- CrackMapExec - Swiss army knife for pentesting networks.
- IKEForce - Command line IPSEC VPN brute forcing tool for Linux that allows group name/ID enumeration and XAUTH brute forcing capabilities.
- Intercepter-NG - Multifunctional network toolkit.
- Legion - Graphical semi-automated discovery and reconnaissance framework based on Python 3 and forked from SPARTA.
- Network-Tools.com - Website offering an interface to numerous basic network utilities like
whois, and more.
- Ncrack - High-speed network authentication cracking tool built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords.
- Praeda - Automated multi-function printer data harvester for gathering usable data during security assessments.
- Printer Exploitation Toolkit (PRET) - Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
- SPARTA - Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.
- SigPloit - Signaling security testing framework dedicated to telecom security for researching vulnerabilites in the signaling protocols used in mobile (cellular phone) operators.
- Smart Install Exploitation Tool (SIET) - Scripts for identifying Cisco Smart Install-enabled switches on a network and then manipulating them.
- THC Hydra - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more.
- Tsunami - General purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
- Zarp - Network attack tool centered around the exploitation of local networks.
- dnstwist - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage.
- dsniff - Collection of tools for network auditing and pentesting.
- impacket - Collection of Python classes for working with network protocols.
- pivotsuite - Portable, platform independent and powerful network pivoting toolkit.
- routersploit - Open source exploitation framework similar to Metasploit but dedicated to embedded devices.
- rshijack - TCP connection hijacker, Rust rewrite of
- ACLight - Script for advanced discovery of sensitive Privileged Accounts - includes Shadow Admins.
- AQUATONE - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.
- CloudFail - Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
- DNSDumpster - Online DNS recon and search service.
- Mass Scan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
- OWASP Amass - Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc.
- ScanCannon - Python script to quickly enumerate large networks by calling
masscan to quickly identify open ports and then
nmap to gain details on the systems/services on those ports.
- XRay - Network (sub)domain discovery and reconnaissance automation tool.
- dnsenum - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
- dnsmap - Passive DNS network mapper.
- dnsrecon - DNS enumeration script.
- dnstracer - Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
- fierce - Python3 port of the original
fierce.pl DNS reconnaissance tool for locating non-contiguous IP space.
- nmap - Free security scanner for network exploration & security audits.
- passivedns-client - Library and query tool for querying several passive DNS providers.
- passivedns - Network sniffer that logs all DNS server replies for use in a passive DNS setup.
- RustScan - Lightweight and quick open-source port scanner designed to automatically pipe open ports into Nmap.
- scanless - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.
- smbmap - Handy SMB enumeration tool.
- subbrute - DNS meta-query spider that enumerates DNS records, and subdomains.
- zmap - Open source network scanner that enables researchers to easily perform Internet-wide network studies.
Protocol Analyzers and Sniffers
- Debookee - Simple and powerful network traffic analyzer for macOS.
- Dshell - Network forensic analysis framework.
- Netzob - Reverse engineering, traffic generation and fuzzing of communication protocols.
- Wireshark - Widely-used graphical, cross-platform network protocol analyzer.
- netsniff-ng - Swiss army knife for network sniffing.
- sniffglue - Secure multithreaded packet sniffer.
- tcpdump/libpcap - Common packet analyzer that runs under the command line.
- TraceWrangler - Network capture file toolkit that can edit and merge
pcapng files with batch editing features.
- WireEdit - Full stack WYSIWYG pcap editor (requires a free license to edit packets).
- bittwist - Simple yet powerful libpcap-based Ethernet packet generator useful in simulating networking traffic or scenario, testing firewall, IDS, and IPS, and troubleshooting various network problems.
- hping3 - Network tool able to send custom TCP/IP packets.
- pig - GNU/Linux packet crafting tool.
- scapy - Python-based interactive packet manipulation program and library.
- tcpreplay - Suite of free Open Source utilities for editing and replaying previously captured network traffic.
- Anevicon - Powerful UDP-based load generator, written in Rust.
- HOIC - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures.
- Low Orbit Ion Canon (LOIC) - Open source network stress tool written for Windows.
- Memcrashed - DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API.
- SlowLoris - DoS tool that uses low bandwidth on the attacking side.
- T50 - Faster network stress tool.
- UFONet - Abuses OSI layer 7 HTTP to create/manage 'zombies' and to conduct different attacks using;
POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
- BetterCAP - Modular, portable and easily extensible MITM framework.
- Ettercap - Comprehensive, mature suite for machine-in-the-middle attacks.
- Habu - Python utility implementing a variety of network attacks, such as ARP poisoning, DHCP starvation, and more.
- Lambda-Proxy - Utility for testing SQL Injection vulnerabilities on AWS Lambda serverless functions.
- MITMf - Framework for Man-In-The-Middle attacks.
- Morpheus - Automated ettercap TCP/IP Hijacking tool.
- SSH MITM - Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.
- dnschef - Highly configurable DNS proxy for pentesters.
- evilgrade - Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
- mallory - HTTP/HTTPS proxy over SSH.
- oregano - Python module that runs as a machine-in-the-middle (MITM) accepting Tor client requests.
- sylkie - Command line tool and library for testing networks for common address spoofing security vulnerabilities in IPv6 networks using the Neighbor Discovery Protocol.
- SSLyze - Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.
- crackpkcs12 - Multithreaded program to crack PKCS#12 files (
.pfx extensions), such as TLS/SSL certificates.
- testssl.sh - Command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.
- tls_prober - Fingerprint a server's SSL/TLS implementation.
- Aircrack-ng - Set of tools for auditing wireless networks.
- Airgeddon - Multi-use bash script for Linux systems to audit wireless networks.
- BoopSuite - Suite of tools written in Python for wireless auditing.
- Bully - Implementation of the WPS brute force attack, written in C.
- Cowpatty - Brute-force dictionary attack against WPA-PSK.
- Fluxion - Suite of automated social engineering based WPA attacks.
- KRACK Detector - Detect and prevent KRACK attacks in your network.
- Kismet - Wireless network detector, sniffer, and IDS.
- PSKracker - Collection of WPA/WPA2/WPS default algorithms, password generators, and PIN generators written in C.
- Reaver - Brute force attack against WiFi Protected Setup.
- WiFi Pineapple - Wireless auditing and penetration testing platform.
- WiFi-Pumpkin - Framework for rogue Wi-Fi access point attack.
- Wifite - Automated wireless attack tool.
- infernal-twin - Automated wireless hacking tool.
- krackattacks-scripts - WPA2 Krack attack scripts.
- pwnagotchi - Deep reinforcement learning based AI that learns from the Wi-Fi environment and instruments BetterCAP in order to maximize the WPA key material captured.
- wifi-arsenal - Resources for Wi-Fi Pentesting.
Network Vulnerability Scanners
- celerystalk - Asynchronous enumeration and vulnerability scanner that "runs all the tools on all the hosts" in a configurable manner.
- kube-hunter - Open-source tool that runs a set of tests ("hunters") for security issues in Kubernetes clusters from either outside ("attacker's view") or inside a cluster.
- Nessus - Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable.
- Netsparker Application Security Scanner - Application security scanner to automatically find security flaws.
- Nexpose - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
- OpenVAS - Free software implementation of the popular Nessus vulnerability assessment system.
- Vuls - Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go.