. | Download |
| kerbrute | A tool to quickly brute force and enumerate valid Active Directory accounts through Kerberos Pre-Authentication. | Download |
| ASREPRoast | A tool for performing AS-REP roasting attacks on Active Directory. | Download |
| Rubeus | A tool to interact with Kerberos tickets in various ways to assist with attacks such as pass-the-ticket. | Download |
| SharpHound | A C# ingestor for BloodHound used to collect data from Active Directory environments. | Download |
| SharpGPOAbuse | A tool to automate the exploitation of insecure Group Policy Objects in Active Directory. | Download |
| SharpLAPS | A tool to interact with LAPS (Local Administrator Password Solution) for enumeration and exploitation. | Download |
| PowerView | A PowerShell tool to gain network situational awareness on Windows domains. | Download |
| Inveigh | A PowerShell LLMNR/NBNS/mDNS spoofer/man-in-the-middle tool. | Download |
| PowerUp | A PowerShell tool to assist with local privilege escalation on Windows systems. | Download |
| SharpUp | A C# tool for privilege escalation on Windows. | Download |
| SharpDump | A C# tool to dump the memory of processes for credential extraction. | Download |
| SharpWMI | A C# tool to execute WMI queries and methods for enumeration and remote code execution. | Download |
| SharpRoast | A C# tool to perform Kerberoasting attacks on Active Directory. | Download |
| SharpDPAPI | A C# tool to interact with the Data Protection API (DPAPI) to decrypt secrets. | Download |
| Lockless | A C# tool to bypass the Windows lock screen. | Download |
| SafetyKatz | A C# tool to safely run Mimikatz in memory. | Download |
| KeeThief | A C# tool to interact with KeePass databases. | Download |
| Seatbelt | A C# tool to perform security audits on Windows systems. | Download |
| Limelighter | A C# tool for lateral movement by injecting code into existing processes. | Download |
| SharpGen | A C# tool to generate and obfuscate shellcode. | Download |
| Invoke-Mimikatz | A PowerShell tool to run Mimikatz in memory. | Download |
| LaZagne | A tool to retrieve stored passwords on Windows. | Download |
| QuarksPwDump | A C++ tool to dump passwords from Windows systems. | Download |
| Invoke-TheHash | A PowerShell tool for performing various NTLM hash attacks. | Download |
| Invoke-DCSync | A PowerShell tool to replicate data from Domain Controllers using the DCSync technique. | Download |
| NetRipper | A post-exploitation tool for packet sniffing on Windows. | Download |
| WMIExec | A Python tool for remote command execution via WMI. | Download |
| Sysinternals Suite | A comprehensive collection of advanced system utilities for monitoring, managing, and troubleshooting Windows operating systems. | Download |
| Mimikatz | A versatile post-exploitation tool for extracting credentials and performing lateral movement within Windows networks. | Download |
| Merlin Server (Linux x64) | A robust red teaming toolset for simulating adversarial infrastructure to test and enhance detection and response capabilities in Windows environments. | Download |
Android tools
| Name | Descriptions | Download |
|---|---|---|
apkleaks |
Scans APK files for secrets, such as hardcoded credentials and API keys. | Download |
aeroot |
Android rooting tool that exploits vulnerabilities in older Android versions. | Download |
frida-tools |
Dynamic instrumentation toolkit for developers, reverse engineers, and security researchers. | Download |
objection |
Runtime mobile exploration toolkit, powered by Frida. | Download |
radare2 |
A portable reversing framework that supports various architectures. | Download |
dnspy |
.NET debugger and assembly editor. | Download |
Drozer |
Comprehensive security testing framework for Android applications. | Download |
MobSF |
Mobile Security Framework - automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis, and security assessment tool. | Download |
apksigner |
Command-line tool to sign and verify Android APKs. | Included in Android SDK |
apktool |
A tool for reverse engineering Android APK files. | Download |
zipalign |
Optimizes Android APK files. | Included in Android SDK |
adb |
Android Debug Bridge, a versatile command-line tool for managing Android devices. | Download |
aapt |
Android Asset Packaging Tool, part of the Android SDK build tools. | Included in Android SDK |
jadx |
DEX to Java decompiler. | Download |
jadx-gui |
GUI for jadx, a DEX to Java decompiler. | Download |
jadx-cli |
Command-line interface for jadx, a DEX to Java decompiler. | Download |
jadx-dex2jar |
Converts Android DEX files to Java JAR files. | Download |
jarsigner |
Signs and verifies Java Archive (JAR) files. | Included in JDK |
