Display and control your Android device
Try searching for "database", "file", "API", or browse by category
381 Tools in InfoSec Tools
MCPSpy
by alex-ilgayev
MCP Monitoring with eBPF
ai
ai-security
llm
109
View Details
NTDLLReflection
by SaadAhla
Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll , and trigger exported APIs from the export table
security
tool
297
View Details
kernel-exploit-factory
by bsauce
Linux kernel CVE exploit analysis report and relative debug environment. You don't need to compile Linux kernel and configure your environment anymore.
security
tool
1240
View Details
llm-sec
by tomabai
A hands-on learning platform for understanding and testing LLM security vulnerabilities
security
tool
3
View Details
Verified
jwtauditor
by dr34mhacks
JWT Auditor – Analyze, break, and understand your tokens like a pro.
jwt
jwt-auth
jwt-hacking
48
View Details
NovaHypervisor
by Idov31
NovaHypervisor is a defensive x64 Intel host based hypervisor. The goal of this project is to protect against kernel based attacks (either via Bring Your Own Vulnerable Driver (BYOVD) or other means) by safeguarding defense products (AntiVirus / Endpoint Protection) and kernel memory structures and preventing unauthorized access to kernel memory.
blue-team
blueteam
cpp
103
View Details
RollerRoaster
by Extravenger
Tool for performing enumeration and exploitation of Kerberoasting attack in Active Directory
security
2
View Details
BetterNetLoader
by racoten
A version of NetLoader, Execute Assemblies and Bypass ETW and AMSI using Hardware Breakpoints
security
92
View Details
CVE-2023-22960
by t3l3machus
This vulnerability allows an attacker to bypass the credentials brute-force prevention mechanism of the Embedded Web Server (interface) of more than 60 Lexmark printer models. This issue affects both username-password and PIN authentication.
bruteforce
cve-2023-22960
hacking
87
View Details
Verified
jadx-mcp-plugin
by mobilehackinglab
This project provides a Jadx plugin written in Java, which exposes the Jadx API over HTTP — enabling live interaction through MCP clients like Claude via the Model Context Protocol (MCP). GitHub Stats: - Stars: 69 - Forks: 8 - Issues: 0 - Contributors: 2 - Updated: 2025-07-05
security
tool
69
View Details
Red-Team-Management
by CyberSecurityUP
All thing red team resources and documents.
security
tool
858
View Details
ShadowDropper
by EvilWhales
ShadowDropper is a utility for covertly delivering and executing payloads on a target system.
security
tool
6
View Details
ELcazad0r-XSS
by nihaltikka
A powerful and comprehensive XSS vulnerability scanner with an intuitive GUI interface.
security
tool
0
View Details
New
VEHNetLoader
by patrickt2017
Another version of .NET loader provides capabilities of bypassing ETW and AMSI, utilizing VEH for syscalls and loading .NET assemblies
security
tool
25
View Details
zin-mcp-client
by zinja-coder
MCP Client which serves as bridge between mcp servers and local LLMs running on Ollama, Created for MCP Servers Developed by Me, However other MCP Servers may run as well
ai
cli-app
cybersecurity-tools
63
View Details
Trending Security Tools
Trending
scrcpy
Trending
sherlock
Hunt down social media accounts by username across social networks
Trending
ghidra
Ghidra is a software reverse engineering (SRE) framework
Trending
x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Trending
sqlmap
Automatic SQL injection and database takeover tool
Trending
dnSpy
.NET debugger and assembly editor
Trending
web-check
🕵️♂️ All-in-one OSINT tool for analysing any website
Trending
nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
Trending
gitleaks
Find secrets with Gitleaks 🔑
Trending
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
Trending
Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Trending
frida
Clone this repo to build Frida
Trending
PEASS-ng
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
Trending
bytecode-viewer
A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
Trending
chisel
A fast TCP/UDP tunnel over HTTP
Trending
impacket
Impacket is a collection of Python classes for working with network protocols.
Trending
katana
A next-generation crawling and spidering framework.
Trending
evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Trending
amass
In-depth attack surface mapping and asset discovery
Trending
dex2jar
Tools to work with android .dex and java .class files
Trending
routersploit
Exploitation Framework for Embedded Devices
Trending
binwalk
Firmware Analysis Tool
Trending
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
Trending
theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
Trending
subfinder
Fast passive subdomain enumeration tool.
