Display and control your Android device
Try searching for "database", "file", "API", or browse by category
25 Tools in Red Team
CarbonCopy
by paranoidninja
A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux
security
tool
1370
View Details
Verified
AdvPhishing
by Ignitetch
This is Advance Phishing Tool ! OTP PHISHING
advancephishing
amazone-tfo
facebook-otp
2929
View Details
msldap
by skelsec
LDAP library for auditing MS AD
security
tool
435
View Details
Verified
Empire
by BC-SECURITY
Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.
c2
empire
hacktoberfest
4619
View Details
Trending
Verified
merlin
by Ne0nd0g
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
agent
c2
command-and-control
5257
View Details
PoshC2
by nettitude
A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.
c2
csharp
nettitude
1933
View Details
Featured
Trending
PEASS-ng
by peass-ng
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
bash
batch
batch-script
17651
View Details
RedCloud-OS
by RedTeamOperations
RedCloudOS is a Cloud Adversary Simulation Operating System for Red Teams to assess the Cloud Security of Leading Cloud Service Providers (CSPs)
security
tool
637
View Details
New
Lodestar-Forge
by c0nf1den71al
Easy to use, open-source infrastructure management platform, crafted specifically for red team engagements.
security
44
View Details
Featured
Trending
atomic-red-team
by redcanaryco
Small and highly portable detection tests based on MITRE's ATT&CK.
mitre
mitre-attack
10608
View Details
Featured
Trending
evilginx2
by kgretzky
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
security
tool
13094
View Details
Verified
shad0w
by bats3c
A post exploitation framework designed to operate covertly on heavily monitored environments
c
c2
docker
2096
View Details
smbcrawler
by SySS-Research
smbcrawler is no-nonsense tool that takes credentials and a list of hosts and 'crawls' (or 'spiders') through those shares
pentest
red-team-tools
shares
166
View Details
Trending
Verified
Havoc
by HavocFramework
The Havoc Framework
security
tool
7572
View Details
Trending
Verified
sliver
by BishopFox
Adversary Emulation Framework
adversarial-attacks
adversary-simulation
c2
9425
View Details
Trending Security Tools
Trending
scrcpy
Trending
sherlock
Hunt down social media accounts by username across social networks
Trending
ghidra
Ghidra is a software reverse engineering (SRE) framework
Trending
x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Trending
sqlmap
Automatic SQL injection and database takeover tool
Trending
dnSpy
.NET debugger and assembly editor
Trending
web-check
🕵️♂️ All-in-one OSINT tool for analysing any website
Trending
nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
Trending
gitleaks
Find secrets with Gitleaks 🔑
Trending
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
Trending
Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Trending
frida
Clone this repo to build Frida
Trending
PEASS-ng
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
Trending
bytecode-viewer
A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
Trending
impacket
Impacket is a collection of Python classes for working with network protocols.
Trending
katana
A next-generation crawling and spidering framework.
Trending
evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Trending
amass
In-depth attack surface mapping and asset discovery
Trending
dex2jar
Tools to work with android .dex and java .class files
Trending
binwalk
Firmware Analysis Tool
Trending
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
Trending
theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
Trending
subfinder
Fast passive subdomain enumeration tool.
Trending
prowler
Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more
Trending
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Trending
DVWA
Damn Vulnerable Web Application (DVWA)
Trending
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Trending
Sublist3r
Fast subdomains enumeration tool for penetration testers
Trending
BloodHound-Legacy
Six Degrees of Domain Admin
Trending
sliver
Adversary Emulation Framework
Trending
Sn1per
Attack Surface Management Platform
Trending
aws-vault
A vault for securely storing and accessing AWS credentials in development environments
Trending
Detect-It-Easy
Program for determining types of files for Windows, Linux and MacOS.
