· 5 years ago · Aug 25, 2020, 04:20 PM
1{
2 "ctf_platforms": {
3 "attack_defense": {
4 "ctf_platforms": [
5 {
6 "name": "checksystem",
7 "source": "https://github.com/HackerDom/checksystem",
8 "description": "Checksystem for attack-defence CTF",
9 "language": "Perl",
10 "price": "Free"
11 },
12 {
13 "name": "fhq-jury-ad",
14 "source": "https://github.com/freehackquest/fhq-jury-ad",
15 "description": "Jury system for a attack-defence ctf game",
16 "language": "CPlusPlus",
17 "price": "Free"
18 },
19 {
20 "name": "ForcAD",
21 "source": "https://github.com/pomo-mondreganto/ForcAD",
22 "description": "Attack-defence CTF framework",
23 "language": "Python",
24 "price": "Free"
25 },
26 {
27 "name": "iCTF Framework",
28 "website": "https://ictf.cs.ucsb.edu/",
29 "source": "https://github.com/ucsb-seclab/ictf-framework",
30 "description": "Attack-defence CTF framework",
31 "language": "Python",
32 "price": "Free"
33 },
34 {
35 "name": "jury-attack-defense",
36 "source": "https://github.com/hackforces/jury-attack-defense",
37 "description": "Attack-defence CTF framework",
38 "language": "Python",
39 "price": "Free"
40 },
41 {
42 "name": "OCCP",
43 "website": "https://opencyberchallenge.net/",
44 "source": "https://github.com/OpenCyberChallengePlatform/OccpGameserver",
45 "description": "Attack-defence training platform for Network Defense, Penetration Testing, Digital Forensics, Secure Programming, Incident Response, Malware Analysis scenarios; supports Virtual Scenario Network, Gray Team, Red Team, Blue Team, White Team; game server and administrative VM; including a scenario package",
46 "language": "Ruby",
47 "price": "Free"
48 },
49 {
50 "name": "tin_foil_hat",
51 "source": "https://github.com/jollheef/tin_foil_hat",
52 "description": "Attack-defence CTF platform",
53 "language": "Go",
54 "price": "Free"
55 }
56 ]
57 },
58 "hybrid": {
59 "ctf_platforms": [
60 {
61 "name": "HBCTF",
62 "website": "http://www.hackbama.com/ctf/",
63 "source": "https://github.com/osteth/HBCTF",
64 "description": "Hybrid CTF platform",
65 "language": "Python",
66 "price": "Free"
67 }
68 ]
69 },
70 "jeopardy": {
71 "ctf_platforms": [
72 {
73 "name": "AleJndCTF",
74 "source": "https://github.com/alejndalliance/AleJndCTF",
75 "description": "Jeopardy CTF platform, based on tinyctf-platfom",
76 "language": "Python",
77 "price": "Free"
78 },
79 {
80 "name": "bamboofox",
81 "website": "https://bamboofox.cs.nctu.edu.tw/",
82 "source": "https://github.com/bamboofox/bamboofox-website",
83 "description": "Jeopardy CTF platform",
84 "language": "Ruby",
85 "price": "Free"
86 },
87 {
88 "name": "BoltCTF",
89 "source": "https://gitlab.com/bhavyanshu/BoltCTF",
90 "description": "Jeopardy CTF platform",
91 "language": "PHP",
92 "price": "Free"
93 },
94 {
95 "name": "CanHackMe",
96 "website": "https://canhack.me/",
97 "source": "https://github.com/safflower/canhackme",
98 "description": "Jeopardy CTF platform",
99 "language": "PHP",
100 "price": "Free"
101 },
102 {
103 "name": "ChallengeMe",
104 "source": "https://github.com/Querdos/ChallengeMe",
105 "description": "Jeopardy CTF platform",
106 "language": "PHP",
107 "price": "Free"
108 },
109 {
110 "name": "ColdCore",
111 "source": "https://github.com/IceCTF/ColdCore",
112 "description": "Jeopardy CTF platform, based on TJCTF platform, the new IceCTF platform",
113 "language": "Python",
114 "price": "Free"
115 },
116 {
117 "name": "Christmas-CTF",
118 "source": "https://github.com/brian020305/Christmas-CTF",
119 "description": "Jeopardy CTF platform, based on OpenCTF",
120 "language": "PHP",
121 "price": "Free"
122 },
123 {
124 "name": "CTFd",
125 "website": "https://ctfd.io/",
126 "source": "https://github.com/isislab/CTFd",
127 "description": "Easy to deploy Jeopardy CTF platform",
128 "language": "Python",
129 "price": "Paid"
130 },
131 {
132 "name": "CTFDashB",
133 "source": "https://github.com/Abdulwahaab710/CTFDashB",
134 "description": "Dockerized CTF platform",
135 "language": "Ruby",
136 "price": "Free"
137 },
138 {
139 "name": "CTFlex",
140 "source": "https://github.com/PACTF/pactf",
141 "description": "Jeopardy CTF framework with some unique features",
142 "language": "Python",
143 "price": "Free"
144 },
145 {
146 "name": "CTFx",
147 "source": "https://gitlab.com/Milkdrop/ctfx",
148 "description": "Jeopardy CTF platform, based on Mellivora,",
149 "language": "PHP",
150 "price": "Free"
151 },
152 {
153 "name": "ctf_marker",
154 "source": "https://github.com/rgajendran/ctf_marker",
155 "description": "Jeopardy CTF platform, import SecGen CTF challenges",
156 "language": "PHP",
157 "price": "Free"
158 },
159 {
160 "name": "DC416-CTF-Scoreboard",
161 "source": "https://github.com/DC416/CTF-Scoreboard",
162 "description": "Jeopardy CTF platform",
163 "language": "Elm",
164 "price": "Free"
165 },
166 {
167 "name": "FBCTF",
168 "website": "https://code.facebook.com/projects/1693078620943322/fbctf/",
169 "source": "https://github.com/facebook/fbctf",
170 "description": "Nice looking but heavy Jeopardy CTF platform",
171 "language": "PHP",
172 "price": "Free"
173 },
174 {
175 "name": "FluxScoreboard",
176 "source": "https://github.com/Javex/fluxscoreboard",
177 "description": "Jeopardy CTF platform, with documentation",
178 "language": "Python",
179 "price": "Free"
180 },
181 {
182 "name": "Google CTF Scoreboard",
183 "source": "https://github.com/google/ctfscoreboard",
184 "description": "Jeopardy CTF platform",
185 "language": "Python",
186 "price": "Free"
187 },
188 {
189 "name": "GryphonCTF-Scoreboard",
190 "website": "https://2017.gryphonctf.com/",
191 "source": "https://github.com/DISMGryphons/GryphonCTF-Scoreboard",
192 "description": "Jeopardy CTF platform based on CTFd",
193 "language": "Python",
194 "price": "Free"
195 },
196 {
197 "name": "HackTheArch",
198 "website": "http://hta.mcpa-stl.org/",
199 "source": "https://github.com/mcpa-stlouis/hack-the-arch",
200 "description": "Jeopardy CTF platform, using Ruby on Rails, has an official docker container",
201 "language": "Ruby",
202 "price": "Free"
203 },
204 {
205 "name": "Henhouse",
206 "source": "https://github.com/jollheef/henhouse",
207 "description": "Jeopardy CTF platform",
208 "language": "Go",
209 "price": "Free"
210 },
211 {
212 "name": "IceCTF Platform",
213 "source": "https://github.com/IceCTF/ctf-platform",
214 "description": "Jeopardy CTF platform, based on PicoCTF Platform 2, the old IceCTF platform, now look for ColdCore",
215 "language": "Python",
216 "price": "Free"
217 },
218 {
219 "name": "JS-CTF-Platform",
220 "source": "https://github.com/EasyCTF/JS-CTF-Platform",
221 "description": "Jeopardy CTF platform",
222 "language": "JavaScript",
223 "price": "Free"
224 },
225 {
226 "name": "LibreCTF",
227 "website": "https://easyctf.github.io/librectf/",
228 "source": "https://github.com/easyctf/librectf",
229 "description": "Was previously know as OpenCTF, easy to deploy Jeopardy CTF platform",
230 "language": "Rust",
231 "price": "Free"
232 },
233 {
234 "name": "Mellivora",
235 "source": "https://github.com/Nakiami/mellivora",
236 "description": "Fully featured Jeopardy CTF platform",
237 "language": "PHP",
238 "price": "Free"
239 },
240 {
241 "name": "miniCTF",
242 "source": "https://github.com/DivyanshuSahu/miniCTF",
243 "description": "Simple CTF platform looking like CTFd",
244 "language": "Python",
245 "price": "Free"
246 },
247 {
248 "name": "MITRE CTF Scoreboard",
249 "source": "https://github.com/mitre-cyber-academy/ctf-scoreboard",
250 "description": "Fully featured Jeopardy CTF platform",
251 "language": "Ruby",
252 "price": "Free"
253 },
254 {
255 "name": "NightShade",
256 "source": "https://github.com/UnrealAkama/NightShade",
257 "description": "Simple Jeopardy CTF platform",
258 "language": "Python",
259 "price": "Free"
260 },
261 {
262 "name": "nihctfplat",
263 "source": "https://github.com/remexre/nihctfplat",
264 "description": "Simple CTF platform",
265 "language": "Rust",
266 "price": "Free"
267 },
268 {
269 "name": "NIZKCTF",
270 "website": "https://arxiv.org/abs/1708.05844",
271 "source": "https://github.com/pwn2winctf/PTE",
272 "description": "A Non-Interactive Zero-Knowledge Jeopardy CTF Platform",
273 "language": "Python",
274 "price": "Free"
275 },
276 {
277 "name": "NODE_CTF",
278 "source": "https://github.com/chrisjd20/node_ctf",
279 "description": "Jeopardy CTF platform",
280 "language": "JavaScript",
281 "price": "Free"
282 },
283 {
284 "name": "OWASP Juice Shop CTF Extension",
285 "website": "https://www.npmjs.com/package/juice-shop-ctf-cli",
286 "source": "https://github.com/bkimminich/juice-shop-ctf",
287 "description": "CTF environment setup tools for OWASP Juice Shop; supports CTFd and FBCTF",
288 "language": "JavaScript",
289 "price": "Free"
290 },
291 {
292 "name": "PicoCTF",
293 "source": "https://github.com/picoCTF/picoCTF",
294 "description": "Jeopardy CTF platform",
295 "language": "Python",
296 "price": "Free"
297 },
298 {
299 "name": "PoliCTF Server",
300 "source": "https://github.com/PoliCTF/polictf-server",
301 "description": "Jeopardy CTF platform",
302 "language": "Cplusplus",
303 "price": "Free"
304 },
305 {
306 "name": "r8",
307 "source": "https://github.com/mhils/r8",
308 "description": "Very simple CTF platform, no advanced features",
309 "language": "Python",
310 "price": "Free"
311 },
312 {
313 "name": "RootTheBox",
314 "website": "http://root-the-box.com/",
315 "source": "https://github.com/moloch--/RootTheBox",
316 "description": "Jeopardy CTF platform",
317 "language": "Python",
318 "price": "Free"
319 },
320 {
321 "name": "RootTheBox CTF Framework",
322 "website": "https://rtblivedemo.herokuapp.com/",
323 "source": "https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework",
324 "description": "HackTheBox style CTF platform (user + root flag)",
325 "language": "Python",
326 "price": "Free"
327 },
328 {
329 "name": "Scorebot",
330 "source": "https://github.com/legitbs/scorebot",
331 "description": "Jeopardy CTF platform",
332 "language": "Ruby",
333 "price": "Free"
334 },
335 {
336 "name": "SCTF",
337 "source": "https://github.com/SynAckPwn23/SCTF",
338 "description": "Jeopardy CTF platform",
339 "language": "Python",
340 "price": "Free"
341 },
342 {
343 "name": "SniperOJ Platform",
344 "website": "https://www.sniperoj.com/",
345 "source": "https://github.com/SniperOJ/Platform-Run/",
346 "description": "Jeopardy CTF platform",
347 "language": "PHP",
348 "price": "Free"
349 },
350 {
351 "name": "Solve Me",
352 "website": "http://solveme.peng.kr/",
353 "source": "https://github.com/safflower/solve-me",
354 "description": "Jeopardy CTF platform",
355 "language": "PHP",
356 "price": "Free"
357 },
358 {
359 "name": "SR-CTF",
360 "website": "http://tunablectf.com/",
361 "source": "https://github.com/nsslab-yin/SRCTF",
362 "description": "Jeopardy CTF platform",
363 "language": "Python",
364 "price": "Free"
365 },
366 {
367 "name": "TallyCTF",
368 "source": "https://github.com/CyberNinjas/TallyCTF",
369 "description": "Jeopardy CTF platform with OAuth2.0 and OpenIDConnect support",
370 "language": "JavaScript",
371 "price": "Free"
372 },
373 {
374 "name": "Themis Quals",
375 "source": "https://github.com/themis-project/themis-quals",
376 "description": "Jeopardy CTF platform using Virtualbox and Vagrant",
377 "language": "Ruby",
378 "price": "Free"
379 },
380 {
381 "name": "tinyctf-platform",
382 "source": "https://github.com/balidani/tinyctf-platform",
383 "description": "Jeopardy CTF platform",
384 "language": "Python",
385 "price": "Free"
386 },
387 {
388 "name": "TJCTF platform",
389 "source": "https://github.com/TJCSec/ctf-platform",
390 "description": "Jeopardy CTF platform",
391 "language": "Python",
392 "price": "Free"
393 },
394 {
395 "name": "WRATH CTF Framework",
396 "source": "https://github.com/WhiteHatCP/wrath-ctf-framework",
397 "description": "What? Really? Another Tiny Homebrewed CTF Framework?, Jeopardy CTF platform",
398 "language": "Python",
399 "price": "Free"
400 },
401 {
402 "name": "WTFd",
403 "source": "https://github.com/wtfd-tech/wtfd",
404 "description": "Jeopardy CTF platform",
405 "language": "Go",
406 "price": "Free"
407 },
408 {
409 "name": "YACF",
410 "source": "https://github.com/0xCODEs/YACF",
411 "description": "Yet Another CTF Framework, dockerized CTF platform using modern technologies",
412 "language": "Python",
413 "price": "Free"
414 },
415 {
416 "name": "YuktiCTF",
417 "website": "https://chirathr.com/#portfolio",
418 "source": "https://github.com/chirathr/YuktiCTF",
419 "description": "Jeopardy CTF platform, based on CTFd and adds an interactive UI along with an RPG style game",
420 "language": "Python",
421 "price": "Free"
422 }
423 ]
424 }
425 },
426 "operating_systems": {
427 "maintained": {
428 "operating_systems": [
429 {
430 "os": "Alpine Linux",
431 "base": "BusyBox",
432 "description": "minimalist hardened OS, used by default for docker containers",
433 "link": "http://www.alpinelinux.org/"
434 },
435 {
436 "os": "ANDRAX",
437 "base": "Android",
438 "description": "More than an OS, it is a penetration testing platform for Android smartphones",
439 "link": "https://andrax.thecrackertechnology.com/"
440 },
441 {
442 "os": "AndroidTamer",
443 "base": "Debian",
444 "description": "android malware analysis, penetration testing and reverse engineering",
445 "link": "https://androidtamer.com/"
446 },
447 {
448 "os": "ArchStrike",
449 "base": "ArchLinux",
450 "description": "penetration testing and security lab",
451 "link": "https://archstrike.org/"
452 },
453 {
454 "os": "BackBox",
455 "base": "Ubuntu",
456 "description": "penetration testing and security lab",
457 "link": "https://backbox.org/"
458 },
459 {
460 "os": "BlackArch Linux",
461 "base": "ArchLinux",
462 "description": "penetration testing and security lab",
463 "link": "https://blackarch.org/"
464 },
465 {
466 "os": "Bugtraq-II Blackwidow",
467 "base": "Ubuntu / Debian",
468 "description": "penetration testing and security lab",
469 "link": "http://www.bugtraq-team.com/project-blackwidow.html"
470 },
471 {
472 "os": "Buscador",
473 "base": "Ubuntu",
474 "description": "OSINT (OVA appliance)",
475 "link": "https://inteltechniques.com/buscador/"
476 },
477 {
478 "os": "CAINE",
479 "base": "Ubuntu",
480 "description": "digital forensics and incident response (DFIR)",
481 "link": "http://www.caine-live.net/"
482 },
483 {
484 "os": "CommandoVM",
485 "base": "Windows",
486 "description": "script to configure a Windows VM and install security tools on it; penetration testing and security lab",
487 "link": "https://github.com/fireeye/commando-vm"
488 },
489 {
490 "os": "Cyborg Essentials",
491 "base": "Debian",
492 "description": "penetration testing and security lab",
493 "link": "http://cyborg.ztrela.com/cyborg-essentials/"
494 },
495 {
496 "os": "Cyborg Hawk Linux",
497 "base": "Ubuntu",
498 "description": "penetration testing and security lab",
499 "link": "http://cyborg.ztrela.com/cyborg-hawk/"
500 },
501 {
502 "os": "DEFT",
503 "base": "Ubuntu",
504 "description": "digital forensics and incident response (DFIR)",
505 "link": "http://www.deftlinux.net/"
506 },
507 {
508 "os": "Demon Linux",
509 "base": "Debian",
510 "description": "penetration testing and security lab",
511 "link": "https://www.demonlinux.com/about.php"
512 },
513 {
514 "os": "DracOS",
515 "base": "Linux From Scratch",
516 "description": "penetration testing and security lab",
517 "link": "https://dracos-linux.org/"
518 },
519 {
520 "os": "Fedora Security Lab",
521 "base": "Fedora",
522 "description": "penetration testing and security lab",
523 "link": "https://labs.fedoraproject.org/security/"
524 },
525 {
526 "os": "Kali Linux",
527 "base": "Debian",
528 "description": "penetration testing and security lab",
529 "link": "https://www.kali.org/"
530 },
531 {
532 "os": "Linux Kodachi",
533 "base": "Xubuntu",
534 "description": "privacy and anonymity",
535 "link": "https://www.digi77.com/linux-kodachi/"
536 },
537 {
538 "os": "NST",
539 "base": "Fedora",
540 "description": "network security monitoring and analysis",
541 "link": "https://sourceforge.net/projects/nst/"
542 },
543 {
544 "os": "Parrot Security OS",
545 "base": "Debian",
546 "description": "penetration testing and security lab",
547 "link": "https://www.parrotsec.org/"
548 },
549 {
550 "os": "Pentoo",
551 "base": "Gentoo",
552 "description": "penetration testing and security lab",
553 "link": "http://www.pentoo.ch/"
554 },
555 {
556 "os": "Qubes OS",
557 "base": "Fedora",
558 "description": "security by compartmentalization (VM)",
559 "link": "https://www.qubes-os.org/"
560 },
561 {
562 "os": "REMnux",
563 "base": "Debian",
564 "description": "malware analysis and reverse-engineering",
565 "link": "https://remnux.org/"
566 },
567 {
568 "os": "Santoku Linux",
569 "base": "Lubuntu",
570 "description": "mobile malware analysis, forensics and reverse engineering",
571 "link": "https://santoku-linux.com/"
572 },
573 {
574 "os": "SecBSD",
575 "base": "openBSD",
576 "description": "penetration testing and security lab",
577 "link": "https://secbsd.org/"
578 },
579 {
580 "os": "Security Onion",
581 "base": "Ubuntu",
582 "description": "network security monitoring, analysis and threat hunting",
583 "link": "https://securityonion.net/"
584 },
585 {
586 "os": "SIFT",
587 "base": "Ubuntu",
588 "description": "digital forensics and incident response (DFIR) (VMware appliance)",
589 "link": "https://digital-forensics.sans.org/community/downloads"
590 },
591 {
592 "os": "SigintOS",
593 "base": "Ubuntu",
594 "description": "signal intelligence",
595 "link": "https://www.sigintos.com/"
596 },
597 {
598 "os": "Subgraph OS",
599 "base": "Debian",
600 "description": "security by compartmentalization (container)",
601 "link": "https://subgraph.com/sgos/index.en.html"
602 },
603 {
604 "os": "Tails",
605 "base": "Debian",
606 "description": "privacy and anonymity",
607 "link": "https://tails.boum.org/"
608 },
609 {
610 "os": "TENS",
611 "base": "Thinstation",
612 "description": "privacy and anonymity",
613 "link": "https://www.spi.dod.mil/lipose.htm"
614 },
615 {
616 "os": "Tsurugi Linux",
617 "base": "Ubuntu",
618 "description": "digital forensics and incident response (DFIR",
619 "link": "https://tsurugi-linux.org/"
620 },
621 {
622 "os": "Whonix",
623 "base": "Debian",
624 "description": "privacy and anonymity",
625 "link": "https://www.whonix.org/"
626 },
627 {
628 "os": "Wifislax",
629 "base": "Slackware",
630 "description": "penetration testing and security lab",
631 "link": "http://www.wifislax.com/"
632 }
633 ]
634 },
635 "no_more_maintained": {
636 "operating_systems": [
637 {
638 "os": "Blackbuntu",
639 "base": "Ubuntu",
640 "description": "penetration testing and security lab",
641 "link": "https://sourceforge.net/projects/blackbuntu/"
642 },
643 {
644 "os": "GnackTrack",
645 "base": "Ubuntu",
646 "description": "penetration testing and security lab",
647 "link": "https://www.phillips321.co.uk/gnacktrack/"
648 },
649 {
650 "os": "Live Hacking",
651 "base": "Ubuntu",
652 "description": "penetration testing and security lab",
653 "link": "http://www.livehacking.com/live-hacking-cd/"
654 },
655 {
656 "os": "Matriux",
657 "base": "Debian",
658 "description": "penetration testing and security lab",
659 "link": "https://sourceforge.net/projects/matriux/"
660 },
661 {
662 "os": "NodeZero",
663 "base": "Ubuntu",
664 "description": "penetration testing and security lab",
665 "link": "https://sourceforge.net/projects/nodezero/"
666 },
667 {
668 "os": "STD",
669 "base": "Debian",
670 "description": "penetration testing and security lab",
671 "link": "https://s-t-d.org/"
672 }
673 ]
674 },
675 "project_transferred": {
676 "operating_systems": [
677 {
678 "from": "ArchAssault",
679 "to": "BlackArch Linux"
680 },
681 {
682 "from": "Backtrack",
683 "to": "Kali Linux"
684 }
685 ]
686 }
687 },
688 "resources": {
689 "bug_bounty_and_disclosure_platforms": {
690 "resources": [
691 {
692 "name": "AntiHACK",
693 "links": [
694 {
695 "website": "https://www.antihack.me/"
696 }
697 ],
698 "description": "Singapore bug bounty platform",
699 "price": "Free"
700 },
701 {
702 "name": "Bounty Factory",
703 "links": [
704 {
705 "website": "https://bountyfactory.io/"
706 }
707 ],
708 "description": "European bug bounty platform based on the legislation and rules in force in european countries, by YesWeHack",
709 "price": "Free"
710 },
711 {
712 "name": "BugBounty.jp",
713 "links": [
714 {
715 "website": "https://bugbounty.jp/"
716 }
717 ],
718 "description": "Japan bug bounty platform",
719 "price": "Free"
720 },
721 {
722 "name": "Bugcrowd",
723 "links": [
724 {
725 "website": "https://www.bugcrowd.com/"
726 }
727 ],
728 "description": "Bug bounty platform",
729 "price": "Free"
730 },
731 {
732 "name": "Cobalt.io",
733 "links": [
734 {
735 "website": "https://cobalt.io/"
736 }
737 ],
738 "description": "Pentest as a Service platform, registrant will be a cobalt.io employee (take care to obligation of loyalty if you already have a job)",
739 "price": "Free"
740 },
741 {
742 "name": "FireBounty",
743 "links": [
744 {
745 "website": "https://firebounty.com/"
746 }
747 ],
748 "description": "Bug bounty program aggregator",
749 "price": "Free"
750 },
751 {
752 "name": "HackenProof",
753 "links": [
754 {
755 "website": "https://hackenproof.com/"
756 }
757 ],
758 "description": "Bug bounty platform",
759 "price": "Free"
760 },
761 {
762 "name": "HackerOne",
763 "links": [
764 {
765 "website": "https://www.hackerone.com/"
766 }
767 ],
768 "description": "Bug bounty platform",
769 "price": "Free"
770 },
771 {
772 "name": "HackTrophy",
773 "links": [
774 {
775 "website": "https://hacktrophy.com/"
776 }
777 ],
778 "description": "Bug bounty platform",
779 "price": "Free"
780 },
781 {
782 "name": "huntr",
783 "links": [
784 {
785 "website": "https://huntr.dev"
786 }
787 ],
788 "description": "A bug bounty board for securing open-source code.",
789 "price": "Free"
790 },
791 {
792 "name": "Intigriti",
793 "links": [
794 {
795 "website": "https://www.intigriti.com/public/"
796 }
797 ],
798 "description": "Bug bounty platform",
799 "price": "Free"
800 },
801 {
802 "name": "Open Bug Bounty",
803 "links": [
804 {
805 "website": "https://www.openbugbounty.org/"
806 }
807 ],
808 "description": "Non-profit bug bounty platform",
809 "price": "Free"
810 },
811 {
812 "name": "Plugbounty",
813 "links": [
814 {
815 "website": "https://www.plugbounty.com/"
816 }
817 ],
818 "description": "Bug bounty platform for plugins, themes, extensions, libraries",
819 "price": "Free"
820 },
821 {
822 "name": "SSD Secure Disclosure",
823 "links": [
824 {
825 "website": "https://ssd-disclosure.com/"
826 }
827 ],
828 "description": "Rewarded responsible disclosure service",
829 "price": "Free"
830 },
831 {
832 "name": "SynAck Red Team",
833 "links": [
834 {
835 "website": "https://www.synack.com/red-team/"
836 }
837 ],
838 "description": "Pentest as a Service platform, registrant will be a SynAck employee (take care to obligation of loyalty if you already have a job)",
839 "price": "Free"
840 },
841 {
842 "name": "Yogosha",
843 "links": [
844 {
845 "website": "https://www.yogosha.com/"
846 }
847 ],
848 "description": "Bug bounty platform",
849 "price": "Free"
850 },
851 {
852 "name": "Zero Day Initiative",
853 "links": [
854 {
855 "website": "https://www.zerodayinitiative.com/"
856 }
857 ],
858 "description": "Rewarded responsible disclosure service",
859 "price": "Free"
860 },
861 {
862 "name": "Zerocopter",
863 "links": [
864 {
865 "website": "https://www.zerocopter.com/"
866 }
867 ],
868 "description": "Invite-only and closed bug bounty platform",
869 "price": "Free"
870 },
871 {
872 "name": "ZeroDisclo.com",
873 "links": [
874 {
875 "website": "https://zerodisclo.com"
876 }
877 ],
878 "description": "Coordinated disclosure platform by YesWeHack",
879 "price": "Free"
880 }
881 ]
882 },
883 "challenges_platforms": {
884 "resources": [
885 {
886 "name": "ae27ff",
887 "links": [
888 {
889 "website": "http://ae27ff.meme.tips/"
890 }
891 ],
892 "description": "Challenge platform",
893 "price": "Free"
894 },
895 {
896 "name": "Backdoor",
897 "links": [
898 {
899 "website": "https://backdoor.sdslabs.co/"
900 }
901 ],
902 "description": "Practice area with some past CTF challenges",
903 "price": "Free"
904 },
905 {
906 "name": "Begin.re",
907 "links": [
908 {
909 "website": "https://www.begin.re/"
910 }
911 ],
912 "description": "Binary reverse guided challenges for beginners",
913 "price": "Free"
914 },
915 {
916 "name": "CanYouHack.It",
917 "links": [
918 {
919 "website": "http://canyouhack.it/"
920 }
921 ],
922 "description": "Challenge platform",
923 "price": "Free"
924 },
925 {
926 "name": "Challenge Land",
927 "links": [
928 {
929 "website": "http://challengeland.co/"
930 }
931 ],
932 "description": "Challenge platform",
933 "price": "Free"
934 },
935 {
936 "name": "Cryptopals",
937 "links": [
938 {
939 "website": "https://cryptopals.com/"
940 }
941 ],
942 "description": "Crypto challenges platform",
943 "price": "Free"
944 },
945 {
946 "name": "CTFLearn",
947 "links": [
948 {
949 "website": "https://ctflearn.com/"
950 }
951 ],
952 "description": "Challenge platform",
953 "price": "Free"
954 },
955 {
956 "name": "Electrica",
957 "links": [
958 {
959 "website": "http://www.caesum.com/game"
960 }
961 ],
962 "description": "Programming, cryptography challenges",
963 "price": "Free"
964 },
965 {
966 "name": "EnigmaGroup",
967 "links": [
968 {
969 "website": "http://www.enigmagroup.org/"
970 }
971 ],
972 "description": "Challenge platform",
973 "price": "Free"
974 },
975 {
976 "name": "Exploit Education",
977 "links": [
978 {
979 "website": "http://exploit.education/"
