Display and control your Android device
Try searching for "database", "file", "API", or browse by category
17 Tools in Red Team
New
Lodestar-Forge
by c0nf1den71al
Easy to use, open-source infrastructure management platform, crafted specifically for red team engagements.
security
44
View Details
Featured
Trending
atomic-red-team
by redcanaryco
Small and highly portable detection tests based on MITRE's ATT&CK.
mitre
mitre-attack
10608
View Details
Featured
Trending
evilginx2
by kgretzky
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
security
tool
13094
View Details
Verified
shad0w
by bats3c
A post exploitation framework designed to operate covertly on heavily monitored environments
c
c2
docker
2096
View Details
smbcrawler
by SySS-Research
smbcrawler is no-nonsense tool that takes credentials and a list of hosts and 'crawls' (or 'spiders') through those shares
pentest
red-team-tools
shares
166
View Details
Trending
Verified
Havoc
by HavocFramework
The Havoc Framework
security
tool
7572
View Details
Trending
Verified
sliver
by BishopFox
Adversary Emulation Framework
adversarial-attacks
adversary-simulation
c2
9425
View Details
DojoLoader
by naksyn
Generic PE loader for fast prototyping evasion techniques
cobalt-strike
edr-evasion
evasion
231
View Details
Nimbo-C2
by itaymigdal
Nimbo-C2 is yet another (simple and lightweight) C2 framework
c2
c2-framework
command-and-control
400
View Details
Sandman
by Idov31
Sandman is a NTP based backdoor for red team engagements in hardened networks.
backdoor
csharp
cybersecurity
790
View Details
dnstwist
by hazcod
A tool to monitor for potential spear phishing domains and send to Slack.
detection
dnstwist
phishing
22
View Details
shell_bringer
by onurcangnc
ShellBringer is a Python script designed for penetration testers. It facilitates the creation and management of reverse shell payloads, automating listener setup across multiple platforms.
security
tool
4
View Details
New
evil-winrm-py
by adityatelange
Execute commands interactively on remote Windows machines using the WinRM protocol
cli
evil-winrm-py
pentesting
4
View Details
ImpulsiveDLLHijack
by knight0x07
C# based tool which automates the process of discovering and exploiting DLL Hijacks in target binaries. The Hijacked paths discovered can later be weaponized during Red Team Operations to evade EDR's.
cybersecurity
dll-hijacking
redteam
521
View Details
Verified
linux-smart-enumeration
by diego-treitos
Linux enumeration tool for pentesting and CTFs with verbosity levels
ctfs
hacking
hackthebox
3610
View Details
Trending Security Tools
Trending
scrcpy
Trending
sherlock
Hunt down social media accounts by username across social networks
Trending
ghidra
Ghidra is a software reverse engineering (SRE) framework
Trending
x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Trending
sqlmap
Automatic SQL injection and database takeover tool
Trending
dnSpy
.NET debugger and assembly editor
Trending
web-check
🕵️♂️ All-in-one OSINT tool for analysing any website
Trending
nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
Trending
gitleaks
Find secrets with Gitleaks 🔑
Trending
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
Trending
Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Trending
frida
Clone this repo to build Frida
Trending
impacket
Impacket is a collection of Python classes for working with network protocols.
Trending
katana
A next-generation crawling and spidering framework.
Trending
evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Trending
amass
In-depth attack surface mapping and asset discovery
Trending
dex2jar
Tools to work with android .dex and java .class files
Trending
binwalk
Firmware Analysis Tool
Trending
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
Trending
theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
Trending
subfinder
Fast passive subdomain enumeration tool.
Trending
prowler
Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more
Trending
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Trending
DVWA
Damn Vulnerable Web Application (DVWA)
Trending
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Trending
Sublist3r
Fast subdomains enumeration tool for penetration testers
Trending
BloodHound-Legacy
Six Degrees of Domain Admin
Trending
sliver
Adversary Emulation Framework
Trending
Sn1per
Attack Surface Management Platform
Trending
aws-vault
A vault for securely storing and accessing AWS credentials in development environments
Trending
Detect-It-Easy
Program for determining types of files for Windows, Linux and MacOS.
Trending
pwndbg
Exploit Development and Reverse Engineering with GDB & LLDB Made Easy
Trending
httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Trending
bbot
The recursive internet scanner for hackers. 🧡
Trending
objection
📱 objection - runtime mobile exploration
Trending
volatility
An advanced memory forensics framework
Trending
Havoc
The Havoc Framework
Trending
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Trending
WebGoat
WebGoat is a deliberately insecure application
Trending
ScoutSuite
Multi-Cloud Security Auditing Tool
Trending
reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Trending
voltron
A hacky debugger UI for hackers
Trending
cloudmapper
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
Trending
osmedeus
A Workflow Engine for Offensive Security
Trending
capa
The FLARE team's open-source tool to identify capabilities in executable files.