| Name | Descriptions | Download |
|---|---|---|
| Kiterunner | Security testing tool for APIs, focusing on GraphQL and REST endpoints. | Download |
| Name | Descriptions | Download |
|---|---|---|
| Droopescan | CMS vulnerability scanner. | Install via pip |
| Nrich | Networked reconnaissance framework for CMS. | Download |
| AEM-Hacking | Adobe Experience Manager security toolkit. | GitHub Repo |
| WhatWaf | Web application firewall identification tool. | GitHub Repo |
| Name | Descriptions | Download |
|---|---|---|
| Dirbuster | Web directory brute-forcing tool. | Install via apt |
| ffuf | Fast web fuzzer for directory and file bruteforcing. | GitHub Repo |
| gobuster | Directory and file brute-forcing tool. | GitHub Repo |
| feroxbuster | Fast, simple web directory and file bruteforcer. | GitHub Repo |
| Name | Descriptions | Download |
|---|---|---|
| dnsx | Fast and versatile DNS toolkit. | GitHub Repo |
| puredns | DNS resolver and cache written in Go. | GitHub Repo |
| shuffledns | Fast, flexible DNS discovery tool. | GitHub Repo |
| MassDNS | High-performance DNS stub resolver. | GitHub Repo |
| dnsvalidator | DNS validation and resolution tool. | GitHub Repo |
| Name | Descriptions | Download |
|---|---|---|
| w3af | Web application attack and audit framework. | GitHub Repo |
| Arachni | Web application security scanner. | Website |
| Name | Descriptions | Download |
|---|---|---|
| GitDorker | Tool to scan GitHub for sensitive information. | GitHub Repo |
| gitGraber | Tool to find sensitive information in GitHub pages. | GitHub Repo |
| GitTools | Collection of tools for reconnaissance of Git repositories. | GitHub Repo |
| GitHacker | Tool for finding exposed .git directories. |
PyPI |
| Name | Descriptions | Download |
|---|---|---|
| Arjun | HTTP parameter discovery suite. | Install via pip3 |
| x8 | Tool for discovering hidden HTTP parameters. | Download |
| Name | Descriptions | Download |
|---|---|---|
| httpx | A fast and multi-purpose HTTP toolkit that allows running multiple probers using retryablehttp library. | GitHub |
| httprobe | A tool that takes a list of domains and probes for working HTTP and HTTPS servers. | GitHub |
| Name | Descriptions | Download |
|---|---|---|
| LinkFinder | A python script that finds endpoints in JavaScript files using regex. | GitHub |
| JSParser | A python 2.7 script that parses JavaScript files to extract URLs and endpoints. | GitHub |
| Name | Descriptions | Download |
|---|---|---|
| GetJS | A Go-based tool to extract JavaScript files from a target website. | GitHub |
| LinkFinder | A python script that finds endpoints in JavaScript files using regex. | GitHub |
| SecretFinder | A python script to find sensitive data (e.g., API keys, tokens) in JavaScript files. | GitHub |
| JSScanner | A tool to scan JavaScript files for sensitive information and vulnerabilities. | GitHub |
| subjs | A Go-based tool that fetches JavaScript files from a target website to help with subdomain enumeration. | GitHub |
| Name | Descriptions | Download |
|---|---|---|
| LFISuite | A complete automated Local File Inclusion (LFI) exploitation and scanning suite. | GitHub |
| mrco24-lfi | A Go-based tool to exploit Local File Inclusion vulnerabilities. | GitHub |
| Name | Descriptions | Download |
|---|---|---|
| Masscan | The fastest Internet port scanner. | GitHub |
| Naabu | A fast port scanner written in Go. | GitHub |
| Unimap | A simple and effective tool for network scanning and mapping. | GitHub |
| Name | Descriptions | Download |
|---|---|---|
| Open-Redirect | A tool to detect open redirects. | GitHub |
| Name | Descriptions | Download |
|---|---|---|
| EarlyBird | EarlyBird is a tool for searching through email data. | GitHub |
| Ripgrep | Ripgrep is a fast search tool combining usability and speed. | Installation: apt-get install -y ripgrep |
| Gau-Expose | Gau-Expose extracts sensitive URLs from Google Search Appliance URLs. | GitHub |
| Mantra | Mantra automates malware analysis tasks. | Installation: /usr/local/go/bin/go install github.com/MrEmpy/mantra@latest |
| Name | Descriptions | Download |
|---|---|---|
| http-request-smuggling | A tool for detecting HTTP request smuggling vulnerabilities. | GitHub |
| Name | Descriptions | Download |
|---|---|---|
| Jeeves | A tool for automated SQL injection detection and exploitation. | GitHub |
| time-sql | A tool for exploiting blind SQL injection vulnerabilities. | GitHub |
| mrco24-error-sql | A tool for detecting SQL injection vulnerabilities based on error messages. | GitHub |
| ghauri | A SQL injection detection and exploitation tool. | GitHub |
| Name | Descriptions | Download |
|---|---|---|
| Interactsh | A tool for HTTP request smuggling, SSRF, and DNS rebinding detection. | GitHub |