980 }
981 ],
982 "description": "Exercises and resources about vulnerability analysis, exploit development, software debugging, binary analysis, and general cyber security issues",
983 "price": "Free"
984 },
985 {
986 "name": "Exploit Exercises",
987 "links": [
988 {
989 "website": "https://exploit-exercises.com/"
990 }
991 ],
992 "description": "VMs, documentation and challenges",
993 "price": "Free"
994 },
995 {
996 "name": "Gekkó",
997 "links": [
998 {
999 "website": "http://gekko.csokavar.hu/"
1000 }
1001 ],
1002 "description": "Challenge platform",
1003 "price": "Free"
1004 },
1005 {
1006 "name": "Graker",
1007 "links": [
1008 {
1009 "website": "http://gracker.org/"
1010 }
1011 ],
1012 "description": "Binary challenges having a slow learning curve, and write-ups for each level (SSH connection)",
1013 "price": "Free"
1014 },
1015 {
1016 "name": "Hack The Box",
1017 "links": [
1018 {
1019 "website": "https://www.hackthebox.eu/"
1020 }
1021 ],
1022 "description": "Challenge platform",
1023 "price": "Free"
1024 },
1025 {
1026 "name": "Hack This Site",
1027 "links": [
1028 {
1029 "website": "https://www.hackthissite.org/"
1030 }
1031 ],
1032 "description": "Challenge platform and community",
1033 "price": "Free"
1034 },
1035 {
1036 "name": "HackBBS",
1037 "links": [
1038 {
1039 "website": "http://hackbbs.org/"
1040 }
1041 ],
1042 "description": "Challenge platform and community",
1043 "price": "Free"
1044 },
1045 {
1046 "name": "HackCenter",
1047 "links": [
1048 {
1049 "website": "https://hackcenter.com/"
1050 }
1051 ],
1052 "description": "Private challenge platforms",
1053 "price": "Free"
1054 },
1055 {
1056 "name": "Hacker Gateway",
1057 "links": [
1058 {
1059 "website": "https://www.hackergateway.com/"
1060 }
1061 ],
1062 "description": "Challenge platform",
1063 "price": "Free"
1064 },
1065 {
1066 "name": "Hacker.org",
1067 "links": [
1068 {
1069 "website": "http://www.hacker.org/"
1070 }
1071 ],
1072 "description": "Challenge platform",
1073 "price": "Free"
1074 },
1075 {
1076 "name": "Hacking Lab",
1077 "links": [
1078 {
1079 "website": "https://www.hacking-lab.com/"
1080 }
1081 ],
1082 "description": "Challenge platform with teachers and solutions",
1083 "price": "Free"
1084 },
1085 {
1086 "name": "HackThis!!",
1087 "links": [
1088 {
1089 "website": "https://www.hackthis.co.uk/"
1090 }
1091 ],
1092 "description": "Challenge platform",
1093 "price": "Free"
1094 },
1095 {
1096 "name": "ImmersiveLabs",
1097 "links": [
1098 {
1099 "website": "https://www.immersivelabs.com/"
1100 }
1101 ],
1102 "description": "Story-driven exercises and practical, gamified labs",
1103 "price": "Paid"
1104 },
1105 {
1106 "name": "IO",
1107 "links": [
1108 {
1109 "website": "http://io.netgarage.org/"
1110 }
1111 ],
1112 "description": "Binary challenges (SSH connection)",
1113 "price": "Free"
1114 },
1115 {
1116 "name": "LOST-Chall",
1117 "links": [
1118 {
1119 "website": "http://www.lost-chall.org/"
1120 }
1121 ],
1122 "description": "Challenge platform",
1123 "price": "Free"
1124 },
1125 {
1126 "name": "Mod-X",
1127 "links": [
1128 {
1129 "website": "http://www.mod-x.co.uk/"
1130 }
1131 ],
1132 "description": "Challenge platforms through a fictional game",
1133 "price": "Free"
1134 },
1135 {
1136 "name": "Net-Force",
1137 "links": [
1138 {
1139 "website": "http://www.net-force.nl/"
1140 }
1141 ],
1142 "description": "Challenge platform",
1143 "price": "Free"
1144 },
1145 {
1146 "name": "NCP",
1147 "links": [
1148 {
1149 "website": "https://nice-challenge.com/"
1150 }
1151 ],
1152 "description": "NICE Challenge Project by the NIST and the NSA (for American students only)",
1153 "price": "Free"
1154 },
1155 {
1156 "name": "Over The Wire",
1157 "links": [
1158 {
1159 "website": "http://overthewire.org/wargames/"
1160 },
1161 {
1162 "source": "https://github.com/OverTheWireOrg/OverTheWire-website"
1163 }
1164 ],
1165 "description": "Challenge platform",
1166 "price": "Free"
1167 },
1168 {
1169 "name": "OWASP Juice Shop",
1170 "links": [
1171 {
1172 "website": "http://demo.owasp-juice.shop"
1173 },
1174 {
1175 "source": "https://github.com/bkimminich/juice-shop"
1176 }
1177 ],
1178 "description": "Online demo instance of the OWASP Juice Shop",
1179 "price": "Free"
1180 },
1181 {
1182 "name": "PentesterLab",
1183 "links": [
1184 {
1185 "website": "httpq://pentesterlab.com/"
1186 }
1187 ],
1188 "description": "Pentest lab",
1189 "price": "Paid"
1190 },
1191 {
1192 "name": "Practical Pentest Labs",
1193 "links": [
1194 {
1195 "website": "https://practicalpentestlabs.com/"
1196 }
1197 ],
1198 "description": "Pentest lab",
1199 "price": "Paid"
1200 },
1201 {
1202 "name": "Pwnable.kr",
1203 "links": [
1204 {
1205 "website": "http://pwnable.kr/"
1206 }
1207 ],
1208 "description": "Pwn challenges",
1209 "price": "Free"
1210 },
1211 {
1212 "name": "pwnable.tw",
1213 "links": [
1214 {
1215 "website": "https://pwnable.tw/"
1216 }
1217 ],
1218 "description": "Pwn challenges",
1219 "price": "Free"
1220 },
1221 {
1222 "name": "PwnerRank",
1223 "links": [
1224 {
1225 "website": "https://www.pwnerrank.com/"
1226 }
1227 ],
1228 "description": "Challenge platform",
1229 "price": "Free"
1230 },
1231 {
1232 "name": "Rankk",
1233 "links": [
1234 {
1235 "website": "http://www.rankk.org/"
1236 }
1237 ],
1238 "description": "Programming, cryptography challenges",
1239 "price": "Free"
1240 },
1241 {
1242 "name": "RedTigers Hackit",
1243 "links": [
1244 {
1245 "website": "https://redtiger.labs.overthewire.org/"
1246 }
1247 ],
1248 "description": "PHP / SQL challenge platform",
1249 "price": "Free"
1250 },
1251 {
1252 "name": "Reversing.Kr",
1253 "links": [
1254 {
1255 "website": "http://reversing.kr/"
1256 }
1257 ],
1258 "description": "Cracking and Reverse Code Engineering challenge platform",
1259 "price": "Free"
1260 },
1261 {
1262 "name": "Revolution Elite",
1263 "links": [
1264 {
1265 "website": "https://sabrefilms.co.uk/revolutionelite"
1266 }
1267 ],
1268 "description": "Math and programming challenges",
1269 "price": "Free"
1270 },
1271 {
1272 "name": "Ringzer0Team",
1273 "links": [
1274 {
1275 "website": "https://ringzer0team.com/"
1276 }
1277 ],
1278 "description": "Challenge platform",
1279 "price": "Free"
1280 },
1281 {
1282 "name": "Root-me",
1283 "links": [
1284 {
1285 "website": "https://www.root-me.org"
1286 }
1287 ],
1288 "description": "Challenge platform",
1289 "price": "Free"
1290 },
1291 {
1292 "name": "RoseCode",
1293 "links": [
1294 {
1295 "website": "http://www.javaist.com/rosecode"
1296 }
1297 ],
1298 "description": "Challenge platform",
1299 "price": "Free"
1300 },
1301 {
1302 "name": "Security Traps",
1303 "links": [
1304 {
1305 "website": "http://www.securitytraps.pl/"
1306 }
1307 ],
1308 "description": "Challenge platform",
1309 "price": "Free"
1310 },
1311 {
1312 "name": "SmashTheStack",
1313 "links": [
1314 {
1315 "website": "http://smashthestack.org/"
1316 }
1317 ],
1318 "description": "Mostly binary challenges",
1319 "price": "Free"
1320 },
1321 {
1322 "name": "Solve Me",
1323 "links": [
1324 {
1325 "website": "http://solveme.kr/"
1326 }
1327 ],
1328 "description": "Challenge platform",
1329 "price": "Free"
1330 },
1331 {
1332 "name": "SPOJ",
1333 "links": [
1334 {
1335 "website": "http://www.spoj.com/"
1336 }
1337 ],
1338 "description": "Programming challenges",
1339 "price": "Free"
1340 },
1341 {
1342 "name": "Stereotyped Challenges",
1343 "links": [
1344 {
1345 "website": "https://chall.stypr.com/"
1346 }
1347 ],
1348 "description": "Web challenges",
1349 "price": "Free"
1350 },
1351 {
1352 "name": "Tasteless",
1353 "links": [
1354 {
1355 "website": "http://chall.tasteless.eu/"
1356 }
1357 ],
1358 "description": "Challenge platform",
1359 "price": "Free"
1360 },
1361 {
1362 "name": "TheBlackSheep",
1363 "links": [
1364 {
1365 "website": "http://www.bright-shadows.net/"
1366 }
1367 ],
1368 "description": "Challenge platform",
1369 "price": "Free"
1370 },
1371 {
1372 "name": "ThisisLegal.com",
1373 "links": [
1374 {
1375 "website": "http://www.thisislegal.com/"
1376 }
1377 ],
1378 "description": "Challenge platform",
1379 "price": "Free"
1380 },
1381 {
1382 "name": "TryHackMe",
1383 "links": [
1384 {
1385 "website": "https://tryhackme.com/"
1386 }
1387 ],
1388 "description": "Challenge platform with deployable machines; there are also tutorials and courses",
1389 "price": "Free"
1390 },
1391 {
1392 "name": "TryThis0ne",
1393 "links": [
1394 {
1395 "website": "http://www.trythis0ne.com/"
1396 }
1397 ],
1398 "description": "Challenge platform",
1399 "price": "Free"
1400 },
1401 {
1402 "name": "Valhalla",
1403 "links": [
1404 {
1405 "website": "https://halls-of-valhalla.org/"
1406 }
1407 ],
1408 "description": "Challenge platform and community",
1409 "price": "Free"
1410 },
1411 {
1412 "name": "Virtual Hacking Labs",
1413 "links": [
1414 {
1415 "website": "https://www.virtualhackinglabs.com/"
1416 }
1417 ],
1418 "description": "Virtual penetration testing environment with courses and VMs",
1419 "price": "Paid"
1420 },
1421 {
1422 "name": "VulnHub",
1423 "links": [
1424 {
1425 "website": "https://www.vulnhub.com/"
1426 }
1427 ],
1428 "description": "VM-based challenges",
1429 "price": "Free"
1430 },
1431 {
1432 "name": "WebHacking",
1433 "links": [
1434 {
1435 "website": "http://webhacking.kr/"
1436 }
1437 ],
1438 "description": "Web challenges",
1439 "price": "Free"
1440 },
1441 {
1442 "name": "W3Challs",
1443 "links": [
1444 {
1445 "website": "https://w3challs.com/"
1446 }
1447 ],
1448 "description": "Challenge platform",
1449 "price": "Free"
1450 },
1451 {
1452 "name": "WeChall",
1453 "links": [
1454 {
1455 "website": "https://www.wechall.net/"
1456 }
1457 ],
1458 "description": "Challenge platform",
1459 "price": "Free"
1460 },
1461 {
1462 "name": "wixxerd",
1463 "links": [
1464 {
1465 "website": "http://www.wixxerd.com/"
1466 }
1467 ],
1468 "description": "Challenge platform",
1469 "price": "Free"
1470 },
1471 {
1472 "name": "WTHack",
1473 "links": [
1474 {
1475 "website": "https://www.onlinectf.com/"
1476 }
1477 ],
1478 "description": "Challenge platform",
1479 "price": "Free"
1480 },
1481 {
1482 "name": "yoire",
1483 "links": [
1484 {
1485 "website": "http://yoire.com"
1486 }
1487 ],
1488 "description": "Challenge platform",
1489 "price": "Free"
1490 },
1491 {
1492 "name": "Zenk-security",
1493 "links": [
1494 {
1495 "website": "https://www.zenk-security.com/"
1496 }
1497 ],
1498 "description": "Challenge platform and community",
1499 "price": "Free"
1500 },
1501 {
1502 "name": "ZSIS CTF",
1503 "links": [
1504 {
1505 "website": "https://ctf.zsis.hr/"
1506 }
1507 ],
1508 "description": "Challenge platform",
1509 "price": "Free"
1510 },
1511 {
1512 "name": "µContest",
1513 "links": [
1514 {
1515 "website": "http://www.microcontest.com/"
1516 }
1517 ],
1518 "description": "Programming challenges",
1519 "price": "Free"
1520 }
1521 ]
1522 },
1523 "cve": {
1524 "resources": [
1525 {
1526 "name": "Archlinux security issues",
1527 "links": [
1528 {
1529 "website": "https://security.archlinux.org/"
1530 }
1531 ],
1532 "description": "CVE affecting Archlinux",
1533 "price": "Free"
1534 },
1535 {
1536 "name": "CVE Details",
1537 "links": [
1538 {
1539 "website": "http://www.cvedetails.com/"
1540 }
1541 ],
1542 "description": "Advanced CVE datasource",
1543 "price": "Free"
1544 },
1545 {
1546 "name": "Debian security issues",
1547 "links": [
1548 {
1549 "website": "https://security-tracker.debian.org/tracker/"
1550 }
1551 ],
1552 "description": "CVE affecting Debian",
1553 "price": "Free"
1554 },
1555 {
1556 "name": "Mitre",
1557 "links": [
1558 {
1559 "website": "https://cve.mitre.org/"
1560 }
1561 ],
1562 "description": "CVE datasource standard",
1563 "price": "Free"
1564 },
1565 {
1566 "name": "NVD",
1567 "links": [
1568 {
1569 "website": "https://nvd.nist.gov/"
1570 }
1571 ],
1572 "description": "CVE datasource",
1573 "price": "Free"
1574 },
1575 {
1576 "name": "Red Hat security issues",
1577 "links": [
1578 {
1579 "website": "https://access.redhat.com/security/security-updates/"
1580 }
1581 ],
1582 "description": "CVE affecting Red Hat",
1583 "price": "Free"
1584 },
1585 {
1586 "name": "Saucs",
1587 "links": [
1588 {
1589 "website": "https://www.saucs.com/"
1590 }
1591 ],
1592 "description": "Customizable CVE dashboard, track vulnerabilities that concern you",
1593 "price": "Free"
1594 },
1595 {
1596 "name": "SUSE security issues",
1597 "links": [
1598 {
1599 "website": "https://www.suse.com/security/cve/"
1600 }
1601 ],
1602 "description": "CVE affecting SUSE",
1603 "price": "Free"
1604 },
1605 {
1606 "name": "Ubuntu security issues",
1607 "links": [
1608 {
1609 "website": "https://people.canonical.com/~ubuntu-security/cve/"
1610 }
1611 ],
1612 "description": "CVE affecting Ubuntu",
1613 "price": "Free"
1614 },
1615 {
1616 "name": "VULDB",
1617 "links": [
1618 {
1619 "website": "https://vuldb.com/"
1620 }
1621 ],
1622 "description": "Community-driven vulnerability database",
1623 "price": "Free"
1624 },
1625 {
1626 "name": "VulnIQ",
1627 "links": [
1628 {
1629 "website": "https://free.vulniq.com/home"
1630 }
1631 ],
1632 "description": "Vulnerability database with CVE, OVAL, CWE, CAPEC, etc.",
1633 "price": "Free"
1634 }
1635 ]
1636 },
1637 "events": {
1638 "resources": [
1639 {
1640 "name": "CFP TIME",
1641 "links": [
1642 {
1643 "website": "https://www.cfptime.org/"
1644 }
1645 ],
1646 "description": "World Call For Papers (CFP) agenda for security conferences",
1647 "price": "Free"
1648 },
1649 {
1650 "name": "CTF TIME",
1651 "links": [
1652 {
1653 "website": "https://ctftime.org/"
1654 }
1655 ],
1656 "description": "World CTF agenda and scoreboard",
1657 "price": "Free"
1658 },
1659 {
1660 "name": "InfoSec Conferences",
1661 "links": [
1662 {
1663 "website": "https://infosec-conferences.com/"
1664 }
1665 ],
1666 "description": "World cybersecurity conferences agenda",
1667 "price": "Free"
1668 },
1669 {
1670 "name": "pwnhead",
1671 "links": [
1672 {
1673 "website": "https://pwnhead.com/"
1674 }
1675 ],
1676 "description": "World cybersecurity conferences scoreboard; people, company, country and conference directory",
1677 "price": "Free"
1678 },
1679 {
1680 "name": "SecurityCTF (reddit)",
1681 "links": [
1682 {
1683 "website": "https://www.reddit.com/r/securityCTF/"
1684 }
1685 ],
1686 "description": "Community for security CTF announcements and writeups",
1687 "price": "Free"
1688 }
1689 ]
1690 },
1691 "information": {
1692 "resources": [
1693 {
1694 "name": "hackndo",
1695 "language": "French",
1696 "links": [
1697 {
1698 "website": "https://beta.hackndo.com/"
1699 }
1700 ],
1701 "description": "Blog about pentesting",
1702 "price": "Free"
1703 },
1704 {
1705 "name": "KitPloit",
1706 "language": "English",
1707 "links": [
1708 {
1709 "website": "https://www.kitploit.com/"
1710 }
1711 ],
1712 "description": "Tools presentation and announcement",
1713 "price": "Free"
1714 },
1715 {
1716 "name": "Latest Hacking News",
1717 "language": "English",
1718 "links": [
1719 {
1720 "website": "https://latesthackingnews.com"
1721 }
1722 ],
1723 "description": "Cybersecurity news, tools presentation and announcement",
1724 "price": "Free"
1725 },
1726 {
1727 "name": "Offensive OSINT",
1728 "language": "English",
1729 "links": [
1730 {
1731 "website": "https://www.offensiveosint.io/"
1732 }
1733 ],
1734 "description": "OSINT articles from an offensive perspective",
1735 "price": "Free"
1736 },
1737 {
1738 "name": "Pentest Blog",
1739 "language": "English",
1740 "links": [
1741 {
1742 "website": "https://pentest.blog/"
1743 }
1744 ],
1745 "description": "Blog targeting pentesters: security advisories, OS, appsec, network, tools, articles",
1746 "price": "Free"
1747 },
1748 {
1749 "name": "Security List Network",
1750 "language": "English",
1751 "links": [
1752 {
1753 "website": "http://seclist.us"
1754 }
1755 ],
1756 "description": "Tools presentation and announcement",
1757 "price": "Free"
1758 }
1759 ]
1760 },
1761 "knowledge_and_tools": {
1762 "resources": [
1763 {
1764 "name": "Bug Bounty Guide",
1765 "links": [
1766 {
1767 "website": "https://bugbountyguide.com/"
1768 },
1769 {
1770 "source": "https://github.com/EdOverflow/bugbountyguide"
1771 }
1772 ],
1773 "description": "Launchpad for bug bounty programs and bug bounty hunters",
1774 "price": "Free"
1775 },
1776 {
1777 "name": "Bug Bounty Reference",
1778 "links": [
1779 {
1780 "source": "https://github.com/ngalongc/bug-bounty-reference"
1781 }
1782 ],
1783 "description": "A list of bug bounty write-up that is categorized by the bug nature",
1784 "price": "Free"
1785 },
1786 {
1787 "name": "ctf-tools",
1788 "links": [
1789 {
1790 "source": "https://github.com/zardus/ctf-tools"
1791 }
1792 ],
1793 "description": "Setup scripts for security tools",
1794 "price": "Free"
1795 },
1796 {
1797 "name": "DefaultPassword",
1798 "links": [
1799 {
1800 "website": "https://default-password.info/"
1801 }
1802 ],
1803 "description": "Default passwords for many devices and services",
1804 "price": "Free"
1805 },
1806 {
1807 "name": "Forensics Wiki",
1808 "links": [
1809 {
1810 "website": "http://forensicswiki.org/wiki/Main_Page"
1811 }
1812 ],
1813 "description": "Forensics tips and tools",
1814 "price": "Free"
1815 },
1816 {
1817 "name": "GHDB",
1818 "links": [
1819 {
1820 "website": "https://www.exploit-db.com/google-hacking-database"
1821 }
1822 ],
1823 "description": "Google Hacking Database; Collection of google dorks",
1824 "price": "Free"
1825 },
1826 {
1827 "name": "Guifre",
1828 "links": [
1829 {
1830 "website": "https://guif.re/"
1831 }
1832 ],
1833 "description": "Security, system and network cheatsheets",
1834 "price": "Free"
1835 },
1836 {
1837 "name": "GTFOBins",
1838 "links": [
1839 {
1840 "website": "https://gtfobins.github.io/"
1841 },
1842 {
1843 "source": "https://github.com/GTFOBins/GTFOBins.github.io"
1844 }
1845 ],
1846 "description": "Curated list/cheatsheet of Unix binaries that can be exploited by an attacker to bypass local security restrictions, obtain shells, read files",
1847 "price": "Free"
1848 },
1849 {
1850 "name": "Hack Tricks",
1851 "links": [
1852 {
1853 "website": "https://book.hacktricks.xyz/"
1854 }
1855 ],
1856 "description": "Guide and cheatsheet for pentesting: shell, linux exploitation, windows exploitation, mobile app pentesting, network pentesting, web pentesting, binary exploit, forensics, crypto, backdoor, etc.",
1857 "price": "Free"
1858 },
1859 {
1860 "name": "HTML5 Security Cheatsheet",
1861 "links": [
1862 {
1863 "website": "http://html5sec.org/"
1864 }
1865 ],
1866 "description": "XSS vector making use of HTML5, HTML4, CSS, DOM, UFT7, SVG, JSON, etc ...",
1867 "price": "Free"
1868 },
1869 {
1870 "name": "LOLBAS",
1871 "links": [
1872 {
1873 "website": "https://lolbas-project.github.io/"
1874 },
1875 {
1876 "source": "https://github.com/LOLBAS-Project/LOLBAS"
1877 }
1878 ],
1879 "description": "Living Off The Land Binaries and Scripts; Curated list/cheatsheet of Windows binaries that can be exploited by an attacker to bypass local security restrictions, obtain shells, read files",
1880 "price": "Free"
1881 },
1882 {
1883 "name": "Malware Traffic Analysis",
1884 "links": [
1885 {
1886 "website": "https://www.malware-traffic-analysis.net/"
1887 }
1888 ],
1889 "description": "Malware traffic analysis blog and pastebin posts with pcap and malware samples attached; traffic analysis exercises",
1890 "price": "Free"
1891 },
1892 {
1893 "name": "MD5 maxmin record",
1894 "links": [
1895 {
1896 "website": "http://0xf.kr/md5/"
1897 }
1898 ],
1899 "description": "Collection of various extremes of MD5 hashes",
1900 "price": "Free"
1901 },
1902 {
1903 "name": "MDN - Event reference",
1904 "links": [
1905 {
1906 "website": "https://developer.mozilla.org/en-US/docs/Web/Events"
1907 }
1908 ],
1909 "description": "DOM Events reference, useful for XSS",
1910 "price": "Free"
1911 },
1912 {
1913 "name": "PayloadsAllTheThings",
1914 "links": [
1915 {
1916 "source": "https://github.com/swisskyrepo/PayloadsAllTheThings"
1917 }
1918 ],
1919 "description": "A list of useful payloads and bypass for Web Application Security and Pentest/CTF",
1920 "price": "Free"
1921 },
1922 {
1923 "name": "Portswigger - XSS cheat sheet",
1924 "links": [
1925 {
1926 "website": "https://portswigger.net/web-security/cross-site-scripting/cheat-sheet"
1927 }
1928 ],
1929 "description": "XSS cheat sheet containing many vectors that can help bypassing WAFs and filters",
1930 "price": "Free"
1931 },
1932 {
1933 "name": "Privacy Tools",
1934 "links": [
1935 {
1936 "website": "https://www.privacytools.io/"
1937 },
1938 {
1939 "source": "https://github.com/privacytoolsIO/privacytools.io"
1940 }
1941 ],
1942 "description": "Website that provides knowledge and tools to protect your privacy against global mass surveillance",
1943 "price": "Free"
1944 },
1945 {
1946 "name": "PTES",
1947 "links": [
1948 {
1949 "website": "http://www.pentest-standard.org/"
1950 }
1951 ],
1952 "description": "The penetration testing execution standard covers all steps related to a penetration test",
1953 "price": "Free"
1954 },
1955 {
1956 "name": "Red Teaming Tactics and Techniques",
1957 "links": [
1958 {
1959 "website": "https://ired.team/"
1960 },
1961 {
1962 "source": "https://github.com/mantvydasb/RedTeam-Tactics-and-Techniques"
1963 }
1964 ],
1965 "description": "Exploring Red Teaming tactics and techniques, some of the common offensive security techniques involving gaining code execution, lateral movement, persistence and more",
1966 "price": "Free"
1967 },
1968 {
1969 "name": "RubyFu",
1970 "links": [
1971 {
1972 "website": "https://rubyfu.net/"
1973 },
1974 {
1975 "source": "https://github.com/rubyfu/RubyFu"
1976 }
1977 ],
1978 "description": "Offensive Ruby book",
1979 "price": "Free"
1980 },
1981 {
1982 "name": "SecLists",
1983 "links": [
1984 {
1985 "source": "https://github.com/danielmiessler/SecLists"
1986 }
1987 ],
1988 "description": "Collection of multiple types of lists used during security assessments, collected in one place; include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, etc.",
1989 "price": "Free"
1990 },
1991 {
1992 "name": "SSL Checklist for Pentesters (Explore Security)",
1993 "links": [
1994 {
1995 "website": "http://www.exploresecurity.com/wp-content/uploads/custom/SSL_manual_cheatsheet.html"
1996 }
1997 ],
1998 "description": "List of SSL/TLS checks that can be performed manually with OpenSSL or a web browser",
1999 "price": "Free"
2000 },
2001 {
2002 "name": "StegOnline checklist",
2003 "links": [
2004 {
2005 "website": "https://georgeom.net/StegOnline/checklist"
2006 },
2007 {
2008 "source": "https://github.com/Ge0rg3/StegOnline/blob/master/src/app/checklist/checklist.component.html"
2009 }
2010 ],
2011 "description": "CTF Image Steganography Checklist",
2012 "price": "Free"
2013 },
2014 {
2015 "name": "The Bug Hunter's Methodology",
2016 "links": [
2017 {
2018 "source": "https://github.com/jhaddix/tbhm"
2019 }
2020 ],
2021 "description": "A collection of tips, tricks, tools, analysis and notes related to web application security assessments and more specifically towards bug hunting in bug bounties",
2022 "price": "Free"
2023 },
2024 {
2025 "name": "Vergilius",
2026 "links": [
2027 {
2028 "website": "https://www.vergiliusproject.com/"
2029 }
2030 ],
2031 "description": "A collection of Microsoft Windows kernel structures, unions and enumerations; most of them are not officially documented and cannot be found in Windows Driver Kit (WDK) headers",
2032 "price": "Free"
2033 },
2034 {
2035 "name": "VRT",
2036 "links": [
2037 {
2038 "website": "https://bugcrowd.com/vrt"
2039 },
2040 {
2041 "source": "https://github.com/bugcrowd/vulnerability-rating-taxonomy"
2042 }
2043 ],
2044 "description": "Bugcrowd Vulnerability Rating Taxonomy (VRT) provides a baseline vulnerability priority scale for bug hunters and organizations",
2045 "price": "Free"
2046 },
2047 {
2048 "name": "XSS Payloads",
2049 "links": [
2050 {
2051 "website": "http://www.xss-payloads.com/"
2052 }
2053 ],
2054 "description": "Provides advanced XSS payload, tools and documentation about XSS",
2055 "price": "Free"
2056 }
2057 ]
2058 },
2059 "national_security_agencies_and_services": {
2060 "resources": [
2061 {
2062 "name": "ANSSI",
2063 "country": "France",
2064 "links": [
2065 {
2066 "website": "http://www.ssi.gouv.fr/"
2067 }
2068 ],
2069 "description": "Agence Nationale de la Sécurité des Systèmes d'Information, French service responsible for computer security"
2070 },
2071 {
2072 "name": "ASD",
2073 "country": "Australia",
2074 "links": [
2075 {
2076 "website": "https://www.asd.gov.au/"
2077 }
2078 ],
2079 "description": "Australian Signals Directorate, Australian service responsible for computer security"
2080 },
2081 {
2082 "name": "CCB",
2083 "country": "Belgium",
2084 "links": [
2085 {
2086 "website": "https://ccb.belgium.be/"
2087 }
2088 ],
2089 "description": "Centre for Cyber Security Belgium, Belgium service responsible for computer security"
2090 },
2091 {
2092 "name": "CNSS",
2093 "country": "United States of America",
2094 "links": [
2095 {
2096 "website": "https://www.cnss.gov/"
2097 }
2098 ],
2099 "description": "Committee on National Security Systems, USA intergovernmental organization for the security of the USA security systems"
2100 },
2101 {
2102 "name": "CSE/CST",
2103 "country": "Canada",
2104 "links": [
2105 {
2106 "website": "https://www.cse-cst.gc.ca/"
2107 }
2108 ],
2109 "description": "Communications Security Establishment/Centre de la sécurité des télécommunications, Canadian service responsible for computer security"
2110 },
2111 {
2112 "name": "ENISA",
2113 "links": [
2114 {
2115 "website": "https://www.enisa.europa.eu/"