Trending
apkleaks
Scanning APK file for URIs, endpoints & secrets.
Trending
ThreatMapper
Open Source Cloud Native Application Protection Platform (CNAPP)
Trending
scrcpy
Display and control your Android device
Trending
sherlock
Hunt down social media accounts by username across social networks
Trending
ghidra
Ghidra is a software reverse engineering (SRE) framework
Trending
x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Trending
sqlmap
Automatic SQL injection and database takeover tool
Trending
dnSpy
.NET debugger and assembly editor
Trending
web-check
🕵️♂️ All-in-one OSINT tool for analysing any website
Trending
nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
Trending
gitleaks
Find secrets with Gitleaks 🔑
Trending
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
Trending
Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Trending
frida
Clone this repo to build Frida
Trending
impacket
Impacket is a collection of Python classes for working with network protocols.
Trending
katana
A next-generation crawling and spidering framework.
Trending
evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Trending
amass
In-depth attack surface mapping and asset discovery
Trending
dex2jar
Tools to work with android .dex and java .class files
Trending
binwalk
Firmware Analysis Tool
Trending
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
Trending
theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
Trending
subfinder
Fast passive subdomain enumeration tool.
Trending
prowler
Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more
Trending
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Trending
DVWA
Damn Vulnerable Web Application (DVWA)
Trending
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Trending
Sublist3r
Fast subdomains enumeration tool for penetration testers
Trending
BloodHound-Legacy
Six Degrees of Domain Admin
Trending
sliver
Adversary Emulation Framework
Trending
Sn1per
Attack Surface Management Platform
Trending
aws-vault
A vault for securely storing and accessing AWS credentials in development environments
Trending
Detect-It-Easy
Program for determining types of files for Windows, Linux and MacOS.
Trending
pwndbg
Exploit Development and Reverse Engineering with GDB & LLDB Made Easy
Trending
httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Trending
bbot
The recursive internet scanner for hackers. 🧡
Trending
objection
📱 objection - runtime mobile exploration
Trending
volatility
An advanced memory forensics framework
Trending
Havoc
The Havoc Framework
Trending
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Trending
WebGoat
WebGoat is a deliberately insecure application
Trending
ScoutSuite
Multi-Cloud Security Auditing Tool
Trending
reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Trending
voltron
A hacky debugger UI for hackers
Trending
cloudmapper
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
Trending
osmedeus
A Workflow Engine for Offensive Security
Trending
capa
The FLARE team's open-source tool to identify capabilities in executable files.
Trending
apkleaks
Scanning APK file for URIs, endpoints & secrets.
Trending
ThreatMapper
Open Source Cloud Native Application Protection Platform (CNAPP)
Trending
scrcpy
Display and control your Android device
Trending
sherlock
Hunt down social media accounts by username across social networks
Trending
ghidra
Ghidra is a software reverse engineering (SRE) framework
Trending
x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Trending
sqlmap
Automatic SQL injection and database takeover tool
Trending
dnSpy
.NET debugger and assembly editor
Trending
web-check
🕵️♂️ All-in-one OSINT tool for analysing any website
Trending
nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
Trending
gitleaks
Find secrets with Gitleaks 🔑
Trending
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
Trending
Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Trending
frida
Clone this repo to build Frida
Trending
impacket
Impacket is a collection of Python classes for working with network protocols.
Trending
katana
A next-generation crawling and spidering framework.
Trending
evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Trending
amass
In-depth attack surface mapping and asset discovery
Trending
dex2jar
Tools to work with android .dex and java .class files
Trending
binwalk
Firmware Analysis Tool
Trending
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
Trending
theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
Trending
subfinder
Fast passive subdomain enumeration tool.
Trending
prowler
Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more
Trending
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Trending
DVWA
Damn Vulnerable Web Application (DVWA)
Trending
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Trending
Sublist3r
Fast subdomains enumeration tool for penetration testers
Trending
BloodHound-Legacy
Six Degrees of Domain Admin
Trending
sliver
Adversary Emulation Framework
Trending
Sn1per
Attack Surface Management Platform
Trending
aws-vault
A vault for securely storing and accessing AWS credentials in development environments
Trending
Detect-It-Easy
Program for determining types of files for Windows, Linux and MacOS.
Trending
pwndbg
Exploit Development and Reverse Engineering with GDB & LLDB Made Easy
Trending
httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Trending
bbot
The recursive internet scanner for hackers. 🧡
Trending
objection
📱 objection - runtime mobile exploration
Trending
volatility
An advanced memory forensics framework
Trending
Havoc
The Havoc Framework
Trending
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Trending
WebGoat
WebGoat is a deliberately insecure application
Trending
ScoutSuite
Multi-Cloud Security Auditing Tool
Trending
reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Trending
voltron
A hacky debugger UI for hackers
Trending
cloudmapper
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
Trending
osmedeus
A Workflow Engine for Offensive Security
Trending
capa
The FLARE team's open-source tool to identify capabilities in executable files.
