70+ Comprehensive Cybersecurity Tools
70+ Comprehensive Cybersecurity Tools
in/harunseker/ 1
No Tool Explanation Example Usage URLs
Information Gathering
Network scanning and discovery tool
nmap -sV 192.168.1.0/24 to scan a network Nmap:
1 Nmap used to find open ports, services, and OS
for open ports and service versions https://nmap.org/
information
Data mining and visual link analysis tool Creating a graph of an organization's online
Maltego:
3 Maltego for investigating relationships between presence, including domains, email
https://www.maltego.com/
pieces of information addresses, and social media accounts
Tool for in-depth DNS enumeration and amass enum -d example.com to enumerate Amass:
6 Amass
network mapping subdomains of a target domain https://github.com/OWASP/Amass
in/harunseker/ 2
Search engine that allows users to find
Searching for "80.http.get.headers.server: Censys:
7 Censys specific types of devices connected to
Apache" to find Apache web servers https://search.censys.io/
the internet
Collection of various OSINT tools and Using the framework to find social media OSINT Framework:
8 OSINT Framework
resources categorized by function profiles associated with an email address https://osintframework.com/
Wireless Hacking
Suite of tools for auditing wireless aircrack-ng -w wordlist.txt
Aircrack-NG:
1 Aircrack-NG networks, capable of cracking WEP and capture.cap to crack a WPA handshake
https://www.aircrack-ng.org/
WPA/WPA2-PSK keys captured in capture.cap file
Wireless network detector, sniffer, and Running Kismet to passively detect hidden Kismet:
3 Kismet
intrusion detection system wireless networks and capture packets https://www.kismetwireless.net/
in/harunseker/ 3
tcpdump -i wlan0 -w
TCPDump:
4 TCPDump Command-line packet analyzer capture.pcap to capture wireless traffic
https://www.tcpdump.org/
on wlan0 interface
reaver -i wlan0 -b
Tool specifically designed to attack WPS
00:11:22:33:44:55 -vv to attempt Reaver:
5 Reaver (Wi-Fi Protected Setup) enabled wireless
a WPS PIN brute-force attack on a specific https://github.com/t6x/reaver-wps-fork-t6x
routers
access point
Social Engineering
Setting up a simulated phishing campaign to
Open-source phishing toolkit for creating
1 GoPhish test employee awareness by sending fake GoPhish: https://getgophish.com/
and managing phishing campaigns
login pages
HiddenEye:
Advanced phishing tool with multiple Creating a fake login page for a popular social
2 HiddenEye https://github.com/DarkSecDevelopers/Hid
attack vectors media platform to capture credentials
denEye
Tool for generating unicode domains for Creating a domain like "аррӏе.com" that EvilURL:
4 EvilURL
phishing attacks looks like "apple.com" to fool users https://github.com/UndeadSec/EvilURL
in/harunseker/ 4
Man-in-the-middle attack framework for Setting up a proxy to intercept login attempts
Evilginx:
5 Evilginx phishing login credentials and session to a target website, bypassing two-factor
https://github.com/kgretzky/evilginx2
cookies authentication
Exploitation
Using the
Metasploit Open-source penetration testing and exploit/windows/smb/ms17_010_e Metasploit Framework:
1
Framework exploitation framework ternalblue module to exploit the https://www.metasploit.com/
EternalBlue vulnerability
Web application security testing Intercepting and modifying HTTP requests to Burp Suite:
2 Burp Suite
platform test for SQL injection vulnerabilities https://portswigger.net/burp
sqlmap -u
Automated SQL injection and database "http://example.com/page.php?i SQL Map:
3 SQL Map
takeover tool d=1" --dbs to enumerate databases on a https://sqlmap.org/
vulnerable website
Core Impact:
Commercial penetration testing Conducting a network scan and automatically
5 Core Impact https://www.coresecurity.com/products/co
software exploiting discovered vulnerabilities
re-impact
in/harunseker/ 5
Adversary simulation and red team Using its beacon payload for post-exploitation Cobalt Strike:
6 Cobalt Strike
operations software activities and lateral movement https://www.cobaltstrike.com/
Password Cracking
hashcat -m 0 -a 0 hash.txt
Advanced password recovery tool that Hashcat:
1 Hashcat wordlist.txt to crack MD5 hashes using
supports hundreds of hashing algorithms https://hashcat.net/
a wordlist
Versatile password cracker that john --format=raw-md5 hash.txt John The Ripper:
2 John the Ripper
combines multiple cracking modes to crack MD5 hashes using default settings https://www.openwall.com/john/
Windows-based password recovery tool Using the GUI to capture and crack network Cain & Abel:
5 Cain & Abel
with multiple functions passwords or dump hashes http://www.oxid.it/cain.html
in/harunseker/ 6
Vulnerability Scanning
Commercial vulnerability scanner with a
large plugin database. Detects Scanning a network for known vulnerabilities: Nessus:
1 Nessus
vulnerabilities, misconfigurations, and nessus scan -t 192.168.1.0/24 https://www.tenable.com/products/nessus
compliance issues.
