Hacker Tools: A list of security tools for testing and demonstrating weaknesses in protecting applications and networks, these tools are designed for information security professionals.
Sniffing
Wireshark
Wireshark is used by network professionals around the world for problem solving, analysis, software and protocol development, and education.
Chaosreader
A free tool for tracking TCP / UDP / ... sessions and extracting application data from" spied " or dumped (tcpdump) logs.
dsniff
dsniff is a collection of tools for network auditing and penetration testing.
Ettercap
Ettercap is a tool for a man-in-the-middle attack on a LAN.
NetworkMiner
NetworkMiner is a tool for Network Forensic Analysis (NFAT) under Windows.
RawCap
RawCap is a free command-line network sniffer program for Windows that uses raw sockets.
Spike proxy
Not all applications are made in the same way, and therefore many must be analyzed individually. SPIKE Proxy is a professional-level tool for finding application-level vulnerabilities in web applications.
Tcpdump
Tcpdump outputs packet headers on the network interface that match a boolean expression.
Tcpreplay
Tcpreplay is a set of tools under the BSD license written by Aaron Turner for UNIX operating systems (and Win32 under Cygwin), which allow you to use previously captured traffic in libpcap format to test various network devices.
Pirni Sniffer
Pirni is the world's first native network sniffer for iPhone. The iPhone's Wi-FI has some major hardware flaws that make it difficult to properly switch the device to promiscous mode .
Ufasoft Snif
Ufasoft Snif is a network sniffer designed to capture and analyze packets passing through the network. Using the packet driver, it requests all packets on the network where the network card driver is located (even if the packets are not addressed to this computer).
Enumeration
dnsenum
The goal of Dnsenum is to collect as much information about the domain as possible.
DumpSec
Somarsoft's DumpSec is a security audit program for Microsoft Windows NT / XP / 200x.
LDAP Browser
LDAP Browser is the main Explorer-style LDAP directory client available for Win32 platforms.
NBTEnum
The NetBIOS Enumeration Utility (NBTEnum) is a Windows utility that can be used to list NetBIOS information from a single host or host ranges.
nbtscan
This tool can scan for open NETBIOS server names on a local or remote TCP / IP network, and this is the first step to find open shares.
wmi client
This is a DCOM/WMI client implementation based on Samba4 sources. The program uses RPC/DCOM mechanisms to interact with WMI services on Windows 2000 / XP / 2003 machines.
Dnsmap
Dnsmap is primarily intended for use by pentesters during the information collection phase of infrastructure security assessment.
Dnsrecon
One of the best features of this tool, which gives excellent results, is the SRV service record enumeration.
Dnstracer
Dnstracer determines where a given domain Name server (DNS) gets its information from and follows the chain of DNS servers to the server that is the original data source.
Network tools
fragroute
fragroute intercepts, modifies, and overwrites outgoing traffic destined for the specified host.
hping
hping is a command-line assembler / analyzer focused on TCP / IP packets.
Scapy
Scapy is a powerful interactive package manipulation program. It is capable of spoofing or decoding packets of many protocols, sending them over the wire, capturing them, checking for compliance with requests and responses, and much more.
Stunnel
The stunnel program is designed to work as an SSL encryption wrapper between a remote client and a local (run by inetd) or remote server.
tcptraceroute
tcptraceroute is a TCP packet tracing implementation. Traceroute(8)is usually used, sending either UDP or ICMP ECHO packets with a TTL of one and increasing the TTL until reaching the destination.
tracetcp
tracetcp is a command-line tracing utility under WIN32 that uses TCP SYN packets rather than ICMP / UDP packets that are commonly used for this in other implementations, which leads to bypassing gateways that block traditional trace packets.
Yersinia
Yersinia is a network tool designed to take advantage of some of the weaknesses of various network protocols. The program analyzes and tests deployed networks and systems.
Nemesis
Nemesis is a command-line utility for UNIX-like and Windows-like systems for creating and injecting packages. Nemesis is well suited for testing Network Intrusion Detection Systems, firewalls, IP stacks, and many other tasks. As a command-line utility, Nemesis is great for automation and scripting.
Wireless devices
Aircrack-ng
Aircrack is a program for hacking 802.11 WEP and WPA-PSK keys, it can recover keys when enough data packets are captured.