Trending
apkleaks
Scanning APK file for URIs, endpoints & secrets.
Trending
ThreatMapper
Open Source Cloud Native Application Protection Platform (CNAPP)
Trending
scrcpy
Display and control your Android device
Trending
sherlock
Hunt down social media accounts by username across social networks
Trending
ghidra
Ghidra is a software reverse engineering (SRE) framework
Trending
x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Trending
sqlmap
Automatic SQL injection and database takeover tool
Trending
dnSpy
.NET debugger and assembly editor
Trending
web-check
🕵️♂️ All-in-one OSINT tool for analysing any website
Trending
nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
Trending
gitleaks
Find secrets with Gitleaks 🔑
Trending
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
Trending
Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Trending
frida
Clone this repo to build Frida
Trending
impacket
Impacket is a collection of Python classes for working with network protocols.
Trending
katana
A next-generation crawling and spidering framework.
Trending
evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Trending
amass
In-depth attack surface mapping and asset discovery
Trending
dex2jar
Tools to work with android .dex and java .class files
Trending
binwalk
Firmware Analysis Tool
Trending
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
Trending
theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
Trending
subfinder
Fast passive subdomain enumeration tool.
Trending
prowler
Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more
Trending
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Trending
DVWA
Damn Vulnerable Web Application (DVWA)
Trending
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Trending
Sublist3r
Fast subdomains enumeration tool for penetration testers
Trending
BloodHound-Legacy
Six Degrees of Domain Admin
Trending
sliver
Adversary Emulation Framework
Trending
Sn1per
Attack Surface Management Platform
Trending
aws-vault
A vault for securely storing and accessing AWS credentials in development environments
Trending
Detect-It-Easy
Program for determining types of files for Windows, Linux and MacOS.
Trending
pwndbg
Exploit Development and Reverse Engineering with GDB & LLDB Made Easy
Trending
httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Trending
bbot
The recursive internet scanner for hackers. 🧡
Trending
objection
📱 objection - runtime mobile exploration
Trending
volatility
An advanced memory forensics framework
Trending
Havoc
The Havoc Framework
Trending
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Trending
WebGoat
WebGoat is a deliberately insecure application
Trending
ScoutSuite
Multi-Cloud Security Auditing Tool
Trending
reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Trending
voltron
A hacky debugger UI for hackers
Trending
cloudmapper
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
Trending
osmedeus
A Workflow Engine for Offensive Security
Trending
capa
The FLARE team's open-source tool to identify capabilities in executable files.
Trending
apkleaks
Scanning APK file for URIs, endpoints & secrets.
Trending
ThreatMapper
Open Source Cloud Native Application Protection Platform (CNAPP)
Trending
scrcpy
Display and control your Android device
Trending
sherlock
Hunt down social media accounts by username across social networks
Trending
ghidra
Ghidra is a software reverse engineering (SRE) framework
Trending
x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Trending
sqlmap
Automatic SQL injection and database takeover tool
Trending
dnSpy
.NET debugger and assembly editor
Trending
web-check
🕵️♂️ All-in-one OSINT tool for analysing any website
Trending
nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
Trending
gitleaks
Find secrets with Gitleaks 🔑
Trending
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
Trending
Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Trending
frida
Clone this repo to build Frida
Trending
impacket
Impacket is a collection of Python classes for working with network protocols.
Trending
katana
A next-generation crawling and spidering framework.
Trending
evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Trending
amass
In-depth attack surface mapping and asset discovery
Trending
dex2jar
Tools to work with android .dex and java .class files
Trending
binwalk
Firmware Analysis Tool
Trending
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
Trending
theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
Trending
subfinder
Fast passive subdomain enumeration tool.
Trending
prowler
Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more
Trending
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Trending
DVWA
Damn Vulnerable Web Application (DVWA)
Trending
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Trending
Sublist3r
Fast subdomains enumeration tool for penetration testers
Trending
BloodHound-Legacy
Six Degrees of Domain Admin
Trending
sliver
Adversary Emulation Framework
Trending
Sn1per
Attack Surface Management Platform
Trending
aws-vault
A vault for securely storing and accessing AWS credentials in development environments
Trending
Detect-It-Easy
Program for determining types of files for Windows, Linux and MacOS.
Trending
pwndbg
Exploit Development and Reverse Engineering with GDB & LLDB Made Easy
Trending
httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Trending
bbot
The recursive internet scanner for hackers. 🧡
Trending
objection
📱 objection - runtime mobile exploration
Trending
volatility
An advanced memory forensics framework
Trending
Havoc
The Havoc Framework
Trending
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Trending
WebGoat
WebGoat is a deliberately insecure application
Trending
ScoutSuite
Multi-Cloud Security Auditing Tool
Trending
reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Trending
voltron
A hacky debugger UI for hackers
Trending
cloudmapper
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
Trending
osmedeus
A Workflow Engine for Offensive Security
Trending
capa
The FLARE team's open-source tool to identify capabilities in executable files.