2116 }
2117 ],
2118 "description": "European Network and Information Security Agency, European Union service responsible for computer security"
2119 },
2120 {
2121 "name": "NCSC",
2122 "country": "Great Britain",
2123 "links": [
2124 {
2125 "website": "https://www.ncsc.gov.uk/"
2126 }
2127 ],
2128 "description": "National Cyber Security Center, United Kingdom service responsible for computer security"
2129 },
2130 {
2131 "name": "NIST",
2132 "country": "United States of America",
2133 "links": [
2134 {
2135 "website": "https://www.nist.gov/"
2136 }
2137 ],
2138 "description": "National Institute of Standards and Technology, Metrology laboratory and non-regulatory agency of the USA Department of Commerce"
2139 },
2140 {
2141 "name": "NSA",
2142 "country": "United States of America",
2143 "links": [
2144 {
2145 "website": "https://www.nsa.gov/"
2146 }
2147 ],
2148 "description": "National Security Agency, United States of America service responsible for computer security"
2149 }
2150 ]
2151 },
2152 "non_english": {
2153 "resources": [
2154 {
2155 "name": "Bamboofox",
2156 "language": "Chinese",
2157 "links": [
2158 {
2159 "website": "https://bamboofox.torchpad.com/"
2160 }
2161 ],
2162 "description": "CTF guide",
2163 "price": "Free"
2164 },
2165 {
2166 "name": "ctfs.me",
2167 "language": "Indonesian",
2168 "links": [
2169 {
2170 "website": "https://ctfs.me/"
2171 }
2172 ],
2173 "description": "Challenges platform, challenges are in english",
2174 "price": "Free"
2175 },
2176 {
2177 "name": "elhacker.net",
2178 "language": "Spanish",
2179 "links": [
2180 {
2181 "website": "http://warzone.elhacker.net/"
2182 }
2183 ],
2184 "description": "Challenges platform",
2185 "price": "Free"
2186 },
2187 {
2188 "name": "Hacking-Challenges",
2189 "language": "German",
2190 "links": [
2191 {
2192 "website": "http://www.hacking-challenges.de/"
2193 }
2194 ],
2195 "description": "Challenges platform",
2196 "price": "Free"
2197 },
2198 {
2199 "name": "Happy-Security",
2200 "language": "German",
2201 "links": [
2202 {
2203 "website": "http://www.happy-security.de/"
2204 }
2205 ],
2206 "description": "Challenges platform",
2207 "price": "Free"
2208 },
2209 {
2210 "name": "MIPT CTF",
2211 "language": "Russian",
2212 "links": [
2213 {
2214 "source": "https://github.com/xairy/mipt-ctf"
2215 }
2216 ],
2217 "description": "CTF guide",
2218 "price": "Free"
2219 },
2220 {
2221 "name": "NewbieContest",
2222 "language": "French",
2223 "links": [
2224 {
2225 "website": "http://www.newbiecontest.org/"
2226 }
2227 ],
2228 "description": "Challenge platform",
2229 "price": "Free"
2230 },
2231 {
2232 "name": "NOE",
2233 "language": "Korean",
2234 "links": [
2235 {
2236 "website": "http://noe.systems/"
2237 }
2238 ],
2239 "description": "Challenge platform",
2240 "price": "Free"
2241 },
2242 {
2243 "name": "SuNiNaTaS",
2244 "language": "Korean",
2245 "links": [
2246 {
2247 "website": "http://suninatas.com/"
2248 }
2249 ],
2250 "description": "Challenge platform",
2251 "price": "Free"
2252 },
2253 {
2254 "name": "TDHack",
2255 "language": "Polish",
2256 "links": [
2257 {
2258 "website": "http://www.tdhack.com/"
2259 }
2260 ],
2261 "description": "Challenge platform",
2262 "price": "Free"
2263 },
2264 {
2265 "name": "World of Wargame",
2266 "language": "Spanish",
2267 "links": [
2268 {
2269 "website": "https://wow.sinfocol.org/"
2270 }
2271 ],
2272 "description": "Challenge platform",
2273 "price": "Free"
2274 },
2275 {
2276 "name": "XCTF Agenda",
2277 "language": "Chinese",
2278 "links": [
2279 {
2280 "website": "https://www.xctf.org.cn/ctfs/all/"
2281 }
2282 ],
2283 "description": "World CTF agenda",
2284 "price": "Free"
2285 },
2286 {
2287 "name": "Yashira",
2288 "language": "Spanish",
2289 "links": [
2290 {
2291 "website": "http://www.yashira.org/"
2292 }
2293 ],
2294 "description": "Challenge platform",
2295 "price": "Free"
2296 }
2297 ]
2298 },
2299 "trainings_and_courses": {
2300 "resources": [
2301 {
2302 "name": "Bugcrowd University",
2303 "links": [
2304 {
2305 "website": "https://www.bugcrowd.com/hackers/bugcrowd-university/"
2306 },
2307 {
2308 "source": "https://github.com/bugcrowd/bugcrowd_university"
2309 }
2310 ],
2311 "description": "Modules with slides, videos and sometimes labs to learn web security, by Bugcrowd",
2312 "price": "Free"
2313 },
2314 {
2315 "name": "Cybrary",
2316 "links": [
2317 {
2318 "website": "https://www.cybrary.it/"
2319 }
2320 ],
2321 "description": "Cyber Security learning, training and certification",
2322 "price": "Paid"
2323 },
2324 {
2325 "name": "Hacker101",
2326 "links": [
2327 {
2328 "website": "https://www.hacker101.com/"
2329 },
2330 {
2331 "source": "https://github.com/Hacker0x01/hacker101"
2332 }
2333 ],
2334 "description": "Class for web security targeting bug bounty hunters and security professionals, with video lessons and a CTF platform, by HackerOne",
2335 "price": "Free"
2336 },
2337 {
2338 "name": "PentestAcademy",
2339 "links": [
2340 {
2341 "website": "https://www.pentesteracademy.com/"
2342 }
2343 ],
2344 "description": "Cyber Security training with an online lab",
2345 "price": "Paid"
2346 },
2347 {
2348 "name": "Portswigger Web Security Academy",
2349 "links": [
2350 {
2351 "website": "https://portswigger.net/web-security"
2352 }
2353 ],
2354 "description": "Web Security training with an online lab",
2355 "price": "Free"
2356 },
2357 {
2358 "name": "SANS",
2359 "links": [
2360 {
2361 "website": "https://www.sans.org/security-resources/"
2362 }
2363 ],
2364 "description": "Escal Institute of Advanced Technologies provides courses, certifications and learning materials",
2365 "price": "Paid"
2366 }
2367 ]
2368 },
2369 "tutorials": {
2370 "resources": [
2371 {
2372 "name": "CTF Field Guide",
2373 "links": [
2374 {
2375 "website": "https://trailofbits.github.io/ctf/"
2376 },
2377 {
2378 "source": "https://github.com/trailofbits/ctf"
2379 }
2380 ],
2381 "description": "CTF guide",
2382 "price": "Free"
2383 },
2384 {
2385 "name": "CTF Resources",
2386 "links": [
2387 {
2388 "website": "http://ctfs.github.io/resources/"
2389 },
2390 {
2391 "source": "https://github.com/ctfs/resources"
2392 }
2393 ],
2394 "description": "CTF guide",
2395 "price": "Free"
2396 },
2397 {
2398 "name": "Infosec Institute - What a Challenger Perceives in most CTF Categories/Challenges",
2399 "links": [
2400 {
2401 "website": "https://resources.infosecinstitute.com/what-a-challenger-perceives-in-most-of-the-ctf-categories-or-challenges/"
2402 }
2403 ],
2404 "description": "Questions a challenger can ask himself during a CTF, classed by category",
2405 "price": "Free"
2406 },
2407 {
2408 "name": "ISIS Lab Wiki",
2409 "links": [
2410 {
2411 "website": "https://github.com/isislab/Project-Ideas/wiki"
2412 }
2413 ],
2414 "description": "CTF guide",
2415 "price": "Free"
2416 },
2417 {
2418 "name": "Endgame - How to Get Started in CTF",
2419 "links": [
2420 {
2421 "website": "https://www.endgame.com/blog/technical-blog/how-get-started-ctf"
2422 }
2423 ],
2424 "description": "Tutorial for CTF beginners",
2425 "price": "Free"
2426 },
2427 {
2428 "name": "NIZKCTF tutorial",
2429 "links": [
2430 {
2431 "source": "https://github.com/pwn2winctf/nizkctf-tutorial"
2432 }
2433 ],
2434 "description": "Tutorial to set up NIZKCTF",
2435 "price": "Free"
2436 },
2437 {
2438 "name": "Xapax IT-Security Notebook",
2439 "links": [
2440 {
2441 "website": "https://xapax.gitbooks.io/security/content/"
2442 },
2443 {
2444 "source": "https://legacy.gitbook.com/book/xapax/security/details"
2445 }
2446 ],
2447 "description": "Overview guide for all kind of pentesting",
2448 "price": "Free"
2449 }
2450 ]
2451 },
2452 "writeups_collections_and_challenges_source": {
2453 "resources": [
2454 {
2455 "name": "Captf",
2456 "links": [
2457 {
2458 "website": "http://captf.com/"
2459 }
2460 ],
2461 "description": "Dumped CTF challenges",
2462 "price": "Free"
2463 },
2464 {
2465 "name": "CTFs write-ups",
2466 "links": [
2467 {
2468 "source": "https://github.com/ctfs/"
2469 }
2470 ],
2471 "description": "Write-ups archive",
2472 "price": "Free"
2473 },
2474 {
2475 "name": "Pwning OWASP Juice Shop",
2476 "links": [
2477 {
2478 "website": "https://bkimminich.gitbooks.io/pwning-owasp-juice-shop/content/"
2479 },
2480 {
2481 "source": "https://github.com/bkimminich/pwning-juice-shop"
2482 }
2483 ],
2484 "description": "Official companion guide to the OWASP Juice Shop",
2485 "price": "Free"
2486 },
2487 {
2488 "name": "pwntools writeups",
2489 "links": [
2490 {
2491 "source": "https://github.com/Gallopsled/pwntools-write-ups"
2492 }
2493 ],
2494 "description": "Write-ups using pwntools archive",
2495 "price": "Free"
2496 }
2497 ]
2498 }
2499 },
2500 "tools": {
2501 "binary_exploitation": {
2502 "tools": [
2503 {
2504 "name": "ASLRay",
2505 "source": "https://github.com/cryptolok/ASLRay",
2506 "description": "Tool for ASLR bypass with stack-spraying",
2507 "language": "Shell",
2508 "price": "Free",
2509 "online": "False"
2510 },
2511 {
2512 "name": "heaphopper",
2513 "website": "https://seclab.cs.ucsb.edu/media/uploads/papers/sec2018-heap-hopper.pdf",
2514 "source": "https://github.com/angr/heaphopper",
2515 "description": "Bounded model checking framework for Heap-implementations",
2516 "language": "Python",
2517 "price": "Free",
2518 "online": "False"
2519 },
2520 {
2521 "name": "libformatstr",
2522 "source": "https://github.com/hellman/libformatstr",
2523 "description": "Library to simplify format string exploitation",
2524 "language": "Python",
2525 "price": "Free",
2526 "online": "False"
2527 },
2528 {
2529 "name": "pwntools",
2530 "source": "https://github.com/Gallopsled/pwntools",
2531 "description": "Framework and exploit development library",
2532 "language": "Python",
2533 "price": "Free",
2534 "online": "False"
2535 },
2536 {
2537 "name": "pwntools-ruby",
2538 "source": "https://github.com/peter50216/pwntools-ruby",
2539 "description": "Framework and exploit development library, ported onto ruby",
2540 "language": "Ruby",
2541 "price": "Free",
2542 "online": "False"
2543 },
2544 {
2545 "name": "ROPgadget",
2546 "website": "http://shell-storm.org/project/ROPgadget/",
2547 "source": "https://github.com/JonathanSalwan/ROPgadget",
2548 "description": "Framework for ROP exploitation",
2549 "language": "Python",
2550 "price": "Free",
2551 "online": "False"
2552 }
2553 ]
2554 },
2555 "bug_bounty": {
2556 "tools": [
2557 {
2558 "name": "BBstats",
2559 "source": "https://github.com/gwen001/BBstats",
2560 "description": "Aggregrate reports/bounties from different platforms in order to create combined stats and graphs",
2561 "language": "PHP",
2562 "price": "Free",
2563 "online": "False"
2564 },
2565 {
2566 "name": "BountyDash",
2567 "source": "https://github.com/avlidienbrunn/bountydash",
2568 "description": "Dashboard to combine rewards from all platforms, giving insights about progress and bug hunting patterns",
2569 "language": "PHP",
2570 "price": "Free",
2571 "online": "False"
2572 },
2573 {
2574 "name": "bountyplz",
2575 "source": "https://github.com/fransr/bountyplz",
2576 "description": "Automated bug bounty reporting/submission, supports HackerOne and Bugcrowd",
2577 "language": "Shell",
2578 "price": "Free",
2579 "online": "False"
2580 }
2581 ]
2582 },
2583 "code_analysis": {
2584 "tools": [
2585 {
2586 "name": "Adhrit",
2587 "website": "https://www.hawkspawn.com/Adhrit/",
2588 "source": "https://github.com/abhi-r3v0/Adhrit",
2589 "description": "Android APK reversing and analysis suite",
2590 "language": "Python",
2591 "price": "Free",
2592 "online": "False"
2593 },
2594 {
2595 "name": "AndroBugs Framework",
2596 "source": "https://github.com/AndroBugs/AndroBugs_Framework",
2597 "description": "Android APK vulnerability analyzer",
2598 "language": "Python",
2599 "price": "Free",
2600 "online": "False"
2601 },
2602 {
2603 "name": "MobSF",
2604 "website": "",
2605 "source": "https://github.com/MobSF/Mobile-Security-Framework-MobSF",
2606 "description": "Android APK vulnerability analyzer",
2607 "language": "Python",
2608 "price": "Free",
2609 "online": "False"
2610 },
2611 {
2612 "name": "NodeJsScan",
2613 "source": "https://github.com/ajinabraham/NodeJsScan",
2614 "description": "Static security code scanner for Node.js applications",
2615 "language": "Python",
2616 "price": "Free",
2617 "online": "False"
2618 },
2619 {
2620 "name": "QARK",
2621 "source": "https://github.com/linkedin/qark",
2622 "description": "Android APK vulnerability analyzer",
2623 "language": "Python",
2624 "price": "Free",
2625 "online": "False"
2626 },
2627 {
2628 "name": "SonarQube",
2629 "website": "http://www.sonarqube.org/",
2630 "source": "https://github.com/SonarSource/sonarqube",
2631 "description": "Automatic code review tool to detect bugs, vulnerabilities; continuous code inspection automated with static code analysis rules",
2632 "language": "Java",
2633 "price": "Free",
2634 "online": "False"
2635 },
2636 {
2637 "name": "StaCoAn",
2638 "source": "https://github.com/vincentcox/StaCoAn",
2639 "description": "Mobile applications static code analysis tool",
2640 "language": "Python",
2641 "price": "Free",
2642 "online": "False"
2643 },
2644 {
2645 "name": "SUPER",
2646 "website": "http://superanalyzer.rocks/",
2647 "source": "https://github.com/SUPERAndroidAnalyzer/super",
2648 "description": "Android APK vulnerability analyzer",
2649 "language": "Rust",
2650 "price": "Free",
2651 "online": "False"
2652 },
2653 {
2654 "name": "wpBullet",
2655 "source": "https://github.com/webarx-security/wpbullet",
2656 "description": "Static code analysis for WordPress Plugins and Themes (and PHP)",
2657 "language": "Python",
2658 "price": "Free",
2659 "online": "False"
2660 }
2661 ]
2662 },
2663 "collaboration_report": {
2664 "tools": [
2665 {
2666 "name": "Archery",
2667 "website": "https://archerysec.com/",
2668 "source": "https://github.com/archerysec/archerysec",
2669 "description": "Vulnerability Assessment and Management tool, run scan and manage vulnerabilities",
2670 "language": "Python",
2671 "price": "Free",
2672 "online": "False"
2673 },
2674 {
2675 "name": "AttackForge.com",
2676 "website": "https://attackforge.com/",
2677 "description": "Penetration test collaboration platform: vulnerability management and reporting",
2678 "price": "Free",
2679 "online": "True"
2680 },
2681 {
2682 "name": "Canopy",
2683 "website": "https://www.checksec.com/canopy.html",
2684 "description": "Penetration test platform: vulnerability management and reporting",
2685 "price": "Paid",
2686 "online": "False"
2687 },
2688 {
2689 "name": "DART",
2690 "source": "https://github.com/lmco/dart",
2691 "description": "Documentation And Reporting Tool; Collaborative penetration test and vulnerability management platform",
2692 "language": "Python",
2693 "price": "Free",
2694 "online": "False"
2695 },
2696 {
2697 "name": "DefectDojo",
2698 "website": "https://www.defectdojo.org/",
2699 "source": "https://github.com/DefectDojo/django-DefectDojo",
2700 "description": "Vulnerability management application built for DevOps and continuous security integration",
2701 "language": "Python",
2702 "price": "Free",
2703 "online": "False"
2704 },
2705 {
2706 "name": "Dradis",
2707 "website": "https://dradisframework.com/",
2708 "source": "https://github.com/dradis/dradis-ce",
2709 "description": "Collaborative penetration test, vulnerability management and reporting platform",
2710 "language": "Ruby",
2711 "price": "Paid",
2712 "online": "False"
2713 },
2714 {
2715 "name": "envizon",
2716 "website": "https://evait-security.github.io/envizon/",
2717 "source": "https://github.com/evait-security/envizon",
2718 "description": "Vulnerability management and reporting platform",
2719 "language": "Ruby",
2720 "price": "Free",
2721 "online": "False"
2722 },
2723 {
2724 "name": "Faraday",
2725 "website": "https://www.faradaysec.com/",
2726 "source": "https://github.com/infobyte/faraday",
2727 "description": "Collaborative penetration test and reporting platform",
2728 "language": "Python",
2729 "price": "Paid",
2730 "online": "False"
2731 },
2732 {
2733 "name": "Ghostwriter",
2734 "website": "https://ghostwriter.wiki/",
2735 "source": "https://github.com/GhostManager/Ghostwriter",
2736 "description": "Project management and reporting engine",
2737 "language": "Python",
2738 "price": "Free",
2739 "online": "False"
2740 },
2741 {
2742 "name": "hackOx",
2743 "website": "https://hackox.net/",
2744 "source": "https://github.com/deantonious/hackox",
2745 "description": "Modular web based pentesting interface designed to run on Raspberry Pi",
2746 "language": "PHP",
2747 "price": "Free",
2748 "online": "False"
2749 },
2750 {
2751 "name": "Kvasir",
2752 "source": "https://github.com/KvasirSecurity/Kvasir",
2753 "description": "Pentest data management tool",
2754 "language": "Python",
2755 "price": "Free",
2756 "online": "False"
2757 },
2758 {
2759 "name": "Lair",
2760 "website": "https://www.optiv.com/blog/updates-to-the-lair-ecosystem",
2761 "source": "https://github.com/lair-framework/lair",
2762 "description": "Collaborative penetration test and vulnerability management framework",
2763 "language": "JavaScript",
2764 "price": "Free",
2765 "online": "False"
2766 },
2767 {
2768 "name": "MISP",
2769 "website": "http://misp-project.org/",
2770 "source": "https://github.com/MISP/",
2771 "description": "Malware Information Sharing Platform, an Open Source threat intelligence plateform and open standards for threat information sharing",
2772 "language": "PHP",
2773 "price": "Free",
2774 "online": "False"
2775 },
2776 {
2777 "name": "oneVault",
2778 "website": "https://www.onevault.tech/",
2779 "description": "Collaborative penetration test, vulnerability management and reporting platform",
2780 "price": "Paid",
2781 "online": "False"
2782 },
2783 {
2784 "name": "OSCP Exam Report Template in Markdown",
2785 "website": "https://noraj.github.io/OSCP-Exam-Report-Template-Markdown",
2786 "source": "https://github.com/noraj/OSCP-Exam-Report-Template-Markdown",
2787 "description": "Markdown templates for OSCP exam report",
2788 "language": "Markdown",
2789 "price": "Free",
2790 "online": "False"
2791 },
2792 {
2793 "name": "OWASP PenText",
2794 "website": "https://www.owasp.org/index.php/OWASP_PenText_Project",
2795 "source": "https://github.com/radicallyopensecurity/pentext",
2796 "description": "Collection of XML templates, XML schemas and XSLT code, to generate IT security documents including test reports, offers and invoices",
2797 "price": "Free",
2798 "online": "False"
2799 },
2800 {
2801 "name": "PatrOwl",
2802 "website": "https://patrowl.io/",
2803 "source": "https://github.com/Patrowl/PatrowlManager",
2804 "description": "Security operations orchestration and continuous threat management platform",
2805 "language": "Python",
2806 "price": "Free",
2807 "online": "False"
2808 },
2809 {
2810 "name": "PlexTrac",
2811 "website": "https://plextrac.com/",
2812 "description": "Collaborative penetration test reporting and vulnerability management platform",
2813 "price": "Paid",
2814 "online": "False"
2815 },
2816 {
2817 "name": "Pollenisator",
2818 "source": "https://github.com/AlgoSecure/Pollenisator",
2819 "description": "Collaborative penetration test and reporting platform (DB + clients, no WebUI)",
2820 "language": "Python",
2821 "price": "Free",
2822 "online": "False"
2823 },
2824 {
2825 "name": "Prithvi",
2826 "website": "https://www.vegabird.com/prithvi/",
2827 "source": "https://github.com/vegabird/prithvi",
2828 "description": "Report generation tool for pentester with provided OWASP data",
2829 "language": "JavaScript",
2830 "price": "Free",
2831 "online": "False"
2832 },
2833 {
2834 "name": "PwnDoc",
2835 "source": "https://github.com/pwndoc/pwndoc",
2836 "description": "Collaborative penetration test reporting platform",
2837 "language": "JavaScript",
2838 "price": "Free",
2839 "online": "False"
2840 },
2841 {
2842 "name": "Serpico",
2843 "source": "https://github.com/SerpicoProject/Serpico",
2844 "description": "SimplE RePort wrIting and CollaboratiOn tool, penetration testing report generation and collaboration tool",
2845 "language": "Ruby",
2846 "price": "Free",
2847 "online": "False"
2848 },
2849 {
2850 "name": "Sh00t",
2851 "source": "https://github.com/pavanw3b/sh00t",
2852 "description": "Pentesting platform with dynamic task manager, checklists, bug template & bug report",
2853 "language": "Python",
2854 "price": "Free",
2855 "online": "False"
2856 },
2857 {
2858 "name": "SwiftnessX",
2859 "source": "https://github.com/ehrishirajsharma/SwiftnessX",
2860 "description": "Cross-platform note-taking and target-tracking app for penetration testers",
2861 "language": "JavaScript",
2862 "price": "Free",
2863 "online": "False"
2864 },
2865 {
2866 "name": "vcr",
2867 "source": "https://github.com/Shellntel/vcr",
2868 "description": "Vulnerability Compliance Report; parse Nessus CIS benchmark scan files and generate HTML reports",
2869 "language": "PowerShell",
2870 "price": "Free",
2871 "online": "False"
2872 },
2873 {
2874 "name": "vuldash",
2875 "website": "https://www.vuldash.com/",
2876 "source": "https://github.com/talsoft/vuldash",
2877 "description": "Vulnerability Dashboard; vulnerability management, project management and report generation",
2878 "language": "PHP",
2879 "price": "Free",
2880 "online": "False"
2881 },
2882 {
2883 "name": "VULNREPO",
2884 "website": "https://vulnrepo.com/",
2885 "source": "https://github.com/kac89/vulnrepo",
2886 "description": "Vulnerability report generator",
2887 "language": "JavaScript",
2888 "price": "Free",
2889 "online": "False"
2890 },
2891 {
2892 "name": "Vulnreport",
2893 "website": "http://vulnreport.io/",
2894 "source": "https://github.com/salesforce/vulnreport",
2895 "description": "Pentesting management and automation platform",
2896 "language": "Ruby",
2897 "price": "Free",
2898 "online": "False"
2899 }
2900 ]
2901 },
2902 "configuration_audit": {
2903 "tools": [
2904 {
2905 "name": "Nipper Studio",
2906 "website": "https://www.titania.com/nipper-studio",
2907 "description": "Tool that parse router, switch, firewall configuration to discover vulnerabilities",
2908 "price": "Paid",
2909 "online": "False"
2910 },
2911 {
2912 "name": "Nipper-ng",
2913 "source": "https://github.com/arpitn30/nipper-ng",
2914 "description": "Tool that parse router, switch, firewall configuration to discover vulnerabilities",
2915 "language": "Cplusplus",
2916 "price": "Free",
2917 "online": "False"
2918 }
2919 ]
2920 },
2921 "cracking": {
2922 "tools": [
2923 {
2924 "name": "Bopscrk",
2925 "source": "https://github.com/R3nt0n/bopscrk",
2926 "description": "Before Outset PaSsword CRacKing, password wordlist generator with exclusive features like lyrics based mode",
2927 "language": "Python",
2928 "price": "Free",
2929 "online": "False"
2930 },
2931 {
2932 "name": "CeWL",
2933 "source": "https://github.com/digininja/CeWL",
2934 "description": "Custom wordlist generator based on website crawling",
2935 "language": "Ruby",
2936 "price": "Free",
2937 "online": "False"
2938 },
2939 {
2940 "name": "CrackerJack",
2941 "website": "https://www.contextis.com/en/resources/tools/crackerjack",
2942 "source": "https://github.com/ctxis/crackerjack",
2943 "description": "Basic Web Interface for Hashcat",
2944 "language": "Python",
2945 "price": "Free",
2946 "online": "False"
2947 },
2948 {
2949 "name": "Cracklord",
2950 "website": "http://jmmcatee.github.io/cracklord/",
2951 "source": "https://github.com/jmmcatee/cracklord",
2952 "description": "Scalable, pluggable, and distributed system for password cracking, supports Hashcat",
2953 "language": "Go",
2954 "price": "Free",
2955 "online": "False"
2956 },
2957 {
2958 "name": "CrackQ",
2959 "source": "https://github.com/f0cker/crackq",
2960 "description": "Hashcat cracking queue system, API and WebUI",
2961 "language": "Python",
2962 "price": "Free",
2963 "online": "False"
2964 },
2965 {
2966 "name": "CrackStation",
2967 "website": "https://crackstation.net/",
2968 "source": "https://github.com/defuse/crackstation",
2969 "description": "Pre-computed lookup tables to crack password hashes",
2970 "language": "PHP",
2971 "price": "Free",
2972 "online": "True"
2973 },
2974 {
2975 "name": "crunch",
2976 "source": "https://sourceforge.net/projects/crunch-wordlist/",
2977 "description": "Wordlist generator",
2978 "language": "C",
2979 "price": "Free",
2980 "online": "False"
2981 },
2982 {
2983 "name": "CUPP",
2984 "source": "https://github.com/Mebus/cupp",
2985 "description": "Common User Passwords Profiler, wordlist generator based on user profiling",
2986 "language": "Python",
2987 "price": "Free",
2988 "online": "False"
2989 },
2990 {
2991 "name": "GoCrack",
2992 "source": "https://github.com/fireeye/gocrack",
2993 "description": "Management frontend for password cracking tools, supporting hashcat",
2994 "language": "Go",
2995 "price": "Free",
2996 "online": "False"
2997 },
2998 {
2999 "name": "Hashcat",
3000 "website": "https://hashcat.net/hashcat/",
3001 "source": "https://github.com/hashcat/hashcat",
3002 "description": "Password cracking tool",
3003 "language": "C",
3004 "price": "Free",
3005 "online": "False"
3006 },
3007 {
3008 "name": "Hashtopolis",
3009 "source": "https://github.com/s3inlc/hashtopolis",
3010 "description": "Hashcat wrapper for distributed hashcracking",
3011 "language": "PHP",
3012 "price": "Free",
3013 "online": "False"
3014 },
3015 {
3016 "name": "Hashview",
3017 "website": "http://www.hashview.io/",
3018 "source": "https://github.com/hashview/hashview",
3019 "description": "Web-UI for managing, organizing, automating Hashcat commands/tasks",
3020 "language": "Ruby",
3021 "price": "Free",