Trending
prowler
Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more
Trending
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Trending
DVWA
Damn Vulnerable Web Application (DVWA)
Trending
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Trending
Sublist3r
Fast subdomains enumeration tool for penetration testers
Trending
BloodHound-Legacy
Six Degrees of Domain Admin
Trending
sliver
Adversary Emulation Framework
Trending
Sn1per
Attack Surface Management Platform
Trending
aws-vault
A vault for securely storing and accessing AWS credentials in development environments
Trending
Detect-It-Easy
Program for determining types of files for Windows, Linux and MacOS.
Trending
pwndbg
Exploit Development and Reverse Engineering with GDB & LLDB Made Easy
Trending
httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Trending
bbot
The recursive internet scanner for hackers. 🧡
Trending
objection
📱 objection - runtime mobile exploration
Trending
volatility
An advanced memory forensics framework
Trending
Havoc
The Havoc Framework
Trending
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Trending
WebGoat
WebGoat is a deliberately insecure application
Trending
ScoutSuite
Multi-Cloud Security Auditing Tool
Trending
reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Trending
voltron
A hacky debugger UI for hackers
Trending
cloudmapper
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
Trending
osmedeus
A Workflow Engine for Offensive Security
Trending
pspy
Monitor linux processes without root permissions
Trending
capa
The FLARE team's open-source tool to identify capabilities in executable files.
Trending
apkleaks
Scanning APK file for URIs, endpoints & secrets.
Trending
merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
Trending
GhidraMCP
MCP Server for Ghidra
Trending
ThreatMapper
Open Source Cloud Native Application Protection Platform (CNAPP)
Trending
scrcpy
Display and control your Android device
Trending
sherlock
Hunt down social media accounts by username across social networks
Trending
ghidra
Ghidra is a software reverse engineering (SRE) framework
Trending
x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Trending
sqlmap
Automatic SQL injection and database takeover tool
Trending
dnSpy
.NET debugger and assembly editor
Trending
web-check
🕵️♂️ All-in-one OSINT tool for analysing any website
Trending
nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
Trending
gitleaks
Find secrets with Gitleaks 🔑
Trending
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
Trending
Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Trending
frida
Clone this repo to build Frida
Trending
PEASS-ng
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
Trending
bytecode-viewer
A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
Trending
chisel
A fast TCP/UDP tunnel over HTTP
Trending
impacket
Impacket is a collection of Python classes for working with network protocols.
Trending
katana
A next-generation crawling and spidering framework.
Trending
evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Trending
amass
In-depth attack surface mapping and asset discovery
Trending
dex2jar
Tools to work with android .dex and java .class files
Trending
routersploit
Exploitation Framework for Embedded Devices
Trending
binwalk
Firmware Analysis Tool
Trending
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
Trending
theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
Trending
subfinder
Fast passive subdomain enumeration tool.
Trending
prowler
Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more
Trending
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Trending
DVWA
Damn Vulnerable Web Application (DVWA)
Trending
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Trending
Sublist3r
Fast subdomains enumeration tool for penetration testers
Trending
BloodHound-Legacy
Six Degrees of Domain Admin
Trending
sliver
Adversary Emulation Framework
Trending
Sn1per
Attack Surface Management Platform
Trending
aws-vault
A vault for securely storing and accessing AWS credentials in development environments
Trending
Detect-It-Easy
Program for determining types of files for Windows, Linux and MacOS.
Trending
pwndbg
Exploit Development and Reverse Engineering with GDB & LLDB Made Easy
Trending
httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Trending
bbot
The recursive internet scanner for hackers. 🧡
Trending
objection
📱 objection - runtime mobile exploration
Trending
volatility
An advanced memory forensics framework
Trending
Havoc
The Havoc Framework
Trending
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Trending
WebGoat
WebGoat is a deliberately insecure application
Trending
ScoutSuite
Multi-Cloud Security Auditing Tool
Trending
reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Trending
voltron
A hacky debugger UI for hackers
Trending
cloudmapper
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
Trending
osmedeus
A Workflow Engine for Offensive Security
Trending
pspy
Monitor linux processes without root permissions
Trending
capa
The FLARE team's open-source tool to identify capabilities in executable files.
Trending
apkleaks
Scanning APK file for URIs, endpoints & secrets.