Kismet
Kismet is an 802.11 layer2 wireless network detector, a sniffer intrusion detection system. Kismet will work with any wireless card that supports raw monitoring (rfmon) mode and can sniff 802.11 b, 802.11 a, and 802.11 g traffic.
NetStumbler
NetStumbler provides tools to help you discover the 802.11 a/b/g WLAN standards. Although wardriving is the main main use of this program, it can also be used to verify network settings.
AirGrab WiFi Radar
AirGrab WiFi Radar is a tool for displaying information about Apple Airport base stations and other WiFi (802.11 b/g/n) wireless access points.
AirMobile agent
The client application is downloaded to your PDA or Windows mobile phone, where it will run in silent mode in the background. If the app finds a rogue access point, it will investigate it to see if it is a direct threat to your network.
AirRadar 2
AirRadar lets you scan for open networks and marks them as favorites or filters them. View detailed network information, a graph of network signal strength, and automatically connect to open points within a radius of availability.
iStumbler
iStumbler is the leading wireless network discovery tool for Mac OS X. It has plugins for finding AirPort networks, Bluetooth devices, Bonjour services, and location information with your Mac.
KisMAC
KisMAC is an open source, free application that is a sniffer / scanner for Mac OS X. It has advantages over MacStumbler / iStumbler / NetStumbler in that it uses surveillance mode and passive scanning.
WirelessMon
WirelessMon is a software tool that allows users to monitor the status of their wireless WiFi adapter (s) and collect real-time information about nearby wireless access points and hotspots.
Vistumbler
Vistumbler is a wireless network scanner written in AutoIt for Vista, Windows 7, and Windows 8. WiFiDB is a database written in PHP and stored in Vistumbler VS1 files. Stores tracks about all GPS access points, maps in kml, signal graphs, statistics, and so on.
WaveStumbler
WaveStumbler is a console map maker for 802.11-based networks running on Linux. It reports on the TD's basic information, such as channel, WEP, ESSID, MAC, etc.
Xirrus Wi-Fi Inspector
Xirrus Wi-Fi Inspector is a powerful tool for managing and solving Wi-Fi problems on computers running Windows XP SP2 and later, Vista, or 7. It is designed to test the integrity and performance characteristics of your Wi-Fi connection.
AirMagnet VoFi Analyzer
AirMagnet VoFi Analyzer is the industry's only solution for solving voice-over-WLAN problems in the field. VoFi Analyzer provides a complete analysis of encrypted WLAN traffic, evaluates all calls in terms of call quality, and proactively identifies problems of all kinds, including phone problems, roaming problems, QoS and RF problems. The program is paid - it looks like an advertising insert - I'll leave it out of respect for the work of the authors of the selection.
Airpwn
Airpwn is a framework for 802.11 (wireless) packet injections. Airpwn listens for incoming wireless packets, and if the date matches the pattern specified in the configuration files, “spoofed” from the wireless access point is inserted into the user content. From the wireless client's point of view, airpwn becomes a server.
WifiScanner
WifiScanner is a tool that was created to detect wireless nodes (such as access points and wireless clients. It is licensed under the GPL).
It works with CISCO® card and prism card with hostap driver or wlan-ng driver, prism54g, Hermes / Orinoco, Atheros, Centrino, ...
Built-in IDS system for detecting anomalies like MAC usurpation.
Bluetooth
Haraldscan
The Bluetooth scanner for Linux and Mac OS X. Harald Scan is able to detect major and minor device classes, as well as resolve the MAC address of the device for most well-known Bluetooth MAC vendors.
FTS4BT
FTS4BT is an advanced Bluetooth protocol analyzer. Developers and test engineers rely on FTS4BT as they go through the development, debugging, testing, verification, and qualification cycle.
BlueScanner
BlueScanner is a bash script that implements a Bluetooth device scanner. This tool is designed to extract all possible information from a Bluetooth device without the need for pairing.
Blooover II
Blooover II is an audit tool based on Java (J2ME). It exists as a version of Blooover II for mobile J2ME auditing and in a manufacturer's edition. A simple utility for testing vulnerabilities.
BTScanner
BTScanner for XP is a Bluetooth environment auditing tool for Microsoft Windows XP that uses the bluecove libraries (an open implementation of the JSR-82 Bluetooth API for Java).