3022 "online": "False"
3023 },
3024 {
3025 "name": "John The Ripper",
3026 "website": "http://www.openwall.com/john/",
3027 "description": "Password cracking tool",
3028 "language": "C",
3029 "price": "Free",
3030 "online": "False"
3031 },
3032 {
3033 "name": "John the Ripper, Jumbo version",
3034 "website": "http://www.openwall.com/john/",
3035 "source": "https://github.com/magnumripper/JohnTheRipper",
3036 "description": "Password cracking tool, community-enhanced version of John The Ripper",
3037 "language": "C",
3038 "price": "Free",
3039 "online": "False"
3040 },
3041 {
3042 "name": "lyricpass",
3043 "source": "https://github.com/initstring/lyricpass",
3044 "description": "Tool to generate wordlists based on lyrics",
3045 "language": "Python",
3046 "price": "Free",
3047 "online": "False"
3048 },
3049 {
3050 "name": "Mentalist",
3051 "source": "https://github.com/sc0tfree/mentalist",
3052 "description": "Graphical tool for custom wordlist generation, can output rules compatible with Hashcat and John the Ripper",
3053 "language": "Python",
3054 "price": "Free",
3055 "online": "False"
3056 },
3057 {
3058 "name": "Ophcrack",
3059 "website": "http://ophcrack.sourceforge.net/",
3060 "source": "https://sourceforge.net/projects/ophcrack/",
3061 "description": "Windows password cracker based on rainbow tables",
3062 "price": "Free",
3063 "online": "False"
3064 },
3065 {
3066 "name": "pnwgen",
3067 "source": "https://github.com/toxydose/pnwgen",
3068 "description": "Phone number wordlist generator",
3069 "language": "Python",
3070 "price": "Free",
3071 "online": "False"
3072 },
3073 {
3074 "name": "PowerSniper",
3075 "source": "https://github.com/codewatchorg/PowerSniper",
3076 "description": "Password spraying script and helper for creating password lists",
3077 "language": "PowerShell",
3078 "price": "Free",
3079 "online": "False"
3080 },
3081 {
3082 "name": "pydictor",
3083 "source": "https://github.com/LandGrey/pydictor",
3084 "description": "Multi-method password wordlist generator",
3085 "language": "Python",
3086 "price": "Free",
3087 "online": "False"
3088 },
3089 {
3090 "name": "TTPassGen",
3091 "source": "https://github.com/tp7309/TTPassGen",
3092 "description": "Flexiable and scriptable password dictionary/wordlist generator",
3093 "language": "Python",
3094 "price": "Free",
3095 "online": "False"
3096 },
3097 {
3098 "name": "WebHashcat",
3099 "source": "https://github.com/hegusung/WebHashcat",
3100 "description": "Hashcat WebUI with distributed cracking sessions and analytics",
3101 "language": "Python",
3102 "price": "Free",
3103 "online": "False"
3104 },
3105 {
3106 "name": "wordlistctl",
3107 "source": "https://github.com/BlackArch/wordlistctl",
3108 "description": "Fetch, install and search wordlist archives from websites and torrent peers",
3109 "language": "Python",
3110 "price": "Free",
3111 "online": "False"
3112 }
3113 ]
3114 },
3115 "cryptography": {
3116 "tools": [
3117 {
3118 "name": "crypto-identifier",
3119 "source": "https://github.com/Acceis/crypto_identifier",
3120 "description": "Tool that try to identify what cipher is used and uncipher the data",
3121 "language": "Python",
3122 "price": "Free",
3123 "online": "False"
3124 },
3125 {
3126 "name": "Crypton",
3127 "source": "https://github.com/ashutosh1206/Crypton",
3128 "description": "Library consisting of explanation and implementation of all the existing attacks on various Encryption Systems, Digital Signatures, Hashing Algorithms along with example challenges from CTFs",
3129 "language": "Python",
3130 "price": "Free",
3131 "online": "False"
3132 },
3133 {
3134 "name": "Dcode",
3135 "website": "http://www.dcode.fr/tools-list",
3136 "description": "Code and decode all kind of checksums, algorithms, codes or ciphers",
3137 "price": "Free",
3138 "online": "True"
3139 },
3140 {
3141 "name": "FeatherDuster",
3142 "source": "https://github.com/nccgroup/featherduster",
3143 "description": "Cryptanalysis tool and library",
3144 "language": "Python",
3145 "price": "Free",
3146 "online": "False"
3147 },
3148 {
3149 "name": "Haiti",
3150 "website": "https://noraj.github.io/haiti/",
3151 "source": "https://github.com/noraj/haiti",
3152 "description": "A CLI tool to identify the hash type of a given hash",
3153 "language": "Ruby",
3154 "price": "Free",
3155 "online": "False"
3156 },
3157 {
3158 "name": "hashID",
3159 "source": "https://github.com/psypanda/hashID",
3160 "description": "Identify the different types of hashes",
3161 "language": "Python",
3162 "price": "Free",
3163 "online": "False"
3164 },
3165 {
3166 "name": "PkCrack",
3167 "website": "https://www.unix-ag.uni-kl.de/%7Econrad/krypto/pkcrack.html",
3168 "description": "Tool for breaking PkZip encryption",
3169 "price": "Free",
3170 "online": "False"
3171 },
3172 {
3173 "name": "RsaCtfTool",
3174 "source": "https://github.com/Ganapati/RsaCtfTool",
3175 "description": "Tool to conduct manual or automated attack on RSA",
3176 "language": "Python",
3177 "price": "Free",
3178 "online": "False"
3179 },
3180 {
3181 "name": "RSATool",
3182 "source": "https://github.com/ius/rsatool",
3183 "description": "Tool to calculate RSA parameters",
3184 "language": "Python",
3185 "price": "Free",
3186 "online": "False"
3187 },
3188 {
3189 "name": "RSHack",
3190 "source": "https://github.com/zweisamkeit/RSHack",
3191 "description": "RSA attack and key manipulation tool",
3192 "language": "",
3193 "price": "Free",
3194 "online": "False"
3195 },
3196 {
3197 "name": "XORTool",
3198 "source": "https://github.com/hellman/xortool",
3199 "description": "Tool to analyze multi-byte xor cipher",
3200 "language": "Python",
3201 "price": "Free",
3202 "online": "False"
3203 }
3204 ]
3205 },
3206 "digital_forensics": {
3207 "tools": [
3208 {
3209 "name": "Cerbero Profiler",
3210 "website": "http://cerbero.io/profiler/",
3211 "description": "File analyzer and inspector",
3212 "price": "Paid",
3213 "online": "False"
3214 },
3215 {
3216 "name": "dnscat2",
3217 "source": "https://github.com/iagox86/dnscat2",
3218 "description": "Encrypted command-and-control (C&C) channel over the DNS protocol, data exfiltration",
3219 "language": "Cplusplus",
3220 "price": "Free",
3221 "online": "False"
3222 },
3223 {
3224 "name": "ExifTool",
3225 "website": "http://www.sno.phy.queensu.ca/%7Ephil/exiftool/",
3226 "source": "https://sourceforge.net/projects/exiftool/",
3227 "description": "Library and CLI tool for reading, writing and editing metadata for a lot of file types",
3228 "language": "Perl",
3229 "price": "Free",
3230 "online": "False"
3231 },
3232 {
3233 "name": "extundelete",
3234 "website": "http://extundelete.sourceforge.net/",
3235 "source": "https://sourceforge.net/projects/extundelete/",
3236 "description": "Tool to recover deleted files from an ext3 or ext4 partition",
3237 "price": "Free",
3238 "online": "False"
3239 },
3240 {
3241 "name": "Fibratus",
3242 "source": "https://github.com/rabbitstack/fibratus",
3243 "description": "Tool for exploration and tracing of the Windows kernel",
3244 "language": "Python",
3245 "price": "Free",
3246 "online": "False"
3247 },
3248 {
3249 "name": "Foremost",
3250 "website": "http://foremost.sourceforge.net/",
3251 "source": "https://sourceforge.net/projects/foremost/",
3252 "description": "CLI tool to recover files based on their headers, footers, and internal data structures",
3253 "price": "Free",
3254 "online": "False"
3255 },
3256 {
3257 "name": "rekall",
3258 "website": "http://www.rekall-forensic.com/",
3259 "source": "https://github.com/google/rekall",
3260 "description": "Volatile memory extraction utility",
3261 "language": "Python",
3262 "price": "Free",
3263 "online": "False"
3264 },
3265 {
3266 "name": "rekall (Fireeye fork)",
3267 "source": "https://github.com/fireeye/win10_rekall",
3268 "description": "Fork of rekall with support for Windows 10 memory compression",
3269 "language": "Python",
3270 "price": "Free",
3271 "online": "False"
3272 },
3273 {
3274 "name": "ResourcesExtract",
3275 "website": "http://www.nirsoft.net/utils/resources_extract.html",
3276 "description": "Scans dll/ocx/exe files and extract all resources found, Windows only",
3277 "price": "Free",
3278 "online": "False"
3279 },
3280 {
3281 "name": "shellbags",
3282 "source": "https://github.com/williballenthin/shellbags",
3283 "description": "Shellbag parser (Windows Registry Keys)",
3284 "language": "Python",
3285 "price": "Free",
3286 "online": "False"
3287 },
3288 {
3289 "name": "volatility",
3290 "website": "http://www.volatilityfoundation.org/",
3291 "source": "https://github.com/volatilityfoundation/volatility",
3292 "description": "Volatile memory extraction utility",
3293 "language": "Python",
3294 "price": "Free",
3295 "online": "False"
3296 },
3297 {
3298 "name": "volatility (Fireeye fork)",
3299 "source": "https://github.com/fireeye/win10_volatility",
3300 "description": "Fork of volatility with support for Windows 10 memory compression",
3301 "language": "Python",
3302 "price": "Free",
3303 "online": "False"
3304 }
3305 ]
3306 },
3307 "honeypot_decoy": {
3308 "tools": [
3309 {
3310 "name": "Canarytokens",
3311 "website": "https://canarytokens.org/generate",
3312 "source": "https://github.com/thinkst/canarytokens",
3313 "description": "quickly deployable honeypot with docker image, the online service allows to get alerted by email for URL token, DNS token, unique email address, custom image, MS word doc., Acrobat Reader PDF doc., and more",
3314 "price": "Free",
3315 "online": "True"
3316 },
3317 {
3318 "name": "DejaVU",
3319 "source": "https://github.com/bhdresh/Dejavu",
3320 "description": "Deception framework which can be used to deploy decoys across the infrastructure",
3321 "price": "Free",
3322 "online": "False"
3323 }
3324 ]
3325 },
3326 "incident_response": {
3327 "tools": [
3328 {
3329 "name": "DFIRTrack",
3330 "source": "https://github.com/stuhli/dfirtrack",
3331 "description": "Incident response tracking web application, focused on handling one major incident with a lot of affected systems",
3332 "language": "Python",
3333 "price": "Free",
3334 "online": "False"
3335 },
3336 {
3337 "name": "IntelMQ",
3338 "source": "https://github.com/certtools/intelmq",
3339 "description": "Solution for collecting and processing security feeds using a message queuing protocol",
3340 "language": "Python",
3341 "price": "Free",
3342 "online": "False"
3343 },
3344 {
3345 "name": "SCOT",
3346 "website": "http://getscot.sandia.gov/",
3347 "source": "https://github.com/sandialabs/scot",
3348 "description": "Sandia Cyber Omni Tracker; cyber security incident response management system and knowledge base",
3349 "language": "Perl",
3350 "price": "Free",
3351 "online": "False"
3352 }
3353 ]
3354 },
3355 "intentionally_vulnerable_applications": {
3356 "tools": [
3357 {
3358 "name": "bWAPP",
3359 "website": "http://www.itsecgames.com/",
3360 "source": "https://sourceforge.net/p/bwapp/code/ci/master/tree/",
3361 "description": "Buggy Web Application, insecure webapp for security trainings",
3362 "language": "PHP",
3363 "price": "Free",
3364 "online": "False"
3365 },
3366 {
3367 "name": "DVIA",
3368 "website": "http://damnvulnerableiosapp.com/",
3369 "source": "https://github.com/prateek147/DVIA-v2",
3370 "description": "Damn Vulnerable iOS App, insecure webapp for mobile security trainings",
3371 "language": "Swift",
3372 "price": "Free",
3373 "online": "False"
3374 },
3375 {
3376 "name": "DVWA",
3377 "website": "http://www.dvwa.co.uk/",
3378 "source": "https://github.com/ethicalhack3r/DVWA",
3379 "description": "Damn Vulnerable Web Application, insecure webapp for security trainings",
3380 "language": "PHP",
3381 "price": "Free",
3382 "online": "False"
3383 },
3384 {
3385 "name": "Google Gruyere",
3386 "website": "http://google-gruyere.appspot.com",
3387 "source": "http://google-gruyere.appspot.com/code/",
3388 "description": "Codelab for white-box and black-box hacking",
3389 "language": "Python",
3390 "price": "Free",
3391 "online": "True"
3392 },
3393 {
3394 "name": "Hackazon",
3395 "source": "https://github.com/rapid7/hackazon",
3396 "description": "Intentionally vulnerable web shopping application using modern technologies and containing configurable areas",
3397 "language": "PHP",
3398 "price": "Free",
3399 "online": "False"
3400 },
3401 {
3402 "name": "OWASP Juice Shop",
3403 "website": "http://owasp-juice.shop",
3404 "source": "https://github.com/bkimminich/juice-shop",
3405 "description": "Insecure web application with >85 challenges; supports CTFs, custom themes, tutorial mode etc.",
3406 "language": "JavaScript",
3407 "price": "Free",
3408 "online": "False"
3409 },
3410 {
3411 "name": "OWASP Mutillidae II",
3412 "website": "https://www.owasp.org/index.php/OWASP_Mutillidae_2_Project",
3413 "source": "https://sourceforge.net/projects/mutillidae/?source=navbar",
3414 "description": "Intentionally vulnerable web-application containing some OWASP Top Ten vulnerabilities, with hints and switch for secure version of the code",
3415 "language": "PHP",
3416 "price": "Free",
3417 "online": "False"
3418 },
3419 {
3420 "name": "OWASP WebGoat",
3421 "website": "https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project",
3422 "source": "https://github.com/WebGoat/WebGoat",
3423 "description": "Deliberately insecure web application to teach web application security lessons",
3424 "language": "Java",
3425 "price": "Free",
3426 "online": "False"
3427 },
3428 {
3429 "name": "XVNA",
3430 "source": "https://github.com/vegabird/xvna",
3431 "description": "Extreme Vulnerable Node Application, insecure webapp for security trainings",
3432 "language": "JavaScript",
3433 "price": "Free",
3434 "online": "False"
3435 }
3436 ]
3437 },
3438 "networking": {
3439 "tools": [
3440 {
3441 "name": "ActiveDirectoryEnumeration",
3442 "source": "https://github.com/CasperGN/ActiveDirectoryEnumeration",
3443 "description": "Enumerate AD through LDAP with a collection of helpfull scripts being bundled: ASREPRoasting, Kerberoasting, dump AD as BloodHound JSON files, searching GPOs in SYSVOL for cpassword and decrypting, run without creds",
3444 "language": "Python",
3445 "price": "Free",
3446 "online": "False"
3447 },
3448 {
3449 "name": "ad-ldap-enum",
3450 "source": "https://github.com/CroweCybersecurity/ad-ldap-enum",
3451 "description": "LDAP based Active Directory user and group enumeration tool",
3452 "language": "Python",
3453 "price": "Free",
3454 "online": "False"
3455 },
3456 {
3457 "name": "archtorify",
3458 "source": "https://github.com/brainfucksec/archtorify",
3459 "description": "Script for Arch Linux which use iptables settings to create a transparent proxy through Tor Network",
3460 "language": "Shell",
3461 "price": "Free",
3462 "online": "False"
3463 },
3464 {
3465 "name": "Arecibo",
3466 "source": "https://github.com/TarlogicSecurity/Arecibo",
3467 "description": "Endpoint for Out-of-Band Exfiltration (DNS & HTTP)",
3468 "language": "Python",
3469 "price": "Free",
3470 "online": "False"
3471 },
3472 {
3473 "name": "bettercap",
3474 "website": "http://www.bettercap.org/",
3475 "source": "https://github.com/bettercap/bettercap",
3476 "description": "MITM framework",
3477 "language": "Ruby",
3478 "price": "Free",
3479 "online": "False"
3480 },
3481 {
3482 "name": "bettercap web UI",
3483 "website": "http://www.bettercap.org/",
3484 "source": "https://github.com/bettercap/ui",
3485 "description": "Web UI for bettercap",
3486 "language": "TypeScript",
3487 "price": "Free",
3488 "online": "False"
3489 },
3490 {
3491 "name": "boofuzz",
3492 "source": "https://github.com/jtpereyda/boofuzz",
3493 "description": "Network protocol fuzzing framework",
3494 "language": "Python",
3495 "price": "Free",
3496 "online": "False"
3497 },
3498 {
3499 "name": "BruteSpray",
3500 "source": "https://github.com/x90skysn3k/brutespray",
3501 "description": "Takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa",
3502 "language": "Python",
3503 "price": "Free",
3504 "online": "False"
3505 },
3506 {
3507 "name": "BruteX",
3508 "source": "https://github.com/1N3/BruteX",
3509 "description": "Tool using nmap and hydra to automatically bruteforce network service accounts",
3510 "language": "Shell",
3511 "price": "Free",
3512 "online": "False"
3513 },
3514 {
3515 "name": "CapAnalysis",
3516 "website": "http://www.capanalysis.net",
3517 "source": "https://sourceforge.net/projects/capanalysis/",
3518 "description": "PCAP analyzer",
3519 "language": "C",
3520 "price": "Free",
3521 "online": "True"
3522 },
3523 {
3524 "name": "chisel",
3525 "source": "https://github.com/jpillora/chisel",
3526 "description": "Fast TCP tunneling over HTTP secured by SSH",
3527 "language": "Go",
3528 "price": "Free",
3529 "online": "False"
3530 },
3531 {
3532 "name": "CloudShark",
3533 "website": "https://www.cloudshark.org/",
3534 "description": "PCAP analyzer",
3535 "price": "Paid",
3536 "online": "True"
3537 },
3538 {
3539 "name": "Evil-WinRM",
3540 "source": "https://github.com/Hackplayers/evil-winrm",
3541 "description": "Enhanced WinRM shell",
3542 "language": "Ruby",
3543 "price": "Free",
3544 "online": "False"
3545 },
3546 {
3547 "name": "Garfield",
3548 "source": "https://github.com/torque59/Garfield",
3549 "description": "Attack framework for distributed systems",
3550 "language": "Python",
3551 "price": "Free",
3552 "online": "False"
3553 },
3554 {
3555 "name": "goddi",
3556 "source": "https://github.com/NetSPI/goddi",
3557 "description": "Active Directory domain information dumper",
3558 "language": "Go",
3559 "price": "Free",
3560 "online": "False"
3561 },
3562 {
3563 "name": "HASSH",
3564 "source": "https://github.com/salesforce/hassh",
3565 "description": "Network fingerprinting standard which can be used to identify specific client and server SSH implementations",
3566 "language": "Python",
3567 "price": "Free",
3568 "online": "False"
3569 },
3570 {
3571 "name": "HellRaiser",
3572 "source": "https://github.com/m0nad/HellRaiser",
3573 "description": "Scan with nmap to correlate CPE's found with cve-search to enumerate vulnerabilities",
3574 "language": "Ruby",
3575 "price": "Free",
3576 "online": "False"
3577 },
3578 {
3579 "name": "Hydra",
3580 "website": "https://www.thc.org/thc-hydra/",
3581 "source": "https://github.com/vanhauser-thc/thc-hydra",
3582 "description": "Network login cracker",
3583 "language": "C",
3584 "price": "Free",
3585 "online": "False"
3586 },
3587 {
3588 "name": "kalitorify",
3589 "source": "https://github.com/brainfucksec/kalitorify",
3590 "description": "Script for Kali Linux which use iptables settings to create a transparent proxy through Tor Network",
3591 "language": "Shell",
3592 "price": "Free",
3593 "online": "False"
3594 },
3595 {
3596 "name": "Ligolo",
3597 "source": "https://github.com/sysdream/ligolo",
3598 "description": "Pivot / reverse tunneling tool with SOCKS5 et TCP tunnel support",
3599 "language": "Go",
3600 "price": "Free",
3601 "online": "False"
3602 },
3603 {
3604 "name": "Masscan",
3605 "source": "https://github.com/robertdavidgraham/masscan",
3606 "description": "Port scanner for massive networks",
3607 "language": "C",
3608 "price": "Free",
3609 "online": "False"
3610 },
3611 {
3612 "name": "Medusa",
3613 "website": "http://foofus.net/goons/jmk/medusa/medusa.html",
3614 "description": "Network login cracker",
3615 "price": "Free",
3616 "online": "False"
3617 },
3618 {
3619 "name": "Medusa-gui",
3620 "source": "https://github.com/Tak31337/medusa-gui",
3621 "description": "GUI for Medusa",
3622 "language": "Java",
3623 "price": "Free",
3624 "online": "False"
3625 },
3626 {
3627 "name": "Ncrack",
3628 "website": "https://nmap.org/ncrack/",
3629 "source": "https://github.com/nmap/ncrack",
3630 "description": "Reliable and adaptative network login cracker supporting a large number of protocols",
3631 "language": "Cplusplus",
3632 "price": "Free",
3633 "online": "False"
3634 },
3635 {
3636 "name": "nemesis",
3637 "website": "http://troglobit.com/projects/nemesis/",
3638 "source": "https://github.com/troglobit/nemesis",
3639 "description": "Packet manipulation CLI tool; craft and inject packets of several protocols",
3640 "language": "Python",
3641 "price": "Free",
3642 "online": "False"
3643 },
3644 {
3645 "name": "Netfort Free Cloud Based PCAP Analysis",
3646 "website": "https://www.netfort.com/cloud-based-pcap-analysis/",
3647 "description": "PCAP analyzer; needs registration",
3648 "price": "Free",
3649 "online": "True"
3650 },
3651 {
3652 "name": "NetworkMiner",
3653 "website": "http://www.netresec.com/?page=NetworkMiner",
3654 "description": "Network sniffer/packet capturing tool",
3655 "price": "Free",
3656 "online": "False"
3657 },
3658 {
3659 "name": "NetworkTotal",
3660 "website": "https://www.networktotal.com/",
3661 "description": "PCAP analyzer; using Suricata",
3662 "price": "Free",
3663 "online": "True"
3664 },
3665 {
3666 "name": "Nipe",
3667 "source": "https://github.com/GouveaHeitor/nipe",
3668 "description": "Script to make TOR as default gateway",
3669 "language": "Perl",
3670 "price": "Free",
3671 "online": "False"
3672 },
3673 {
3674 "name": "Nmap",
3675 "website": "https://nmap.org/",
3676 "source": "https://github.com/nmap/nmap",
3677 "description": "Tool for network discovery and security auditing",
3678 "language": "C",
3679 "price": "Free",
3680 "online": "False"
3681 },
3682 {
3683 "name": "NMapGUI",
3684 "source": "https://github.com/danicuestasuarez/NMapGUI",
3685 "description": "Advanced GUI for Nmap",
3686 "language": "Java",
3687 "price": "Free",
3688 "online": "False"
3689 },
3690 {
3691 "name": "Nozzlr",
3692 "source": "https://github.com/intrd/nozzlr",
3693 "description": "Multithreaded and modular bruteforce framework with network templates",
3694 "language": "Python",
3695 "price": "Free",
3696 "online": "False"
3697 },
3698 {
3699 "name": "onesixtyone",
3700 "source": "https://github.com/trailofbits/onesixtyone",
3701 "description": "SNMP scanner",
3702 "language": "C",
3703 "price": "Free",
3704 "online": "False"
3705 },
3706 {
3707 "name": "OOB-Server",
3708 "source": "https://github.com/JuxhinDB/OOB-Server",
3709 "description": "Bind9 DNS server for pentesters to use for Out-of-Band vulnerabilities",
3710 "language": "Shell",
3711 "price": "Free",
3712 "online": "False"
3713 },
3714 {
3715 "name": "PacketFu",
3716 "source": "https://github.com/packetfu/packetfu",
3717 "description": "Packet manipulation library; forge, send, decode, capture packets of a wide number of protocols",
3718 "language": "Ruby",
3719 "price": "Free",
3720 "online": "False"
3721 },
3722 {
3723 "name": "PacketTotal",
3724 "website": "https://packettotal.com/",
3725 "description": "PCAP analyzer; using Bro, Suricata and Elasticsearch",
3726 "price": "Free",
3727 "online": "True"
3728 },
3729 {
3730 "name": "PacketWhisper",
3731 "source": "https://github.com/TryCatchHCF/PacketWhisper",
3732 "description": "Stealthy Data exfiltration via DNS, without the need for attacker-controlled Name Servers or domain",
3733 "language": "Python",
3734 "price": "Free",
3735 "online": "False"
3736 },
3737 {
3738 "name": "Patator",
3739 "source": "https://github.com/lanjelot/patator",
3740 "description": "Multi-protocol bruteforce tool",
3741 "language": "Python",
3742 "price": "Free",
3743 "online": "False"
3744 },
3745 {
3746 "name": "polarbearscan",
3747 "website": "http://santarago.org/pbscan.html",
3748 "source": "https://github.com/gvb84/pbscan",
3749 "description": "Port scanner and banner grabber",
3750 "language": "C",
3751 "price": "Free",
3752 "online": "False"
3753 },
3754 {
3755 "name": "Polymorph",
3756 "source": "https://github.com/shramos/polymorph",
3757 "description": "Real-time network packet manipulation framework",
3758 "language": "Python",
3759 "price": "Free",
3760 "online": "False"
3761 },
3762 {
3763 "name": "pwncat",
3764 "website": "https://pwncat.org/",
3765 "source": "https://github.com/cytopia/pwncat",
3766 "description": "Sophisticated bind and reverse shell handler with many features as well as a drop-in replacement or compatible complement to netcat, ncat or socat",
3767 "language": "Python",
3768 "price": "Free",
3769 "online": "False"
3770 },
3771 {
3772 "name": "rdp-sec-check",
3773 "source": "https://github.com/portcullislabs/rdp-sec-check",
3774 "description": "Script to enumerate security settings of an RDP Service",
3775 "language": "Perl",
3776 "price": "Free",
3777 "online": "False"
3778 },
3779 {
3780 "name": "Responder",
3781 "source": "https://github.com/SpiderLabs/Responder",
3782 "description": "LLMNR, NBT-NS and MDNS poisoner to intercept authentication requests/answers",
3783 "language": "Python",
3784 "price": "Free",
3785 "online": "False"
3786 },
3787 {
3788 "name": "RMIScout",
3789 "website": "https://know.bishopfox.com/research/rmiscout",
3790 "source": "https://github.com/BishopFox/rmiscout",
3791 "description": "Enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities through wordlist and bruteforce strategies",
3792 "language": "Java",
3793 "price": "Free",
3794 "online": "False"
3795 },
3796 {
3797 "name": "sandmap",
3798 "source": "https://github.com/trimstray/sandmap",
3799 "description": "Metasploit-like CLI interface for Nmap Script Engine (NSE)",
3800 "language": "Shell",
3801 "price": "Free",
3802 "online": "False"
3803 },
3804 {
3805 "name": "Scapy",
3806 "website": "https://scapy.net/",
3807 "source": "https://github.com/secdev/scapy/",
3808 "description": "Packet manipulation library; forge, send, decode, capture packets of a wide number of protocols",
3809 "language": "Python",
3810 "price": "Free",
3811 "online": "False"
3812 },
3813 {
3814 "name": "Seth",