| SSRFmap | A tool for testing SSRF vulnerabilities. | GitHub |
| Gopherus | A tool designed to generate gopher payloads for exploiting SSRF. | GitHub |
| Name | Descriptions | Download |
|---|---|---|
| tplmap | A tool to detect and exploit Server-Side Template Injection. | GitHub |
| Name | Description | Download |
|---|---|---|
| Sublist3r | Fast subdomains enumeration tool for penetration testers. | GitHub |
| Sudomy | Subdomain enumeration tool to collect subdomains and analyze. | GitHub |
| CertCrunchy | Subdomain discovery using certificate transparency logs. | GitHub |
| assetfinder | Finds domains and subdomains potentially related to a given domain. | GitHub |
| subfinder | Subdomain discovery tool that discovers valid subdomains. | GitHub |
| github-subdomains | Tool to find subdomains via GitHub search. | GitHub |
| crobat | Fast and flexible subdomain enumeration tool. | GitHub |
| mapcidr | Tool to perform operations on IP addresses and CIDR ranges. | GitHub |
| Findomain | The fastest subdomain enumeration tool. | GitHub |
| Name | Description | Download |
|---|---|---|
| notify | Send notifications on the command line. | GitHub |
| tok | Tool for extracting tokens from content. | GitHub |
| gau | Get all URLs from AlienVault's Open Threat Exchange. | GitHub |
| anti-burl | Tool for detecting and removing URLs with specific patterns. | GitHub |
| unfurl | Extract and process URLs from input data. | GitHub |
| anew | Append new, unique lines to a file. | GitHub |
| fff | Find files and filter. | GitHub |
| gron | Transform JSON into discrete assignments. | GitHub |
| qsreplace | Query string parameter replacer. | GitHub |
| subzy | Subdomain takeover tool. | GitHub |
| cf-check | Cloudflare check tool. | GitHub |
| SploitScan | Automated vulnerability scanner. | GitHub |
| Oralyzer | Open redirect vulnerability scanner. | GitHub |
| Interlace | Tool for performing parallelized tasks in security testing. | GitHub |
| Name | Description | Download |
|---|---|---|
| Gowitness | A tool to screenshot webpages and generate reports. | GitHub |
| Aquatone | A tool for visual inspection of websites across a large number of hosts. | GitHub |
| Name | Description | Download |
|---|---|---|
| Afrog | A versatile security testing tool. | GitHub |
| Xray | An automated web security scanner. | GitHub |
| Jaeles | A powerful scanning tool for hunting vulnerabilities in web applications. | GitHub |
| Nuclei | A fast scanner for configurable targeted scanning based on templates. | GitHub |
| POC-bomber | A Python-based platform for security testing. | GitHub |
| Name | Description | Download |
|---|---|---|
| Gospider | Versatile web spidering and scraping tool. | GitHub |
| Hakrawler | Simple, fast web crawler designed for easy, quick discovery of endpoints and assets. | GitHub |
| Waybackurls | Fetch all the URLs that the Wayback Machine knows about for a domain. | GitHub |
| katana | Multi-protocol security/penetration testing framework designed for servers. | GitHub |
| Parameters | A tool to brute-force parameters for GET and POST requests. | GitHub |
| GF | A wrapper around grep to help you grep data from websites. | GitHub |
| otx-url | Extracts URLs from AlienVault's Open Threat Exchange (OTX). | GitHub |
| Web-archive | A tool to archive web pages, maintained for archival purposes. | GitHub |
| xnLinkFinder | A tool written in Python for finding subdomains, XSS, SSTI, etc. | Installation via pip: pip install xnLinkFinder |
| ParamSpider | A reconnaissance tool that identifies parameters and bugs on web applications. | GitHub |
| Guaplus | A powerful reconnaissance tool designed for GitHub and GitLab. | GitHub |
| freq | A fast web crawler optimized for performance and flexibility. | GitHub |
| Name | Description | Download |
|---|---|---|
| Wappalyzer CLI | A command-line interface for Wappalyzer, used to identify technologies used on websites. | GitHub |
| Name | Description | Download |
|---|---|---|
| SecLists | A collection of security-related lists for penetration testing and ethical hacking. | GitHub |
| Name | Description | Download |
|---|---|---|
| Dalfox | A fast and powerful XSS scanner with a variety of features. | GitHub |
| kxss | A fast XSS scanner written in Go. | GitHub |
| Gxss | A powerful XSS scanner and payload injector. | GitHub |
| Bxss | An XSS scanner that focuses on detection and exploitation. | GitHub |
| knoxnl | Cross-Site Scripting (XSS) vulnerability scanner. | N/A |
| Findom-xss | XSS vulnerability scanner that integrates with LinkFinder. | GitHub |
| XSStrike | Advanced XSS detection suite. | GitHub |
| XSS_VIBES | XSS vulnerability scanner and payload generator. | GitHub |