Skip to content

Index

Network Tools

  • CrackMapExec - Swiss army knife for pentesting networks.
  • IKEForce - Command line IPSEC VPN brute forcing tool for Linux that allows group name/ID enumeration and XAUTH brute forcing capabilities.
  • Intercepter-NG - Multifunctional network toolkit.
  • Legion - Graphical semi-automated discovery and reconnaissance framework based on Python 3 and forked from SPARTA.
  • Network-Tools.com - Website offering an interface to numerous basic network utilities like ping, traceroute, whois, and more.
  • Ncrack - High-speed network authentication cracking tool built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords.
  • Praeda - Automated multi-function printer data harvester for gathering usable data during security assessments.
  • Printer Exploitation Toolkit (PRET) - Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
  • SPARTA - Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.
  • SigPloit - Signaling security testing framework dedicated to telecom security for researching vulnerabilites in the signaling protocols used in mobile (cellular phone) operators.
  • Smart Install Exploitation Tool (SIET) - Scripts for identifying Cisco Smart Install-enabled switches on a network and then manipulating them.
  • THC Hydra - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more.
  • Tsunami - General purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
  • Zarp - Network attack tool centered around the exploitation of local networks.
  • dnstwist - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage.
  • dsniff - Collection of tools for network auditing and pentesting.
  • impacket - Collection of Python classes for working with network protocols.
  • pivotsuite - Portable, platform independent and powerful network pivoting toolkit.
  • routersploit - Open source exploitation framework similar to Metasploit but dedicated to embedded devices.
  • rshijack - TCP connection hijacker, Rust rewrite of shijack.

Network Reconnaissance Tools

  • ACLight - Script for advanced discovery of sensitive Privileged Accounts - includes Shadow Admins.
  • AQUATONE - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.
  • CloudFail - Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
  • DNSDumpster - Online DNS recon and search service.
  • Mass Scan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
  • OWASP Amass - Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc.
  • ScanCannon - Python script to quickly enumerate large networks by calling masscan to quickly identify open ports and then nmap to gain details on the systems/services on those ports.
  • XRay - Network (sub)domain discovery and reconnaissance automation tool.
  • dnsenum - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
  • dnsmap - Passive DNS network mapper.
  • dnsrecon - DNS enumeration script.
  • dnstracer - Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
  • fierce - Python3 port of the original fierce.pl DNS reconnaissance tool for locating non-contiguous IP space.
  • nmap - Free security scanner for network exploration & security audits.
  • passivedns-client - Library and query tool for querying several passive DNS providers.
  • passivedns - Network sniffer that logs all DNS server replies for use in a passive DNS setup.
  • RustScan - Lightweight and quick open-source port scanner designed to automatically pipe open ports into Nmap.
  • scanless - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.
  • smbmap - Handy SMB enumeration tool.
  • subbrute - DNS meta-query spider that enumerates DNS records, and subdomains.
  • zmap - Open source network scanner that enables researchers to easily perform Internet-wide network studies.

Protocol Analyzers and Sniffers

  • Debookee - Simple and powerful network traffic analyzer for macOS.
  • Dshell - Network forensic analysis framework.
  • Netzob - Reverse engineering, traffic generation and fuzzing of communication protocols.
  • Wireshark - Widely-used graphical, cross-platform network protocol analyzer.
  • netsniff-ng - Swiss army knife for network sniffing.
  • sniffglue - Secure multithreaded packet sniffer.
  • tcpdump/libpcap - Common packet analyzer that runs under the command line.

Network Traffic Replay and Editing Tools

  • TraceWrangler - Network capture file toolkit that can edit and merge pcap or pcapng files with batch editing features.
  • WireEdit - Full stack WYSIWYG pcap editor (requires a free license to edit packets).
  • bittwist - Simple yet powerful libpcap-based Ethernet packet generator useful in simulating networking traffic or scenario, testing firewall, IDS, and IPS, and troubleshooting various network problems.
  • hping3 - Network tool able to send custom TCP/IP packets.
  • pig - GNU/Linux packet crafting tool.
  • scapy - Python-based interactive packet manipulation program and library.
  • tcpreplay - Suite of free Open Source utilities for editing and replaying previously captured network traffic.