3815 "source": "https://github.com/SySS-Research/Seth",
3816 "description": "RDP MitM tool",
3817 "language": "Python",
3818 "price": "Free",
3819 "online": "False"
3820 },
3821 {
3822 "name": "Singularity",
3823 "website": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2018/august/singularity-of-origin-a-dns-rebinding-attack-framework/",
3824 "source": "https://github.com/nccgroup/singularity",
3825 "description": "DNS rebinding attack framework",
3826 "language": "Go",
3827 "price": "Free",
3828 "online": "False"
3829 },
3830 {
3831 "name": "SNMP Brute",
3832 "source": "https://github.com/SECFORCE/SNMP-Brute",
3833 "description": "SNMP brute force, enumeration, CISCO config downloader and password cracking script",
3834 "language": "Python",
3835 "price": "Free",
3836 "online": "False"
3837 },
3838 {
3839 "name": "snmpbw.pl",
3840 "source": "https://github.com/dheiland-r7/snmp",
3841 "description": "Multithreaded script for bulk walking targeted host systems for SNMP data",
3842 "language": "Perl",
3843 "price": "Free",
3844 "online": "False"
3845 },
3846 {
3847 "name": "ssh-audit",
3848 "website": "https://www.ssh-audit.com/",
3849 "source": "https://github.com/jtesta/ssh-audit",
3850 "description": "SSH scanner that detects protocol, version, grab banner, recognize software and operating system, output algorithm information and recommendations",
3851 "language": "Python",
3852 "price": "Free",
3853 "online": "False"
3854 },
3855 {
3856 "name": "Tsunami",
3857 "source": "https://github.com/google/tsunami-security-scanner",
3858 "description": "Network security scanner with an extensible plugin system",
3859 "language": "Java",
3860 "price": "Free",
3861 "online": "False"
3862 },
3863 {
3864 "name": "WebMap v1",
3865 "source": "https://github.com/PunitTailor55/WebMap",
3866 "description": "A web dashboard for nmap XML report",
3867 "language": "Python",
3868 "price": "Free",
3869 "online": "False"
3870 },
3871 {
3872 "name": "WebMap v2",
3873 "source": "https://github.com/Nazicc/WebMap",
3874 "description": "A web dashboard for nmap XML report",
3875 "language": "https://github.com/Nazicc/WebMap",
3876 "price": "Free",
3877 "online": "False"
3878 },
3879 {
3880 "name": "Whonow",
3881 "source": "https://github.com/brannondorsey/whonow",
3882 "description": "DNS Server for executing DNS Rebinding attacks",
3883 "language": "JavaScript",
3884 "price": "Free",
3885 "online": "False"
3886 },
3887 {
3888 "name": "windapsearch",
3889 "source": "https://github.com/ropnop/windapsearch",
3890 "description": "Script to enumerate users, groups and computers from a Windows domain through LDAP queries",
3891 "language": "Python",
3892 "price": "Free",
3893 "online": "False"
3894 },
3895 {
3896 "name": "Wireshark",
3897 "website": "https://www.wireshark.org/",
3898 "source": "https://code.wireshark.org/review/gitweb?p=wireshark.git",
3899 "description": "Network protocol analyzer",
3900 "language": "Cplusplus",
3901 "price": "Free",
3902 "online": "False"
3903 },
3904 {
3905 "name": "yersinia",
3906 "source": "https://github.com/tomac/yersinia",
3907 "description": "Framework for layer 2 attacks",
3908 "language": "C",
3909 "price": "Free",
3910 "online": "False"
3911 },
3912 {
3913 "name": "Zenmap",
3914 "website": "https://nmap.org/zenmap/",
3915 "source": "https://github.com/nmap/nmap/tree/master/zenmap",
3916 "description": "GUI for Nmap",
3917 "language": "Python",
3918 "price": "Free",
3919 "online": "False"
3920 },
3921 {
3922 "name": "Zmap",
3923 "website": "https://zmap.io/",
3924 "source": "https://github.com/zmap/zmap",
3925 "description": "Collection of tools to scan and study massive networks",
3926 "language": "C",
3927 "price": "Free",
3928 "online": "False"
3929 }
3930 ]
3931 },
3932 "osint": {
3933 "tools": [
3934 {
3935 "name": "Amass",
3936 "website": "https://www.owasp.org/index.php/OWASP_Amass_Project",
3937 "source": "https://github.com/OWASP/Amass/",
3938 "description": "DNS enumeration and network mapping tool suite: scraping, recursive brute forcing, crawling web archives, reverse DNS sweeping",
3939 "language": "Go",
3940 "price": "Free",
3941 "online": "False"
3942 },
3943 {
3944 "name": "Aquatone",
3945 "website": "https://michenriksen.com/blog/aquatone-now-in-go/",
3946 "source": "https://github.com/michenriksen/aquatone",
3947 "description": "Domain flyover tool; visual inspection of websites across a large amount of hosts and is convenient for quickly gaining an overview of HTTP-based attack surface",
3948 "language": "Go",
3949 "price": "Free",
3950 "online": "False"
3951 },
3952 {
3953 "name": "Asnlookup",
3954 "source": "https://github.com/yassineaboukir/Asnlookup",
3955 "description": "Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it",
3956 "language": "Python",
3957 "price": "Free",
3958 "online": "False"
3959 },
3960 {
3961 "name": "AutoRecon",
3962 "source": "https://github.com/Tib3rius/AutoRecon",
3963 "description": "Multi-threaded network reconnaissance tool which performs automated enumeration of services",
3964 "language": "Python",
3965 "price": "Free",
3966 "online": "False"
3967 },
3968 {
3969 "name": "badKarma",
3970 "source": "https://github.com/r3vn/badKarma",
3971 "description": "Advanced network reconnaissance tool",
3972 "language": "Python",
3973 "price": "Free",
3974 "online": "False"
3975 },
3976 {
3977 "name": "Belati",
3978 "source": "https://github.com/aancw/Belati",
3979 "description": "OSINT tool, collect data and document actively or passively",
3980 "language": "Python",
3981 "price": "Free",
3982 "online": "False"
3983 },
3984 {
3985 "name": "datasploit",
3986 "website": "https://datasploit.github.io/datasploit/",
3987 "source": "https://github.com/DataSploit/datasploit",
3988 "description": "OSINT framework, find, aggregate and export data",
3989 "language": "Python",
3990 "price": "Free",
3991 "online": "False"
3992 },
3993 {
3994 "name": "dnsenum",
3995 "source": "https://github.com/fwaeytens/dnsenum",
3996 "description": "DNS reconnaissance tool: AXFR, DNS records enumeration, subdomain bruteforce, range reverse lookup",
3997 "language": "Perl",
3998 "price": "Free",
3999 "online": "False"
4000 },
4001 {
4002 "name": "dnsenum2",
4003 "source": "https://github.com/SparrowOchon/dnsenum2",
4004 "description": "Continuation of dnsenum project",
4005 "language": "Perl",
4006 "price": "Free",
4007 "online": "False"
4008 },
4009 {
4010 "name": "DNSRecon",
4011 "source": "https://github.com/darkoperator/dnsrecon",
4012 "description": "DNS reconnaissance tool: AXFR, DNS records enumeration, TLD expansion, wildcard resolution, subdomain bruteforce, PTR record lookup, check for cached records",
4013 "language": "Python",
4014 "price": "Free",
4015 "online": "False"
4016 },
4017 {
4018 "name": "EagleEye",
4019 "source": "https://github.com/ThoughtfulDev/EagleEye",
4020 "description": "OSINT tool, image recognition on instagram, facebook and twitter",
4021 "language": "Python",
4022 "price": "Free",
4023 "online": "False"
4024 },
4025 {
4026 "name": "eTools.ch",
4027 "website": "https://www.etools.ch/",
4028 "description": "Metasearch engine, query 16 search engines in parallel",
4029 "price": "Free",
4030 "online": "True"
4031 },
4032 {
4033 "name": "Facebook_OSINT_Dump",
4034 "source": "https://github.com/TheCyberViking/Facebook_OSINT_Dump",
4035 "description": "OSINT tool, facebook profile dumper, windows and chrome only",
4036 "language": "Shell",
4037 "price": "Free",
4038 "online": "False"
4039 },
4040 {
4041 "name": "FinalRecon",
4042 "source": "https://github.com/thewhiteh4t/FinalRecon",
4043 "description": "Web reconnaissance script",
4044 "language": "Python",
4045 "price": "Free",
4046 "online": "False"
4047 },
4048 {
4049 "name": "Findomain",
4050 "source": "https://github.com/Edu4rdSHL/findomain",
4051 "description": "Fast subdomain enumerator",
4052 "language": "Rust",
4053 "price": "Free",
4054 "online": "False"
4055 },
4056 {
4057 "name": "FOCA",
4058 "website": "https://www.elevenpaths.com/labstools/foca/index.html",
4059 "source": "https://github.com/ElevenPaths/FOCA",
4060 "description": "OSINT framework and metadata analyser",
4061 "language": "Csharp",
4062 "price": "Free",
4063 "online": "False"
4064 },
4065 {
4066 "name": "gitGraber",
4067 "source": "https://github.com/hisxo/gitGraber",
4068 "description": "Monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe, etc.",
4069 "language": "Python",
4070 "price": "Free",
4071 "online": "False"
4072 },
4073 {
4074 "name": "Gorecon",
4075 "source": "https://github.com/devanshbatham/Gorecon",
4076 "description": "Reconnaissance toolkit",
4077 "language": "Go",
4078 "price": "Free",
4079 "online": "False"
4080 },
4081 {
4082 "name": "gOSINT",
4083 "source": "https://github.com/Nhoya/gOSINT",
4084 "description": "OSINT framework; find mails, dumps, retrieve Telegram history and info about hosts",
4085 "language": "Go",
4086 "price": "Free",
4087 "online": "False"
4088 },
4089 {
4090 "name": "Harpoon",
4091 "source": "https://github.com/Te-k/harpoon",
4092 "description": "CLI tool; collect data and document actively or passively",
4093 "language": "Python",
4094 "price": "Free",
4095 "online": "False"
4096 },
4097 {
4098 "name": "IVRE",
4099 "website": "https://ivre.rocks/",
4100 "source": "https://github.com/cea-sec/ivre",
4101 "description": "IVRE (Instrument de veille sur les réseaux extérieurs) or DRUNK (Dynamic Recon of UNKnown networks); network recon framework including tools ofr passive and active recon",
4102 "language": "Python",
4103 "price": "Free",
4104 "online": "False"
4105 },
4106 {
4107 "name": "kitphishr",
4108 "source": "https://github.com/cybercdh/kitphishr",
4109 "description": "Hunts for phishing kit source code by traversing URL folders and searching in open directories for zip files; supports list of URLs or PhishTank",
4110 "language": "Go",
4111 "price": "Free",
4112 "online": "False"
4113 },
4114 {
4115 "name": "Kostebek",
4116 "source": "https://github.com/esecuritylab/kostebek",
4117 "description": "Tool to find firms domains by searching their trademark information",
4118 "language": "Python",
4119 "price": "Free",
4120 "online": "False"
4121 },
4122 {
4123 "name": "LeakLooker",
4124 "source": "https://github.com/woj-ciech/LeakLooker-X",
4125 "description": "Discover, browse and monitor database/source code leaks",
4126 "language": "Python",
4127 "price": "Free",
4128 "online": "False"
4129 },
4130 {
4131 "name": "leakScraper",
4132 "source": "https://github.com/Acceis/leakScraper",
4133 "description": "Set of tools to process and visualize huge text files containing credentials",
4134 "language": "Python",
4135 "price": "Free",
4136 "online": "False"
4137 },
4138 {
4139 "name": "LinEnum",
4140 "source": "https://github.com/rebootuser/LinEnum",
4141 "description": "System script for local Linux enumeration and privilege escalation checks",
4142 "language": "Shell",
4143 "price": "Free",
4144 "online": "False"
4145 },
4146 {
4147 "name": "MassDNS",
4148 "source": "https://github.com/blechschmidt/massdns",
4149 "description": "High-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)",
4150 "language": "C",
4151 "price": "Free",
4152 "online": "False"
4153 },
4154 {
4155 "name": "Metabigor",
4156 "source": "https://github.com/j3ssie/metabigor",
4157 "description": "OSINT tool that doesn't require any API key",
4158 "language": "Go",
4159 "price": "Free",
4160 "online": "False"
4161 },
4162 {
4163 "name": "ODIN",
4164 "source": "https://github.com/chrismaddalena/ODIN",
4165 "description": "Observe, Detect, and Investigate Networks, Automated reconnaissance tool",
4166 "language": "Python",
4167 "price": "Free",
4168 "online": "False"
4169 },
4170 {
4171 "name": "Omnibus",
4172 "source": "https://github.com/InQuest/omnibus",
4173 "description": "OSINT framework; collection of tools",
4174 "language": "Python",
4175 "price": "Free",
4176 "online": "False"
4177 },
4178 {
4179 "name": "OneForAll",
4180 "source": "https://github.com/shmilylty/OneForAll/blob/master/docs/en-us/README.md",
4181 "description": "Subdomain enumeration tool",
4182 "language": "Python",
4183 "price": "Free",
4184 "online": "False"
4185 },
4186 {
4187 "name": "OSINT Framework",
4188 "website": "http://osintframework.com/",
4189 "source": "https://github.com/lockfale/OSINT-Framework",
4190 "description": "A web-based collection of tools and resources for OSINT",
4191 "language": "Javascript",
4192 "price": "Free",
4193 "online": "True"
4194 },
4195 {
4196 "name": "Osmedeus",
4197 "website": "https://j3ssie.github.io/Osmedeus/",
4198 "source": "https://github.com/j3ssie/Osmedeus",
4199 "description": "Automated framework for reconnaissance and vulnerability scanning",
4200 "language": "Python",
4201 "price": "Free",
4202 "online": "False"
4203 },
4204 {
4205 "name": "Photon",
4206 "source": "https://github.com/s0md3v/Photon",
4207 "description": "Fast crawler designed for OSINT",
4208 "language": "Python",
4209 "price": "Free",
4210 "online": "False"
4211 },
4212 {
4213 "name": "PITT",
4214 "source": "https://github.com/TheCyberViking/PublicIntelligenceTool",
4215 "description": "Web browser loaded with links and extensions for doing OSINT",
4216 "price": "Free",
4217 "online": "False"
4218 },
4219 {
4220 "name": "ReconDog",
4221 "source": "https://github.com/s0md3v/ReconDog",
4222 "description": "Multi-purpose reconnaissance tool, CMS detection, reverse IP lookup, port scan, etc.",
4223 "language": "Python",
4224 "price": "Free",
4225 "online": "False"
4226 },
4227 {
4228 "name": "Recon-ng",
4229 "source": "https://bitbucket.org/LaNMaSteR53/recon-ng/",
4230 "description": "Web-based reconnaissance tool",
4231 "language": "Python",
4232 "price": "Free",
4233 "online": "False"
4234 },
4235 {
4236 "name": "Reconnoitre",
4237 "source": "https://github.com/codingo/Reconnoitre",
4238 "description": "Tool made to automate information gathering and service enumeration while storing results",
4239 "language": "Python",
4240 "price": "Free",
4241 "online": "False"
4242 },
4243 {
4244 "name": "ReconScan",
4245 "source": "https://github.com/RoliSoft/ReconScan",
4246 "description": "Network reconnaissance and vulnerability assessment tools",
4247 "language": "Python",
4248 "price": "Free",
4249 "online": "False"
4250 },
4251 {
4252 "name": "Recsech",
4253 "source": "https://github.com/radenvodka/Recsech",
4254 "description": "Web reconnaissance and vulnerability scanner tool",
4255 "language": "PHP",
4256 "price": "Free",
4257 "online": "False"
4258 },
4259 {
4260 "name": "Red Team Arsenal",
4261 "source": "https://github.com/flipkart-incubator/RTA",
4262 "description": "Automated reconnaissance scanner and security checks",
4263 "language": "Python",
4264 "price": "Free",
4265 "online": "False"
4266 },
4267 {
4268 "name": "reNgine",
4269 "website": "https://yogeshojha.github.io/rengine/",
4270 "source": "https://github.com/yogeshojha/rengine",
4271 "description": "Automated recon framework for web applications; customizable scan engines & pipeline of reconnaissance",
4272 "language": "Python",
4273 "price": "Free",
4274 "online": "False"
4275 },
4276 {
4277 "name": "Sandmap",
4278 "website": "https://github.com/trimstray/sandmap/wiki",
4279 "source": "https://github.com/trimstray/sandmap",
4280 "description": "Network and system reconnaissance scanner using Nmap",
4281 "language": "Shell",
4282 "price": "Free",
4283 "online": "False"
4284 },
4285 {
4286 "name": "SearchDNS",
4287 "website": "https://searchdns.netcraft.com/",
4288 "description": "Netcraft tool; Search and find information for domains and subdomains",
4289 "price": "Free",
4290 "online": "True"
4291 },
4292 {
4293 "name": "shosubgo",
4294 "source": "https://github.com/incogbyte/shosubgo",
4295 "description": "Grab subdomains using Shodan api",
4296 "language": "Go",
4297 "price": "Free",
4298 "online": "False"
4299 },
4300 {
4301 "name": "shuffledns",
4302 "source": "https://github.com/projectdiscovery/shuffledns",
4303 "description": "Wrapper around massdns that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support",
4304 "language": "Go",
4305 "price": "Free",
4306 "online": "False"
4307 },
4308 {
4309 "name": "SiteBroker",
4310 "source": "https://github.com/Anon-Exploiter/SiteBroker",
4311 "description": "Tool for information gathering and penetration test automation",
4312 "language": "Python",
4313 "price": "Free",
4314 "online": "False"
4315 },
4316 {
4317 "name": "Sn1per",
4318 "source": "https://github.com/1N3/Sn1per",
4319 "description": "Automated reconnaissance scanner",
4320 "language": "Shell",
4321 "price": "Free",
4322 "online": "False"
4323 },
4324 {
4325 "name": "spiderfoot",
4326 "website": "http://www.spiderfoot.net/",
4327 "source": "https://github.com/smicallef/spiderfoot",
4328 "description": "OSINT framework, collect and manage data, scan target",
4329 "language": "Python",
4330 "price": "Free",
4331 "online": "False"
4332 },
4333 {
4334 "name": "Stalker",
4335 "source": "https://gitlab.com/Pxmme/stalker",
4336 "description": "Automated scanning of social networks and other websites, using a single nickname",
4337 "language": "Python",
4338 "price": "Free",
4339 "online": "False"
4340 },
4341 {
4342 "name": "SubDomainizer",
4343 "source": "https://github.com/nsonaniya2010/SubDomainizer",
4344 "description": "Find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github",
4345 "language": "Python",
4346 "price": "Free",
4347 "online": "False"
4348 },
4349 {
4350 "name": "subfinder",
4351 "website": "https://projectdiscovery.io/open-source",
4352 "source": "https://github.com/projectdiscovery/subfinder",
4353 "description": "Discovers valid subdomains for websites, designed as a passive framework to be useful for bug bounties and safe for penetration testing",
4354 "language": "Go",
4355 "price": "Free",
4356 "online": "False"
4357 },
4358 {
4359 "name": "Sublist3r",
4360 "source": "https://github.com/aboul3la/Sublist3r",
4361 "description": "Subdomains enumeration tool",
4362 "language": "Python",
4363 "price": "Free",
4364 "online": "False"
4365 },
4366 {
4367 "name": "Sudomy",
4368 "source": "https://github.com/Screetsec/Sudomy",
4369 "description": "Subdomain enumeration tool ",
4370 "language": "Python",
4371 "price": "Free",
4372 "online": "False"
4373 },
4374 {
4375 "name": "Th3inspector",
4376 "source": "https://github.com/Moham3dRiahi/Th3inspector",
4377 "description": "Multi-purpose information gathering tool",
4378 "language": "Perl",
4379 "price": "Free",
4380 "online": "False"
4381 },
4382 {
4383 "name": "theHarvester",
4384 "source": "https://github.com/laramies/theHarvester",
4385 "description": "Multi-purpose information gathering tool: emails, names, subdomains, IPs, URLs",
4386 "language": "Python",
4387 "price": "Free",
4388 "online": "False"
4389 },
4390 {
4391 "name": "tinfoleak",
4392 "source": "https://github.com/vaguileradiaz/tinfoleak",
4393 "description": "Twitter intelligence analysis tool",
4394 "language": "Python",
4395 "price": "Free",
4396 "online": "False"
4397 },
4398 {
4399 "name": "trape",
4400 "source": "https://github.com/jofpin/trape",
4401 "description": "Analysis and research tool, which allows people to track and execute intelligent social engineering attacks in real time",
4402 "language": "Python",
4403 "price": "Free",
4404 "online": "False"
4405 }
4406 ]
4407 },
4408 "other": {
4409 "tools": [
4410 {
4411 "name": "ADB-Toolkit",
4412 "source": "https://github.com/ASHWIN990/ADB-Toolkit",
4413 "description": "Wrapper around adb to ease certain tasks",
4414 "language": "Shell",
4415 "price": "Free",
4416 "online": "False"
4417 },
4418 {
4419 "name": "ctf-party",
4420 "website": "https://noraj.github.io/ctf-party",
4421 "source": "https://github.com/noraj/ctf-party",
4422 "description": "Library to enhance and speed up script/exploit writing for CTF players",
4423 "language": "Ruby",
4424 "price": "Free",
4425 "online": "False"
4426 },
4427 {
4428 "name": "CyberChef",
4429 "website": "https://gchq.github.io/CyberChef/",
4430 "source": "https://github.com/gchq/CyberChef",
4431 "description": "Data manipulation toolkit in web browser",
4432 "language": "JavaScript",
4433 "price": "Free",
4434 "online": "False"
4435 },
4436 {
4437 "name": "DeHashed",
4438 "website": "https://dehashed.com/",
4439 "description": "Service to check if an account has been compromised in a data breach",
4440 "price": "Paid",
4441 "online": "True"
4442 },
4443 {
4444 "name": "discover",
4445 "source": "https://github.com/leebaird/discover",
4446 "description": "Scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit",
4447 "language": "Shell",
4448 "price": "Free",
4449 "online": "False"
4450 },
4451 {
4452 "name": "Firefox Monitor",
4453 "website": "https://monitor.firefox.com/",
4454 "description": "Service to check if an account has been compromised in a data breach",
4455 "price": "Free",
4456 "online": "True"
4457 },
4458 {
4459 "name": "gtfo",
4460 "source": "https://github.com/mzfr/gtfo",
4461 "description": "CLI for earching gtfobins and lolbas from the terminal",
4462 "language": "Python",
4463 "price": "Free",
4464 "online": "False"
4465 },
4466 {
4467 "name": "Have i been pwned?",
4468 "website": "https://haveibeenpwned.com/",
4469 "description": "Service to check if an account has been compromised in a data breach",
4470 "price": "Free",
4471 "online": "True"
4472 },
4473 {
4474 "name": "hideNsneak",
4475 "source": "https://github.com/rmikehodges/hideNsneak",
4476 "description": "CLI tool for ephemeral penetration testing, rapidly deploy and manage various cloud services",
4477 "language": "Go",
4478 "price": "Free",
4479 "online": "False"
4480 },
4481 {
4482 "name": "inlite",
4483 "website": "https://online-barcode-reader.inliteresearch.com/",
4484 "description": "Scan QR-code, 1D, DataMatrix, Postal, PDF417, and more",
4485 "price": "Free",
4486 "online": "True"
4487 },
4488 {
4489 "name": "Interlace",
4490 "source": "https://github.com/codingo/Interlace",
4491 "description": "Turn single threaded command line applications into a multi-threaded application with CIDR and glob support",
4492 "language": "Python",
4493 "price": "Free",
4494 "online": "False"
4495 },
4496 {
4497 "name": "itdis",
4498 "website": "https://noraj.gitlab.io/itdis/",
4499 "source": "https://gitlab.com/noraj/itdis",
4500 "description": "Is This Domain In Scope; a small tool that allows you to check if a list of domains you have been provided is in the scope of your pentest or not",
4501 "language": "Ruby",
4502 "price": "Free",
4503 "online": "False"
4504 },
4505 {
4506 "name": "Metasploit",
4507 "website": "https://www.metasploit.com/",
4508 "source": "https://github.com/rapid7/metasploit-framework",
4509 "description": "Tool and framework for pentesting system, web and many more, contains a lot a ready to use exploit, 4 versions: Pro (paid), Express (paid), Community (free with GUI but on request), Framework (free, open source, CLI)",
4510 "language": "Ruby",
4511 "price": "Paid",
4512 "online": "False"
4513 },
4514 {
4515 "name": "objection",
4516 "source": "https://github.com/sensepost/objection",
4517 "description": "Runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak",
4518 "language": "Python",
4519 "price": "Free",
4520 "online": "False"
4521 },
4522 {
4523 "name": "OpenVAS",
4524 "website": "http://www.openvas.org/",
4525 "source": "https://github.com/greenbone/openvas",
4526 "description": "Open Vulnerability Assessment Scanner",
4527 "language": "C",
4528 "price": "Free",
4529 "online": "False"
4530 },
4531 {
4532 "name": "PentestBox",
4533 "website": "https://pentestbox.org/",
4534 "source": "https://github.com/pentestbox",
4535 "description": "Pre-configured portable penetration testing environment for Windows, all-in-one box",
4536 "price": "Free",
4537 "online": "False"
4538 },
4539 {
4540 "name": "PWDQUERY",
4541 "website": "https://pwdquery.xyz/",
4542 "description": "Service to check if an account has been compromised in a data breach",
4543 "price": "Free",
4544 "online": "True"
4545 },
4546 {
4547 "name": "Ronin",
4548 "website": "https://ronin-ruby.github.io/",
4549 "source": "https://github.com/ronin-ruby/ronin",
4550 "description": "Platform for vulnerability research and exploit development, it allows for the rapid development and distribution of code, Exploits or Payloads, Scanners, etc, via Repositories",
4551 "language": "Ruby",
4552 "price": "Free",
4553 "online": "False"
4554 },
4555 {
4556 "name": "Scrounger",
4557 "source": "https://github.com/nettitude/scrounger",
4558 "description": "Mobile application testing toolkit, the mobile metasploit-like framework",
4559 "language": "Python",
4560 "price": "Free",
4561 "online": "False"
4562 },
4563 {
4564 "name": "Seccubus",
4565 "website": "https://www.seccubus.com/",
4566 "source": "https://github.com/seccubus/seccubus",
4567 "description": "Vulnerability scanning, reporting and analysis",
4568 "language": "JavaScript",
4569 "price": "Free",
4570 "online": "False"
4571 },
4572 {
4573 "name": "SprayingToolkit",
4574 "source": "https://github.com/byt3bl33d3r/SprayingToolkit",
4575 "description": "Password spraying scripts for Lync/S4B and OWA",
4576 "language": "Python",
4577 "price": "Free",
4578 "online": "False"
4579 },
4580 {
4581 "name": "Tool-X",
4582 "source": "https://github.com/Rajkumrdusad/Tool-X",
4583 "description": "Kali linux hacking tool installer",
4584 "language": "Python",
4585 "price": "Free",
4586 "online": "False"
4587 },
4588 {
4589 "name": "v0lt",
4590 "source": "https://github.com/P1kachu/v0lt",
4591 "description": "CTF toolkit / framework",
4592 "language": "Python",
