Ncrack – High-speed network authentication cracking tool
Medusa – Parallel network login auditor
JTR – John the ripper password cracker
Ophcrack – Free windows password cracker based on rainbow tables
Keimpx – Check for the usefulness of credentials across a network over SMB
Hashkill – A multithreaded opensource password cracker
NSE tutorial – Nmap scripting engine primer tutorial
Nmap scripting engine (NSE) – NSEDoc reference portal


Manual penetration testing tools – David’s pen testing-security collection
OSVDB – Open source vulnerability database search
PacketStorm search plugin – Search on PacketStorm database
Default passwords – Search default password database
Exploit-db – Offsec Exploit-db Search
OVAL – OVAL repository search plugin
CVE – Common vulnerabilities and exposures (CVE�) dictionary
HackBar – Simple security audit/penetration test tool – EXE to BAT converter Version 1.0
Metacab – Netcat, Nmap, VNC and other remote administration utilities
Graudit – Script and signature sets for source code audit using Grep
Javasnoop – Intercept methods, alter data/hack Java applications
PacketStorm – Security tool files
SecurityTube tools – Over 280+ popular tools


SET – Social engineering toolkit

TheHarvester – Information gathering

DNSTRACER man-page – Trace a chain of DNS servers to the source

Maltego 3 – Maltego tools/videos

SEAT – Midnight research labs
Google hacking – Diggity project Stach &; Liu – DorkScan – python script
BeEF – The browser exploitation framework (BeEF)
BlindElephant – Web application fingerprinter
XSSer – Automatic tool for pentesting XSS attacks against different applications
RIPS – Static source code analyser for vulnerabilities in PHP WebApps
Authforce –
Reconnaissance-penetration tools – Attack and defense labs – tools
Browser exploitation – Browser exploitation for fun &; profit
SQL injection – Using sqid (SQL Injection Digger) to look for SQL injection
pinata-CSRF-tool – Python script to generate PoC CSRF HTML from HTTP request.
XSSer-Usage – Automatic tool for pentesting XSS attacks against different applications
Clickjacker – Clickjacking tool
Unicode-fun – Ruby script to generate URL encoded Unicode UTF-8 URL
WS-Attacker – Modular framework for web services penetration testing
Koto/squid-imposter – Create Squid-based proxy