BlueSpam
BlueSpam searches for all kinds of bluetooth devices and sends a file to them (spams them) if they support OBEX. By default, a small text will be sent. To configure the message to be sent, you need a handheld device with an SD/MMC card. There you create the /PALM/programs/BlueSpam/Send / directory and put the file there (any type of files will work.jpg is always cool) that you would like to send.
BTCrawler
The application is used to search for Bluetooth devices and the services they provide. Run on a J2ME, MIDP 2.0 and JSR082 (Java API for Bluetooth) device.
Bluediving
Bluediving is a Bluetooth penetration testing suite.
It implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, and has features like Bluetooth address spoofing, AT and RFCOMM socket spoofing, and implements tools like carwhisperer, bss, L2CAP packet generator, L2CAP connection resetter, RFCOMM scanner, and greenplaque scanning mode (using more than one hci device).
Bluesnarfer
Bluesnarfer steals information from wireless devices over a Bluetooth connection. Communication can be between mobile phones, PDAs, or computers. You can access your calendar, contact list, email and text messages.
Web crawlers
Arachni
Arachni is a fully automated system that fully checks your website for lice. Once the scan is started, this app will no longer bother you, and user intervention is no longer required.
Burp Suite
Burp Suite is an integrated platform for performing security testing of web applications.
CAL9000
CAL9000 is a collection of web application security testing tools, complete with features for installing web proxies and automated scanners. CAL9000 gives you the flexibility and functionality you need for more efficient manual testing efforts.
CAT
CAT is designed to meet the need for manual penetration testing of web applications for more complex, demanding application testing tasks.
CookieDigger
CookieDigger helps you identify weak cookie creation and insecure session management implementations in web applications. This tool works by collecting and analyzing cookies that are generated by the web application for multiple users.
DIRB
DIRB is a web content scanner. It searches for existing (and / or hidden) web objects. It is based on a dictionary search. It generates requests to the web server and analyzes the response.
Fiddler
Fiddler is a web debug proxy that records all HTTP (S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP (S) traffic, set breakpoints, and play with incoming and outgoing data.
Gamja
Gamja will look for weak points - XSS (cross-site scripting) and SQL injection-as well as URL parameter validation errors. Who can know which parameter is the weak parameter? Gamja will be useful in finding vulnerabilities [XSS, validation errors, SQL injections].
Grendel-Scan
A tool for automatically scanning the security of web applications. There is also a special feature for manual penetration testing.
HTTrack
HTTrack is a free and easy-to-use offline browser utility. It allows you to download a site from the World Wide Web to a local disk, create a recursive directory structure, and get HTML, images, and other files from the server to your computer.
LiLith
LiLith is a tool written in Perl for auditing web applications. This tool analyzes web pages in search of the <form> tag, which usually redirects to dynamic pages where you can search for SQL injections and other weaknesses.
Nikto2
Nikto is an open source (GPL) web server scanner that performs full testing of web servers for a variety of parameters, including more than 6,500 potentially dangerous files/CGI.
Paros
A program called 'Paros' for people who need the security of their web applications. It is free and completely written in Java.
Powerfuzzer
Powerfuzzer is a highly automated and fully customizable web fuzzler (based on the HTTP application fuzzler protocol), it is based on many other available open source fuzzlers and information gathered from a number of security sources and websites.
ProxyScan.pl
proxyScan.pl - this is a secure penetration testing tool for scanning hosts and ports through a web proxy server. Features include various HTTP methods such as GET, CONNECT, and HEAD, as well as host and port ranges.
Ratproxy
A semi-automatic, largely passive web application security audit tool, it is optimized for accurate and sensitive identification and automatic annotation of potential problems and security-related building patterns based on the observation of existing user-generated traffic in a comprehensive web 2.0 environment.
ScanEx
This is a simple utility that runs against the target site and searches for external links and malicious cross-domain injections. In other words, it detects sites that are vulnerable to XSS and where the injection is already embedded.
Scrawlr
Scrawlr, created by HP Web Security Research Group together with MSRC, in short, is an SQL injector and crawler. Scrawlr will crawl the entire website while analyzing the parameters of each web page for SQL Injection vulnerability.
Springenwerk
Springenwerk is a free cross-site scripting (XSS) security scanner written in Python.
Sqlmap
sqlmap is an open source penetration testing tool that automates the process of identifying and exploiting SQL injection vulnerabilities, while allowing you to get all the data from the database server.