DDoS Tools

  • Anevicon - Powerful UDP-based load generator, written in Rust.
  • HOIC - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures.
  • Low Orbit Ion Canon (LOIC) - Open source network stress tool written for Windows.
  • Memcrashed - DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API.
  • SlowLoris - DoS tool that uses low bandwidth on the attacking side.
  • T50 - Faster network stress tool.
  • UFONet - Abuses OSI layer 7 HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.

Intercepting

  • BetterCAP - Modular, portable and easily extensible MITM framework.
  • Ettercap - Comprehensive, mature suite for machine-in-the-middle attacks.
  • Habu - Python utility implementing a variety of network attacks, such as ARP poisoning, DHCP starvation, and more.
  • Lambda-Proxy - Utility for testing SQL Injection vulnerabilities on AWS Lambda serverless functions.
  • MITMf - Framework for Man-In-The-Middle attacks.
  • Morpheus - Automated ettercap TCP/IP Hijacking tool.
  • SSH MITM - Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.
  • dnschef - Highly configurable DNS proxy for pentesters.
  • evilgrade - Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
  • mallory - HTTP/HTTPS proxy over SSH.
  • oregano - Python module that runs as a machine-in-the-middle (MITM) accepting Tor client requests.
  • sylkie - Command line tool and library for testing networks for common address spoofing security vulnerabilities in IPv6 networks using the Neighbor Discovery Protocol.

Transport Layer Security Tools

  • SSLyze - Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.
  • crackpkcs12 - Multithreaded program to crack PKCS#12 files (.p12 and .pfx extensions), such as TLS/SSL certificates.
  • testssl.sh - Command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.
  • tls_prober - Fingerprint a server's SSL/TLS implementation.

Wireless Network Tools

  • Aircrack-ng - Set of tools for auditing wireless networks.
  • Airgeddon - Multi-use bash script for Linux systems to audit wireless networks.
  • BoopSuite - Suite of tools written in Python for wireless auditing.
  • Bully - Implementation of the WPS brute force attack, written in C.
  • Cowpatty - Brute-force dictionary attack against WPA-PSK.
  • Fluxion - Suite of automated social engineering based WPA attacks.
  • KRACK Detector - Detect and prevent KRACK attacks in your network.
  • Kismet - Wireless network detector, sniffer, and IDS.
  • PSKracker - Collection of WPA/WPA2/WPS default algorithms, password generators, and PIN generators written in C.
  • Reaver - Brute force attack against WiFi Protected Setup.
  • WiFi Pineapple - Wireless auditing and penetration testing platform.
  • WiFi-Pumpkin - Framework for rogue Wi-Fi access point attack.
  • Wifite - Automated wireless attack tool.
  • infernal-twin - Automated wireless hacking tool.
  • krackattacks-scripts - WPA2 Krack attack scripts.
  • pwnagotchi - Deep reinforcement learning based AI that learns from the Wi-Fi environment and instruments BetterCAP in order to maximize the WPA key material captured.
  • wifi-arsenal - Resources for Wi-Fi Pentesting.

Network Vulnerability Scanners

  • celerystalk - Asynchronous enumeration and vulnerability scanner that "runs all the tools on all the hosts" in a configurable manner.
  • kube-hunter - Open-source tool that runs a set of tests ("hunters") for security issues in Kubernetes clusters from either outside ("attacker's view") or inside a cluster.
  • Nessus - Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable.
  • Netsparker Application Security Scanner - Application security scanner to automatically find security flaws.
  • Nexpose - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
  • OpenVAS - Free software implementation of the popular Nessus vulnerability assessment system.
  • Vuls - Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go.