8814au
Linux Driver for USB WiFi Adapters that are based on the RTL8814AU Chipset.
ADExplorerSnapshot.py
ADExplorerSnapshot.py is an AD Explorer snapshot ingestor for BloodHound.
ADIDNSdump
Query/modify DNS records for Active Directory integrated DNS via LDAP.
adPEAS
adPEAS is a Powershell tool to automate Active Directory enumeration.
ADReaper
A fast enumeration tool for Windows Active Directory Pentesting written in Go.
Alacritty
Is the fastest terminal emulator in existence. Using the GPU for rendering enables optimizations that simply aren't possible without it.
Android Debug Bridge (ADB)
Android Debug Bridge (ADB).
Aquatone
A tool for visual inspection of websites across a large amount of hosts and is convenient for quickly gaining an overview of HTTP-based attack surface.
Arcmenu
ArcMenu is an application menu for GNOME Shell, designed to provide a more traditional user experience and workflow. This extension has many features, including multiple menu layout styles, GNOME search, quick access to system shortcuts, and more! If you are a new user to GNOME and are looking for a Windows style start menu, this extension will be perfect for you!
Aria2
Aria2 is a command line download client with resuming and segmented downloading. Supported protocols are HTTP/HTTPS/SFTP/FTP/BitTorrent and it also supports Metalink.
ARRAffinity
Information Disclosure?
AutoRecon
AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.
aws-rotate-key
Easily rotate your AWS access key.
Axel
Lightweight CLI download accelerator.
Backscatter
Backscatter is the incorrectly automated bounce messages sent by mail servers, typically as a side effect of incoming spam.can be used.
BalenaEtcher
Flash OS images to SD cards & USB drives, safely and easily.
bike-scan
Brute force wrapper for ike-scan.
BIOS-pwgen
BIOS Master Password Generators for Laptops.
BloodHoundLoader
BloodHoundLoader, tool to set attributes in BloodHound for all the items contained in files.
Breacher
A script to find admin login pages and EAR vulnerabilities.
Brutedum
Is a SSH, FTP, Telnet, PostgreSQL, RDP, VNC brute forcing tool with Hydra, Medusa and Ncrack.
Burpsuite
WebProxy for analysis.
Bypass Paywalls Clean
Add-on allows you to read articles from (supported) sites that implement a paywall.
CamOver
CamOver is a camera exploitation tool that allows to disclosure network camera admin password.
Ccat
Cisco Configuration Analysis Tool.
Certi
Utility to play with ADCS, allows to request tickets and collect information about related objects.
Certificate Ripper
A CLI tool to extract server certificates.
Certify
Active Directory certificate abuse.
Certipy
Active Directory Certificate Services enumeration and abuse.
CeWL
CeWL - Custom Word List generator.
Chameleon
Chameleon is a tool which assists red teams in categorizing their infrastructure under arbitrary categories.
Checkdmarc
Validates and parses SPF amd DMARC DNS records.
Checksec
Checksec tool in Python, Rich output, based on LIEF. A simple tool to verify the security properties of your binaries.
Chntpw
Change password of a user in a Windows SAM file.
Crowbar
Crowbar is a brute force tool which supports OpenVPN, Remote Desktop Protocol, SSH Private Keys and VNC Keys..
Cryptomator
Free client-side encryption for your cloud files. Open source software: No backdoors, no registration.
Cryptsetup
Manage plain dm-crypt and LUKS encrypted volumes.
CTF Flag Generator
A CTF leet flag generator.
Curl
Is a tool to transfer data from or to a server, using one of the supported protocols. The command is designed to work without user interaction.
CutyCapt
CutyCapt is a small cross-platform command-line utility to capture WebKit’s rendering of a web page into a variety of vector and bitmap formats, including SVG, PDF, PS, PNG, JPEG, TIFF, GIF, and BMP.
Cypherhound
Python3 terminal application that contains 260+ Neo4j cyphers for BloodHound data sets.
Dalfox
XSS Scanning and Parameter Analysis tool.
Dash-to-panel
Dash to Panel is an icon taskbar for Gnome Shell. This extension moves the dash into the gnome main panel so that the application launchers and system tray are combined into a single panel, similar to that found in KDE Plasma and Windows 7+. A separate dock is no longer needed for easy access to running and favorited applications.
DBeaver
Free multi-platform database tool for developers, database administrators, analysts and all people who need to work with databases. Supports all popular databases: MySQL, PostgreSQL, SQLite, Oracle, DB2, SQL Server, Sybase, MS Access, Teradata, Firebird, Apache Hive, Phoenix, Presto, etc.
dconf-editor
Graphical editor for gsettings and dconf.