Sqlsus
sqlsus is an open source tool for MySQL injection and capture, written in Perl.
THCSSLCheck
A Windows tool that checks the remote ssl stack for supported ciphers and version.
w3af
w3af is a web application attack and audit framework. The goal of the project is to create a framework to help ensure the security of your web applications by searching for and exploiting web application vulnerabilities.
Wapiti
Wapiti allows you to perform security audits of web applications. It performs a "black box" scan (without access to the source code), i.e. it does not study the source code of the application, but works with already deployed sites, it looks for scripts and forms in them that can be inserted data.
Webfuzzer
Webfuzzer is a tool that can be useful for both penetration testers and webmasters. As the author himself describes his brainchild, " this is a poor man's web vulnerability scanner."
WebGoat
WebGoat contains intentionally insecure J2EE web applications supported by OWASP. They are intended to be lessons on web application security.
Websecurify
Websecurify Suite is a security solution for web applications designed to run exclusively from your web browser.
WebSlayer
WebSlayer is a tool designed for brute - forcing web applications. It can be used to find sources that are not referenced (directories, servlets, scripts, etc.), brute-force GET and POST parameters, brute-force form parameters (user/password), fuzzling, etc. This tool has a query generator and is simple and efficient to analyze.
WhatWeb
WhatWeb identifies websites. Its purpose is to answer the question "What kind of website is this?". WhatWeb recognizes web technologies, including content management systems (CMS), blogging platforms, package statistics/analysis, JavaScript libraries, web servers, and embedded devices.
Wikto
Wikto is Nikto for Windows – but with a couple of fancy features, including code checking for Fuzzy logic errors, a background miner, directory search using Google, and real-time monitoring of HTTP requests/responses.
Passwords
Cain & Abel
Cain & Abel is a password recovery tool for the Microsoft operating system. This tool allows you to recover passwords of various kinds by listening to the network.
CacheDump
CacheDump, licensed under the GPL, demonstrates how to recover information from cache entries: username and MSCASH.
John the Ripper
John the Ripper is a fast password cracker, currently available on all kinds of Unix (officially supported 11 not counting different architectures), Windows, DOS, BeOS and OpenVMS.
FSCrack
GUI (graphical interface) for John the Ripper. FSCrack is the" muzzle " for John the Ripper( JtR), i.e. a graphical interface (GUI) for accessing most of the JtR functions.
Hydra
Very fast network login cracker, the program supports many different services. One of the biggest security holes is passwords, as all the research on password security shows.
keimpx
keimpx is an open source tool released under a modified version of the Apache License 1.1. It can be used to quickly verify the usefulness of network credentials via SMB.
Medusa
Medusa is designed for high-speed, massively parallel, modular brute-force entry. The goal is to support all services that allow remote authentication.
Ncrack
Ncrack is a high-speed password cracking authentication tool. It was created to help companies secure their networks by actively testing all their hosts and network devices for weak passwords.
Ophcrack
Ophcrack is a Windows password cracker based on rainbow tables. This is a very efficient implementation of rainbow tables, implemented by the inventor of this method.
RainbowCrack
RainbowCrack is a multi-target implementation of Philippe Oechslin's rainbow table theory.
phrasen|drescher
phrasen / drescher (p|d) is a modular and multi - process password crawler for cracking passwords. It comes with a number of plugins, and simple APIs allow for easy development of new plugins.
LCP
The main purpose of the LCP program is to audit and restore the user password in Windows NT / 2000 / XP / 2003.
Crunch
Crunch is a word list generator where you can specify a set of standard characters or any other characters you want. crunch will generate all possible combinations and permutations.
Fcrackzip
Usually, programs are created based on your needs. The situation with fcrackzip is no exception. I don't really use the zip format, but I recently needed a password cracker. Fcrackzip is a program for cracking zip passwords.
Enumiax
EnumIAX is a tool for brute-forcing the username of the Inter Asterisk Exchange protocol version 2 (IAX2). enumIAX can operate in two different modes: sequential username guessing or dictionary attack.
Wyd
wyd.pl was born from the following two situations: 1. You need to perform a penetration test, and the default word list does not contain a valid password. 2. During a forensic medical examination during the investigation of crimes, the file must be opened without knowing the password.
Bruter
Bruter is a parallel network login brute - enforcer for Win32. The purpose of this tool is to demonstrate the importance of choosing a strong password. The goal of Bruter is to support various services that allow remote authentication.