Trending
merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
Trending
GhidraMCP
MCP Server for Ghidra
Trending
ThreatMapper
Open Source Cloud Native Application Protection Platform (CNAPP)
Trending
scrcpy
Display and control your Android device
Trending
sherlock
Hunt down social media accounts by username across social networks
Trending
ghidra
Ghidra is a software reverse engineering (SRE) framework
Trending
x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Trending
sqlmap
Automatic SQL injection and database takeover tool
Trending
dnSpy
.NET debugger and assembly editor
Trending
web-check
🕵️♂️ All-in-one OSINT tool for analysing any website
Trending
nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
Trending
gitleaks
Find secrets with Gitleaks 🔑
Trending
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
Trending
Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Trending
frida
Clone this repo to build Frida
Trending
PEASS-ng
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
Trending
bytecode-viewer
A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
Trending
chisel
A fast TCP/UDP tunnel over HTTP
Trending
impacket
Impacket is a collection of Python classes for working with network protocols.
Trending
katana
A next-generation crawling and spidering framework.
Trending
evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Trending
amass
In-depth attack surface mapping and asset discovery
Trending
dex2jar
Tools to work with android .dex and java .class files
Trending
routersploit
Exploitation Framework for Embedded Devices
Trending
binwalk
Firmware Analysis Tool
Trending
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
Trending
theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
Trending
subfinder
Fast passive subdomain enumeration tool.
Trending
prowler
Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more
Trending
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Trending
DVWA
Damn Vulnerable Web Application (DVWA)
Trending
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Trending
Sublist3r
Fast subdomains enumeration tool for penetration testers
Trending
BloodHound-Legacy
Six Degrees of Domain Admin
Trending
sliver
Adversary Emulation Framework
Trending
Sn1per
Attack Surface Management Platform
Trending
aws-vault
A vault for securely storing and accessing AWS credentials in development environments
Trending
Detect-It-Easy
Program for determining types of files for Windows, Linux and MacOS.
Trending
pwndbg
Exploit Development and Reverse Engineering with GDB & LLDB Made Easy
Trending
httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Trending
bbot
The recursive internet scanner for hackers. 🧡
Trending
objection
📱 objection - runtime mobile exploration
Trending
volatility
An advanced memory forensics framework
Trending
Havoc
The Havoc Framework
Trending
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Trending
WebGoat
WebGoat is a deliberately insecure application
Trending
ScoutSuite
Multi-Cloud Security Auditing Tool
Trending
reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Trending
voltron
A hacky debugger UI for hackers
Trending
cloudmapper
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
Trending
osmedeus
A Workflow Engine for Offensive Security
Trending
pspy
Monitor linux processes without root permissions
Trending
capa
The FLARE team's open-source tool to identify capabilities in executable files.
Trending
apkleaks
Scanning APK file for URIs, endpoints & secrets.
Trending
merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
Trending
GhidraMCP
MCP Server for Ghidra
Trending
ThreatMapper
Open Source Cloud Native Application Protection Platform (CNAPP)
Trending
scrcpy
Display and control your Android device
Trending
sherlock
Hunt down social media accounts by username across social networks
Trending
ghidra
Ghidra is a software reverse engineering (SRE) framework
Trending
x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Trending
sqlmap
Automatic SQL injection and database takeover tool
Trending
dnSpy
.NET debugger and assembly editor
Trending
web-check
🕵️♂️ All-in-one OSINT tool for analysing any website
Trending
nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
Trending
gitleaks
Find secrets with Gitleaks 🔑
Trending
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
Trending
Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Trending
frida
Clone this repo to build Frida
Trending
PEASS-ng
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
Trending
bytecode-viewer
A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
Trending
chisel
A fast TCP/UDP tunnel over HTTP
Trending
impacket
Impacket is a collection of Python classes for working with network protocols.
Trending
katana
A next-generation crawling and spidering framework.
Trending
evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Trending
amass
In-depth attack surface mapping and asset discovery
Trending
dex2jar
Tools to work with android .dex and java .class files
Trending
routersploit
Exploitation Framework for Embedded Devices
Trending
binwalk
Firmware Analysis Tool
Trending
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
Trending
theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
Trending
subfinder
Fast passive subdomain enumeration tool.
Trending
prowler
Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more
Trending
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Trending
DVWA
Damn Vulnerable Web Application (DVWA)
Trending
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Trending
Sublist3r
Fast subdomains enumeration tool for penetration testers
Trending
BloodHound-Legacy
Six Degrees of Domain Admin
Trending
sliver
Adversary Emulation Framework
Trending
Sn1per
Attack Surface Management Platform
Trending
aws-vault
A vault for securely storing and accessing AWS credentials in development environments
Trending
Detect-It-Easy
Program for determining types of files for Windows, Linux and MacOS.
