Display and control your Android device
Try searching for "database", "file", "API", or browse by category
335 Tools in InfoSec Tools
New
cve-2025-0133
by dodiorne
This script performs safe, authorized testing for the vulnerability CVE-2025-0133, a reflected Cross-Site Scripting (XSS) issue in the GlobalProtect portal and gateway login pages of Palo Alto Networks' PAN-OS software.
security
tool
2
View Details
Trending
Verified
objection
by sensepost
📱 objection - runtime mobile exploration
android
framework
frida
8122
View Details
Verified
IOSSecuritySuite
by securing
iOS platform security & anti-tampering Swift library
security
tool
2480
View Details
Featured
Trending
frida
by frida
Clone this repo to build Frida
frida
instrumentation
vala
17710
View Details
PufferRelay
by MPolymath
Pentesting tool to extract valuable information from .pcap (wireshark) files
security
tool
3
View Details
ADMR
by Imp0sters
Active Directory Mindmap Recipes: A Compromise à la Carte
security
tool
114
View Details
jxscout
by francisconeves97
jxscout superpowers JavaScript analysis for security researchers
security
tool
134
View Details
BugBountyBooks
by akr3ch
A collection of PDF/books about the modern web application security and bug bounty.
bugbounty
bugbountybooks
bugbountypdf
1392
View Details
aem-hacker
by 0ang3el
An MCP server implementation
security
tool
791
View Details
SubEnum
by bing0o
bash script for Subdomain Enumeration
security
tool
366
View Details
VulnerableLightApp
by Aif4thah
Vulnerable API for research and education
api
cybersecurity-education
cybersecurity-training
44
View Details
dvta
by srini0x00
Damn Vulnerable Thick Client App developed in C# .NET
security
tool
154
View Details
vulnerable-nginx
by detectify
An intentionally vulnerable NGINX setup
security
tool
238
View Details
log-snare
by sea-erkin
LogSnare: A playground for testing, preventing, and logging IDOR vulnerabilities.
security
tool
31
View Details
skf-labs
by blabla1337
Repo for all the SKF Docker lab examples
security
tool
451
View Details
Trending Security Tools
Trending
scrcpy
Trending
sherlock
Hunt down social media accounts by username across social networks
Trending
ghidra
Ghidra is a software reverse engineering (SRE) framework
Trending
x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Trending
sqlmap
Automatic SQL injection and database takeover tool
Trending
dnSpy
.NET debugger and assembly editor
Trending
web-check
🕵️♂️ All-in-one OSINT tool for analysing any website
Trending
nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
Trending
gitleaks
Find secrets with Gitleaks 🔑
Trending
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
Trending
Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Trending
frida
Clone this repo to build Frida
Trending
PEASS-ng
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
Trending
bytecode-viewer
A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
Trending
impacket
Impacket is a collection of Python classes for working with network protocols.
Trending
katana
A next-generation crawling and spidering framework.
Trending
evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Trending
amass
In-depth attack surface mapping and asset discovery
Trending
dex2jar
Tools to work with android .dex and java .class files
Trending
binwalk
Firmware Analysis Tool
Trending
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
Trending
theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
Trending
subfinder
Fast passive subdomain enumeration tool.
Trending
prowler
Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more
Trending
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Trending
DVWA
Damn Vulnerable Web Application (DVWA)
Trending
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Trending
Sublist3r
Fast subdomains enumeration tool for penetration testers
Trending
BloodHound-Legacy
Six Degrees of Domain Admin
Trending
sliver
Adversary Emulation Framework
Trending
Sn1per
Attack Surface Management Platform
Trending
aws-vault
A vault for securely storing and accessing AWS credentials in development environments
Trending
Detect-It-Easy
Program for determining types of files for Windows, Linux and MacOS.