The ssh bruteforcer
A tool for performing dictionary attacks on SSH servers. This is a simple tool, you set the target server, target account, word list, port and wait.
Lodowep
Lodowep is a tool for analyzing the password strength of an account in the Lotus Domino web server system. The tool supports both session and basic authentication.
SSHatter
SSHatter uses brute-force techniques to determine how to log in to the SSH server. It carefully tries each combination from the list of usernames and passwords to determine the correct combination.
Scanning
Amap
Amap is a next-generation scanning tool that identifies applications and services even if they are not listening on the default port. This is achieved by establishing a dummy link and analyzing the response.
Dr.Morena
Dr. Morena is a tool for confirming the configuration of rules in the firewall. Firewall configuration is performed by combining more than one rule.
Firewalk
Firewalk is a tool for active network intelligence, it tries to determine which layer (layer) of the fourth protocol will pass to the specified IP of the redirect device. Firewalk works by sending TCP or UDP packets with TTL one more than the target gateway.
Netcat
Netcat is a special utility that reads and writes data to network connections using the TCP/IP protocol. It is designed as a reliable "background" tool that can be used directly or easily used by another program.
Ike Scan
Ike-scan is a command-line tool that uses the IKE protocol to detect, fingerprint, and test IPsec VPN servers. It is available for Linux, Unix, macOS, and Windows under the GPL license.
Nmap
Nmap ('Network Mapper') is a free and open source utility for network research or security auditing. It was designed to quickly scan huge networks, but it also works great for single hosts.
Zenmap
Zenmap is the official graphical shell (GUI) for Nmap Security Scanner. It is multiplatform (Linux, Windows, Mac OS X, BSD, etc.).
Onesixtyone
onesixtyone is a scanner SNMP that uses a sweep technique to achieve high performance. It can scan the entire Class B network in 13 minutes.
SuperScan 4
Powerful TCP port scanner, pinger, resolver. SuperScan 4 is an update to SuperScan - the extremely popular port scanner for Windows SuperScan
Autoscan
AutoScan-Network is a network scanner (application discovery and management). No configuration is required to scan your network. The main goal is to display a list of connected hardware in your network.
Knocker
Knocker is a simple and easy-to-use TCP port security scanner written in C that analyzes all services running on these ports.
Nsat
NSAT is a reliable scanner that is designed for various types of wide scans, maintaining stability over the course of days. Scanning on multiple user machines (local invisible low-priority scanning options).
OutputPBNJ
PBNJ is a set of tools for monitoring network changes over time. It does this by checking the target machines for changes. The information collected includes details about running services on them, as well as the status of the services.
ScanPBNJ
ScanPBNJ performs an Nmap scan and then stores the results in a database. ScanPBNJ stores information about scanned machines. ScanPBNJ stores IP addresses, operating systems, hostnames, and the localhost bit.
glypeahead
By default, the Glype proxy script has several restrictions on which hosts/ports it can access. In addition, the proxy script normally displays cURL-related error messages.
Unicornscan
Unicornscan is a new information collection and correlation engine designed for the security testing and research communities.
TCP Fast Scan
Very, very fast tcp port scanner under Linux. It works very fast. Can scan multiple hosts / ports + ranges simultaneously
Multi Threaded TCP Port Scanner 3.0
This tool can be used to scan the ports of a specific IP. It can also describe each port with a standard name (known and registered ports).
MingSweeper
MingSweeper is a network intelligence tool designed to facilitate high-speed node detection and identification in a large address space.
Umap(UPNP Map)
Umap (UPNP Map) attempts to scan open TCP ports on hosts behind UPNP Internet Gateway Device (IGD) NAT enabled.
SendIP
SendIP has a huge number of command-line options to specify the contents of each NTP, BGP, RIP, RIPng, TCP, UDP, ICMP header or raw IPv4 and IPv6 packets. The program also allows you to add any data to the packages.
PortSentry
Sentry tools provide host-level service security for Unix platforms. PortSentry, Logcheck/LogSentry, and HostSentry protect against port scanning, automate the audit of log files, and detect prolonged suspicious login activity.
CurrPorts
CurrPorts displays a list of currently open TCP/IP and UDP ports on your PC. Also, for each open port, the built list will display information about the process that opened this port.
