Penetration testing commands for Other
This section includes cybersecurity tools, frameworks, and resources that are valuable but do not fit neatly into the predefined categories.
| Name | Description | Price |
|---|---|---|
| ADB-Toolkit | Wrapper around adb to ease certain tasks | Free |
| ADeleg | Active Directory delegation management tool allowing to make a detailed inventory of delegations set up so far in a forest | Free |
| AppsecStudy | eLearning management system for information security | Free |
| Atheris | Coverage-guided Python fuzzing engine | Free |
| Avast Hack Check | Service to check if an account has been compromised in a data breach, send an email with the breaches not the password | Free |
| Axiom | Dynamic infrastructure framework to distribute the workload of many different scanning tools with ease | Free |
| BHQW | Extract information from BloodHound and Neo4J | Free |
| BQM | Bloodhound Query Merger; deduplicate custom BloudHound queries from different datasets and merge them in one customqueries.json file | Free |
| BreachDirectory | Service to check if an account has been compromised in a data breach, display the breaches, partial password and hash | Free |
| Cameradar | RTSP stream access; detect open hosts, device model, automated dictionary attacks on stream route and credentials | Free |
| ccs | Code Credential Scanner; scan a large, diverse codebase for hard-coded credentials, or credentials present in configuration files | Free |
| changedetection.io | Self-hosted website change detection tracking, monitoring and notification service | Free |
| ConvertHound | Convert BloodHound output files into nmap XML that can be imported into reporting software like Dradis and Plextrac | Free |
| ctf-party | Library to enhance and speed up script/exploit writing for CTF players | Free |
| CyberChef | Data manipulation toolkit in web browser | Free |
| cybernews personal data leak check | Service to check if an account has been compromised in a data breach, only tells if the account is compromised | Free |
| DeHashed | Service to check if an account has been compromised in a data breach | Paid |
| discover | Scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit | Free |
| DoubleTap | Headless browser in order to load pages and execute JavaScript that often generates things like dynamic nonces that validate the page was actually rendered by a human for password spraying | Free |
| doxycannon | Proxycannon and botnet, using docker, ovpn files, tor nodes, and dante socks5 proxies that may be used for password spraying | Free |
| F-Secure Identity Theft Checker | Service to check if an account has been compromised in a data breach, send an email with the breaches not the password | Free |
| Firefox Monitor | Service to check if an account has been compromised in a data breach, display the breaches not the password | Free |
| getsploit | CLI utility for searching and downloading exploits from Exploit-DB, Metasploit, Packetstorm and others | Free |
| GOAD | Game Of Active Directory is a test environment lab that includes all the common vulnerabilities of an active directory | Free |
| Godehashed | Uses the dehashed.com API to search for compromised assets | Free |
| gtfo | CLI for searching gtfobins and lolbas from the terminal | Free |
| GTFOBLookup | CLI for earching gtfobins and lolbas from the terminal; allows more advanced search than gtfo | Free |
| HackTools | Web browser extension (Chromium, Firefox, Safari) including common functions for web pentest | Free |
| Have I been pwned? | Service to check if an account has been compromised in a data breach, display the breaches not the password | Free |
| HiddenWall | Linux kernel module generator for custom rules with netfilter | Free |
| hideNsneak | CLI tool for ephemeral penetration testing, rapidly deploy and manage various cloud services | Free |
| HoundSploit | Graphical search engine for Exploit-DB | Free |
| Identity Leak Checker | Service to check if an account has been compromised in a data breach, send the breaches by email | Free |
| inlite | Scan QR-code, 1D, DataMatrix, Postal, PDF417, and more | Free |
| Interlace | Turn single threaded command line applications into a multi-threaded application with CIDR and glob support | Free |
| itdis | Is This Domain In Scope; a small tool that allows you to check if a list of domains you have been provided is in the scope of your pentest or not | Free |
| Leak Lookup | Service to check if an account has been compromised in a data breach, requires an account | Free |
| LOAD | Lord Of Active Directory is a test environment lab that includes all the common vulnerabilities of an active directory and deploys automatically on AWS; based on AWS-Redteam-Lab and GOAD | Free |
| Lookyloo | A web interface that allows you to capture a website page and display a tree of domains | Free |
| mec | MassExploitConsole; mass reconnaissance and exploitation framework | Free |
| Metasploit | Tool and framework for pentesting system, web and many more, contains a lot a ready to use exploit, 4 versions: Pro (paid), Express (paid), Community (free with GUI but on request), Framework (free, open source, CLI) | Paid |
| NameScan Email Compromised Check | Service to check if an account has been compromised in a data breach, display the breaches not the password | Free |
| objection | Runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak | Free |
| OpenVAS | Open Vulnerability Assessment Scanner | Free |
| Pass Station | CLI & library to search for default credentials among thousands of Products / Vendors | Free |
| PentestBox | Pre-configured portable penetration testing environment for Windows, all-in-one box | Free |
| PhoneSploit Pro | Remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session | Free |
| Pipal | Analyze password dump and return statistics about passwords' strength | Free |
| PWDQUERY | Service to check if an account has been compromised in a data breach, doesn't display breaches, partially display password | Free |
| rawsec_cli | Rawsec Inventory search CLI to find security tools and resources | Free |
| Reverse Shell Generator | Web-based reverse shell generator, includes features such as listener generation, raw mode, bind shell generation, msfvenom generation, payload encoding, many different languages, tools and shells supported | Free |
| Ronin | Toolkit for security research and development allowing for the rapid development and distribution of code, exploits, payloads, etc, via 3rd party git repositories | Free |
| ronin-exploits | A micro-framework for writing and running exploits | Free |
| ronin-payloads | A micro-framework for writing and running exploit payloads | Free |
| Scrounger | Mobile application testing toolkit, the mobile metasploit-like framework | Free |
| SearchSploit | CLI tool to search among Exploit-DB exploits | Free |
| Seccubus | Vulnerability scanning, reporting and analysis | Free |
| sploitctl | Fetch, install and search exploit archives from exploit sites like Packet Storm or Exploit-DB | Free |
| SprayingToolkit | Password spraying scripts for Lync/S4B and OWA | Free |
| Tool-X | Kali linux hacking tool installer | Free |
| unisec | Toolkit for security research manipulating Unicode: confusables, homoglyphs, hexdump, code point, UTF-8, UTF-16, UTF-32, properties, regexp search, size, grapheme, surrogates, version, ICU, CLDR, UCD | Free |
| Unredacter | Bruteforce to reverse the text of image redacted with pixelation blur | Free |
| v0lt | CTF toolkit / framework | Free |
| VBSmin | VBScript minifier | Free |
| webqr | Scan & create QR-code | Free |
| ysoserial | Tool for generating payloads that exploit unsafe Java object deserialization | Free |