Trending
pwndbg
Exploit Development and Reverse Engineering with GDB & LLDB Made Easy
Trending
httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Trending
bbot
The recursive internet scanner for hackers. 🧡
Trending
objection
📱 objection - runtime mobile exploration
Trending
volatility
An advanced memory forensics framework
Trending
Havoc
The Havoc Framework
Trending
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Trending
WebGoat
WebGoat is a deliberately insecure application
Trending
ScoutSuite
Multi-Cloud Security Auditing Tool
Trending
reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Trending
voltron
A hacky debugger UI for hackers
Trending
cloudmapper
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
Trending
osmedeus
A Workflow Engine for Offensive Security
Trending
capa
The FLARE team's open-source tool to identify capabilities in executable files.
Trending
apkleaks
Scanning APK file for URIs, endpoints & secrets.
Trending
merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
Trending
GhidraMCP
MCP Server for Ghidra
Trending
ThreatMapper
Open Source Cloud Native Application Protection Platform (CNAPP)
Trending
scrcpy
Display and control your Android device
Trending
sherlock
Hunt down social media accounts by username across social networks
Trending
ghidra
Ghidra is a software reverse engineering (SRE) framework
Trending
x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Trending
sqlmap
Automatic SQL injection and database takeover tool
Trending
dnSpy
.NET debugger and assembly editor
Trending
web-check
🕵️♂️ All-in-one OSINT tool for analysing any website
Trending
nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
Trending
gitleaks
Find secrets with Gitleaks 🔑
Trending
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
Trending
Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Trending
frida
Clone this repo to build Frida
Trending
PEASS-ng
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
Trending
bytecode-viewer
A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
Trending
impacket
Impacket is a collection of Python classes for working with network protocols.
Trending
katana
A next-generation crawling and spidering framework.
Trending
evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Trending
amass
In-depth attack surface mapping and asset discovery
Trending
dex2jar
Tools to work with android .dex and java .class files
Trending
binwalk
Firmware Analysis Tool
Trending
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
Trending
theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
Trending
subfinder
Fast passive subdomain enumeration tool.
Trending
prowler
Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more
Trending
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Trending
DVWA
Damn Vulnerable Web Application (DVWA)
Trending
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Trending
Sublist3r
Fast subdomains enumeration tool for penetration testers
Trending
BloodHound-Legacy
Six Degrees of Domain Admin
Trending
sliver
Adversary Emulation Framework
Trending
Sn1per
Attack Surface Management Platform
Trending
aws-vault
A vault for securely storing and accessing AWS credentials in development environments
Trending
Detect-It-Easy
Program for determining types of files for Windows, Linux and MacOS.
Trending
pwndbg
Exploit Development and Reverse Engineering with GDB & LLDB Made Easy
Trending
httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Trending
bbot
The recursive internet scanner for hackers. 🧡
Trending
objection
📱 objection - runtime mobile exploration
Trending
volatility
An advanced memory forensics framework
Trending
Havoc
The Havoc Framework
Trending
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Trending
WebGoat
WebGoat is a deliberately insecure application
Trending
ScoutSuite
Multi-Cloud Security Auditing Tool
Trending
reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Trending
voltron
A hacky debugger UI for hackers
Trending
cloudmapper
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
Trending
osmedeus
A Workflow Engine for Offensive Security
Trending
capa
The FLARE team's open-source tool to identify capabilities in executable files.
Trending
apkleaks
Scanning APK file for URIs, endpoints & secrets.
Trending
merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
Trending
GhidraMCP
MCP Server for Ghidra
Trending
ThreatMapper
Open Source Cloud Native Application Protection Platform (CNAPP)
Trending
scrcpy
Display and control your Android device
Trending
sherlock
Hunt down social media accounts by username across social networks
Trending
ghidra
Ghidra is a software reverse engineering (SRE) framework
Trending
x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Trending
sqlmap
Automatic SQL injection and database takeover tool
Trending
dnSpy
.NET debugger and assembly editor
Trending
web-check
🕵️♂️ All-in-one OSINT tool for analysing any website
Trending
nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
Trending
gitleaks
Find secrets with Gitleaks 🔑
Trending
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
Trending
Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Trending
frida
Clone this repo to build Frida
Trending
PEASS-ng
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
Trending
bytecode-viewer
A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
Trending
impacket
Impacket is a collection of Python classes for working with network protocols.