Nscan
NScan itself is a port scanner that uses the connect() method to compile a list of open host ports. The difference from most other port scanners is flexibility and speed.
NetworkActiv Scan
NetworkActiv Port Scanner is a network research and administration tool that allows you to scan and analyze internal LANs and external WANs.
Blues Port Scanner
A good port scanner is just one of the basic tools for anyone who is seriously interested in Internet stuff. BluesPortScan is, I think, the fastest scanner for 32-bit Windows that can be found on the web.
ZMap
ZMap is an open source scanner that enables researchers to scan networks the size of the entire Internet. On a single machine with a good ZMap channel, perform a full scan of all IPv4 addresses within 45 minutes, hitting the theoretical limit of Gigabit Ethernet.
subdomain-bruteforcer
Subdomain-bruteforcer is a multithreaded tool written in Python for listing subdomains from a dictionary file. It is especially useful for finding il admins and other clever web practices.
ircsnapshot
Ircsnapshot is a bot written in Python that connects to the server to extract custom hostmasks, channel names, and affiliations; it is also used to create a map based on scraped data. Useful for scouting on an IRC server full of suspicious bots. Supports SOCKS and TOR.
Database vulnerabilities
Berkeley DB
Oracle Berkeley DB is a family of open, embedded databases that enable developers to integrate fast, scalable, transactional databases with industry-leading reliability and availability into their applications.
Database browser
Database browser is a universal table editor. It is an easy-to-use tool that allows users to connect to any database and wander through it or modify data, run sql scripts, and export and print data.
Db2utils
db2utils is a small collection of db2 utilities. It currently includes three different utilities: db2disco, db2fakesrv, and db2getprofile.
Oracle Auditing Tools
Oracle Auditing Tools is a set of tools that can be used for security auditing inside an Oracle database server.
Oscanner
Oscanner is an Oracle evaluation framework developed in Java. It has a plugin-based architecture and comes with a couple of plugins.
SQL Auditing Tools
SQLAT is a set of tools that can be useful when pentesting an MS SQL server. These tools are still in development, but they are already quite stable. These tools perform dictionary attacks, load files, read the register, and dump SAM.
THC-ORACLE
THC presents a crypto document on the analysis of the authentication mechanism used in Oracle databases. THC further releases practical tools to capture and crack passwords from Oracle databases in seconds.
thc-orakelcrackert11g
OrakelCrackert is an Oracle 11g database password hash cracker that exploits weaknesses in the Oracle password storage strategy. With Oracle 11g, case-sensitive SHA1 hashes were introduced.
DBPwAudit
DBPwAudit is a Java tool that allows you to perform various online password quality audits for multiple database engines. The application design makes it easy to add additional database drivers by simply copying new JDBC drivers to the jdbc directory.
MYSQLAudit
A Python script for basic auditing of common configuration errors in MySQL.
sqlininja
sqlininja operates web applications that use Microsoft SQL Server as a back-end database. It focuses on getting a working shell on a remote host. sqlninja does not put the search for SQL objects first, but automates the operation process as soon as it has been found.
GreenSql
GreenSQL is an open source database firewall used to protect against SQL injection attacks. GreenSQL works as a proxy and has built-in support for MySQL and PostgreSQL.
Vulnerability scanners
Metasploit Framework
The Metasploit Framework is an advanced open source platform for developing, testing, and exploiting code.
OpenVAS
OpenVAS is a framework of several services and tools that offer a comprehensive and powerful vulnerability scanning management solution.
Nessus
Nessus identifies, scans, and profiles multiple devices and sources to increase security and compliance in your network.
Porkbind
Porkbind is a multithreaded name server scanner that can recursively query subdomain name servers for version strings (for example, sub.host.dom name servers, then host.dom name servers).
Canvas
Immunity CANVAS makes available hundreds of exploits, an automated exploiting system, and a comprehensive, reliable exploit development framework for penetration testers and security professionals around the world.
Social-EngineerToolkit (SET)
The Social-Engineer Toolkit (SET) is designed for advanced attacks on the human factor. SET was released with the launch of http://www.social-engineer.org and quickly became the standard tool in the pentesters arsenal.
Acunetix
Acunetix web vulnerability scanner is a tool designed to identify security holes in your web applications that, if attacked, are likely to become a weak link through which illegal access to your system and data will be obtained. It looks for a variety of vulnerabilities, including SQL injection, cross-site scripting, and weak passwords.
