This repository is a collection of hacker tools, resources, and links for vulnerability analysis. Most tools are UNIX-compliant, free, and open source.
🔭 OSINT:
Open-source intelligence (OSINT) is intelligence collected from publicly available sources.
- Sherlock
- theHarverest
- aquatone
- spiderfoot
- DNSstuff
- Builtwith
- infosniper
- who.is
- spyse
- onyphe
- urlscan
- scans
- shodan
- censys
- zoomeye
- R3CON1Z3R
🔨 SecAnalysisTools:
Vulnerability Analysis Software.
| Software | Category | Update Last 6 mouth |
|---|---|---|
| hydra | Password-cracker | |
| Archerysec | Vulnerability Assessment and Management | |
| Vuls | Vulnerability Assessment and Management | |
| Metasploit | Exploit Framework | |
| MobSF | Exploit Framework (for Mobile) | |
| git-secret | Cryptography | |
| truffleHog | Secret finding | |
| GitLeaks | Secret finding | |
| RedTeamScripts | C# scripts | |
| knock | Subdomain Enumeration | |
| SubDomainsBrute | Subdomain Enumeration | |
| SubDomain3 | Subdomain Enumeration | |
| domained | Subdomain Enumeration | |
| routerslpoit | Exploit Framework | |
| BeFF | Exploit Framework |
SAST:
| Software | Analyze Code | Update Last 6 mouth |
|---|---|---|
| Insider | Java, Kotlin, Swift, .NET, C#, Javascript | |
| SpotBugs | Java | |
| PVS-Studio | Multilanguage | |
| PMD | Multilanguage | |
| PHPvulnhunter | PHP | |
| FindSecBug | Java web, Andriod, Scala, Kotlin, Groovy | |
| codechecker | C/C++ | |
| cppcheck | C/C++ | |
| cobra | PHP,Java | |
| brakeman | Ruby on Rails | |
| SecCodeScan | C#, VB.NET | |
| Cascade | C# | |
| Bandit | Python | |
| LLVM Clang | C, Objective-C, C++ and Objective-C++ |
DAST, IAST:
| Software | Description | Update Last 6 mouth |
|---|---|---|
| Snyk | Scanner Source Code | |
| ScanOval | Application Vulnerabilities in XML files | |
| DefectDojo | Scanner Django | |
| Contrast | Application Scanner Framework | |
| CloudSploit | Analyze Cloud Infrastructure | |
| SonaQube | Application Scanner Framework | |
| WhiteSourceSoft | Application Scanner Framework | |
| PT Application Inspector | Application Scanner Framework |
Scanners:
| Software | Category | Update Last 6 mouth |
|---|---|---|
| Tsunami | Scanner | |
| WATOBO | Web Scanner | |
| Osmedeus | Scanner | |
| OneForAll | Scanner | |
| osprey | Web Scanner | |
| Xray | Web Scanner | |
| AZScanner | Scanner | |
| faraday | Scanner | |
| GroundScan | Scanner | |
| BBScan | Scanner | |
| AnyScan | Scanner | |
| WAScan | Web Scanner | |
| YukiChan | Scanner | |
| Poscan | Scanner | |
| w3af | Web Scanner | |
| sn1per | Scanner | |
| Scanless | Scanner | |
| NoSQLMap | NoSQL Scanner | |
| Nmap | Scanner | |
| NetSparker | Scanner | |
| Wapiti | Web Scanner | |
| Golismero | Scanner | |
| Nexpose | Scanner | |
| Raccoon | Scanner | |
| WhatWeb | Web Scanner | |
| Puma Scan | Scanner Analysis | |
| Arachni | Web Scanner | |
| Legion | Scanner | |
| Nessus | Scanner | |
| OpenVAS | Scanner | |
| Acuentrix | Scanner | |
| Nikto | Web Scanner | |
| Sqlmap | SQL Scanner | |
| Striker | Scanner | |
| Zaproxy | Web Scanner | |
| AutoRecon | Scanner |
📂 Vulnerability Database:
| Data | Description |
|---|---|
| CVE | Common Vulnerabilities and Exposures system provides a reference-method for publicly known information-security vulnerabilities and exposures |
| Exploitdb | The Exploit Database - Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more |
| 0day | 0day Today is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals |
| NVD NIST | NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP) |
| Vuldb | Vulnerability database documenting and explaining security vulnerabilities and exploits |
| Synk | Vulnerability database detailed information and remediation guidance for known vulnerabilities |
📋 ATT&CK tests by @atomic-red-team
- Windows tests by tactic (Windows.csv)
- MacOS tests by tactic (MacOS.csv)
- Linux tests by tactic (Linux.csv)