Trending
pwndbg
Exploit Development and Reverse Engineering with GDB & LLDB Made Easy
Trending
httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Trending
bbot
The recursive internet scanner for hackers. 🧡
Trending
objection
📱 objection - runtime mobile exploration
Trending
volatility
An advanced memory forensics framework
Trending
Havoc
The Havoc Framework
Trending
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Trending
WebGoat
WebGoat is a deliberately insecure application
Trending
ScoutSuite
Multi-Cloud Security Auditing Tool
Trending
reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Trending
voltron
A hacky debugger UI for hackers
Trending
cloudmapper
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
Trending
osmedeus
A Workflow Engine for Offensive Security
Trending
capa
The FLARE team's open-source tool to identify capabilities in executable files.
Trending
apkleaks
Scanning APK file for URIs, endpoints & secrets.
Trending
merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
Trending
GhidraMCP
MCP Server for Ghidra
Trending
ThreatMapper
Open Source Cloud Native Application Protection Platform (CNAPP)
Trending
scrcpy
Display and control your Android device
Trending
sherlock
Hunt down social media accounts by username across social networks
Trending
ghidra
Ghidra is a software reverse engineering (SRE) framework
Trending
x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Trending
sqlmap
Automatic SQL injection and database takeover tool
Trending
dnSpy
.NET debugger and assembly editor
Trending
web-check
🕵️♂️ All-in-one OSINT tool for analysing any website
Trending
nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
Trending
gitleaks
Find secrets with Gitleaks 🔑
Trending
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
Trending
Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Trending
frida
Clone this repo to build Frida
Trending
PEASS-ng
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
Trending
bytecode-viewer
A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
Trending
impacket
Impacket is a collection of Python classes for working with network protocols.
Trending
katana
A next-generation crawling and spidering framework.
Trending
evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Trending
amass
In-depth attack surface mapping and asset discovery
Trending
dex2jar
Tools to work with android .dex and java .class files
Trending
binwalk
Firmware Analysis Tool
Trending
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
Trending
theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
Trending
subfinder
Fast passive subdomain enumeration tool.
Trending
prowler
Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more
Trending
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Trending
DVWA
Damn Vulnerable Web Application (DVWA)
Trending
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Trending
Sublist3r
Fast subdomains enumeration tool for penetration testers
Trending
BloodHound-Legacy
Six Degrees of Domain Admin
Trending
sliver
Adversary Emulation Framework
Trending
Sn1per
Attack Surface Management Platform
Trending
aws-vault
A vault for securely storing and accessing AWS credentials in development environments
Trending
Detect-It-Easy
Program for determining types of files for Windows, Linux and MacOS.
Trending
pwndbg
Exploit Development and Reverse Engineering with GDB & LLDB Made Easy
Trending
httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Trending
bbot
The recursive internet scanner for hackers. 🧡
Trending
objection
📱 objection - runtime mobile exploration
Trending
volatility
An advanced memory forensics framework
Trending
Havoc
The Havoc Framework
Trending
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Trending
WebGoat
WebGoat is a deliberately insecure application
Trending
ScoutSuite
Multi-Cloud Security Auditing Tool
Trending
reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Trending
voltron
A hacky debugger UI for hackers
Trending
cloudmapper
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
Trending
osmedeus
A Workflow Engine for Offensive Security
Trending
capa
The FLARE team's open-source tool to identify capabilities in executable files.
Trending
apkleaks
Scanning APK file for URIs, endpoints & secrets.
Trending
merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
Trending
GhidraMCP
MCP Server for Ghidra
Trending
ThreatMapper
Open Source Cloud Native Application Protection Platform (CNAPP)
Trending
scrcpy
Display and control your Android device
Trending
sherlock
Hunt down social media accounts by username across social networks
Trending
ghidra
Ghidra is a software reverse engineering (SRE) framework
Trending
x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Trending
sqlmap
Automatic SQL injection and database takeover tool
Trending
dnSpy
.NET debugger and assembly editor
Trending
web-check
🕵️♂️ All-in-one OSINT tool for analysing any website
Trending
nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
Trending
gitleaks
Find secrets with Gitleaks 🔑
Trending
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
Trending
Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Trending
frida
Clone this repo to build Frida
Trending
PEASS-ng
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
Trending
bytecode-viewer
A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
Trending
impacket
Impacket is a collection of Python classes for working with network protocols.
