Security-Engineer-Toolkit:
In the following tables, you can find the tools you need according to the heading.
Before using this tool, you need to install Ansible. Here are the steps to install Ansible on a Linux machine:
# Update the system# Install software-properties-common (if not installed)# Add Ansible PPA# Install Ansible# Clone the repo[email protected] :regex-33/Security-Engineer-Toolkit.git
# Make sure we have a sudo tokenThis tool uses Ansible, a powerful automation tool for IT operations. You can specify what tasks to run with the --tags option.
For example, if you want to install the tools related to Windows, you can use the following command:
sudo ansible-playbook playbooks/main.yml --tags " windows" to install tools related to configuration, you can use the following command:
sudo ansible-playbook playbooks/main.yml --tags " config" The --tags "config" option will configure the browser, terminal, Vim, Tmux, and logging as part of the IppSec build , including Firefox extensions.
to install tools related to bug bounty, you can use the following command:
sudo ansible-playbook playbooks/main.yml --tags " bugbounty" If you want to install all tools except those with certain tags, you can use the --skip-tags option:
sudo ansible-playbook playbooks/main.yml --skip-tags " windows,config" If you want to install all tools, you can use the following command:
sudo ansible-playbook playbooks/main.yml Pwn Windows Tools
Name
Descriptions
Download Link
Empire A post-exploitation framework that includes a pure-PowerShell Windows agent.
Download
BloodHound A single page Javascript web application, built on top of Linkurious, compiled with Electron, with a Neo4j database fed by a C# ingestor.
Download
CrackMapExec A swiss army knife for pentesting networks.
Download
Evil-WinRM The ultimate WinRM shell for hacking/pentesting.
Download
Unicorn A simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory.
Download
Certipy A tool for abusing Active Directory Certificate Services (AD CS).
Download
Responder An LLMNR, NBT-NS, and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server.
Download
PowerSploit A collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment.
Download
Covenant A collaborative .NET C2 framework for red teamers.
Download
LDAPDomainDump A Python script to enumerate users, groups, computers, and trusts in an Active Directory domain.
Download
SharpCollection A collection of .NET tools for red teaming and post-exploitation.
Download
ADRecon A tool for gathering detailed information about an Active Directory environment.
Download
Spraykatz A tool to spray and dump credentials from a number of different data sources on a Windows machine.
Download
nishang Offensive PowerShell for red team, penetration testing and offensive security.
Download
pyGPOAbuse A Python tool to abuse Group Policy Objects in Active Directory.
Download
Ghostpack A collection of C# tools for red teaming and offensive security.
Download
Invoke-Obfuscation A PowerShell v3+ cmdlet that obfuscates existing PowerShell scripts to evade antivirus.
Download
PowerSharpPack Many useful offensive C# tools wrapped into one project.
Download
PSAmsi A module to bypass AMSI (Antimalware Scan Interface) in PowerShell.
Download
PoshC2 A proxy aware C2 framework used to aid red team operations, post-exploitation, and lateral movement.
Download
kerbrute A tool to quickly brute force and enumerate valid Active Directory accounts through Kerberos Pre-Authentication.
Download
ASREPRoast A tool for performing AS-REP roasting attacks on Active Directory.
Download
Rubeus A tool to interact with Kerberos tickets in various ways to assist with attacks such as pass-the-ticket.
Download
SharpHound A C# ingestor for BloodHound used to collect data from Active Directory environments.
Download
SharpGPOAbuse A tool to automate the exploitation of insecure Group Policy Objects in Active Directory.
Download
SharpLAPS A tool to interact with LAPS (Local Administrator Password Solution) for enumeration and exploitation.
Download
PowerView A PowerShell tool to gain network situational awareness on Windows domains.
Download
Inveigh A PowerShell LLMNR/NBNS/mDNS spoofer/man-in-the-middle tool.
Download
PowerUp A PowerShell tool to assist with local privilege escalation on Windows systems.
Download
SharpUp A C# tool for privilege escalation on Windows.
