Browse Source

updated 'Pentesters arsenal tools'

- signed-off-by: trimstray <>
trimstray 5 years ago
1 changed files with 7 additions and 0 deletions
  1. +7

+ 7
- 0 View File

@@ -747,6 +747,13 @@ Linux Security Expert</b></a> - trainings, howtos, checklists, security tools an
&nbsp;&nbsp;:small_orange_diamond: <a href=""><b>Nikto2</b></a> - web server scanner which performs comprehensive tests against web servers for multiple items.<br>
&nbsp;&nbsp;:small_orange_diamond: <a href=""><b>sqlmap</b></a> - tool that automates the process of detecting and exploiting SQL injection flaws.<br>
&nbsp;&nbsp;:small_orange_diamond: <a href=""><b>Faraday</b></a> - an Integrated Multiuser Pentest Environment.<br>
&nbsp;&nbsp;:small_orange_diamond: <a href=""><b>Photon</b></a> - incredibly fast crawler designed for OSINT.<br>
&nbsp;&nbsp;:small_orange_diamond: <a href=""><b>XSStrike</b></a> - most advanced XSS detection suite.<br>
&nbsp;&nbsp;:small_orange_diamond: <a href=""><b>John The Ripper</b></a> - is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, and OpenVMS.<br>
&nbsp;&nbsp;:small_orange_diamond: <a href=""><b>hashcat</b></a> - world's fastest and most advanced password recovery utility.<br>
&nbsp;&nbsp;:small_orange_diamond: <a href=""><b>p0f</b></a> - is a tool to identify the players behind any incidental TCP/IP communications.<br>
&nbsp;&nbsp;:small_orange_diamond: <a href=""><b>Recon-ng</b></a> - is a full-featured Web Reconnaissance framework written in Python.<br>
&nbsp;&nbsp;:small_orange_diamond: <a href=""><b>exploitdb</b></a> - searchable archive from The Exploit Database.<br>
&nbsp;&nbsp;:small_orange_diamond: <a href=""><b>ctf-tools</b></a> - some setup scripts for security research tools.<br>
&nbsp;&nbsp;:small_orange_diamond: <a href=""><b>security-tools</b></a> - collection of small security tools created mostly in Python. CTFs, pentests and so on.<br>
&nbsp;&nbsp;:small_orange_diamond: <a href=""><b>fuzzdb</b></a> - dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.<br>