Trending
katana
A next-generation crawling and spidering framework.
Trending
evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Trending
amass
In-depth attack surface mapping and asset discovery
Trending
dex2jar
Tools to work with android .dex and java .class files
Trending
binwalk
Firmware Analysis Tool
Trending
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
Trending
theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
Trending
subfinder
Fast passive subdomain enumeration tool.
Trending
prowler
Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more
Trending
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Trending
DVWA
Damn Vulnerable Web Application (DVWA)
Trending
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Trending
Sublist3r
Fast subdomains enumeration tool for penetration testers
Trending
BloodHound-Legacy
Six Degrees of Domain Admin
Trending
sliver
Adversary Emulation Framework
Trending
Sn1per
Attack Surface Management Platform
Trending
aws-vault
A vault for securely storing and accessing AWS credentials in development environments
Trending
Detect-It-Easy
Program for determining types of files for Windows, Linux and MacOS.
Trending
pwndbg
Exploit Development and Reverse Engineering with GDB & LLDB Made Easy
Trending
httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Trending
bbot
The recursive internet scanner for hackers. 🧡
Trending
objection
📱 objection - runtime mobile exploration
Trending
volatility
An advanced memory forensics framework
Trending
Havoc
The Havoc Framework
Trending
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Trending
WebGoat
WebGoat is a deliberately insecure application
Trending
ScoutSuite
Multi-Cloud Security Auditing Tool
Trending
reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Trending
voltron
A hacky debugger UI for hackers
Trending
cloudmapper
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
Trending
osmedeus
A Workflow Engine for Offensive Security
Trending
capa
The FLARE team's open-source tool to identify capabilities in executable files.
Trending
apkleaks
Scanning APK file for URIs, endpoints & secrets.
Trending
merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
Trending
GhidraMCP
MCP Server for Ghidra
Trending
ThreatMapper
Open Source Cloud Native Application Protection Platform (CNAPP)
Trending
scrcpy
Display and control your Android device
Trending
sherlock
Hunt down social media accounts by username across social networks
Trending
ghidra
Ghidra is a software reverse engineering (SRE) framework
Trending
x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Trending
sqlmap
Automatic SQL injection and database takeover tool
Trending
dnSpy
.NET debugger and assembly editor
Trending
web-check
🕵️♂️ All-in-one OSINT tool for analysing any website
Trending
nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
Trending
gitleaks
Find secrets with Gitleaks 🔑
Trending
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
Trending
Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Trending
frida
Clone this repo to build Frida
Trending
PEASS-ng
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
Trending
bytecode-viewer
A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
Trending
impacket
Impacket is a collection of Python classes for working with network protocols.
Trending
katana
A next-generation crawling and spidering framework.
Trending
evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Trending
amass
In-depth attack surface mapping and asset discovery
Trending
dex2jar
Tools to work with android .dex and java .class files
Trending
binwalk
Firmware Analysis Tool
Trending
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
Trending
theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
Trending
subfinder
Fast passive subdomain enumeration tool.
Trending
prowler
Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more
Trending
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Trending
DVWA
Damn Vulnerable Web Application (DVWA)
Trending
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Trending
Sublist3r
Fast subdomains enumeration tool for penetration testers
Trending
BloodHound-Legacy
Six Degrees of Domain Admin
Trending
sliver
Adversary Emulation Framework
Trending
Sn1per
Attack Surface Management Platform
Trending
aws-vault
A vault for securely storing and accessing AWS credentials in development environments
Trending
Detect-It-Easy
Program for determining types of files for Windows, Linux and MacOS.