DIRB
DIRB is a Web Content Scanner.
Dirsearch
An advanced web path brute-forcer.
Ditto
Ditto is a small tool that accepts a domain name as input and generates all its variants for an homograph attack as output, checking which ones are available and which are already registered.
Dmidecode
Tool for dumping a computer's DMI (some say SMBIOS) table contents in a human-readable format.
DNStwist
Domain name permutation engine for detecting homograph phishing attacks, typosquatting, fraud and brand impersonation.
DumpSMBShare
A script to dump files and folders remotely from a Windows SMB share.
DumpThatLSASS
Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation , it contains Anti-sandbox , if you run it under unperformant Virtual Machine you need to uncomment the code related to it and recompile.
Duplicut
Remove duplicate lines from INFILE without changing order.
DVDbackup
Tool to backup DVDs.
Easy2Boot
E2B - the USB multiboot solution for professionals.
EmailSecCheck
EmailSecCheck is a lightweight Python utility used to check for common SPF/DMARC misconfigurations that may allow for email spoofing.
Enum4linux
A tool for enumerating information from Windows and Samba systems.
ExchangeFinder
Find Microsoft Exchange instance for a given domain and identify the exact version.
ExifTool
Read and write meta information in files.
EyeWitness
Is a tool used to capture screenshots from a list of URLs.
F3
Fight Flash Fraud - testing performance of flash / disks.
F5-BigIP-decoder
Detecting and decoding F5 BIG IP cookies in bash.
Fawkes
A tool to search for targets vulnerable to SQL Injection. Performs the search using Google search engine.
Ffuf
A fast web fuzzer written in Go.
Figlet
Creating ASCII text banners or large letters out of ordinary text.
Fio
Flexible I/O Tester.
Firefox Developer
Browser made for developers.
Flameshot
Powerful yet simple-to-use screenshot software.
Foolproof Passgen
Mitigate the risk anyone takes a 0 for a O.
Franz
Messaging app for WhatsApp, Slack, Telegram, HipChat, Hangouts and many many more.
genisoimage
Create ISO9660/Joliet/HFS filesystem with optional Rock Ridge attributes.
Git
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals.
Git-dumper
A tool to dump a git repository from a website.
GitDump
GitDump dumps the source code from .git when the directory traversal is disabled.
Gittools
This repository contains three small python/bash scripts used for the Git research.
Gobuster
Directory/File, DNS and VHost busting tool written in Go.
Gosecretsdump
Dump ntds.dit really fast.
gpprefdecrypt
Group Policy Preferences cpassword decryptor.
Grabify.link
GRABIFY IP LOGGER.
Guestmount
FUSE module for libguestfs. guestmount lets you mount a virtual machine filesystem.
HandBrake
HandBrake is a tool for converting video from nearly any format to a selection of modern, widely supported codecs.
Hexyl
A command-line hex viewer.
Hping3
Send (almost) arbitrary TCP/IP packets to network hosts.
HTMLdoc
A program that reads HTML and Markdown source files or web pages and generates corresponding EPUB, HTML, PostScript, or PDF files with an optional table of contents.
htop
Interactive process viewer.
HWinfo
Probe for hardware.
Hydra
Hydra is a tool to guess/crack valid login/password pairs.
iat
Converts many CD-ROM image formats to iso9660.
IcedTea-NetX
NetX provides a drop-in replacement for javaws (Java Web Start). Since upstream NetX is dead, the IcedTea Web project is hosting a fork of the original code. However, as icedtea-web has evolved to complex set of tools, extensions and tests, it has now only a few lines of code shared with the original implementation.
IIS-ShortName-Scanner
Scanner for IIS Tilde vulnerability.
IKE-scan
Discover and fingerprint IKE hosts (IPsec VPN Servers).
inxi
Command line system information script for console and IRC.
IPsourcebypass
This Python script can be used to bypass IP source restrictions using HTTP headers.
John
Open Source password security auditing and password recovery tool available for many operating systems.
JoomScan
OWASP JoomScan (short for [Joom]la Vulnerability [Scan]ner) is an opensource project in perl programming language to detect Joomla CMS vulnerabilities and analysis them.
jq
jq is a tool for processing JSON inputs, applying the given filter to its JSON text inputs and producing the filter's results as JSON on standard output.
Just Perfection
Disable and Customize GNOME shell UI Elements.
KeeFarce
KeeFarce allows for the extraction of KeePass 2.x password database information from memory. The cleartext information, including usernames, passwords, notes and url's are dumped into a CSV file in %AppData%
Kerbrute
This tool is designed to assist in quickly bruteforcing valid Active Directory accounts through Kerberos Pre-Authentication.