4593 "price": "Free",
4594 "online": "False"
4595 },
4596 {
4597 "name": "VBSmin",
4598 "website": "https://noraj.github.io/vbsmin/",
4599 "source": "https://github.com/noraj/vbsmin",
4600 "description": "VBScript minifier",
4601 "language": "Ruby",
4602 "price": "Free",
4603 "online": "False"
4604 },
4605 {
4606 "name": "webqr",
4607 "website": "https://webqr.com/index.html",
4608 "description": "Scan & create QR-code",
4609 "price": "Free",
4610 "online": "True"
4611 },
4612 {
4613 "name": "ysoserial",
4614 "source": "https://github.com/frohoff/ysoserial",
4615 "description": "Tool for generating payloads that exploit unsafe Java object deserialization",
4616 "language": "Java",
4617 "price": "Free",
4618 "online": "False"
4619 }
4620 ]
4621 },
4622 "plugins": {
4623 "tools": [
4624 {
4625 "name": "AWS Extender",
4626 "tool": "Burp Suite",
4627 "source": "https://github.com/VirtueSecurity/aws-extender",
4628 "description": "Identify and test S3 buckets, Google Storage buckets and Azure Storage containers for common misconfiguration",
4629 "language": "Python",
4630 "price": "Free",
4631 "online": "False"
4632 },
4633 {
4634 "name": "BurpBounty",
4635 "tool": "Burp Suite",
4636 "source": "https://github.com/wagiro/BurpBounty",
4637 "description": "Scan Check Builder in BApp Store, improve the active and passive scanner by means of personalized rules through a graphical interface",
4638 "language": "Java",
4639 "price": "Free",
4640 "online": "False"
4641 },
4642 {
4643 "name": "GEF",
4644 "tool": "GDB",
4645 "source": "https://github.com/hugsy/gef",
4646 "description": "GDB Enhanced Features, multi-architecture",
4647 "language": "Python",
4648 "price": "Free",
4649 "online": "False"
4650 },
4651 {
4652 "name": "Mona",
4653 "tool": "Immunity Debugger",
4654 "source": "https://github.com/corelan/mona",
4655 "description": "Set of commands for Immunity Debugger",
4656 "language": "Python",
4657 "price": "Free",
4658 "online": "False"
4659 },
4660 {
4661 "name": "PEDA",
4662 "tool": "GDB",
4663 "source": "https://github.com/longld/peda",
4664 "description": "Python Exploit Development Assistance, (only python2.7)",
4665 "language": "Python",
4666 "price": "Free",
4667 "online": "False"
4668 },
4669 {
4670 "name": "Pwndbg",
4671 "tool": "GDB",
4672 "source": "https://github.com/pwndbg/pwndbg",
4673 "description": "Enhance GDB, for exploit development and reverse engineering",
4674 "language": "Python",
4675 "price": "Free",
4676 "online": "False"
4677 },
4678 {
4679 "name": "Sploitego",
4680 "tool": "Maltego",
4681 "source": "https://github.com/allfro/sploitego",
4682 "description": "Maltego penetration testing Transforms",
4683 "language": "Python",
4684 "price": "Free",
4685 "online": "False"
4686 },
4687 {
4688 "name": "Stepper",
4689 "tool": "Burp Suite",
4690 "source": "https://github.com/CoreyD97/Stepper",
4691 "description": "Evolution of Burp Suite's Repeater tool, providing the ability to create sequences of steps and define regular expressions to extract values from responses",
4692 "language": "Java",
4693 "price": "Free",
4694 "online": "False"
4695 },
4696 {
4697 "name": "XSSor",
4698 "tool": "Burp Suite",
4699 "source": "https://github.com/Quitten/XSSor",
4700 "description": "semi-automatic reflected and persistent XSS scanner",
4701 "language": "Python",
4702 "price": "Free",
4703 "online": "False"
4704 }
4705 ]
4706 },
4707 "red_teaming": {
4708 "tools": [
4709 {
4710 "name": "fireELF",
4711 "source": "https://github.com/rek7/fireELF",
4712 "description": "Fileless linux malware framework",
4713 "language": "Python",
4714 "price": "Free",
4715 "online": "False"
4716 },
4717 {
4718 "name": "Kage",
4719 "source": "https://github.com/WayzDev/Kage",
4720 "description": "Graphical user interface for Metasploit Meterpreter and session handler",
4721 "language": "JavaScript",
4722 "price": "Free",
4723 "online": "False"
4724 },
4725 {
4726 "name": "Pupy",
4727 "source": "https://github.com/n1nj4sec/pupy",
4728 "description": "Cross-platform, multi function remote access tool (RAT) and post-exploitation tool; fileless/all-in-memory execution, low footprint, multi-transport",
4729 "language": "Python",
4730 "price": "Free",
4731 "online": "False"
4732 },
4733 {
4734 "name": "Quasar",
4735 "source": "https://github.com/quasar/Quasar",
4736 "description": "Remote Administration Tool (RAT) for Windows",
4737 "language": "CSharp",
4738 "price": "Free",
4739 "online": "False"
4740 },
4741 {
4742 "name": "Redcloud",
4743 "source": "https://github.com/khast3x/Redcloud",
4744 "description": "Automated Red Team Infrastructure deployment using Docker",
4745 "language": "Python",
4746 "price": "Free",
4747 "online": "False"
4748 },
4749 {
4750 "name": "Sliver",
4751 "source": "https://github.com/BishopFox/sliver",
4752 "description": "Cross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS; remote access tool (RAT)",
4753 "language": "Go",
4754 "price": "Free",
4755 "online": "False"
4756 },
4757 {
4758 "name": "UBoat",
4759 "source": "https://github.com/Souhardya/UBoat",
4760 "description": "HTTP botnet PoC",
4761 "language": "CPlusPlus",
4762 "price": "Free",
4763 "online": "False"
4764 },
4765 {
4766 "name": "Zphisher",
4767 "source": "https://github.com/htr-tech/zphisher",
4768 "description": "Automated phishing tool with multiple tunneling options; fork of Shellphish",
4769 "language": "Shell",
4770 "price": "Free",
4771 "online": "False"
4772 }
4773 ]
4774 },
4775 "reverse_engineering": {
4776 "tools": [
4777 {
4778 "name": "androguard",
4779 "source": "https://github.com/androguard/androguard",
4780 "description": "Tool for reverse engineering and malware analysis of Android applications",
4781 "language": "Python",
4782 "price": "Free",
4783 "online": "False"
4784 },
4785 {
4786 "name": "angr",
4787 "source": "https://github.com/angr/angr",
4788 "description": "Platform-agnostic binary analysis framework",
4789 "language": "Python",
4790 "price": "Free",
4791 "online": "False"
4792 },
4793 {
4794 "name": "ANY RUN",
4795 "website": "https://any.run/",
4796 "description": "Online virtual machine for malware hunting, sandbox with interactive access, real-time data-flow",
4797 "price": "Free",
4798 "online": "True"
4799 },
4800 {
4801 "name": "Apk2Gold",
4802 "source": "https://github.com/lxdvs/apk2gold",
4803 "description": "Android decompiler (wrapper for apktool, dex2jar, and jd-gui)",
4804 "language": "Shell",
4805 "price": "Free",
4806 "online": "False"
4807 },
4808 {
4809 "name": "Apktool",
4810 "website": "https://ibotpeaches.github.io/Apktool/",
4811 "source": "https://github.com/iBotPeaches/Apktool",
4812 "description": "Android disassembler and rebuilder",
4813 "language": "Java",
4814 "price": "Free",
4815 "online": "False"
4816 },
4817 {
4818 "name": "arm_now",
4819 "source": "https://github.com/nongiach/arm_now",
4820 "description": "Tool that allows instant setup of virtual machines on various architectures for reverse, exploit, fuzzing and programming purpose",
4821 "language": "Python",
4822 "price": "Free",
4823 "online": "False"
4824 },
4825 {
4826 "name": "Barf",
4827 "source": "https://github.com/programa-stic/barf-project",
4828 "description": "Binary Analysis and Reverse engineering Framework",
4829 "language": "Python",
4830 "price": "Free",
4831 "online": "False"
4832 },
4833 {
4834 "name": "bearparser",
4835 "website": "https://hshrzd.wordpress.com/pe-bear/",
4836 "source": "https://github.com/hasherezade/bearparser",
4837 "description": "PE parsing library (from PE-bear)",
4838 "language": "CPlusPlus",
4839 "price": "Free",
4840 "online": "False"
4841 },
4842 {
4843 "name": "Binary Ninja",
4844 "website": "https://binary.ninja/",
4845 "description": "Crossplatform binary analysis framework",
4846 "language": "Python",
4847 "price": "Paid",
4848 "online": "False"
4849 },
4850 {
4851 "name": "binutils",
4852 "website": "https://www.gnu.org/software/binutils/binutils.html",
4853 "source": "http://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git",
4854 "description": "GNU collection of binary tools",
4855 "language": "C",
4856 "price": "Free",
4857 "online": "False"
4858 },
4859 {
4860 "name": "binwalk",
4861 "source": "https://github.com/devttys0/binwalk",
4862 "description": "Analyze, reverse engineer and extract firmware images (and other files, also usefull for Digital Forensics)",
4863 "language": "Python",
4864 "price": "Free",
4865 "online": "False"
4866 },
4867 {
4868 "name": "boomerang",
4869 "source": "https://github.com/nemerle/boomerang",
4870 "description": "x86 binaries to C decompiler",
4871 "language": "Cplusplus",
4872 "price": "Free",
4873 "online": "False"
4874 },
4875 {
4876 "name": "ctf_import",
4877 "website": "http://van.prooyen.com/projects/#ctfimport",
4878 "source": "https://github.com/docileninja/ctf_import",
4879 "description": "Library to run basic functions from stripped binaries",
4880 "language": "C",
4881 "price": "Free",
4882 "online": "False"
4883 },
4884 {
4885 "name": "CFF Explorer",
4886 "website": "http://www.ntcore.com/exsuite.php",
4887 "description": "PE Editor",
4888 "price": "Free",
4889 "online": "False"
4890 },
4891 {
4892 "name": "Cutter",
4893 "source": "https://github.com/radareorg/cutter",
4894 "description": "Qt and C++ GUI for radare2",
4895 "language": "CPlusPlus",
4896 "price": "Free",
4897 "online": "False"
4898 },
4899 {
4900 "name": "Defuse online disassembler",
4901 "website": "https://defuse.ca/online-x86-assembler.htm",
4902 "description": "Online x86 (32/64 bits) assembler and disassembler",
4903 "price": "Free",
4904 "online": "True"
4905 },
4906 {
4907 "name": "dnSpy",
4908 "source": "https://github.com/0xd4d/dnSpy",
4909 "description": ".NET assembly debugger, decompiler and editor",
4910 "language": "CSharp",
4911 "price": "Free",
4912 "online": "False"
4913 },
4914 {
4915 "name": "Droidefense",
4916 "website": "http://droidefense.com/",
4917 "source": "https://github.com/droidefense/engine",
4918 "description": "Android apps/malware analysis/reversing tool",
4919 "language": "Java",
4920 "price": "Free",
4921 "online": "False"
4922 },
4923 {
4924 "name": "edb",
4925 "source": "https://github.com/eteran/edb-debugger",
4926 "description": "Cross platform AArch32/x86/x86-64 debugger",
4927 "language": "CPlusPlus",
4928 "price": "Free",
4929 "online": "False"
4930 },
4931 {
4932 "name": "Flare",
4933 "website": "http://www.nowrap.de/flare.html",
4934 "description": "Processes SWF and extract scripts from it",
4935 "price": "Free",
4936 "online": "False"
4937 },
4938 {
4939 "name": "Flasm",
4940 "website": "http://www.nowrap.de/flasm.html",
4941 "source": "https://sourceforge.net/projects/flasm/",
4942 "description": "Disassembler tool for SWF bytecode",
4943 "price": "Free",
4944 "online": "False"
4945 },
4946 {
4947 "name": "Frida",
4948 "website": "https://www.frida.re/",
4949 "source": "https://github.com/frida/frida",
4950 "description": "Dynamic code instrumentation toolkit",
4951 "language": "C",
4952 "price": "Free",
4953 "online": "False"
4954 },
4955 {
4956 "name": "GDB",
4957 "website": "https://www.gnu.org/software/gdb/",
4958 "source": "http://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git",
4959 "description": "GNU debugger",
4960 "language": "Cplusplus",
4961 "price": "Free",
4962 "online": "False"
4963 },
4964 {
4965 "name": "Ghidra",
4966 "website": "https://ghidra-sre.org/",
4967 "source": "https://github.com/NationalSecurityAgency/ghidra",
4968 "description": "Software reverse engineering (SRE) suite of tools: disassembly, assembly, decompilation, graphing, scripting, etc.",
4969 "language": "Java",
4970 "price": "Free",
4971 "online": "False"
4972 },
4973 {
4974 "name": "Hiew",
4975 "website": "http://www.hiew.ru/",
4976 "description": "x86_64 disassembler for multiple formats",
4977 "price": "Paid",
4978 "online": "False"
4979 },
4980 {
4981 "name": "Hopper",
4982 "website": "https://www.hopperapp.com/",
4983 "description": "Disassembler, decompiler and debugger",
4984 "price": "Paid",
4985 "online": "False"
4986 },
4987 {
4988 "name": "IDA Pro",
4989 "website": "https://www.hex-rays.com/products/ida/",
4990 "description": "Disassembler and debugger",
4991 "price": "Paid",
4992 "online": "False"
4993 },
4994 {
4995 "name": "ILSpy",
4996 "source": "https://github.com/icsharpcode/ILSpy",
4997 "description": ".NET assembly browser and decompiler to C#",
4998 "language": "CSharp",
4999 "price": "Free",
5000 "online": "False"
5001 },
5002 {
5003 "name": "ImmunityDbg",
5004 "website": "https://www.immunityinc.com/products/debugger/",
5005 "description": "Windows debugger with Python scripting support",
5006 "price": "Free",
5007 "online": "False"
5008 },
5009 {
5010 "name": "jadx",
5011 "source": "https://github.com/skylot/jadx",
5012 "description": "DEX to Java decompiler",
5013 "language": "Java",
5014 "price": "Free",
5015 "online": "False"
5016 },
5017 {
5018 "name": "Java Decompilers",
5019 "website": "http://www.javadecompilers.com/",
5020 "description": ".JAR and .Class to Java decompiler",
5021 "price": "Free",
5022 "online": "True"
5023 },
5024 {
5025 "name": "JD-GUI",
5026 "website": "http://jd.benow.ca/",
5027 "description": "GUI tool decompiling JAVA",
5028 "language": "Java",
5029 "price": "Free",
5030 "online": "False"
5031 },
5032 {
5033 "name": "JEB",
5034 "website": "https://www.pnfsoftware.com/jeb2/",
5035 "description": "Disassembler, decompiler and debugger",
5036 "price": "Paid",
5037 "online": "False"
5038 },
5039 {
5040 "name": "JPEXS Free Flash Decompiler",
5041 "source": "https://github.com/jindrapetrik/jpexs-decompiler",
5042 "description": "A.k.a ffdec, flash SWF decompiler",
5043 "language": "Java",
5044 "price": "Free",
5045 "online": "False"
5046 },
5047 {
5048 "name": "JSDetox",
5049 "website": "http://relentless-coding.org/projects/jsdetox/",
5050 "source": "https://github.com/svent/jsdetox",
5051 "description": "Javascript deobfustcator",
5052 "language": "Ruby",
5053 "price": "Free",
5054 "online": "False"
5055 },
5056 {
5057 "name": "Kemon",
5058 "source": "https://github.com/didi/kemon",
5059 "description": "macOS kernel pre and post callback-based framework",
5060 "language": "C",
5061 "price": "Free",
5062 "online": "False"
5063 },
5064 {
5065 "name": "Krakatau",
5066 "source": "https://github.com/Storyyeller/Krakatau",
5067 "description": "Java decompiler, assembler, and disassembler",
5068 "language": "Java",
5069 "price": "Free",
5070 "online": "False"
5071 },
5072 {
5073 "name": "ldd",
5074 "website": "https://linux.die.net/man/1/ldd",
5075 "description": "Tool that print shared library dependencies",
5076 "price": "Free",
5077 "online": "False"
5078 },
5079 {
5080 "name": "Metasm",
5081 "website": "http://metasm.cr0.org/",
5082 "source": "https://github.com/jjyg/metasm",
5083 "description": "Assembler, disassembler, compiler and debugger",
5084 "language": "Ruby",
5085 "price": "Free",
5086 "online": "False"
5087 },
5088 {
5089 "name": "Medusa",
5090 "source": "https://github.com/wisk/medusa",
5091 "description": "Interactive multi-architecture and multi-formats disassembler running on Windows and Linux",
5092 "language": "Cplusplus",
5093 "price": "Free",
5094 "online": "False"
5095 },
5096 {
5097 "name": "ODA",
5098 "website": "https://onlinedisassembler.com/odaweb/",
5099 "description": "Advanced multi-architecture online disassembler supporting a lot of architectures and object file formats",
5100 "price": "Free",
5101 "online": "True"
5102 },
5103 {
5104 "name": "OllyDbg",
5105 "website": "http://www.ollydbg.de/",
5106 "description": "Windows debugger",
5107 "price": "Free",
5108 "online": "False"
5109 },
5110 {
5111 "name": "Pe-bear",
5112 "website": "https://hshrzd.wordpress.com/pe-bear/",
5113 "description": "PE reverse tool: recognizes packers, fast disassembler, visualization of sections layout, selective comparing of two chosen PE files",
5114 "price": "Free",
5115 "online": "False"
5116 },
5117 {
5118 "name": "PE Explorer Disassembler",
5119 "website": "http://www.heaventools.com/PE_Explorer_disassembler.htm",
5120 "description": "Windows disassembler",
5121 "price": "Paid",
5122 "online": "False"
5123 },
5124 {
5125 "name": "PE Insider",
5126 "website": "http://cerbero.io/peinsider/",
5127 "description": "PE viewer, closed source and windows only",
5128 "price": "Free",
5129 "online": "False"
5130 },
5131 {
5132 "name": "Plasma",
5133 "source": "https://github.com/plasma-disassembler/plasma",
5134 "description": "x86/ARM/MIPS interactive disassembler",
5135 "language": "Python",
5136 "price": "Free",
5137 "online": "False"
5138 },
5139 {
5140 "name": "Qira",
5141 "website": "http://qira.me/",
5142 "source": "https://github.com/BinaryAnalysisPlatform/qira",
5143 "description": "Timeless debugger (QIRA = QEMU Interactive Runtime Analyser)",
5144 "language": "C",
5145 "price": "Free",
5146 "online": "False"
5147 },
5148 {
5149 "name": "RABCDAsm",
5150 "website": "http://blog.thecybershadow.net/2010/05/05/announcing-rabcdasm/",
5151 "source": "https://github.com/CyberShadow/RABCDAsm",
5152 "description": "ActionScript disassembler",
5153 "language": "D",
5154 "price": "Free",
5155 "online": "False"
5156 },
5157 {
5158 "name": "radare2",
5159 "website": "http://www.radare.org/r/",
5160 "source": "https://github.com/radare/radare2",
5161 "description": "Crossplatform binary analysis framework, disassembler, decompiler and debugger, support collaborative analysis",
5162 "language": "C",
5163 "price": "Free",
5164 "online": "False"
5165 },
5166 {
5167 "name": "rbkb",
5168 "source": "https://github.com/emonti/rbkb",
5169 "description": "Ruby BlackBag; a miscellaneous collection of command-line tools and ruby library helpers related to pen-testing and reversing",
5170 "language": "Ruby",
5171 "price": "Free",
5172 "online": "False"
5173 },
5174 {
5175 "name": "Relyze",
5176 "website": "https://www.relyze.com/overview.html",
5177 "description": "x86 and ARM graphical interactive disassembler with Ruby plugin framework",
5178 "price": "Paid",
5179 "online": "False"
5180 },
5181 {
5182 "name": "RetDec",
5183 "website": "https://retdec.com/",
5184 "source": "https://github.com/avast-tl/retdec",
5185 "description": "Multi file formats and architectures machine-code decompiler",
5186 "language": "Cplusplus",
5187 "price": "Free",
5188 "online": "False"
5189 },
5190 {
5191 "name": "sandsifter",
5192 "source": "https://github.com/xoreaxeaxeax/sandsifter",
5193 "description": "x86 processor fuzzer",
5194 "language": "Python",
5195 "price": "Free",
5196 "online": "False"
5197 },
5198 {
5199 "name": "Snowman",
5200 "website": "https://derevenets.com/",
5201 "source": "https://github.com/yegord/snowman",
5202 "description": "Native code to C/C++ decompiler, supporting x86, AMD64, and ARM architectures, exists as standalone app or as a plug-in",
5203 "language": "Cplusplus",
5204 "price": "Free",
5205 "online": "False"
5206 },
5207 {
5208 "name": "strace",
5209 "source": "https://sourceforge.net/projects/strace/",
5210 "description": "Debugger for Linux",
5211 "price": "Free",
5212 "online": "False"
5213 },
5214 {
5215 "name": "Swftools",
5216 "website": "http://www.swftools.org/",
5217 "source": "https://github.com/matthiaskramm/swftools",
5218 "description": "Collection of utilities to work with SWF files",
5219 "language": "C",
5220 "price": "Free",
5221 "online": "False"
5222 },
5223 {
5224 "name": "Triton",
5225 "website": "https://triton.quarkslab.com/",
5226 "source": "https://github.com/JonathanSalwan/Triton/",
5227 "description": "Dynamic binary analysis framework, automate reverse engineering",
5228 "language": "Cplusplus",
5229 "price": "Free",
5230 "online": "False"
5231 },
5232 {
5233 "name": "UglifyJS2",
5234 "website": "https://www.npmjs.com/package/uglify-js",
5235 "source": "https://github.com/mishoo/UglifyJS2",
5236 "description": "JavaScript obfuscator or beautifier toolkit",
5237 "language": "JavaScript",
5238 "price": "Free",
5239 "online": "False"
5240 },
5241 {
5242 "name": "uncompyle",
5243 "source": "https://github.com/gstarnberger/uncompyle",
5244 "description": "Python 2.7 binaries (.pyc) decompiler",
5245 "language": "Python",
5246 "price": "Free",
5247 "online": "False"
5248 },
5249 {
5250 "name": "uncompyle6",
5251 "source": "https://github.com/rocky/python-uncompyle6",
5252 "description": "Python 1.5, 2.1 to 2.7, 3.1 to 3.6 binaries (.pyc) decompiler",
5253 "language": "Python",
5254 "price": "Free",
5255 "online": "False"
5256 },
5257 {
5258 "name": "Vais",
5259 "source": "https://github.com/hahwul/vais",
5260 "description": "SWF vulnerability and information scanner",
5261 "language": "Ruby",
5262 "price": "Free",
5263 "online": "False"
5264 },
5265 {
5266 "name": "WinDbg",
5267 "website": "http://www.windbg.org/",
5268 "description": "Windows debugger",
5269 "price": "Free",
5270 "online": "False"
5271 },
5272 {
5273 "name": "x64dbg",
5274 "website": "https://x64dbg.com/",
5275 "source": "https://github.com/x64dbg/x64dbg",
5276 "description": "Windows debugger",
5277 "language": "Cplusplus",
5278 "price": "Free",
5279 "online": "False"
5280 },
5281 {
5282 "name": "XenoScan",
5283 "source": "https://github.com/nickcano/XenoScan",
5284 "description": "Processes memory scanner",
5285 "language": "Cplusplus",
5286 "price": "Free",
5287 "online": "False"
5288 },
5289 {
5290 "name": "Xori",
5291 "website": "https://www.endgame.com/tools",
5292 "source": "https://github.com/endgameinc/xori",
5293 "description": "Disassembly and static analysis library that provides triage analysis data",
5294 "language": "Rust",
5295 "price": "Free",
5296 "online": "False"
5297 },
5298 {
5299 "name": "xxxswf",
5300 "source": "https://bitbucket.org/Alexander_Hanel/xxxswf/src",
5301 "description": "Small script for carving, scanning, compressing, decompressing and analyzing SWF files",
5302 "language": "Python",
5303 "price": "Free",
5304 "online": "False"
5305 }
5306 ]
5307 },
5308 "steganography": {
5309 "tools": [
5310 {
5311 "name": "Aperi'Solve",
5312 "website": "https://aperisolve.fr/",
5313 "source": "https://github.com/Zeecka/AperiSolve/",
5314 "description": "Steganalysis web platform with layer, zsteg, steghide and exiftool analysis",
5315 "language": "Python",
5316 "price": "Free",
5317 "online": "False"
5318 },
5319 {
5320 "name": "Audacity",
5321 "website": "http://www.audacityteam.org/",
5322 "source": "https://sourceforge.net/projects/audacity/",
5323 "description": "Tool to edit and analyze audio tracks",
5324 "price": "Free",
5325 "online": "False"
5326 },
5327 {
5328 "name": "exif",
5329 "source": "https://sourceforge.net/projects/libexif/files/exif/",
5330 "description": "Shows EXIF information for JPEG files only",
5331 "language": "C",
5332 "price": "Free",
5333 "online": "False"
5334 },
5335 {
5336 "name": "ExifTool",
5337 "website": "http://www.sno.phy.queensu.ca/~phil/exiftool/",
5338 "source": "https://sourceforge.net/projects/exiftool/",
5339 "description": "Library and CLI tool to read and write meta information (EXIF, GPS, IPTC, XMP, JFIF, …) in files (JPEG, PNG, SVG, MPEG, …)",
5340 "language": "Perl",
5341 "price": "Free",
5342 "online": "False"
5343 },
5344 {
5345 "name": "Exiv2",
5346 "website": "http://www.exiv2.org/index.html",
5347 "source": "https://github.com/Exiv2/exiv2",
5348 "description": "Library and CLI tool to read and write meta information (Exif, IPTC & XMP metadata and ICC Profile) in images (JPEG, TIFF, PNG, …)",
5349 "language": "Cplusplus",
5350 "price": "Free",
5351 "online": "False"
5352 },
5353 {
5354 "name": "ImageMagick",
5355 "website": "http://www.imagemagick.org/script/index.php",
5356 "source": "http://git.imagemagick.org/repos/ImageMagick",
5357 "description": "Software suite and library to create, edit, compose, or convert images",
5358 "language": "C",
5359 "price": "Free",
5360 "online": "False"
5361 },
5362 {
5363 "name": "Outguess",
5364 "description": "Tool to hide messages in files (website down since 2004)",
5365 "price": "Free",
5366 "online": "False"
5367 },
5368 {
5369 "name": "PNGtools",
5370 "website": "http://www.stillhq.com/pngtools/",
5371 "source": "http://www.stillhq.com/svn/trunk/pngtools/",
5372 "description": "Suite of tools to work with PNG images",
5373 "language": "C",
5374 "price": "Free",
5375 "online": "False"
5376 },
5377 {
5378 "name": "SHIT",
5379 "source": "https://github.com/qll/shit",
5380 "description": "Stego Helper Identification Tool, multi-purpose image steganography tool",
5381 "language": "Python",
5382 "price": "Free",
5383 "online": "False"
5384 },
5385 {
5386 "name": "SmartDeblur",
5387 "source": "https://github.com/Y-Vladimir/SmartDeblur",
5388 "description": "To to restore defocused and blurred images (update binary only for Windows, Mac OS binary out of date)",
5389 "language": "Cplusplus",
5390 "price": "Free",
5391 "online": "False"
5392 },
5393 {
5394 "name": "Sonic Visualiser",
5395 "website": "http://www.sonicvisualiser.org/",
5396 "source": "https://sourceforge.net/projects/sv1/",
5397 "description": "Tool to edit and analyze audio tracks",
5398 "price": "Free",
5399 "online": "False"
5400 },
5401 {
5402 "name": "Steganabara",
5403 "source": "https://github.com/quangntenemy/Steganabara",
5404 "description": "Steganography analysis tool",
5405 "language": "Java",
5406 "price": "Free",
5407 "online": "False"
5408 },
5409 {
5410 "name": "Steghide",
5411 "website": "http://steghide.sourceforge.net/index.php",
5412 "source": "https://sourceforge.net/projects/steghide/",
5413 "description": "Tool to hide messages in images",
5414 "price": "Free",
5415 "online": "False"
5416 },