RIPS
RIPS is a tool written in PHP for finding vulnerabilities in PHP applications using static code analysis.
Rapid7 NeXpose
Rapid7 NeXpose is a vulnerability scanner that aims to support the full lifecycle of vulnerability management, including detection, detection, verification, risk classification, impact analysis, description, and mitigation. It is integrated with Rapid7 from Metasploit for vulnerability research.
VulnDetector
VulnDetector is a project aimed at scanning a website and identifying various web-related security vulnerabilities in a website. Currently, VulnDetector can detect cross-site scripting (XSS) and SQL injection (SQLI) vulnerabilities in web scripts, but does not have an easy-to-use interface.
Damn Small SQLi Scanner
DSSS supports blind / error SQLi tests, single-depth scanning, and advanced comparison of various attributes to distinguish between blind responses (headers, HTTP status codes, text filtered only by length, and a fuzzy comparison of the content itself). If you are satisfied with the results of scanning commercial tools, then I am sure that you will be even more satisfied with this tool.
CAT.NET
CAT.NET -this is an executable code analyzer that helps identify common variants of certain prevailing vulnerabilities that can lead to common vector attacks, such as cross-site scripting (XSS), SQL injections, and XPath injections.
Peach Fuzzer
Peach is a SmartFuzzer that can compose queries by both generating and rearranging them. Peach requires the creation of PeachPit files that define the structure, type of information, and relationships for the data.
GFI LanGuard
GFI LANguard is a network security and vulnerability scanner designed to help with patch management, network and software auditing and vulnerability assessment. The price depends on the number of IP addresses to scan. There is a free trial version for scanning up to 5 IP addresses.
MBSA
Microsoft Baseline Security Analyzer (MBSA) is an easy - to-use tool designed for IT professionals that helps small and medium-sized businesses determine their security status in accordance with the Microsoft security guidelines and offers specific recommendations for the audit outcome.
Vulnerable apps
Damn Vulnerable Web Application (DVWA)
The Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main purpose is to help security professionals test their abilities and tools without breaking the law, help web developers better understand web application security processes, and help teachers / students teach / learn web application security in a classroom setting.
Damn Vulnerable Linux
Damn Vulnerable Linux (DVL) - this Linux distribution is good for everyone, isn't it? Its developers have spent hours stuffing it with broken, poorly configured, outdated and vulnerable software, making it vulnerable to attacks. DVL is not designed to run on your computer - it is a tool for students studying security.
Metasploitable
Metasploitable is a traditional vulnerable Linux VM. This VM can be used to conduct security training, test security tools, and practice testing popular penetration techniques.
Kioptrix
This Kioptrix VM image is an easy task. The goal of the game is to gain root access by any means possible, except by actually hacking the VM server or the player). The goal of this game is to teach basic tools and techniques in vulnerability assessment and exploitation.
HoneyDrive
HoneyDrive is a virtual device (OVA) with Xubuntu Desktop 12.04 32-bit version installed. It contains various packages of such software as "baits" — honeypot. These are the Kippo SSH honeypot, Dionaea malware honeypot, Honeyd low-interaction honeypot, Glastopf web honeypot along with Wordpot, Thug honeyclient, and others.
Badstore
Badstore.net designed to help you understand how hackers prey on web application vulnerabilities and to help you understand how to reduce your exposure.
OWASP Insecure Web App Project
InsecureWebApp is a web application that includes applications with common vulnerabilities. This is a goal for automatic and manual penetration testing, source code analysis, vulnerability assessment, and threat modeling.
VulnApp
VulnApp is ASP.net An application under the BSD license that implements the most common applications that we encounter in the circumstances of conducting our penetration tests.
OWASP Vicnum
Vicnum is an OWASP project consisting of vulnerable web applications based on games that are commonly used to kill time. These applications demonstrate popular web security issues such as cross-site scripting, sql injections, and session manipulation issues.
OWASP Broken Web Applications Project
The Broken Web Applications (BWA) Project produces a virtual machine running various applications with known vulnerabilities.
LAMPSecurity
The LAMPSecurity training is a series of virtual machine images along with additional documentation designed to teach Linux, Apache, PHP, and MySQL security.
Virtual Hacking Lab
Mirror intentionally insecure applications and old software with known vulnerabilities. Used for concepts / security trainings / for training purposes. Available either in VM images or as a live iso, or separately.