Trending
apkleaks
Scanning APK file for URIs, endpoints & secrets.
Trending
ThreatMapper
Open Source Cloud Native Application Protection Platform (CNAPP)
Trending
scrcpy
Display and control your Android device
Trending
sherlock
Hunt down social media accounts by username across social networks
Trending
ghidra
Ghidra is a software reverse engineering (SRE) framework
Trending
x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Trending
sqlmap
Automatic SQL injection and database takeover tool
Trending
dnSpy
.NET debugger and assembly editor
Trending
web-check
🕵️♂️ All-in-one OSINT tool for analysing any website
Trending
nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
Trending
gitleaks
Find secrets with Gitleaks 🔑
Trending
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
Trending
Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Trending
frida
Clone this repo to build Frida
Trending
impacket
Impacket is a collection of Python classes for working with network protocols.
Trending
katana
A next-generation crawling and spidering framework.
Trending
evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Trending
amass
In-depth attack surface mapping and asset discovery
Trending
dex2jar
Tools to work with android .dex and java .class files
Trending
binwalk
Firmware Analysis Tool
Trending
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
Trending
theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
Trending
subfinder
Fast passive subdomain enumeration tool.
Trending
prowler
Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more
Trending
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Trending
DVWA
Damn Vulnerable Web Application (DVWA)
Trending
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Trending
Sublist3r
Fast subdomains enumeration tool for penetration testers
Trending
BloodHound-Legacy
Six Degrees of Domain Admin
Trending
sliver
Adversary Emulation Framework
Trending
Sn1per
Attack Surface Management Platform
Trending
aws-vault
A vault for securely storing and accessing AWS credentials in development environments
Trending
Detect-It-Easy
Program for determining types of files for Windows, Linux and MacOS.
Trending
pwndbg
Exploit Development and Reverse Engineering with GDB & LLDB Made Easy
Trending
httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Trending
bbot
The recursive internet scanner for hackers. 🧡
Trending
objection
📱 objection - runtime mobile exploration
Trending
volatility
An advanced memory forensics framework
Trending
Havoc
The Havoc Framework
Trending
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Trending
WebGoat
WebGoat is a deliberately insecure application
Trending
ScoutSuite
Multi-Cloud Security Auditing Tool
Trending
reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Trending
voltron
A hacky debugger UI for hackers
Trending
cloudmapper
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
Trending
osmedeus
A Workflow Engine for Offensive Security
Trending
capa
The FLARE team's open-source tool to identify capabilities in executable files.
Trending
apkleaks
Scanning APK file for URIs, endpoints & secrets.
Trending
ThreatMapper
Open Source Cloud Native Application Protection Platform (CNAPP)
Professional Growth
Infosec Certifications Resources
Discover the best cybersecurity certifications to advance your career
CRTP
OSWE
CRTO
OSCP+
CRTE
BSCP
CRTP
OSWE
CRTO
OSCP+
CRTE
BSCP
CRTP
OSWE
CRTO
OSCP+
CRTE
BSCP
CRTP
OSWE
CRTO
OSCP+
CRTE
BSCP
CRTP
OSWE
CRTO
OSCP+
CRTE
BSCP
CRTP
OSWE
CRTO
OSCP+
CRTE
BSCP
CRTP
OSWE
CRTO
OSCP+
CRTE
BSCP
CRTP
OSWE
CRTO
OSCP+
CRTE
BSCP
CRTP
OSWE
CRTO
OSCP+
CRTE
BSCP
CRTP
OSWE
CRTO
OSCP+
CRTE
BSCP
Frequently Asked Questions about InfosecMania
Learn more about Cybersecurity Tools and how they can enhance your security posture
InfoSecMania is a comprehensive directory of cybersecurity tools and resources designed to help security professionals find the right tools for their needs.
You can submit a tool by clicking on the 'Submit Tool' link in the navigation menu and filling out the submission form with details about your tool.
No, InfoSecMania includes both free and commercial tools. Each tool listing indicates whether it's free, paid, or offers a freemium model.
Tools are categorized based on their primary function, such as penetration testing, vulnerability assessment, network security, etc. Many tools may appear in multiple categories if they serve multiple purposes.
We only list tools and resources from publicly available, reputable sources — most of which are open-source and widely used in the cybersecurity community. However, always review and test tools in a safe, legal environment, like your lab or VM.
We actively monitor public repositories, GitHub, and community forums to keep our tool listings fresh. Many tools are auto-sourced from open-source feeds and security communities.