Trending
pwndbg
Exploit Development and Reverse Engineering with GDB & LLDB Made Easy
Trending
httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Trending
bbot
The recursive internet scanner for hackers. 🧡
Trending
objection
📱 objection - runtime mobile exploration
Trending
volatility
An advanced memory forensics framework
Trending
Havoc
The Havoc Framework
Trending
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Trending
WebGoat
WebGoat is a deliberately insecure application
Trending
ScoutSuite
Multi-Cloud Security Auditing Tool
Trending
reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Trending
voltron
A hacky debugger UI for hackers
Trending
cloudmapper
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
Trending
osmedeus
A Workflow Engine for Offensive Security
Trending
pspy
Monitor linux processes without root permissions
Trending
capa
The FLARE team's open-source tool to identify capabilities in executable files.
Trending
apkleaks
Scanning APK file for URIs, endpoints & secrets.
Trending
merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
Trending
GhidraMCP
MCP Server for Ghidra
Trending
ThreatMapper
Open Source Cloud Native Application Protection Platform (CNAPP)
Trending
scrcpy
Display and control your Android device
Trending
sherlock
Hunt down social media accounts by username across social networks
Trending
ghidra
Ghidra is a software reverse engineering (SRE) framework
Trending
x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Trending
sqlmap
Automatic SQL injection and database takeover tool
Trending
dnSpy
.NET debugger and assembly editor
Trending
web-check
🕵️♂️ All-in-one OSINT tool for analysing any website
Trending
nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
Trending
gitleaks
Find secrets with Gitleaks 🔑
Trending
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
Trending
Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Trending
frida
Clone this repo to build Frida
Trending
PEASS-ng
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
Trending
bytecode-viewer
A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
Trending
chisel
A fast TCP/UDP tunnel over HTTP
Trending
impacket
Impacket is a collection of Python classes for working with network protocols.
Trending
katana
A next-generation crawling and spidering framework.
Trending
evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Trending
amass
In-depth attack surface mapping and asset discovery
Trending
dex2jar
Tools to work with android .dex and java .class files
Trending
routersploit
Exploitation Framework for Embedded Devices
Trending
binwalk
Firmware Analysis Tool
Trending
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
Trending
theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
Trending
subfinder
Fast passive subdomain enumeration tool.
Trending
prowler
Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more
Trending
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Trending
DVWA
Damn Vulnerable Web Application (DVWA)
Trending
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Trending
Sublist3r
Fast subdomains enumeration tool for penetration testers
Trending
BloodHound-Legacy
Six Degrees of Domain Admin
Trending
sliver
Adversary Emulation Framework
Trending
Sn1per
Attack Surface Management Platform
Trending
aws-vault
A vault for securely storing and accessing AWS credentials in development environments
Trending
Detect-It-Easy
Program for determining types of files for Windows, Linux and MacOS.
Trending
pwndbg
Exploit Development and Reverse Engineering with GDB & LLDB Made Easy
Trending
httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Trending
bbot
The recursive internet scanner for hackers. 🧡
Trending
objection
📱 objection - runtime mobile exploration
Trending
volatility
An advanced memory forensics framework
Trending
Havoc
The Havoc Framework
Trending
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Trending
WebGoat
WebGoat is a deliberately insecure application
Trending
ScoutSuite
Multi-Cloud Security Auditing Tool
Trending
reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Trending
voltron
A hacky debugger UI for hackers
Trending
cloudmapper
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
Trending
osmedeus
A Workflow Engine for Offensive Security
Trending
pspy
Monitor linux processes without root permissions
Trending
capa
The FLARE team's open-source tool to identify capabilities in executable files.
Trending
apkleaks
Scanning APK file for URIs, endpoints & secrets.