Download
SharpDump A C# tool to dump the memory of processes for credential extraction.
Download
SharpWMI A C# tool to execute WMI queries and methods for enumeration and remote code execution.
Download
SharpRoast A C# tool to perform Kerberoasting attacks on Active Directory.
Download
SharpDPAPI A C# tool to interact with the Data Protection API (DPAPI) to decrypt secrets.
Download
Lockless A C# tool to bypass the Windows lock screen.
Download
SafetyKatz A C# tool to safely run Mimikatz in memory.
Download
KeeThief A C# tool to interact with KeePass databases.
Download
Seatbelt A C# tool to perform security audits on Windows systems.
Download
Limelighter A C# tool for lateral movement by injecting code into existing processes.
Download
SharpGen A C# tool to generate and obfuscate shellcode.
Download
Invoke-Mimikatz A PowerShell tool to run Mimikatz in memory.
Download
LaZagne A tool to retrieve stored passwords on Windows.
Download
QuarksPwDump A C++ tool to dump passwords from Windows systems.
Download
Invoke-TheHash A PowerShell tool for performing various NTLM hash attacks.
Download
Invoke-DCSync A PowerShell tool to replicate data from Domain Controllers using the DCSync technique.
Download
NetRipper A post-exploitation tool for packet sniffing on Windows.
Download
WMIExec A Python tool for remote command execution via WMI.
Download
Sysinternals Suite A comprehensive collection of advanced system utilities for monitoring, managing, and troubleshooting Windows operating systems.
Download
Mimikatz A versatile post-exploitation tool for extracting credentials and performing lateral movement within Windows networks.
Download
Merlin Server (Linux x64) A robust red teaming toolset for simulating adversarial infrastructure to test and enhance detection and response capabilities in Windows environments.
Download
Android tools
Name
Descriptions
Download
apkleaksScans APK files for secrets, such as hardcoded credentials and API keys.
Download
aerootAndroid rooting tool that exploits vulnerabilities in older Android versions.
Download
frida-toolsDynamic instrumentation toolkit for developers, reverse engineers, and security researchers.
Download
objectionRuntime mobile exploration toolkit, powered by Frida.
Download
radare2A portable reversing framework that supports various architectures.
Download
dnspy.NET debugger and assembly editor.
Download
DrozerComprehensive security testing framework for Android applications.
Download
MobSFMobile Security Framework - automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis, and security assessment tool.
Download
apksignerCommand-line tool to sign and verify Android APKs.
Included in Android SDK
apktoolA tool for reverse engineering Android APK files.
Download
zipalignOptimizes Android APK files.
Included in Android SDK
adbAndroid Debug Bridge, a versatile command-line tool for managing Android devices.
Download
aaptAndroid Asset Packaging Tool, part of the Android SDK build tools.
Included in Android SDK
jadxDEX to Java decompiler.
Download
jadx-guiGUI for jadx, a DEX to Java decompiler.
Download
jadx-cliCommand-line interface for jadx, a DEX to Java decompiler.
Download
jadx-dex2jarConverts Android DEX files to Java JAR files.
Download
jarsignerSigns and verifies Java Archive (JAR) files.
Included in JDK
Name
Descriptions
Download
Kiterunner Security testing tool for APIs, focusing on GraphQL and REST endpoints.
Download
Name
Descriptions
Download
Droopescan CMS vulnerability scanner.
Install via pip
Nrich Networked reconnaissance framework for CMS.
Download
AEM-Hacking Adobe Experience Manager security toolkit.
GitHub Repo
WhatWaf Web application firewall identification tool.
GitHub Repo
Name
Descriptions
Download
Dirbuster Web directory brute-forcing tool.
Install via apt
ffuf Fast web fuzzer for directory and file bruteforcing.
GitHub Repo
gobuster Directory and file brute-forcing tool.
GitHub Repo
feroxbuster Fast, simple web directory and file bruteforcer.
GitHub Repo
Name
Descriptions
Download
dnsx Fast and versatile DNS toolkit.