in/harunseker/ 7
Open-source security auditing tool for
Unix/Linux systems. Performs system Running a system audit:
6 Lynis Lynis: https://cisofy.com/lynis/
hardening, compliance testing, and lynis audit system
vulnerability scanning.
Forensics
Capturing HTTP traffic to analyze a potential
Network protocol analyzer for capturing Wireshark:
1 Wireshark data exfiltration attempt: wireshark -i eth0 -f
and analyzing network traffic https://www.wireshark.org/
"port 80"
Digital forensics platform for disk image Analyzing a disk image to recover deleted Autopsy:
2 Autopsy
analysis files: autopsy disk_image.dd https://www.autopsy.com/
Tool for analyzing and extracting Identifying embedded files in firmware: Binwalk:
5 Binwalk
firmware images binwalk router_firmware.bin https://github.com/ReFirmLabs/binwalk
in/harunseker/ 8
Creating a forensic image of a hard drive: EnCase:
Commercial forensic software suite for
7 EnCase encase -e /dev/sda https://www.guidancesoftware.com/encas
evidence acquisition and analysis
evidence.E01 e-forensic
Integrated platform for web application Using Burp Proxy to intercept and modify
security testing. Includes tools for HTTP requests: Configure browser to use Burp Suite:
2 Burp Suite
mapping, analyzing, and exploiting web Burp as proxy, then intercept and modify https://portswigger.net/burp
applications. requests in Burp
in/harunseker/ 9
Web application security scanner Running a scan: Arachni:
6 Arachni
framework. arachni http://example.com https://www.arachni-scanner.com/
Network Defense
Configuring Snort rules to detect and alert on
Open-source intrusion detection and suspicious network traffic: alert tcp any any
prevention system (IDS/IPS) that -> $HOME_NET 22 (msg:"SSH brute force Snort:
1 Snort
performs real-time traffic analysis and attempt"; flow:to_server; threshold:type https://www.snort.org/
packet logging both, track by_src, count 5, seconds 60;
sid:1000001;)
Endpoint Security
in/harunseker/ 10
Cloud-native endpoint protection
Detecting and preventing a zero-day malware CrowdStrike Falcon:
1 CrowdStrike Falcon platform using AI and behavioral
attack in real-time on an employee's laptop https://www.crowdstrike.com/
analytics
Endpoint detection and response (EDR) Investigating the root cause of a security Carbon Black:
3 Carbon Black
solution with threat hunting capabilities incident across multiple endpoints https://www.carbonblack.com/
Cloud Security
Intelligent threat detection service that Detecting a potential data exfiltration
AWS GuardDuty:
1 AWS GuardDuty continuously monitors AWS accounts attempt by identifying unusual API calls from
https://aws.amazon.com/guardduty/
and workloads a compromised EC2 instance
in/harunseker/ 11
Google Cloud Centralized security and risk Utilizing the Security Health Analytics feature Google Cloud Security Command Center:
3 Security Command management platform for Google Cloud to detect misconfigurations in Google Cloud https://cloud.google.com/security-comman
Center resources Platform (GCP) services d-center
Threat Intelligence
A threat intelligence platform that Using ThreatConnect to correlate indicators
ThreatConnect:
1 ThreatConnect aggregates, analyzes, and acts on threat of compromise (IoCs) across different threat
https://threatconnect.com/
data from multiple sources feeds and internal data sources
in/harunseker/ 12
Using X-Force Exchange to research a
A cloud-based threat intelligence sharing
IBM X-Force suspicious IP address and view its associated IBM X-Force Exchange:
4 platform that provides detailed
Exchange malware, vulnerabilities, and threat actor https://exchange.xforce.ibmcloud.com/
information about threats
information
in/harunseker/ 13