Trending
katana
A next-generation crawling and spidering framework.
Trending
evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Trending
amass
In-depth attack surface mapping and asset discovery
Trending
dex2jar
Tools to work with android .dex and java .class files
Trending
binwalk
Firmware Analysis Tool
Trending
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
Trending
theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
Trending
subfinder
Fast passive subdomain enumeration tool.
Trending
prowler
Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more
Trending
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Trending
DVWA
Damn Vulnerable Web Application (DVWA)
Trending
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Trending
Sublist3r
Fast subdomains enumeration tool for penetration testers
Trending
BloodHound-Legacy
Six Degrees of Domain Admin
Trending
sliver
Adversary Emulation Framework
Trending
Sn1per
Attack Surface Management Platform
Trending
aws-vault
A vault for securely storing and accessing AWS credentials in development environments
Trending
Detect-It-Easy
Program for determining types of files for Windows, Linux and MacOS.
Trending
pwndbg
Exploit Development and Reverse Engineering with GDB & LLDB Made Easy
Trending
httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Trending
bbot
The recursive internet scanner for hackers. 🧡
Trending
objection
📱 objection - runtime mobile exploration
Trending
volatility
An advanced memory forensics framework
Trending
Havoc
The Havoc Framework
Trending
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Trending
WebGoat
WebGoat is a deliberately insecure application
Trending
ScoutSuite
Multi-Cloud Security Auditing Tool
Trending
reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Trending
voltron
A hacky debugger UI for hackers
Trending
cloudmapper
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
Trending
osmedeus
A Workflow Engine for Offensive Security
Trending
capa
The FLARE team's open-source tool to identify capabilities in executable files.
Trending
apkleaks
Scanning APK file for URIs, endpoints & secrets.
Trending
merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
Trending
GhidraMCP
MCP Server for Ghidra
Trending
ThreatMapper
Open Source Cloud Native Application Protection Platform (CNAPP)
Trending
scrcpy
Display and control your Android device
Trending
sherlock
Hunt down social media accounts by username across social networks
Trending
ghidra
Ghidra is a software reverse engineering (SRE) framework
Trending
x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Trending
sqlmap
Automatic SQL injection and database takeover tool
Trending
dnSpy
.NET debugger and assembly editor
Trending
web-check
🕵️♂️ All-in-one OSINT tool for analysing any website
Trending
nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
Trending
gitleaks
Find secrets with Gitleaks 🔑
Trending
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
Trending
Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Trending
frida
Clone this repo to build Frida
Trending
PEASS-ng
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
Trending
bytecode-viewer
A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
Trending
impacket
Impacket is a collection of Python classes for working with network protocols.
Trending
katana
A next-generation crawling and spidering framework.
Trending
evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Trending
amass
In-depth attack surface mapping and asset discovery
Trending
dex2jar
Tools to work with android .dex and java .class files
Trending
binwalk
Firmware Analysis Tool
Trending
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
Trending
theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
Trending
subfinder
Fast passive subdomain enumeration tool.
Trending
prowler
Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more
Trending
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Trending
DVWA
Damn Vulnerable Web Application (DVWA)
Trending
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Trending
Sublist3r
Fast subdomains enumeration tool for penetration testers
Trending
BloodHound-Legacy
Six Degrees of Domain Admin
Trending
sliver
Adversary Emulation Framework
Trending
Sn1per
Attack Surface Management Platform
Trending
aws-vault
A vault for securely storing and accessing AWS credentials in development environments
Trending
Detect-It-Easy
Program for determining types of files for Windows, Linux and MacOS.