Trending
merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
Trending
GhidraMCP
MCP Server for Ghidra
Trending
ThreatMapper
Open Source Cloud Native Application Protection Platform (CNAPP)
Trending
scrcpy
Display and control your Android device
Trending
sherlock
Hunt down social media accounts by username across social networks
Trending
ghidra
Ghidra is a software reverse engineering (SRE) framework
Trending
x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Trending
sqlmap
Automatic SQL injection and database takeover tool
Trending
dnSpy
.NET debugger and assembly editor
Trending
web-check
🕵️♂️ All-in-one OSINT tool for analysing any website
Trending
nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
Trending
gitleaks
Find secrets with Gitleaks 🔑
Trending
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
Trending
Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Trending
frida
Clone this repo to build Frida
Trending
PEASS-ng
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
Trending
bytecode-viewer
A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
Trending
chisel
A fast TCP/UDP tunnel over HTTP
Trending
impacket
Impacket is a collection of Python classes for working with network protocols.
Trending
katana
A next-generation crawling and spidering framework.
Trending
evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Trending
amass
In-depth attack surface mapping and asset discovery
Trending
dex2jar
Tools to work with android .dex and java .class files
Trending
routersploit
Exploitation Framework for Embedded Devices
Trending
binwalk
Firmware Analysis Tool
Trending
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
Trending
theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
Trending
subfinder
Fast passive subdomain enumeration tool.
Trending
prowler
Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more
Trending
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Trending
DVWA
Damn Vulnerable Web Application (DVWA)
Trending
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Trending
Sublist3r
Fast subdomains enumeration tool for penetration testers
Trending
BloodHound-Legacy
Six Degrees of Domain Admin
Trending
sliver
Adversary Emulation Framework
Trending
Sn1per
Attack Surface Management Platform
Trending
aws-vault
A vault for securely storing and accessing AWS credentials in development environments
Trending
Detect-It-Easy
Program for determining types of files for Windows, Linux and MacOS.
Trending
pwndbg
Exploit Development and Reverse Engineering with GDB & LLDB Made Easy
Trending
httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Trending
bbot
The recursive internet scanner for hackers. 🧡
Trending
objection
📱 objection - runtime mobile exploration
Trending
volatility
An advanced memory forensics framework
Trending
Havoc
The Havoc Framework
Trending
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Trending
WebGoat
WebGoat is a deliberately insecure application
Trending
ScoutSuite
Multi-Cloud Security Auditing Tool
Trending
reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Trending
voltron
A hacky debugger UI for hackers
Trending
cloudmapper
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
Trending
osmedeus
A Workflow Engine for Offensive Security
Trending
pspy
Monitor linux processes without root permissions
Trending
capa
The FLARE team's open-source tool to identify capabilities in executable files.
Trending
apkleaks
Scanning APK file for URIs, endpoints & secrets.
Trending
merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
Trending
GhidraMCP
MCP Server for Ghidra
Trending
ThreatMapper
Open Source Cloud Native Application Protection Platform (CNAPP)
Professional Growth
Infosec Certifications Resources
Discover the best cybersecurity certifications to advance your career
CRTP
OSCP+
OSWE
CRTO
CRTE
BSCP
CRTP
OSCP+
OSWE
CRTO
CRTE
BSCP
CRTP
OSCP+
OSWE
CRTO
CRTE
BSCP
CRTP
OSCP+
OSWE
CRTO
CRTE
BSCP
CRTP
OSCP+
OSWE
CRTO
CRTE
BSCP
CRTP
OSCP+
OSWE
CRTO
CRTE
BSCP
CRTP
OSCP+
OSWE
CRTO
CRTE
BSCP
CRTP
OSCP+
OSWE
CRTO
CRTE
BSCP
CRTP
OSCP+
OSWE
CRTO
CRTE
BSCP
CRTP
OSCP+
OSWE
CRTO
CRTE
BSCP
Frequently Asked Questions about InfosecMania
Learn more about Cybersecurity Tools and how they can enhance your security posture
InfoSecMania is a comprehensive directory of cybersecurity tools and resources designed to help security professionals find the right tools for their needs.
You can submit a tool by clicking on the 'Submit Tool' link in the navigation menu and filling out the submission form with details about your tool.
Feel free to connect with us on LinkedIn, Discord, or just write to us at [email protected].
Tools are categorized based on their primary function, such as penetration testing, vulnerability assessment, network security, etc. Many tools may appear in multiple categories if they serve multiple purposes.
We only list tools and resources from publicly available, reputable sources — most of which are open-source and widely used in the cybersecurity community. However, always review and test tools in a safe, legal environment, like your lab or VM.
We actively monitor public repositories, GitHub, and community forums to keep our tool listings fresh. Many tools are auto-sourced from open-source feeds and security communities.