WAVSEP
The Web Application Vulnerability Scanner Evaluation Project is a vulnerable web application designed to help evaluate the features, quality, and accuracy of web application vulnerability scanners. This evaluation platform contains a set of unique vulnerable web pages that can be used to test various properties of web application crawlers.
Moth
Moth is a VMware image with configured interactive web applications and scripts that you can use to test web application security scanners, test Static Code Analysis (SCA) tools, and give an introductory course in web application security.
SecuriBench
Stanford SecuriBench is a set of real-world working programs for use as a testing ground for static and dynamic security tools. Release.91a focuses on web applications written in Java.
NETinVM
NETinVM is a single image for a VMware or VirtualBox virtual machine that contains a ready-to-run series of User-mode Linux (UML) virtual machinesthat, when running, correspond to an entire computer network inside a VMware or VirtualBox virtual machine.
Dojo
Web Security Dojo is a customized offline training environment for web application security. Versions under VirtualBox and VMware are available for download. Dojo is an open source project that aims to be a learning environment that can be used as a penetration testing platform, since it already includes vulnerable services and applications.
Live CD
BackTrack
BackTrack is a Linux-based penetration testing arsenal that helps security professionals in their assessment while being in their purely native environment dedicated to hacking. Currently, the distribution is renamed to Kali Linux.
Kali Linux
Kali Linux (formerly known as BackTrack) is a Debian-based distribution with a collection of security and forensics tools. Its features include timely security updates, support for the ARM architecture, a choice of four popular desktop environments, and easy updates to new versions of distributions.
BackBox
BackBox is a Linux distribution based on Ubuntu. It was created to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal but complete desktop environment; thanks to its own software repositories, it always remains updated to the latest stable versions of most of the most used and well-known tools for ethical hacking.
Samurai
The Samurai Web Testing Framework is a live linux environment that has been configured to function as a pentesting environment. The CD contains the best open source and free tools that focus on testing and attacking websites.
Katana
Katana is a portable multiboot security suite that brings together many modern security distributions and portable applications to run on a single flash drive. It includes distributions that focus on pentesting, auditing, forensic research, system recovery, network analysis, and malware removal. Katana also comes with over 100 portable Windows applications; such as Wireshark, Metasploit, NMAP, Cain & Abel, and many others.
blackbuntu
The penetration testing distribution is based on Ubuntu 10.10, which was specially created for training students and interns in information security.
Bugtraq
Bugtraq is a distribution based on the 2.6.38 kernel and has a wide range of tools for penetration and forensics. Bugtraq can be installed from a Live DVD or USB disk, this distribution is built from the latest packages, configured, the kernel is updated and patched for better performance and recognition of various hardware, patches for wireless injections that other distributions do not recognize are included.
Network Security Toolkit (NST)
The live CD/DVD bootable ISO (NST Live) is based on Fedora. This set of tools was created to provide easy access to the best-quality open source network security applications and should run on most x86 / x86_64 platforms.
Pentoo
Pentoo is a Gentoo-based LiveCD penetration testing distribution.Its features include a variety of tools for auditing and testing networks, from scanning and detecting to exploiting vulnerabilities.
BlackArch
BlackArch is a distribution based on Arch.There are over 600 tools in the BlackArch package repository. The BlackArch live ISO comes with a variety of window managers, including dwm, Awesome, Fluxbox, Openbox, wmii, i3, and Spectrwm. The BlackArch package repository is compatible with existing Arch installations.
WSDigger
WSDigger is a free and open source tool created by McAfee Foundstone to automatically check web services on a "black box" basis (without access to the source code) - in fact, for penetration testing. WSDigger is more than a tool, it's a framework for testing web services.
XSSploit
XSSploit is a multi-platform crawler and cross-site scripting exploiter written in Python. It was created to help you find and exploit XSS vulnerabilities in penetration testing missions.
Fireforce
Fireforce is a Firefox extension designed to perform brute-force attacks on GET and POST forms. Fireforce can use dictionaries or generate passwords based on different character sets.
Netsparker
Netsparker is a web application security scanner that supports both vulnerability detection and exploitation. Its goal is to work without false positives, report only real vulnerabilities after they are successfully exploited or after they are checked in other ways.
Havij
Havij is an automated SQL injection tool that helps penetration testers find and exploit SQL injections in a web page.