Trending
pwndbg
Exploit Development and Reverse Engineering with GDB & LLDB Made Easy
Trending
httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Trending
bbot
The recursive internet scanner for hackers. 🧡
Trending
objection
📱 objection - runtime mobile exploration
Trending
volatility
An advanced memory forensics framework
Trending
Havoc
The Havoc Framework
Trending
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Trending
WebGoat
WebGoat is a deliberately insecure application
Trending
ScoutSuite
Multi-Cloud Security Auditing Tool
Trending
reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Trending
voltron
A hacky debugger UI for hackers
Trending
cloudmapper
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
Trending
osmedeus
A Workflow Engine for Offensive Security
Trending
capa
The FLARE team's open-source tool to identify capabilities in executable files.
Trending
apkleaks
Scanning APK file for URIs, endpoints & secrets.
Trending
merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
Trending
GhidraMCP
MCP Server for Ghidra
Trending
ThreatMapper
Open Source Cloud Native Application Protection Platform (CNAPP)
Trending
scrcpy
Display and control your Android device
Trending
sherlock
Hunt down social media accounts by username across social networks
Trending
ghidra
Ghidra is a software reverse engineering (SRE) framework
Trending
x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Trending
sqlmap
Automatic SQL injection and database takeover tool
Trending
dnSpy
.NET debugger and assembly editor
Trending
web-check
🕵️♂️ All-in-one OSINT tool for analysing any website
Trending
nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
Trending
gitleaks
Find secrets with Gitleaks 🔑
Trending
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
Trending
Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Trending
frida
Clone this repo to build Frida
Trending
PEASS-ng
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
Trending
bytecode-viewer
A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
Trending
impacket
Impacket is a collection of Python classes for working with network protocols.
Trending
katana
A next-generation crawling and spidering framework.
Trending
evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Trending
amass
In-depth attack surface mapping and asset discovery
Trending
dex2jar
Tools to work with android .dex and java .class files
Trending
binwalk
Firmware Analysis Tool
Trending
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
Trending
theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
Trending
subfinder
Fast passive subdomain enumeration tool.
Trending
prowler
Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more
Trending
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Trending
DVWA
Damn Vulnerable Web Application (DVWA)
Trending
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Trending
Sublist3r
Fast subdomains enumeration tool for penetration testers
Trending
BloodHound-Legacy
Six Degrees of Domain Admin
Trending
sliver
Adversary Emulation Framework
Trending
Sn1per
Attack Surface Management Platform
Trending
aws-vault
A vault for securely storing and accessing AWS credentials in development environments
Trending
Detect-It-Easy
Program for determining types of files for Windows, Linux and MacOS.
Trending
pwndbg
Exploit Development and Reverse Engineering with GDB & LLDB Made Easy
Trending
httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Trending
bbot
The recursive internet scanner for hackers. 🧡
Trending
objection
📱 objection - runtime mobile exploration
Trending
volatility
An advanced memory forensics framework
Trending
Havoc
The Havoc Framework
Trending
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Trending
WebGoat
WebGoat is a deliberately insecure application
Trending
ScoutSuite
Multi-Cloud Security Auditing Tool
Trending
reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Trending
voltron
A hacky debugger UI for hackers
Trending
cloudmapper
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
Trending
osmedeus
A Workflow Engine for Offensive Security
Trending
capa
The FLARE team's open-source tool to identify capabilities in executable files.
Trending
apkleaks
Scanning APK file for URIs, endpoints & secrets.
Trending
merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
Trending
GhidraMCP
MCP Server for Ghidra
Trending
ThreatMapper
Open Source Cloud Native Application Protection Platform (CNAPP)
Trending
scrcpy
Display and control your Android device
Trending
sherlock
Hunt down social media accounts by username across social networks
Trending
ghidra
Ghidra is a software reverse engineering (SRE) framework
Trending
x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Trending
sqlmap
Automatic SQL injection and database takeover tool
Trending
dnSpy
.NET debugger and assembly editor
Trending
web-check
🕵️♂️ All-in-one OSINT tool for analysing any website
Trending
nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
Trending
gitleaks
Find secrets with Gitleaks 🔑
Trending
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
Trending
Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Trending
frida
Clone this repo to build Frida
Trending
PEASS-ng
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
Trending
bytecode-viewer
A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
Trending
impacket
Impacket is a collection of Python classes for working with network protocols.