GitHub Repo
puredns DNS resolver and cache written in Go.
GitHub Repo
shuffledns Fast, flexible DNS discovery tool.
GitHub Repo
MassDNS High-performance DNS stub resolver.
GitHub Repo
dnsvalidator DNS validation and resolution tool.
GitHub Repo
Name
Descriptions
Download
w3af Web application attack and audit framework.
GitHub Repo
Arachni Web application security scanner.
Website
Name
Descriptions
Download
GitDorker Tool to scan GitHub for sensitive information.
GitHub Repo
gitGraber Tool to find sensitive information in GitHub pages.
GitHub Repo
GitTools Collection of tools for reconnaissance of Git repositories.
GitHub Repo
GitHacker Tool for finding exposed .git directories.
PyPI
Name
Descriptions
Download
Arjun HTTP parameter discovery suite.
Install via pip3
x8 Tool for discovering hidden HTTP parameters.
Download
Name
Descriptions
Download
httpx A fast and multi-purpose HTTP toolkit that allows running multiple probers using retryablehttp library.
GitHub
httprobe A tool that takes a list of domains and probes for working HTTP and HTTPS servers.
GitHub
🔍 JavaScript Inspection Tools
Name
Descriptions
Download
LinkFinder A python script that finds endpoints in JavaScript files using regex.
GitHub
JSParser A python 2.7 script that parses JavaScript files to extract URLs and endpoints.
GitHub
🕵️♂️ JavaScript Hunting Tools
Name
Descriptions
Download
GetJS A Go-based tool to extract JavaScript files from a target website.
GitHub
LinkFinder A python script that finds endpoints in JavaScript files using regex.
GitHub
SecretFinder A python script to find sensitive data (e.g., API keys, tokens) in JavaScript files.
GitHub
JSScanner A tool to scan JavaScript files for sensitive information and vulnerabilities.
GitHub
subjs A Go-based tool that fetches JavaScript files from a target website to help with subdomain enumeration.
GitHub
🛠️ Local File Inclusion (LFI) Tools
Name
Descriptions
Download
LFISuite A complete automated Local File Inclusion (LFI) exploitation and scanning suite.
GitHub
mrco24-lfi A Go-based tool to exploit Local File Inclusion vulnerabilities.
GitHub
Name
Descriptions
Download
Masscan The fastest Internet port scanner.
GitHub
Naabu A fast port scanner written in Go.
GitHub
Unimap A simple and effective tool for network scanning and mapping.
GitHub
Name
Descriptions
Download
Open-Redirect A tool to detect open redirects.
GitHub
Name
Descriptions
Download
EarlyBird EarlyBird is a tool for searching through email data.
GitHub
Ripgrep Ripgrep is a fast search tool combining usability and speed.
Installation: apt-get install -y ripgrep
Gau-Expose Gau-Expose extracts sensitive URLs from Google Search Appliance URLs.
GitHub
Mantra Mantra automates malware analysis tasks.
Installation: /usr/local/go/bin/go install github.com/MrEmpy/mantra@latest
Name
Descriptions
Download
http-request-smuggling A tool for detecting HTTP request smuggling vulnerabilities.
GitHub
Name
Descriptions
Download
Jeeves A tool for automated SQL injection detection and exploitation.
GitHub
time-sql A tool for exploiting blind SQL injection vulnerabilities.
GitHub
mrco24-error-sql A tool for detecting SQL injection vulnerabilities based on error messages.
GitHub
ghauri A SQL injection detection and exploitation tool.
GitHub
Name
Descriptions
Download
Interactsh A tool for HTTP request smuggling, SSRF, and DNS rebinding detection.
GitHub
SSRFmap A tool for testing SSRF vulnerabilities.
GitHub
Gopherus A tool designed to generate gopher payloads for exploiting SSRF.
GitHub
Name
Descriptions
Download
tplmap A tool to detect and exploit Server-Side Template Injection.
GitHub
Subdomain Enumeration Tools
Name
Description
Download
Sublist3r Fast subdomains enumeration tool for penetration testers.