5417 {
5418 "name": "StegOnline",
5419 "website": "https://georgeom.net/StegOnline",
5420 "source": "https://github.com/Ge0rg3/StegOnline",
5421 "description": "Stego image toolsuite in the browser",
5422 "language": "JavaScript",
5423 "price": "Free",
5424 "online": "True"
5425 },
5426 {
5427 "name": "StegoVeritas",
5428 "source": "https://github.com/Owlz/stegoVeritas",
5429 "description": "Automatic tool to bruteforce LSB, transform image, extract metadata or trailing data",
5430 "language": "Python",
5431 "price": "Free",
5432 "online": "False"
5433 },
5434 {
5435 "name": "StegSolve",
5436 "description": "GUI tool to analyse images",
5437 "language": "Java",
5438 "price": "Free",
5439 "online": "False"
5440 },
5441 {
5442 "name": "zsteg",
5443 "source": "https://github.com/zed-0xff/zsteg",
5444 "description": "Tool to detect hidden data in PNG and BMP",
5445 "language": "Ruby",
5446 "price": "Free",
5447 "online": "False"
5448 }
5449 ]
5450 },
5451 "system_exploitation": {
5452 "tools": [
5453 {
5454 "name": "Android_Emuroot",
5455 "source": "https://github.com/airbus-seclab/android_emuroot",
5456 "description": "Grants root privileges on the fly to shells running on Android virtual machines that use google-provided emulator images called Google API Playstore",
5457 "language": "Python",
5458 "price": "Free",
5459 "online": "False"
5460 },
5461 {
5462 "name": "bkhive",
5463 "source": "https://sourceforge.net/projects/ophcrack/files/",
5464 "description": "Dump the syskey bootkey from a Windows NT/2K/XP system hive, often used with samdump2, part of the ophcrack project",
5465 "price": "Free",
5466 "online": "False"
5467 },
5468 {
5469 "name": "BloodHound",
5470 "website": "https://github.com/BloodHoundAD/BloodHound/wiki",
5471 "source": "https://github.com/BloodHoundAD/BloodHound",
5472 "description": "Tool to reveal the hidden and unintended relationships within an Active Directory environment",
5473 "language": "PowerShell",
5474 "price": "Free",
5475 "online": "False"
5476 },
5477 {
5478 "name": "CrackMapExec",
5479 "source": "https://github.com/byt3bl33d3r/CrackMapExec",
5480 "description": "Post-exploitation tool to asses Active Directory networks",
5481 "language": "Python",
5482 "price": "Free",
5483 "online": "False"
5484 },
5485 {
5486 "name": "creddump",
5487 "source": "https://github.com/moyix/creddump",
5488 "description": "Dump windows credentials",
5489 "language": "Python",
5490 "price": "Free",
5491 "online": "False"
5492 },
5493 {
5494 "name": "DCOMrade",
5495 "source": "https://github.com/sud0woodo/DCOMrade",
5496 "description": "Script that is able to enumerate the possible vulnerable DCOM applications that might allow for lateral movement, code execution, data exfiltration, etc.",
5497 "language": "PowerShell",
5498 "price": "Free",
5499 "online": "False"
5500 },
5501 {
5502 "name": "DLLInjector",
5503 "source": "https://github.com/OpenSecurityResearch/dllinjector",
5504 "description": "Dll injection tool",
5505 "language": "Cplusplus",
5506 "price": "Free",
5507 "online": "False"
5508 },
5509 {
5510 "name": "DLLPasswordFilterImplant",
5511 "source": "https://github.com/GoSecure/DLLPasswordFilterImplant",
5512 "description": "Password filter DLL, triggered on password change to exfiltrate credentials",
5513 "language": "C",
5514 "price": "Free",
5515 "online": "False"
5516 },
5517 {
5518 "name": "Empire",
5519 "website": "http://www.powershellempire.com/",
5520 "source": "https://github.com/EmpireProject/Empire",
5521 "description": "PowerShell and Python post-exploitation agent",
5522 "language": "Shell",
5523 "price": "Free",
5524 "online": "False"
5525 },
5526 {
5527 "name": "Empire GUI",
5528 "website": "http://www.powershellempire.com/",
5529 "source": "https://github.com/EmpireProject/Empire-GUI",
5530 "description": "GUI for Empire framework",
5531 "language": "JavaScript",
5532 "price": "Free",
5533 "online": "False"
5534 },
5535 {
5536 "name": "enum4linux",
5537 "source": "https://github.com/portcullislabs/enum4linux",
5538 "description": "Windows Samba enumeration tool",
5539 "language": "Perl",
5540 "price": "Free",
5541 "online": "False"
5542 },
5543 {
5544 "name": "FFM",
5545 "source": "https://github.com/JusticeRage/FFM",
5546 "description": "Freedom Fighting Mode (FFM), hacking harness, post-exploitation tool",
5547 "language": "Python",
5548 "price": "Free",
5549 "online": "False"
5550 },
5551 {
5552 "name": "goddi",
5553 "source": "https://github.com/NetSPI/goddi",
5554 "description": "Active Directory domain information dumper",
5555 "language": "Go",
5556 "price": "Free",
5557 "online": "False"
5558 },
5559 {
5560 "name": "LaZagne",
5561 "source": "https://github.com/AlessandroZ/LaZagne",
5562 "description": "Password retriever",
5563 "language": "Python",
5564 "price": "Free",
5565 "online": "False"
5566 },
5567 {
5568 "name": "LinEnum",
5569 "source": "https://github.com/rebootuser/LinEnum",
5570 "description": "Linux enumeration and privilege escalation script",
5571 "language": "Shell",
5572 "price": "Free",
5573 "online": "False"
5574 },
5575 {
5576 "name": "Linux Exploit Suggester 2",
5577 "source": "https://github.com/jondonas/linux-exploit-suggester-2",
5578 "description": "Linux kernel exploit suggester",
5579 "language": "Perl",
5580 "price": "Free",
5581 "online": "False"
5582 },
5583 {
5584 "name": "linux-exploit-suggester.sh",
5585 "source": "https://github.com/mzet-/linux-exploit-suggester",
5586 "description": "Linux kernel exploit suggester",
5587 "language": "Shell",
5588 "price": "Free",
5589 "online": "False"
5590 },
5591 {
5592 "name": "linuxprivchecker.py",
5593 "source": "https://github.com/sleventyeleven/linuxprivchecker",
5594 "description": "Linux privilege escalation check script",
5595 "language": "Python",
5596 "price": "Free",
5597 "online": "False"
5598 },
5599 {
5600 "name": "lynis",
5601 "website": "https://cisofy.com/lynis/",
5602 "source": "https://github.com/CISOfy/Lynis",
5603 "description": "Security auditing and hardening tool, for UNIX-based systems",
5604 "language": "Shell",
5605 "price": "Free",
5606 "online": "False"
5607 },
5608 {
5609 "name": "Nishang",
5610 "source": "https://github.com/samratashok/nishang",
5611 "description": "Framework, collection of scripts and payloads in PowerShell for offensive security, penetration testing and red teaming",
5612 "language": "PowerShell",
5613 "price": "Free",
5614 "online": "False"
5615 },
5616 {
5617 "name": "p0wnedShell",
5618 "source": "https://github.com/Cn33liz/p0wnedShell",
5619 "description": "PowerShell runspace post exploitation toolkit",
5620 "language": "CSharp",
5621 "price": "Free",
5622 "online": "False"
5623 },
5624 {
5625 "name": "PEASS",
5626 "source": "https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite",
5627 "description": "Privilege Escalation Awesome Scripts SUITE; winPEAS and linPEAS are local privilege escalation scripts for Windows and Linux",
5628 "language": "Shell",
5629 "price": "Free",
5630 "online": "False"
5631 },
5632 {
5633 "name": "Powerless",
5634 "source": "https://github.com/M4ximuss/Powerless",
5635 "description": "A Windows privilege escalation enumeration BAT script designed for legacy Windows machines without Powershell",
5636 "language": "Shell",
5637 "price": "Free",
5638 "online": "False"
5639 },
5640 {
5641 "name": "PowerSploit",
5642 "source": "https://github.com/PowerShellMafia/PowerSploit",
5643 "description": "Powershell exploitation framework",
5644 "language": "Powershell",
5645 "price": "Free",
5646 "online": "False"
5647 },
5648 {
5649 "name": "pspy",
5650 "source": "https://github.com/DominicBreuker/pspy",
5651 "description": "CLI tool designed to snoop on processes without need for root permissions; it allows to see commands run by other users, cron jobs, etc. as they execute",
5652 "language": "Go",
5653 "price": "Free",
5654 "online": "False"
5655 },
5656 {
5657 "name": "RedSnarf",
5658 "source": "https://github.com/nccgroup/redsnarf",
5659 "description": "Retrieves hashes and credentials from Windows workstations, servers and domain controllers using OpSec Safe Techniques",
5660 "language": "Python",
5661 "price": "Free",
5662 "online": "False"
5663 },
5664 {
5665 "name": "samdump2",
5666 "source": "https://sourceforge.net/projects/ophcrack/files/samdump2/",
5667 "description": "Retrieves syskey and extract hashes from Windows 2k/NT/XP/Vista SAM, often used with bkhive, part of the ophcrack project",
5668 "price": "Free",
5669 "online": "False"
5670 },
5671 {
5672 "name": "scavenger",
5673 "source": "https://github.com/SpiderLabs/scavenger",
5674 "description": "multi-threaded post-exploitation scanning tool for scavenging systems, finding most frequently used files and folders as well as interesting files containing sensitive information",
5675 "language": "Python",
5676 "price": "Free",
5677 "online": "False"
5678 },
5679 {
5680 "name": "SharpShooter",
5681 "source": "https://github.com/mdsecactivebreach/SharpShooter",
5682 "description": "Payload Generation Framework for C# source code",
5683 "language": "VB",
5684 "price": "Free",
5685 "online": "False"
5686 },
5687 {
5688 "name": "ShellPop",
5689 "source": "https://github.com/0x00-0x00/ShellPop",
5690 "description": "Tool to craft bind and reverse shells in several languages",
5691 "language": "Python",
5692 "price": "Free",
5693 "online": "False"
5694 },
5695 {
5696 "name": "unicorn",
5697 "source": "https://github.com/trustedsec/unicorn",
5698 "description": "Tool for using a PowerShell downgrade attack and inject shellcode into memory",
5699 "language": "Python",
5700 "price": "Free",
5701 "online": "False"
5702 },
5703 {
5704 "name": "WES-NG",
5705 "source": "https://github.com/bitsadmin/wesng",
5706 "description": "Windows Exploit Suggester - Next Generation; analyses Windows targets patch levels to find exploits and Metasploit modules; works well with newer system (eg Windows 10) thanks to MSRC support",
5707 "language": "Python",
5708 "price": "Free",
5709 "online": "False"
5710 },
5711 {
5712 "name": "Windows-Exploit-Suggester",
5713 "source": "https://github.com/GDSSecurity/Windows-Exploit-Suggester",
5714 "description": "Analyses Windows targets patch levels to find exploits and Metasploit modules, works only for older systems (eg Windows XP, Vista, etc.) because it relies on MS Security KBs",
5715 "language": "Python",
5716 "price": "Free",
5717 "online": "False"
5718 }
5719 ]
5720 },
5721 "threat_intelligence": {
5722 "tools": [
5723 {
5724 "name": "Maltego",
5725 "website": "https://www.paterva.com/web7/buy/maltego-clients/maltego-ce.php",
5726 "description": "Interactive data mining tool that renders directed graphs for link analysis. The tool is used in online investigations for finding relationships between pieces of information from various sources located on the Internet (exists in Community Edition)",
5727 "price": "Paid",
5728 "online": "False"
5729 },
5730 {
5731 "name": "threatfeeds.io",
5732 "website": "https://threatfeeds.io/",
5733 "description": "Open-source threat intelligence feeds; sharing malware URLs, IP reputation, bad IPs, etc.",
5734 "price": "Free",
5735 "online": "True"
5736 }
5737 ]
5738 },
5739 "vulnerability_assessment": {
5740 "tools": [
5741 {
5742 "name": "cve-search",
5743 "source": "https://github.com/cve-search/cve-search",
5744 "description": "Tool to import CVE and CPE into a MongoDB to facilitate search and processing of CVEs",
5745 "language": "Python",
5746 "price": "Free",
5747 "online": "False"
5748 },
5749 {
5750 "name": "cvss-suite",
5751 "source": "https://github.com/siemens/cvss-suite",
5752 "description": "CVSS calculator library",
5753 "language": "Ruby",
5754 "price": "Free",
5755 "online": "False"
5756 },
5757 {
5758 "name": "GVM",
5759 "website": "https://community.greenbone.net/t/about-gvm-architecture/1231",
5760 "source": "https://github.com/greenbone/",
5761 "description": "The Greenbone Vulnerability Management (GVM) is a framework of several services: gvmd is the central service that consolidates plain vulnerability scanning into a full vulnerability management solution. The Greenbone Security Assistant (GSA) is the web interface of GVM. The main scanner (OpenVAS) is a full-featured scan engine that executes a continuously updated and extended feed of Network Vulnerability Tests (NVTs). Complementary to the web interface, GVM-Tools allows batch processing / scripting via the Greenbone Management Protocol (GMP). Additional scanners can be integrated via the Open Scanner Protocol (OSP)",
5762 "language": "C",
5763 "price": "Paid",
5764 "online": "False"
5765 },
5766 {
5767 "name": "nvd_feed_api",
5768 "website": "https://noraj.gitlab.io/nvd_api/",
5769 "source": "https://gitlab.com/noraj/nvd_api",
5770 "description": "A ruby API for NVD CVE feeds management, the library will help you to download and manage NVD Data Feeds, search for CVEs, build your vulerability assesment platform or vulnerability database",
5771 "language": "Ruby",
5772 "price": "Free",
5773 "online": "False"
5774 },
5775 {
5776 "name": "ThreatMapper",
5777 "website": "https://deepfence.io/product/",
5778 "source": "https://github.com/deepfence/ThreatMapper",
5779 "description": "Identify vulnerabilities in running containers, images, hosts and repositories",
5780 "language": "Go",
5781 "price": "Free",
5782 "online": "False"
5783 },
5784 {
5785 "name": "Vulnogram",
5786 "website": "https://vulnogram.github.io/",
5787 "source": "https://github.com/Vulnogram/Vulnogram",
5788 "description": "Create and edit CVE information in CVE JSON format",
5789 "language": "JavaScript",
5790 "price": "Free",
5791 "online": "True"
5792 },
5793 {
5794 "name": "Vuls",
5795 "website": "https://vuls.io/",
5796 "source": "https://github.com/future-architect/vuls",
5797 "description": "Agentless system vulnerability scanner for Linux/FreeBSD with a dashboard (VulsRepo) for analyzing the scan results",
5798 "language": "Go",
5799 "price": "Free",
5800 "online": "False"
5801 }
5802 ]
5803 },
5804 "web_application_exploitation": {
5805 "tools": [
5806 {
5807 "name": "230-OOB",
5808 "website": "http://xxe.sh/",
5809 "source": "https://github.com/lc/230-OOB",
5810 "description": "FTP server for OOB XXE attacks",
5811 "language": "Python",
5812 "price": "Free",
5813 "online": "False"
5814 },
5815 {
5816 "name": "Acunetix",
5817 "website": "https://www.acunetix.com/",
5818 "description": "Web application security scanner",
5819 "price": "Paid",
5820 "online": "True"
5821 },
5822 {
5823 "name": "API-fuzzer",
5824 "source": "https://github.com/Fuzzapi/API-fuzzer",
5825 "description": "Library to fuzz request attributes using common pentesting techniques and lists vulnerabilities",
5826 "language": "Ruby",
5827 "price": "Free",
5828 "online": "False"
5829 },
5830 {
5831 "name": "Arachni",
5832 "website": "http://www.arachni-scanner.com/",
5833 "source": "https://github.com/Arachni/arachni",
5834 "description": "Web application security scanner framework",
5835 "language": "Ruby",
5836 "price": "Free",
5837 "online": "False"
5838 },
5839 {
5840 "name": "Arjun",
5841 "source": "https://github.com/s0md3v/Arjun",
5842 "description": "HTTP Parameter Discovery Suite",
5843 "language": "Python",
5844 "price": "Free",
5845 "online": "False"
5846 },
5847 {
5848 "name": "AssassinGo",
5849 "website": "https://assassin-go.ink/",
5850 "source": "https://github.com/AmyangXYZ/AssassinGo",
5851 "description": "Web pentest framework for information gathering and vulnerability scanning",
5852 "language": "Go",
5853 "price": "Free",
5854 "online": "False"
5855 },
5856 {
5857 "name": "Astra",
5858 "website": "https://www.astra-security.info/",
5859 "source": "https://github.com/flipkart-incubator/astra",
5860 "description": "REST API penetration testing tool",
5861 "language": "Python",
5862 "price": "Free",
5863 "online": "False"
5864 },
5865 {
5866 "name": "Atlas",
5867 "source": "https://github.com/m4ll0k/Atlas",
5868 "description": "Tool that suggests sqlmap tampers to bypass WAF/IDS/IPS based on status codes",
5869 "language": "Python",
5870 "price": "Free",
5871 "online": "False"
5872 },
5873 {
5874 "name": "BaRMIe",
5875 "source": "https://github.com/NickstaDB/BaRMIe",
5876 "description": "Java RMI enumeration and attack tool",
5877 "language": "Java",
5878 "price": "Free",
5879 "online": "False"
5880 },
5881 {
5882 "name": "Blazy",
5883 "source": "https://github.com/s0md3v/Blazy",
5884 "description": "Login page bruteforcer: CSRF, SQLi, Clickjacking, WAF detection",
5885 "language": "Python",
5886 "price": "Free",
5887 "online": "False"
5888 },
5889 {
5890 "name": "Burp Suite",
5891 "website": "https://portswigger.net/burp/",
5892 "description": "Intercepting proxy to replay, inject, scan and fuzz HTTP requests (a limited free version exists)",
5893 "language": "Java",
5894 "price": "Paid",
5895 "online": "False"
5896 },
5897 {
5898 "name": "Chankro",
5899 "source": "https://github.com/TarlogicSecurity/Chankro",
5900 "description": "Tool to bypass disable_functions and open_basedir in PHP by calling sendmail and setting LD_PRELOAD environment variable",
5901 "language": "Python",
5902 "price": "Free",
5903 "online": "False"
5904 },
5905 {
5906 "name": "Charles",
5907 "website": "https://www.charlesproxy.com/",
5908 "description": "Intercepting proxy to replay, inject, scan and fuzz HTTP requests",
5909 "language": "Java",
5910 "price": "Paid",
5911 "online": "False"
5912 },
5913 {
5914 "name": "CloudFrunt",
5915 "source": "https://github.com/MindPointGroup/cloudfrunt",
5916 "description": "Scanner to identify misconfigured CloudFront domains",
5917 "language": "Python",
5918 "price": "Free",
5919 "online": "False"
5920 },
5921 {
5922 "name": "CMSeek",
5923 "source": "https://github.com/Tuhinshubhra/CMSeeK",
5924 "description": "CMS detection and exploitation suite; capable of detecting more than 130 CMS",
5925 "language": "Python",
5926 "price": "Free",
5927 "online": "False"
5928 },
5929 {
5930 "name": "CMSmap",
5931 "source": "https://github.com/Dionach/CMSmap",
5932 "description": "WordPress, Joomla, Drupal, Moodle CMS security scanner",
5933 "language": "Python",
5934 "price": "Free",
5935 "online": "False"
5936 },
5937 {
5938 "name": "CMSScan",
5939 "source": "https://github.com/ajinabraham/CMSScan",
5940 "description": "Wordpress, Drupal, Joomla, vBulletin CMS security scanner with dashboard",
5941 "language": "Python",
5942 "price": "Free",
5943 "online": "False"
5944 },
5945 {
5946 "name": "commix",
5947 "website": "http://www.commixproject.com/",
5948 "source": "https://github.com/commixproject/commix",
5949 "description": "Web-based command injection tester",
5950 "language": "Python",
5951 "price": "Free",
5952 "online": "False"
5953 },
5954 {
5955 "name": "CSP Evaluator",
5956 "website": "https://csp-evaluator.withgoogle.com/",
5957 "source": "https://github.com/google/csp-evaluator",
5958 "description": "Check Content Security Policy (CSP) configuration and assists with the reviewing process",
5959 "language": "JavaScript",
5960 "price": "Free",
5961 "online": "False"
5962 },
5963 {
5964 "name": "CSWSH",
5965 "website": "http://ironwasp.org/cswsh.html",
5966 "description": "Cross-Site WebSocket Hijacking Tester",
5967 "price": "Free",
5968 "online": "False"
5969 },
5970 {
5971 "name": "dirb",
5972 "website": "http://dirb.sourceforge.net/",
5973 "source": "https://sourceforge.net/projects/dirb/",
5974 "description": "Web directory and file scanner (wordlist bruteforce)",
5975 "price": "Free",
5976 "online": "False"
5977 },
5978 {
5979 "name": "dirsearch",
5980 "source": "https://github.com/maurosoria/dirsearch",
5981 "description": "Web directory and file scanner (wordlist bruteforce)",
5982 "language": "Python",
5983 "price": "Free",
5984 "online": "False"
5985 },
5986 {
5987 "name": "distributed-jwt-cracker",
5988 "website": "https://lmammino.github.io/distributed-jwt-cracker/",
5989 "source": "https://github.com/lmammino/distributed-jwt-cracker",
5990 "description": "HS256 JWT token distributed brute force cracker",
5991 "language": "JavaScript",
5992 "price": "Free",
5993 "online": "False"
5994 },
5995 {
5996 "name": "docem",
5997 "source": "https://github.com/whitel1st/docem",
5998 "description": "Uility to embed XXE and XSS payloads in docx, odt, pptx, etc",
5999 "language": "Python",
6000 "price": "Free",
6001 "online": "False"
6002 },
6003 {
6004 "name": "DotDotPwn",
6005 "website": "http://dotdotpwn.blogspot.fr/",
6006 "source": "https://github.com/wireghoul/dotdotpwn",
6007 "description": "Directory Traversal fuzzer",
6008 "language": "Perl",
6009 "price": "Free",
6010 "online": "False"
6011 },
6012 {
6013 "name": "droopescan",
6014 "source": "https://github.com/droope/droopescan",
6015 "description": "CMS scanner supporting SilverStripe and Wordpress, having partial support for Joomla, Moodle, Drupal",
6016 "language": "Python",
6017 "price": "Free",
6018 "online": "False"
6019 },
6020 {
6021 "name": "drupwn",
6022 "source": "https://github.com/immunIT/drupwn",
6023 "description": "Drupal CMS enumeration and exploitation tool",
6024 "language": "Python",
6025 "price": "Free",
6026 "online": "False"
6027 },
6028 {
6029 "name": "dvcs-ripper",
6030 "source": "https://github.com/kost/dvcs-ripper",
6031 "description": "Dump web accessible (distributed) version control systems (DVCS/VCS): SVN, GIT, Mercurial/hg, Bazaar/bzr, …",
6032 "language": "Perl",
6033 "price": "Free",
6034 "online": "False"
6035 },
6036 {
6037 "name": "Enemies Of Symfony",
6038 "source": "https://github.com/synacktiv/eos",
6039 "description": "Loots information from a Symfony target using profiler",
6040 "language": "Python",
6041 "price": "Free",
6042 "online": "False"
6043 },
6044 {
6045 "name": "EyeWitness",
6046 "source": "https://github.com/FortyNorthSecurity/EyeWitness",
6047 "description": "Take screenshots of websites, provide some server header info, and identify default credentials if possible",
6048 "language": "Python",
6049 "price": "Free",
6050 "online": "False"
6051 },
6052 {
6053 "name": "ffuf",
6054 "source": "https://github.com/ffuf/ffuf",
6055 "description": "Web directory and file scanner (wordlist bruteforce)",
6056 "language": "Go",
6057 "price": "Free",
6058 "online": "False"
6059 },
6060 {
6061 "name": "Fingerprinter",
6062 "source": "https://github.com/erwanlr/Fingerprinter",
6063 "description": "CMS version detection tool",
6064 "language": "Ruby",
6065 "price": "Free",
6066 "online": "False"
6067 },
6068 {
6069 "name": "Flask Session Cookie Decoder/Encoder",
6070 "source": "https://github.com/noraj/flask-session-cookie-manager",
6071 "description": "A script that let you encode and decode a Flask session cookie",
6072 "language": "Python",
6073 "price": "Free",
6074 "online": "False"
6075 },
6076 {
6077 "name": "FockCache",
6078 "source": "https://github.com/tismayil/fockcache",
6079 "description": "Test Cache Poisoning",
6080 "language": "Fo",
6081 "price": "Free",
6082 "online": "False"
6083 },
6084 {
6085 "name": "Fuzzapi",
6086 "source": "https://github.com/Fuzzapi/API-fuzzer",
6087 "description": "Web-UI for API-fuzzer",
6088 "language": "Ruby",
6089 "price": "Free",
6090 "online": "False"
6091 },
6092 {
6093 "name": "git-dump",
6094 "source": "https://github.com/bahamas10/node-git-dump",
6095 "description": "Dump the contents of a remote git repository without directory listing enabled",
6096 "language": "JavaScript",
6097 "price": "Free",
6098 "online": "False"
6099 },
6100 {
6101 "name": "GitTools",
6102 "source": "https://github.com/internetwache/GitTools",
6103 "description": "3 tools: Finder (find websites with .git repository exposed), Dumper (dump exposed .git), Extractor (extract commits and their content from a broken repository)",
6104 "language": "Shell",
6105 "price": "Free",
6106 "online": "False"
6107 },
6108 {
6109 "name": "Gobuster",
6110 "source": "https://github.com/OJ/gobuster",
6111 "description": "Web directory, file and DNS scanner (wordlist bruteforce)",
6112 "language": "Go",
6113 "price": "Free",
6114 "online": "False"
6115 },
6116 {
6117 "name": "Gopherus",
6118 "source": "https://github.com/tarunkant/Gopherus",
6119 "description": "Generates gopher link for exploiting SSRF and gaining RCE access from unprotected services",
6120 "language": "Python",
6121 "price": "Free",
6122 "online": "False"
6123 },
6124 {
6125 "name": "Guppy Proxy",
6126 "source": "https://github.com/roglew/guppy-proxy",
6127 "description": "GUI HTTP intercepting proxy based on Pappy Proxy",
6128 "language": "Python",
6129 "price": "Free",
6130 "online": "False"
6131 },
6132 {
6133 "name": "Hookbin",
6134 "website": "https://hookbin.com/",
6135 "source": "https://github.com/ssteveli/hookbin",
6136 "description": "HTTP request collector and inspector",
6137 "language": "Java",
6138 "price": "Free",
6139 "online": "True"
6140 },
6141 {
6142 "name": "HUNT",
6143 "source": "https://github.com/bugcrowd/HUNT",
6144 "description": "HUNT Suite is a collection of Burp Suite Pro/Free and OWASP ZAP extensions",
6145 "language": "Python",
6146 "price": "Free",
6147 "online": "True"
6148 },
6149 {
6150 "name": "IronWASP",
6151 "website": "http://ironwasp.org/index.html",
6152 "source": "https://github.com/Lavakumar/IronWASP",
6153 "description": "Web security/vulnerability scanner (native for Windows only)",
6154 "language": "C",
6155 "price": "Free",
6156 "online": "False"
6157 },
6158 {
6159 "name": "Jaeles",
6160 "website": "https://jaeles-project.github.io/",
6161 "source": "https://github.com/jaeles-project/jaeles",
6162 "description": "Framework for building your own Web Application Scanner",