Trending
katana
A next-generation crawling and spidering framework.
Trending
evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Trending
amass
In-depth attack surface mapping and asset discovery
Trending
dex2jar
Tools to work with android .dex and java .class files
Trending
binwalk
Firmware Analysis Tool
Trending
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
Trending
theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
Trending
subfinder
Fast passive subdomain enumeration tool.
Trending
prowler
Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more
Trending
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Trending
DVWA
Damn Vulnerable Web Application (DVWA)
Trending
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Trending
Sublist3r
Fast subdomains enumeration tool for penetration testers
Trending
BloodHound-Legacy
Six Degrees of Domain Admin
Trending
sliver
Adversary Emulation Framework
Trending
Sn1per
Attack Surface Management Platform
Trending
aws-vault
A vault for securely storing and accessing AWS credentials in development environments
Trending
Detect-It-Easy
Program for determining types of files for Windows, Linux and MacOS.
Trending
pwndbg
Exploit Development and Reverse Engineering with GDB & LLDB Made Easy
Trending
httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Trending
bbot
The recursive internet scanner for hackers. 🧡
Trending
objection
📱 objection - runtime mobile exploration
Trending
volatility
An advanced memory forensics framework
Trending
Havoc
The Havoc Framework
Trending
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Trending
WebGoat
WebGoat is a deliberately insecure application
Trending
ScoutSuite
Multi-Cloud Security Auditing Tool
Trending
reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Trending
voltron
A hacky debugger UI for hackers
Trending
cloudmapper
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
Trending
osmedeus
A Workflow Engine for Offensive Security
Trending
capa
The FLARE team's open-source tool to identify capabilities in executable files.
Trending
apkleaks
Scanning APK file for URIs, endpoints & secrets.
Trending
merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
Trending
GhidraMCP
MCP Server for Ghidra
Trending
ThreatMapper
Open Source Cloud Native Application Protection Platform (CNAPP)
Professional Growth
Infosec Certifications Resources
Discover the best cybersecurity certifications to advance your career
CRTP
OSCP+
OSWE
CRTO
CRTE
BSCP
CRTP
OSCP+
OSWE
CRTO
CRTE
BSCP
CRTP
OSCP+
OSWE
CRTO
CRTE
BSCP
CRTP
OSCP+
OSWE
CRTO
CRTE
BSCP
CRTP
OSCP+
OSWE
CRTO
CRTE
BSCP
CRTP
OSCP+
OSWE
CRTO
CRTE
BSCP
CRTP
OSCP+
OSWE
CRTO
CRTE
BSCP
CRTP
OSCP+
OSWE
CRTO
CRTE
BSCP
CRTP
OSCP+
OSWE
CRTO
CRTE
BSCP
CRTP
OSCP+
OSWE
CRTO
CRTE
BSCP
Frequently Asked Questions about InfosecMania
Learn more about Cybersecurity Tools and how they can enhance your security posture
InfoSecMania is a comprehensive directory of cybersecurity tools and resources designed to help security professionals find the right tools for their needs.
You can submit a tool by clicking on the 'Submit Tool' link in the navigation menu and filling out the submission form with details about your tool.
Feel free to connect with us on LinkedIn, Discord, or just write to us at [email protected].
Tools are categorized based on their primary function, such as penetration testing, vulnerability assessment, network security, etc. Many tools may appear in multiple categories if they serve multiple purposes.
We only list tools and resources from publicly available, reputable sources — most of which are open-source and widely used in the cybersecurity community. However, always review and test tools in a safe, legal environment, like your lab or VM.
We actively monitor public repositories, GitHub, and community forums to keep our tool listings fresh. Many tools are auto-sourced from open-source feeds and security communities.