Trending
pwndbg
Exploit Development and Reverse Engineering with GDB & LLDB Made Easy
Trending
httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Trending
bbot
The recursive internet scanner for hackers. 🧡
Trending
objection
📱 objection - runtime mobile exploration
Trending
volatility
An advanced memory forensics framework
Trending
Havoc
The Havoc Framework
Trending
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Trending
WebGoat
WebGoat is a deliberately insecure application
Trending
ScoutSuite
Multi-Cloud Security Auditing Tool
Trending
reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Trending
voltron
A hacky debugger UI for hackers
Trending
cloudmapper
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
Trending
osmedeus
A Workflow Engine for Offensive Security
Trending
capa
The FLARE team's open-source tool to identify capabilities in executable files.
Trending
apkleaks
Scanning APK file for URIs, endpoints & secrets.
Trending
merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
Trending
GhidraMCP
MCP Server for Ghidra
Trending
ThreatMapper
Open Source Cloud Native Application Protection Platform (CNAPP)
Trending
scrcpy
Display and control your Android device
Trending
sherlock
Hunt down social media accounts by username across social networks
Trending
ghidra
Ghidra is a software reverse engineering (SRE) framework
Trending
x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Trending
sqlmap
Automatic SQL injection and database takeover tool
Trending
dnSpy
.NET debugger and assembly editor
Trending
web-check
🕵️♂️ All-in-one OSINT tool for analysing any website
Trending
nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
Trending
gitleaks
Find secrets with Gitleaks 🔑
Trending
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
Trending
Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Trending
frida
Clone this repo to build Frida
Trending
PEASS-ng
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
Trending
bytecode-viewer
A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
Trending
impacket
Impacket is a collection of Python classes for working with network protocols.
Trending
katana
A next-generation crawling and spidering framework.
Trending
evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Trending
amass
In-depth attack surface mapping and asset discovery
Trending
dex2jar
Tools to work with android .dex and java .class files
Trending
binwalk
Firmware Analysis Tool
Trending
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
Trending
theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
Trending
subfinder
Fast passive subdomain enumeration tool.
Trending
prowler
Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more
Trending
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Trending
DVWA
Damn Vulnerable Web Application (DVWA)
Trending
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Trending
Sublist3r
Fast subdomains enumeration tool for penetration testers
Trending
BloodHound-Legacy
Six Degrees of Domain Admin
Trending
sliver
Adversary Emulation Framework
Trending
Sn1per
Attack Surface Management Platform
Trending
aws-vault
A vault for securely storing and accessing AWS credentials in development environments
Trending
Detect-It-Easy
Program for determining types of files for Windows, Linux and MacOS.
Trending
pwndbg
Exploit Development and Reverse Engineering with GDB & LLDB Made Easy
Trending
httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Trending
bbot
The recursive internet scanner for hackers. 🧡
Trending
objection
📱 objection - runtime mobile exploration
Trending
volatility
An advanced memory forensics framework
Trending
Havoc
The Havoc Framework
Trending
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Trending
WebGoat
WebGoat is a deliberately insecure application
Trending
ScoutSuite
Multi-Cloud Security Auditing Tool
Trending
reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Trending
voltron
A hacky debugger UI for hackers
Trending
cloudmapper
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
Trending
osmedeus
A Workflow Engine for Offensive Security
Trending
capa
The FLARE team's open-source tool to identify capabilities in executable files.
Trending
apkleaks
Scanning APK file for URIs, endpoints & secrets.
Trending
merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
Trending
GhidraMCP
MCP Server for Ghidra
Trending
ThreatMapper
Open Source Cloud Native Application Protection Platform (CNAPP)
Trending
scrcpy
Display and control your Android device
Trending
sherlock
Hunt down social media accounts by username across social networks
Trending
ghidra
Ghidra is a software reverse engineering (SRE) framework
Trending
x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Trending
sqlmap
Automatic SQL injection and database takeover tool
Trending
dnSpy
.NET debugger and assembly editor
Trending
web-check
🕵️♂️ All-in-one OSINT tool for analysing any website
Trending
nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
Trending
gitleaks
Find secrets with Gitleaks 🔑
Trending
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
Trending
Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Trending
frida
Clone this repo to build Frida
Trending
PEASS-ng
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
Trending
bytecode-viewer
A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
Trending
impacket
Impacket is a collection of Python classes for working with network protocols.