6163 "language": "Go",
6164 "price": "Free",
6165 "online": "False"
6166 },
6167 {
6168 "name": "JWT cracker",
6169 "source": "https://github.com/brendan-rius/c-jwt-cracker",
6170 "description": "Multi-threaded JWT brute-force cracker",
6171 "language": "C",
6172 "price": "Free",
6173 "online": "False"
6174 },
6175 {
6176 "name": "jwt-cracker",
6177 "website": "https://lmammino.github.io/jwt-cracker/",
6178 "source": "https://github.com/lmammino/jwt-cracker",
6179 "description": "HS256 JWT token brute force cracker",
6180 "language": "JavaScript",
6181 "price": "Free",
6182 "online": "False"
6183 },
6184 {
6185 "name": "jwt_tool",
6186 "source": "https://github.com/ticarpi/jwt_tool",
6187 "description": "A toolkit for validating, forging and cracking JWT tokens",
6188 "language": "Python",
6189 "price": "Free",
6190 "online": "False"
6191 },
6192 {
6193 "name": "jwtcat",
6194 "source": "https://github.com/AresS31/jwtcat",
6195 "description": "JWT brute-force cracker",
6196 "language": "Python",
6197 "price": "Free",
6198 "online": "False"
6199 },
6200 {
6201 "name": "Liffy",
6202 "source": "https://github.com/mzfr/liffy",
6203 "description": "LFI exploitation tool",
6204 "language": "Python",
6205 "price": "Free",
6206 "online": "False"
6207 },
6208 {
6209 "name": "LFI Freak",
6210 "source": "https://github.com/OsandaMalith/LFiFreak/",
6211 "description": "LFI scan and exploit tool",
6212 "language": "Python",
6213 "price": "Free",
6214 "online": "False"
6215 },
6216 {
6217 "name": "LFI Suite",
6218 "source": "https://github.com/D35m0nd142/LFISuite",
6219 "description": "Automatic LFI scanner and exploiter",
6220 "language": "Python",
6221 "price": "Free",
6222 "online": "False"
6223 },
6224 {
6225 "name": "LightBulb",
6226 "website": "https://lightbulb-framework.github.io/",
6227 "source": "https://github.com/lightbulb-framework/lightbulb-framework",
6228 "description": "Framework for auditing web application firewalls and filters",
6229 "language": "Python",
6230 "price": "Free",
6231 "online": "False"
6232 },
6233 {
6234 "name": "Kadimus",
6235 "source": "https://github.com/P0cL4bs/Kadimus",
6236 "description": "LFI, RFI, RCE scanner",
6237 "language": "C",
6238 "price": "Free",
6239 "online": "False"
6240 },
6241 {
6242 "name": "Malzilla",
6243 "website": "http://malzilla.sourceforge.net/",
6244 "source": "https://sourceforge.net/projects/malzilla/",
6245 "description": "Web oriented deobfuscating tool",
6246 "price": "Free",
6247 "online": "False"
6248 },
6249 {
6250 "name": "mitmproxy",
6251 "website": "https://mitmproxy.org/",
6252 "source": "https://github.com/mitmproxy/mitmproxy",
6253 "description": "Interactive HTTPS proxy",
6254 "language": "Python",
6255 "price": "Free",
6256 "online": "False"
6257 },
6258 {
6259 "name": "Mockbin",
6260 "website": "http://mockbin.org/",
6261 "source": "https://github.com/Kong/mockbin",
6262 "description": "HTTP request collector and inspector",
6263 "language": "JavaScript",
6264 "price": "Free",
6265 "online": "True"
6266 },
6267 {
6268 "name": "Netsparker",
6269 "website": "https://www.netsparker.com/",
6270 "description": "Web application security scanner",
6271 "price": "Paid",
6272 "online": "True"
6273 },
6274 {
6275 "name": "nikto",
6276 "website": "https://cirt.net/Nikto2",
6277 "source": "https://github.com/sullo/nikto",
6278 "description": "Very light web security scanner",
6279 "language": "Perl",
6280 "price": "Free",
6281 "online": "False"
6282 },
6283 {
6284 "name": "NoSQLMap",
6285 "source": "https://github.com/codingo/NoSQLMap",
6286 "description": "Automated NoSQL database enumeration and web application exploitation tool",
6287 "language": "Python",
6288 "price": "Free",
6289 "online": "False"
6290 },
6291 {
6292 "name": "Nosql-Exploitation-Framework",
6293 "source": "https://github.com/torque59/Nosql-Exploitation-Framework",
6294 "description": "NoSQL scanning and exploitation framework",
6295 "language": "Python",
6296 "price": "Free",
6297 "online": "False"
6298 },
6299 {
6300 "name": "otori",
6301 "website": "http://www.beneaththewaves.net/Software/On_The_Outside_Reaching_In.html",
6302 "description": "On The Outside, Reaching In, exploitation toolbox for XXE attacks",
6303 "language": "Python",
6304 "price": "Free",
6305 "online": "False"
6306 },
6307 {
6308 "name": "OWASP JoomScan",
6309 "source": "https://github.com/rezasp/joomscan",
6310 "description": "Joomla vulnerability scanner",
6311 "language": "Perl",
6312 "price": "Free",
6313 "online": "False"
6314 },
6315 {
6316 "name": "OWASP ZAP",
6317 "website": "https://www.owasp.org/index.php/Projects/OWASP_Zed_Attack_Proxy_Project",
6318 "source": "https://github.com/zaproxy/zaproxy",
6319 "description": "OWASP Zed Attack Proxy, intercepting proxy to replay, inject, scan and fuzz HTTP requests",
6320 "language": "Java",
6321 "price": "Free",
6322 "online": "False"
6323 },
6324 {
6325 "name": "oxml_xxe",
6326 "source": "https://github.com/BuffaloWill/oxml_xxe",
6327 "description": "Tool for embedding XXE/XML exploits into different filetypes (docx/xlsx, odt/ods, svg, xml, etc.)",
6328 "language": "Ruby",
6329 "price": "Free",
6330 "online": "False"
6331 },
6332 {
6333 "name": "Panoptic",
6334 "website": "http://websec.ca/blog/view/panoptic",
6335 "source": "https://github.com/lightos/Panoptic",
6336 "description": "Automatic LFI and Path Traversal exploitation tool",
6337 "language": "Python",
6338 "price": "Free",
6339 "online": "False"
6340 },
6341 {
6342 "name": "Pappy Proxy",
6343 "website": "http://www.pappyproxy.com",
6344 "source": "https://github.com/roglew/pappy-proxy",
6345 "description": "Proxy Attack Proxy ProxY, HTTP intercepting proxy",
6346 "language": "Python",
6347 "price": "Free",
6348 "online": "False"
6349 },
6350 {
6351 "name": "ParamSpider",
6352 "source": "https://github.com/devanshbatham/ParamSpider",
6353 "description": "Finds parameters from web archives of the entered domain",
6354 "language": "Python",
6355 "price": "Free",
6356 "online": "False"
6357 },
6358 {
6359 "name": "Paros",
6360 "source": "https://sourceforge.net/projects/paros/",
6361 "description": "Intercepting proxy to replay, inject, scan and fuzz HTTP requests",
6362 "language": "Java",
6363 "price": "Free",
6364 "online": "False"
6365 },
6366 {
6367 "name": "PHPGGC",
6368 "source": "https://github.com/ambionics/phpggc",
6369 "description": "PHP Generic Gadget Chains, library of unserialize() payloads along with a tool to generate them, supporting various PHP frameworks",
6370 "language": "PHP",
6371 "price": "Free",
6372 "online": "False"
6373 },
6374 {
6375 "name": "Portswigger Labs Inspector",
6376 "website": "http://portswigger-labs.net/hackability/inspector/",
6377 "description": "Javascript expression evaluator and inspector",
6378 "language": "JavaScript",
6379 "price": "Free",
6380 "online": "True"
6381 },
6382 {
6383 "name": "PowerUpSQL",
6384 "source": "https://github.com/NetSPI/PowerUpSQL",
6385 "description": "Toolkit for attacking MS SQL Server, discovery, configuration auditing, privilege escalation, post exploitation",
6386 "language": "Powershell",
6387 "price": "Free",
6388 "online": "False"
6389 },
6390 {
6391 "name": "Rabid",
6392 "website": "https://noraj.github.io/rabid/",
6393 "source": "https://github.com/noraj/rabid",
6394 "description": "CLI tool and library allowing to simply decode all kind of BigIP cookies",
6395 "language": "Ruby",
6396 "price": "Free",
6397 "online": "True"
6398 },
6399 {
6400 "name": "RequestBin",
6401 "website": "https://requestbin.com/",
6402 "source": "https://github.com/Runscope/requestbin",
6403 "description": "HTTP request collector and inspector",
6404 "language": "Python",
6405 "price": "Free",
6406 "online": "True"
6407 },
6408 {
6409 "name": "See-SURF",
6410 "source": "https://github.com/In3tinct/See-SURF",
6411 "description": "SSRF scanner to find entry points",
6412 "language": "Python",
6413 "price": "Free",
6414 "online": "False"
6415 },
6416 {
6417 "name": "Simple Local File Inclusion Exploiter",
6418 "website": "https://packetstormsecurity.com/files/96056/Simple-Local-File-Inclusion-Exploiter.0.html",
6419 "source": "https://packetstormsecurity.com/files/download/96056/lfi_sploiter.py.txt",
6420 "description": "LFI exploit tool",
6421 "language": "Python",
6422 "price": "Free",
6423 "online": "False"
6424 },
6425 {
6426 "name": "Sitadel",
6427 "source": "https://github.com/shenril/Sitadel",
6428 "description": "Web application security scanner, rewrite and newer version of WAScan",
6429 "language": "Python",
6430 "price": "Free",
6431 "online": "False"
6432 },
6433 {
6434 "name": "SleuthQL",
6435 "source": "https://github.com/RhinoSecurityLabs/SleuthQL",
6436 "description": "Tool that parses Burp history to discover potential SQL injection points and prepare SQLmap request files",
6437 "language": "Python",
6438 "price": "Free",
6439 "online": "False"
6440 },
6441 {
6442 "name": "snallygaster",
6443 "source": "https://github.com/hannob/snallygaster",
6444 "description": "Web scanner that looks for files accessible on web servers that shouldn't be public",
6445 "language": "Python",
6446 "price": "Free",
6447 "online": "False"
6448 },
6449 {
6450 "name": "sqlmap",
6451 "website": "http://sqlmap.org/",
6452 "source": "https://github.com/sqlmapproject/sqlmap",
6453 "description": "Automatic SQL injection tool",
6454 "language": "Python",
6455 "price": "Free",
6456 "online": "False"
6457 },
6458 {
6459 "name": "SQLiv",
6460 "source": "https://github.com/Hadesy2k/sqliv",
6461 "description": "SQL injection scanner, find vulnerable entry points",
6462 "language": "Python",
6463 "price": "Free",
6464 "online": "False"
6465 },
6466 {
6467 "name": "SSLyze",
6468 "source": "https://github.com/nabla-c0d3/sslyze",
6469 "description": "SSL analysis library and a CLI tools",
6470 "language": "Python",
6471 "price": "Free",
6472 "online": "False"
6473 },
6474 {
6475 "name": "SSRF Proxy",
6476 "source": "https://github.com/bcoles/ssrf_proxy",
6477 "description": "Facilitates tunneling HTTP communications through servers vulnerable to SSRF",
6478 "language": "Ruby",
6479 "price": "Free",
6480 "online": "False"
6481 },
6482 {
6483 "name": "SSRFmap",
6484 "source": "https://github.com/swisskyrepo/SSRFmap",
6485 "description": "Automatic SSRF fuzzer and exploitation tool",
6486 "language": "Python",
6487 "price": "Free",
6488 "online": "False"
6489 },
6490 {
6491 "name": "testssl.sh",
6492 "website": "https://testssl.sh/",
6493 "source": "https://github.com/drwetter/testssl.sh/",
6494 "description": "TLS/SSL scanner to find weak cipherss, protocols or flaws",
6495 "language": "Shell",
6496 "price": "Free",
6497 "online": "False"
6498 },
6499 {
6500 "name": "TIDoS Framework",
6501 "source": "https://github.com/theInfectedDrake/TIDoS-Framework",
6502 "description": "Comprehensive web-app audit framework",
6503 "language": "Python",
6504 "price": "Free",
6505 "online": "False"
6506 },
6507 {
6508 "name": "Tracy",
6509 "source": "https://github.com/nccgroup/tracy",
6510 "description": "Tool that help to manually find XSS",
6511 "language": "Go",
6512 "price": "Free",
6513 "online": "False"
6514 },
6515 {
6516 "name": "tplmap",
6517 "source": "https://github.com/epinna/tplmap",
6518 "description": "SSTI and code injection detection and exploitation tool",
6519 "language": "Python",
6520 "price": "Free",
6521 "online": "False"
6522 },
6523 {
6524 "name": "Uniscan",
6525 "source": "https://sourceforge.net/projects/uniscan/",
6526 "description": "RFI, LFi and RCE scanner",
6527 "language": "Perl",
6528 "price": "Free",
6529 "online": "False"
6530 },
6531 {
6532 "name": "V3n0M",
6533 "source": "https://github.com/v3n0m-Scanner/V3n0M-Scanner",
6534 "description": "Web dork and vulnerability scanner",
6535 "language": "Python",
6536 "price": "Free",
6537 "online": "False"
6538 },
6539 {
6540 "name": "Vega",
6541 "website": "https://subgraph.com/vega/",
6542 "source": "https://github.com/subgraph/Vega",
6543 "description": "Multi-platform web scanner and intercepting proxy",
6544 "language": "Java",
6545 "price": "Free",
6546 "online": "False"
6547 },
6548 {
6549 "name": "VOOKI",
6550 "website": "https://www.vegabird.com/vooki/",
6551 "description": "Windows only web application and REST API vulnerability scanner",
6552 "price": "Free",
6553 "online": "False"
6554 },
6555 {
6556 "name": "w3af",
6557 "website": "http://w3af.org/",
6558 "source": "https://github.com/andresriancho/w3af",
6559 "description": "Web application attack and audit framework, web-oriented security scanner",
6560 "language": "Python",
6561 "price": "Free",
6562 "online": "False"
6563 },
6564 {
6565 "name": "WAFNinja",
6566 "source": "https://github.com/khalilbijjou/WAFNinja",
6567 "description": "WAF bypassing tool",
6568 "language": "Python",
6569 "price": "Free",
6570 "online": "False"
6571 },
6572 {
6573 "name": "wapiti",
6574 "website": "http://wapiti.sourceforge.net/",
6575 "source": "https://sourceforge.net/projects/wapiti/",
6576 "description": "Web-oriented vulnerability scanner, can generates reports",
6577 "price": "Free",
6578 "online": "False"
6579 },
6580 {
6581 "name": "WAScan",
6582 "source": "https://github.com/m4ll0k/WAScan",
6583 "description": "Web application security scanner",
6584 "language": "Python",
6585 "price": "Free",
6586 "online": "False"
6587 },
6588 {
6589 "name": "Webhook Tester",
6590 "website": "https://webhook.site/",
6591 "source": "https://github.com/fredsted/webhook.site",
6592 "description": "HTTP request collector and inspector",
6593 "language": "PHP",
6594 "price": "Free",
6595 "online": "True"
6596 },
6597 {
6598 "name": "Weevely",
6599 "source": "https://github.com/epinna/weevely3",
6600 "description": "Web shell for post-exploitation working with a PHP agent",
6601 "language": "Python",
6602 "price": "Free",
6603 "online": "False"
6604 },
6605 {
6606 "name": "WPScan",
6607 "website": "https://wpscan.org/",
6608 "source": "https://github.com/wpscanteam/wpscan",
6609 "description": "WordPress CMS vulnerability scanner",
6610 "language": "Ruby",
6611 "price": "Free",
6612 "online": "True"
6613 },
6614 {
6615 "name": "Wfuzz",
6616 "website": "http://wfuzz.org/",
6617 "source": "https://github.com/xmendez/wfuzz/",
6618 "description": "Web application fuzzer framework",
6619 "language": "Python",
6620 "price": "Free",
6621 "online": "False"
6622 },
6623 {
6624 "name": "What CMS",
6625 "website": "https://whatcms.org/",
6626 "description": "Service able to detect more than 430 CMS, find version used for some CMS, has an API for batch detection",
6627 "price": "Free",
6628 "online": "True"
6629 },
6630 {
6631 "name": "WhatWeb",
6632 "website": "https://www.morningstarsecurity.com/research/whatweb",
6633 "source": "https://github.com/urbanadventurer/WhatWeb",
6634 "description": "Web scanner, recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices, also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more",
6635 "language": "Ruby",
6636 "price": "Free",
6637 "online": "False"
6638 },
6639 {
6640 "name": "wikto",
6641 "source": "https://github.com/sensepost/wikto",
6642 "description": "Nikto for Windows; web security scanner",
6643 "language": "CSharp",
6644 "price": "Free",
6645 "online": "False"
6646 },
6647 {
6648 "name": "WitnessMe",
6649 "source": "https://github.com/byt3bl33d3r/WitnessMe",
6650 "description": "Take screenshots of websites, provide some server header info, and identify default credentials if possible",
6651 "language": "Python",
6652 "price": "Free",
6653 "online": "False"
6654 },
6655 {
6656 "name": "WS-Attacker",
6657 "source": "https://github.com/RUB-NDS/WS-Attacker",
6658 "description": "Modular framework for SOAP web services penetration testing",
6659 "language": "Java",
6660 "price": "Free",
6661 "online": "False"
6662 },
6663 {
6664 "name": "WSFuzzer",
6665 "website": "https://www.owasp.org/index.php/Category:OWASP_WSFuzzer_Project",
6666 "source": "https://sourceforge.net/projects/wsfuzzer/",
6667 "description": "Fuzzing penetration testing tool for testing HTTP SOAP based web services",
6668 "language": "Python",
6669 "price": "Free",
6670 "online": "False"
6671 },
6672 {
6673 "name": "WSSAT",
6674 "website": "http://yalcinyolalan.github.io/WSSAT/",
6675 "source": "https://github.com/YalcinYolalan/WSSAT",
6676 "description": "Web Service Security Assessment Tool; WS, REST API, SOAP API dynamic scanner",
6677 "language": "CSharp",
6678 "price": "Free",
6679 "online": "False"
6680 },
6681 {
6682 "name": "XAttacker",
6683 "source": "https://github.com/Moham3dRiahi/XAttacker",
6684 "description": "CMS detection and exploitation suite",
6685 "language": "Perl",
6686 "price": "Free",
6687 "online": "False"
6688 },
6689 {
6690 "name": "XCat",
6691 "website": "https://xcat.readthedocs.org/",
6692 "source": "https://github.com/orf/xcat",
6693 "description": "Automate XPath injection/XXE attacks to retrieve documents",
6694 "language": "Python",
6695 "price": "Free",
6696 "online": "False"
6697 },
6698 {
6699 "name": "Xenotix",
6700 "website": "https://xenotix.in/",
6701 "source": "https://github.com/ajinabraham/OWASP-Xenotix-XSS-Exploit-Framework",
6702 "description": "XSS detection and exploit framework (Windows only)",
6703 "language": "Python",
6704 "price": "Free",
6705 "online": "False"
6706 },
6707 {
6708 "name": "Xray",
6709 "website": "https://xray.cool/xray/#/en-us/generic/README",
6710 "source": "https://github.com/chaitin/xray",
6711 "description": "Web security scanner (XSS, SQLi, SSRF, XXE, etc.)",
6712 "language": "Go",
6713 "price": "Free",
6714 "online": "False"
6715 },
6716 {
6717 "name": "XSpear",
6718 "source": "https://github.com/hahwul/XSpear",
6719 "description": "XSS Scanner",
6720 "language": "Ruby",
6721 "price": "Free",
6722 "online": "False"
6723 },
6724 {
6725 "name": "XSRFProbe",
6726 "source": "https://github.com/0xInfection/XSRFProbe",
6727 "description": "Advanced Cross Site Request Forgery (CSRF/XSRF) audit and exploitation toolkit",
6728 "language": "Python",
6729 "price": "Free",
6730 "online": "False"
6731 },
6732 {
6733 "name": "XSS hunter",
6734 "website": "https://xsshunter.com/",
6735 "description": "XSS probes host for finding blind XSS",
6736 "price": "Free",
6737 "online": "True"
6738 },
6739 {
6740 "name": "XSS'OR",
6741 "website": "http://evilcos.me/lab/xssor/",
6742 "source": "https://github.com/evilcos/xssor",
6743 "description": "Multi-purpose tool for XSS or JavaScript analysis",
6744 "language": "JavaScript",
6745 "price": "Free",
6746 "online": "True"
6747 },
6748 {
6749 "name": "XSS'OR 2",
6750 "website": "http://xssor.io/",
6751 "source": "https://github.com/evilcos/xssor2",
6752 "description": "Multi-purpose tool for XSS or JavaScript analysis",
6753 "language": "JavaScript",
6754 "price": "Free",
6755 "online": "True"
6756 },
6757 {
6758 "name": "XSSCon",
6759 "source": "https://github.com/menkrep1337/XSSCon",
6760 "description": "XSS automatic scanner",
6761 "language": "Python",
6762 "price": "Free",
6763 "online": "False"
6764 },
6765 {
6766 "name": "XSSer",
6767 "website": "https://xsser.03c8.net/",
6768 "source": "https://github.com/epsylon/xsser",
6769 "description": "XSS automatic scanner and exploiter",
6770 "language": "Python",
6771 "price": "Free",
6772 "online": "False"
6773 },
6774 {
6775 "name": "XSStrike",
6776 "source": "https://github.com/s0md3v/XSStrike",
6777 "description": "XSS detection tool, parser, payload generator, fuzzing engine, crawler",
6778 "language": "Python",
6779 "price": "Free",
6780 "online": "False"
6781 },
6782 {
6783 "name": "XXEinjector",
6784 "source": "https://github.com/enjoiz/XXEinjector",
6785 "description": "Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods",
6786 "language": "Ruby",
6787 "price": "Free",
6788 "online": "False"
6789 },
6790 {
6791 "name": "xxeserv",
6792 "source": "https://github.com/staaldraad/xxeserv",
6793 "description": "HTTP and FTP server for OOB XXE attacks",
6794 "language": "Go",
6795 "price": "Free",
6796 "online": "False"
6797 },
6798 {
6799 "name": "XXExploiter",
6800 "website": "https://luisfontes19.github.io/xxexploiter/",
6801 "source": "https://github.com/luisfontes19/xxexploiter",
6802 "description": "Generates XML payloads, and automatically starts a server to serve the needed DTD's or to do data exfiltration for XXE attacks",
6803 "language": "JavaScript",
6804 "price": "Free",
6805 "online": "False"
6806 },
6807 {
6808 "name": "xxxpwn",
6809 "source": "https://github.com/feakk/xxxpwn",
6810 "description": "XPath injection tool, designed for blind injection",
6811 "language": "Python",
6812 "price": "Free",
6813 "online": "False"
6814 },
6815 {
6816 "name": "xxxpwn_smart",
6817 "source": "https://github.com/aayla-secura/xxxpwn_smart",
6818 "description": "XPath injection tool, fork of xxxpwn adding further optimizations and tweaks, uses predictive text based on a dictionary of words/phrases vs frequencies of occurrence",
6819 "language": "Python",
6820 "price": "Free",
6821 "online": "False"
6822 },
6823 {
6824 "name": "YASUO",
6825 "source": "https://github.com/0xsauby/yasuo",
6826 "description": "Scans for vulnerable & exploitable 3rd-party web applications",
6827 "language": "Ruby",
6828 "price": "Free",
6829 "online": "False"
6830 }
6831 ]
6832 },
6833 "wireless": {
6834 "tools": [
6835 {
6836 "name": "Aircrack-Ng",
6837 "website": "http://www.aircrack-ng.org/",
6838 "source": "https://github.com/aircrack-ng/aircrack-ng",
6839 "description": "Suite of tools to assess WiFi network security (cracking WEP and WPA PSK)",
6840 "language": "C",
6841 "price": "Free",
6842 "online": "False"
6843 },
6844 {
6845 "name": "BtleJack",
6846 "source": "https://github.com/virtualabs/btlejack",
6847 "description": "Bluetooth Low Energy Swiss-army knife",
6848 "language": "Python",
6849 "price": "Free",
6850 "online": "False"
6851 },
6852 {
6853 "name": "Crunch-Cracker",
6854 "source": "https://github.com/KURO-CODE/Crunch-Cracker",
6855 "description": "Wordlist generator and Wi-Fi cracker",
6856 "language": "Shell",
6857 "price": "Free",
6858 "online": "False"
6859 },
6860 {
6861 "name": "Fluxion",
6862 "website": "https://fluxionnetwork.github.io/fluxion/",
6863 "source": "https://github.com/FluxionNetwork/fluxion",
6864 "description": "MITM WPA attack tool",
6865 "language": "Shell",
6866 "price": "Free",
6867 "online": "False"
6868 },
6869 {
6870 "name": "FruityWiFi",
6871 "source": "https://github.com/xtr4nge/FruityWifi",
6872 "description": "Wireless network auditing tool controlled by a web interface",
6873 "language": "PHP",
6874 "price": "Free",
6875 "online": "False"
6876 },
6877 {
6878 "name": "Hijacker",
6879 "source": "https://github.com/chrisk44/Hijacker",
6880 "description": "Android GUI for Aircrack, Airodump, Aireplay, MDK3 and Reaver",
6881 "language": "Java",
6882 "price": "Free",
6883 "online": "False"
6884 },
6885 {
6886 "name": "Infernal-Wireless",
6887 "source": "https://github.com/entropy1337/infernal-twin",
6888 "description": "Automated wireless hacking tool ",
6889 "language": "Python",
6890 "price": "Free",
6891 "online": "False"
6892 },
6893 {
6894 "name": "MDK3-master",
6895 "source": "https://github.com/wi-fi-analyzer/mdk3-master",
6896 "description": "PoC tool to exploit common IEEE 802.11 protocol weaknesses",
6897 "language": "C",
6898 "price": "Free",
6899 "online": "False"
6900 },
6901 {
6902 "name": "MDK4",
6903 "source": "https://github.com/aircrack-ng/mdk4",
6904 "description": "PoC tool to exploit common IEEE 802.11 protocol weaknesses",
6905 "language": "C",
6906 "price": "Free",
6907 "online": "False"
6908 },
6909 {
6910 "name": "Modmobjam",
6911 "source": "https://github.com/Synacktiv/Modmobjam",
6912 "description": "Cellular networks jamming PoC for mobile equipments",
6913 "language": "Python",
6914 "price": "Free",
6915 "online": "False"
6916 },
6917 {
6918 "name": "Modmobmap",
6919 "source": "https://github.com/Synacktiv/Modmobmap",
6920 "description": "Tool to retrieve information of cellular networks",
6921 "language": "Python",
6922 "price": "Free",
6923 "online": "False"
6924 },
6925 {
6926 "name": "reaver-wps",
6927 "source": "https://code.google.com/archive/p/reaver-wps/",
6928 "description": "Bruteforce WPS tool",
6929 "language": "C",
6930 "price": "Free",
6931 "online": "False"
6932 },
6933 {
6934 "name": "reaver-wps (t6x fork)",
6935 "source": "https://github.com/t6x/reaver-wps-fork-t6x",
6936 "description": "Bruteforce WPS tool",
6937 "language": "C",
6938 "price": "Free",
6939 "online": "False"
6940 },
6941 {
6942 "name": "trackerjacker",
6943 "source": "https://github.com/calebmadrigal/trackerjacker",
6944 "description": "Tool for mapping and tacking wifi networks and devices through raw 802.11 monitoring",
6945 "language": "Python",
6946 "price": "Free",
6947 "online": "False"
6948 },
6949 {
6950 "name": "Wifi-Biter",
6951 "source": "https://github.com/IxAmxZer0/Wifi-Biter",
6952 "description": "Dictionary generator used to generate dictionaries/wordlist for Wireless Router Passwords",
6953 "language": "Python",
6954 "price": "Free",
6955 "online": "False"
6956 },
6957 {
6958 "name": "wifijammer",
6959 "source": "https://github.com/DanMcInerney/wifijammer",
6960 "description": "Script to jam wifi clients and access points",
6961 "language": "Python",
6962 "price": "Free",
6963 "online": "False"
6964 },
6965 {
6966 "name": "wifite2",
6967 "source": "https://github.com/derv82/wifite2",
6968 "description": "Script for auditing wireless networks that runs existing wireless-auditing tools",
6969 "language": "Python",
6970 "price": "Free",
6971 "online": "False"
6972 }
6973 ]
6974 }
6975 }
6976}