LAPSdumper
Dump LAPS Passwords.
LDAP Nom Nom
Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP).
LDAP Password Hunter
LDAP Password Hunter is a tool which wraps features of getTGT.py (Impacket) and ldapsearch in order to look up for password stored in LDAP database.
LDAP Relay Scan
A tool to check Domain Controllers for LDAP server protections regarding the relay of NTLM authentication.
LDAPDomainDump
Active Directory information dumper via LDAP.
LDAPmonitor
Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration! With this tool you can quickly see if your attack worked and if it changed LDAP attributes of the target object.
ldapper
A GoLang tool to enumerate and abuse LDAP. Made simple.
ldapsearch-ad.py
Active Directory LDAP Enumerator - Python3 script to quickly get various information from a domain controller through his LDAP service.
Libheif
Convert HEIC/HEIF image.
lm-sensors
Is used to show the current readings of all sensor chips.
MACchanger
Change MAC address of a NIC.
MANSPIDER
Scan for juicy data on SMB shares. Matching files and logs are stored in $HOME/.manspider. All filters are case-insensitive.
Mattermost
Mattermost is a messaging and collaboration platform. With Mattermost, you can integrate the tools you use every day into one place and never miss a notification or task.
Msfvenom
Msfvenom is a command line instance of Metasploit that is used to generate and output all of the various types of shell code that are available in Metasploit.
MySQL
MySQL is a fast, stable and true multi-user, multi-threaded SQL database server.
Neo4j
Is a high performance graph store with all the features expected of a mature and robust database, like a friendly query language and ACID transactions.
Neofetch
A fast, highly customizable system info script.
Nessus
#1 Vulnerability Assessment Solution.
Nextcloud
OpenSource, self hosted file sharing platform.
Ngxtop
Real-time metrics for nginx server (and others)
Nikto
Nikto is a pluggable web server and CGI scanner written in Perl, using rfp’s LibWhisker to perform fast security or informational checks.
nmap-converter
Python script for converting nmap reports into XLS.
NTLM_challenger
Fetch and parse NTLM challenge messages from HTTP and SMB services.
ntlm_theft
A tool for generating multiple types of NTLMv2 hash theft files.
NTLMRecon
A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains.
Ntlmscan
scan for NTLM directories.
Obsidian
Obsidian is a powerful and extensible knowledge base that works on top of your local folder of plain text files.
onesixtyone
onesixtyone is a simple SNMP scanner which sends SNMP requests for the sysDescr value asynchronously with user-adjustable sending times and then logs the responses which gives the description of the software running on the device.
osslsigncode
OpenSSL based Authenticode signing for PE/MSI/Java CAB files.
PAN-OS GP Scanner
Determine the Palo Alto PAN-OS software version of a remote GlobalProtect portal or management interface.
Pcredz
This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
Petitpotam
PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw function.
PipeWire
PipeWire is a project that aims to greatly improve handling of audio and video under Linux.
Polenum
Password policy enumerator.
Popsicle
Popsicle is a Linux utility for flashing multiple USB devices in parallel, written in Rust.
Postfix
postfix description.
Powertop
A power consumption and power management diagnosis tool.
PowerView.py
Just another Powerview alternative.
PRET
Printer Exploitation Toolkit.
Pulse Secure Version Scanner
Pulse Secure Version Scanner.
Python
Python is a programming language that lets you work quickly and integrate systems more effectively.
pyWhat
Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is!
qobuz-dl
Search, explore and download Lossless and Hi-Res music from Qobuz. The ultimate Qobuz music downloader.
QRencode
Encode input data in a QR Code and save as a PNG or EPS image.
RDesktop
A Remote Desktop Protocol client.
RDP-Sec-Check
Is a Perl script to enumerate security settings of an RDP Service (AKA Terminal Services).
RDPassSpray
RDPassSpray is a python tool to perform password spray attack in a Microsoft domain environment.
RDWArecon
A python script to extract information from a Microsoft Remote Desktop Web Access (RDWA) application.
Redis Tools
Set of tools to manage Redis server.
Remmina
The GTK Remote Desktop Client.
Resilio Sync
A fast, reliable, and simple file sync and share solution, powered by P2P technology.
RomBuster
RomBuster is a router exploitation tool that allows to disclosure network router admin password.
RsaCtfTool
RSA multi attacks tool : uncipher data from weak public key and try to recover private key Automatic selection of best attack for the given public key.
Ruler
A tool to abuse Exchange Services.
SAMdump2
Retrieves syskey and extract hashes from Windows 2k/NT/XP/Vista SAM.