Trending
katana
A next-generation crawling and spidering framework.
Trending
evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Trending
amass
In-depth attack surface mapping and asset discovery
Trending
dex2jar
Tools to work with android .dex and java .class files
Trending
binwalk
Firmware Analysis Tool
Trending
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
Trending
theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
Trending
subfinder
Fast passive subdomain enumeration tool.
Trending
prowler
Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more
Trending
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Trending
DVWA
Damn Vulnerable Web Application (DVWA)
Trending
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Trending
Sublist3r
Fast subdomains enumeration tool for penetration testers
Trending
BloodHound-Legacy
Six Degrees of Domain Admin
Trending
sliver
Adversary Emulation Framework
Trending
Sn1per
Attack Surface Management Platform
Trending
aws-vault
A vault for securely storing and accessing AWS credentials in development environments
Trending
Detect-It-Easy
Program for determining types of files for Windows, Linux and MacOS.
Trending
pwndbg
Exploit Development and Reverse Engineering with GDB & LLDB Made Easy
Trending
httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Trending
bbot
The recursive internet scanner for hackers. 🧡
Trending
objection
📱 objection - runtime mobile exploration
Trending
volatility
An advanced memory forensics framework
Trending
Havoc
The Havoc Framework
Trending
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Trending
WebGoat
WebGoat is a deliberately insecure application
Trending
ScoutSuite
Multi-Cloud Security Auditing Tool
Trending
reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Trending
voltron
A hacky debugger UI for hackers
Trending
cloudmapper
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
Trending
osmedeus
A Workflow Engine for Offensive Security
Trending
capa
The FLARE team's open-source tool to identify capabilities in executable files.
Trending
apkleaks
Scanning APK file for URIs, endpoints & secrets.
Trending
merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
Trending
GhidraMCP
MCP Server for Ghidra
Trending
ThreatMapper
Open Source Cloud Native Application Protection Platform (CNAPP)
Professional Growth
Infosec Certifications Resources
Discover the best cybersecurity certifications to advance your career
CRTP
OSCP+
OSWE
CRTO
CRTE
BSCP
CRTP
OSCP+
OSWE
CRTO
CRTE
BSCP
CRTP
OSCP+
OSWE
CRTO
CRTE
BSCP
CRTP
OSCP+
OSWE
CRTO
CRTE
BSCP
CRTP
OSCP+
OSWE
CRTO
CRTE
BSCP
CRTP
OSCP+
OSWE
CRTO
CRTE
BSCP
CRTP
OSCP+
OSWE
CRTO
CRTE
BSCP
CRTP
OSCP+
OSWE
CRTO
CRTE
BSCP
CRTP
OSCP+
OSWE
CRTO
CRTE
BSCP
CRTP
OSCP+
OSWE
CRTO
CRTE
BSCP
Frequently Asked Questions about InfosecMania
Learn more about Cybersecurity Tools and how they can enhance your security posture
InfoSecMania is a comprehensive directory of cybersecurity tools and resources designed to help security professionals find the right tools for their needs.
You can submit a tool by clicking on the 'Submit Tool' link in the navigation menu and filling out the submission form with details about your tool.
No, InfoSecMania includes both free and commercial tools. Each tool listing indicates whether it's free, paid, or offers a freemium model.
Tools are categorized based on their primary function, such as penetration testing, vulnerability assessment, network security, etc. Many tools may appear in multiple categories if they serve multiple purposes.
We only list tools and resources from publicly available, reputable sources — most of which are open-source and widely used in the cybersecurity community. However, always review and test tools in a safe, legal environment, like your lab or VM.
We actively monitor public repositories, GitHub, and community forums to keep our tool listings fresh. Many tools are auto-sourced from open-source feeds and security communities.