GitHub
Sudomy Subdomain enumeration tool to collect subdomains and analyze.
GitHub
CertCrunchy Subdomain discovery using certificate transparency logs.
GitHub
assetfinder Finds domains and subdomains potentially related to a given domain.
GitHub
subfinder Subdomain discovery tool that discovers valid subdomains.
GitHub
github-subdomains Tool to find subdomains via GitHub search.
GitHub
crobat Fast and flexible subdomain enumeration tool.
GitHub
mapcidr Tool to perform operations on IP addresses and CIDR ranges.
GitHub
Findomain The fastest subdomain enumeration tool.
GitHub
Name
Description
Download
notify Send notifications on the command line.
GitHub
tok Tool for extracting tokens from content.
GitHub
gau Get all URLs from AlienVault's Open Threat Exchange.
GitHub
anti-burl Tool for detecting and removing URLs with specific patterns.
GitHub
unfurl Extract and process URLs from input data.
GitHub
anew Append new, unique lines to a file.
GitHub
fff Find files and filter.
GitHub
gron Transform JSON into discrete assignments.
GitHub
qsreplace Query string parameter replacer.
GitHub
subzy Subdomain takeover tool.
GitHub
cf-check Cloudflare check tool.
GitHub
SploitScan Automated vulnerability scanner.
GitHub
Oralyzer Open redirect vulnerability scanner.
GitHub
Interlace Tool for performing parallelized tasks in security testing.
GitHub
Name
Description
Download
Gowitness A tool to screenshot webpages and generate reports.
GitHub
Aquatone A tool for visual inspection of websites across a large number of hosts.
GitHub
Vulnerability Scanners Tools:
Name
Description
Download
Afrog A versatile security testing tool.
GitHub
Xray An automated web security scanner.
GitHub
Jaeles A powerful scanning tool for hunting vulnerabilities in web applications.
GitHub
Nuclei A fast scanner for configurable targeted scanning based on templates.
GitHub
POC-bomber A Python-based platform for security testing.
GitHub
Name
Description
Download
Gospider Versatile web spidering and scraping tool.
GitHub
Hakrawler Simple, fast web crawler designed for easy, quick discovery of endpoints and assets.
GitHub
Waybackurls Fetch all the URLs that the Wayback Machine knows about for a domain.
GitHub
katana Multi-protocol security/penetration testing framework designed for servers.
GitHub
Parameters A tool to brute-force parameters for GET and POST requests.
GitHub
GF A wrapper around grep to help you grep data from websites.
GitHub
otx-url Extracts URLs from AlienVault's Open Threat Exchange (OTX).
GitHub
Web-archive A tool to archive web pages, maintained for archival purposes.
GitHub
xnLinkFinder A tool written in Python for finding subdomains, XSS, SSTI, etc.
Installation via pip: pip install xnLinkFinder
ParamSpider A reconnaissance tool that identifies parameters and bugs on web applications.
GitHub
Guaplus A powerful reconnaissance tool designed for GitHub and GitLab.
GitHub
freq A fast web crawler optimized for performance and flexibility.
GitHub
Name
Description
Download
Wappalyzer CLI A command-line interface for Wappalyzer, used to identify technologies used on websites.
GitHub
Name
Description
Download
SecLists A collection of security-related lists for penetration testing and ethical hacking.
GitHub
Name
Description
Download
Dalfox A fast and powerful XSS scanner with a variety of features.
GitHub
kxss A fast XSS scanner written in Go.
GitHub
Gxss A powerful XSS scanner and payload injector.
GitHub
Bxss An XSS scanner that focuses on detection and exploitation.
GitHub
knoxnl Cross-Site Scripting (XSS) vulnerability scanner.
N/A
Findom-xss XSS vulnerability scanner that integrates with LinkFinder.
GitHub
XSStrike Advanced XSS detection suite.
GitHub
XSS_VIBES XSS vulnerability scanner and payload generator.
GitHub