Screen
Lets you background programs and run them when closing terminal.
Screenshot Tool
Conveniently create, copy, store and upload screenshots.
Sg3-Utils
Apple's SuperDrive on Linux.
Shairport-Sync
Synchronised Audio Player for iTunes / AirPlay.
shcheck
A basic tool to check security headers of a website.
Shortscan
An IIS short filename enumeration tool.
Showmount
Show mount information for an NFS server.
Simple Net Speed
Simply showing network speed.
SMBclient
FTP-like client to access SMB/CIFS resources on servers.
smbclient-ng
smbclient-ng, a fast and user friendly way to interact with SMB shares.
SMBget
wget-like utility for download files over SMB.
SMBmap.py
Samba Share Enumerator.
snapd
The snap command lets you install, configure, refresh and remove snaps. Snaps are packages that work across many different Linux distributions, enabling secure delivery and operation of the latest apps and utilities.
SNMP
Simple Network Management Protocol.
snmp-check
Like to snmpwalk, snmpcheck allows you to enumerate the SNMP devices and places the output in a very human readable friendly format. It could be useful for penetration testing or systems monitoring.
snmpwalk
Retrieve a subtree of management values using SNMP GETNEXT requests.
Sonic Visualiser
A program for viewing and analysing the contents of music audio files.
Sosumi
Download and install macOS in a VM / macOS on Linux in one command.
Sound I/O Device Chooser
Shows a list of sound output and input devices (similar to gnome sound settings) in the status menu below the volume slider.
SQlitebrowser
DB Browser for SQLite (DB4S) is a high quality, visual, open source tool to create, design, and edit database files compatible with SQLite.
SQLmap
Automatic SQL injection and database takeover tool.
SSH-method-scanner
SSH method scanner. Reports password and publickey authentication.
SSHScan
A testing tool that enumerates SSH Ciphers. Using SSHScan, weak ciphers can be easily detected.
SSL-Cert-Check
SSL Certification Expiration Checker.
stress-ng
stress-ng will stress test a computer system in various selectable ways.
Syncthing
A continuous file synchronization program.
Tabby
Tabby (formerly Terminus) is a highly configurable terminal emulator, SSH and serial client for Windows, macOS and Linux.
TeraCopy
Copy your files faster and more securely.
Termtyper
A typing application to level up your fingers!
Testdisk
Checks the partition and boot sectors of your disks. It is very useful in recovering lost partitions.
Testssl.sh
Is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.
ticket_converter
A little tool to convert ccache tickets into kirbi (KRB-CRED) and vice versa based on impacket.
tidal-dl
Tidal-Media-Downloader.
Tig
Text-mode interface for Git.
tilde_enum
Exploits and expands the file names found from the (IIS) tilde enumeration vuln.
Tilix
Tiling GTK3 terminal emulator for GNOME.
tldr
A collection of simplified and community-driven man pages.
TLP
Apply power saving settings manually and control ThinkPad battery features.
TLScan
Scanner to enumerate SSL/TLS encryption protocol support.
Tmux
Lets you switch easily between several programs in one terminal.
TruffleHog
TruffleHog is a tool for finding credentials.
Trufflehog3
Searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
Typo3Scan
Enumerate Typo3 version and extensions.
Unofficial Sonos Controller
Unofficial Sonos Controller for Linux.
Updog
Updog is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S, can set ad hoc SSL certificates and use HTTP basic auth.
UUP dump
Download UUP files from Windows Update servers with ease.
Vaultwarden
Alternative implementation of the Bitwarden server API written in Rust and compatible with upstream Bitwarden clients*, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal.
Virtualbox
VirtualBox is a powerful x86 and AMD64/Intel64 virtualization product for enterprise as well as home use.
Visual Studio Code
Code editing. Redefined.
Vitals
A glimpse into your computer's temperature, voltage, fan speed, memory usage and CPU load.
WhatWeb
Next generation web scanner.
Whois
Client for the whois directory service.
Wipe
The wipe command can be used to securely erase files from magnetic media.
WoeUSB-ng
A Linux program to create a Windows USB stick installer from a real Windows DVD or image.
WPscan
WordPress Vulnerability Scanner.
XSStrike
XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler.
Yopass
Secure sharing of secrets, passwords and files.
YouTube-dl
Download videos from youtube.com or other video platforms.
yt-dlp
A youtube-dl fork with additional features and fixes
Yubikey
The #1 security key, offering strong two factor authentication from industry leader Yubico.
Z Shell
Is a UNIX command interpreter (shell) usable as an interactive login shell and as a shell script command processor.