Hacking-Tools

🛠️ Hacking-Tools

---

🔍 Information Gathering

• 🛜 Nmap – Network scanning and mapping tool.

  ### Most Common Nmap Flags (Bottom to Top)

  Category	Flag	Description	Usage
  🔢 Ports	-F	Fast scan (default top 100 ports)	Super quick sweep
  	--top-ports 100	Scan top 100 most used ports	Fast + effective scan
  	-p-	Scan all 65535 ports	Full port scan
  	-p 22,80,443	Scan specific ports	Common for targeting services
  🔍 Version & OS	--osscan-guess	Guess OS aggressively	When -O results unclear
  	-A	Aggressive scan: combines -sV, -O, scripts	One-command deep scan
  	-O	Detect operating system	Passive OS profiling
  	-sV	Detect service versions	Most commonly used
  🧠 Scripts (NSE)	--script-args=<args>	Provide custom script arguments	Used in advanced scans
  	--script=http-enum	Web service discovery	For scanning HTTP targets
  	--script=default	Run safe default scripts	Good basic check
  	--script=vuln	Run vulnerability detection scripts	Easy vuln discovery
  📤 Output	-oA scan	Save all formats with base name “scan”	Handy for full output
  	-oX output.xml	XML format	Used in automation tools
  	-oG output.gnmap	Grepable output	Useful for scripting
  	-oN output.txt	Normal (readable) output	Common for quick viewing
  ⏱️ Timing	--host-timeout 60s	Stop scanning a host after 60 seconds	Skips slow/unresponsive hosts
  	--max-retries 1	Retry failed probes once	Speeds up scanning
  	-T5	Insane speed, less stealthy	Caution: noisy on networks
  	-T4	Fast timing, reliable speed	Most common for internal scans

  ---

  Let me know if you want a visual version (chart or color-coded), or a PDF cheat sheet you can save or print.

• 📶 Kismet – Wireless network detector, sniffer, and intrusion detection.
• 🕵️ Maltego – OSINT and data mining tool for information analysis.
• 📨 theHarvester – Tool to gather emails, subdomains, hosts, and more.
• 🔗 Recon-ng – Full-featured web reconnaissance framework.
• 🕵️‍♂️ SpiderFoot – Automate OSINT collection from multiple sources.
• 🔍 Amass – Network mapping and external asset discovery tool.
• 🗂️ Sublist3r – Subdomain enumeration using search engines.
• 🧑‍💻 Assetfinder – Subdomain discovery using various sources.
• 🌍 crt.sh – SSL certificate transparency log search engine.
• 🧪 Dnsrecon – Perform DNS enumeration and zone transfers.
• 📜 Fierce – DNS reconnaissance and attack tool.
• 📄 WHOIS – Domain registration and ownership lookup.
• 📬 EmailHarvester – Email enumeration and gathering.
• 🕸️ Shodan – Search engine for internet-connected devices.
• 🔥 Censys – Search engine for hosts and networks on the internet.
• 🌐 OSINT Framework – Collection of OSINT tools and resources.
• 🧑‍💻 FOCA – Metadata extraction and document analysis.
• 🛡️ Netcraft – Website profiling and phishing detection.
• 🏛️ BuiltWith – Website technology lookup and analysis.

🔎 Vulnerability Analysis

• 🧪 OpenVAS – Open-source vulnerability scanner.
• 🛡️ Nessus – Commercial vulnerability assessment tool.
• 🕵️‍♂️ Nikto – Web server scanner for detecting vulnerabilities.
• 🐺 Wapiti – Web application security scanner.
• 🧑‍💻 Vega – GUI-based web vulnerability scanner.
• 🕷️ Arachni – Feature-rich web application security scanner.
• 🐍 SQLmap – Automated SQL injection detection and exploitation tool.
• 🕸️ OWASP ZAP – Open-source web application security scanner.
• 🛜 Nmap Vulners – Nmap NSE script for CVE detection.
• 🔎 Retire.js – JavaScript library vulnerability scanner.
• ⚙️ Dependency-Check – Vulnerability analysis for project dependencies.
• 🧑‍💻 Bandit – Security linter for Python code.
• 🐞 Vuls – Agentless vulnerability scanner for Linux/FreeBSD servers.
• 📦 Trivy – Vulnerability scanner for containers and dependencies.
• 🧑‍💻 Grype – Vulnerability scanner for container images and filesystems.
• 🧑‍💻 Safety – Python dependency security scanner.
• 📄 Lychee – Broken link checker with vulnerability detection potential.
• 📜 GitLeaks – Detect hardcoded secrets and sensitive data.
• 🧑‍💻 ScoutSuite – Multi-cloud security auditing tool.
• 🧑‍💻 CloudSploit – AWS security auditing tool.

💥 Exploitation Tools

• 🎯 Metasploit Framework – Powerful exploit development and penetration testing framework.
• 🚀 Armitage – GUI front-end for Metasploit to visualize attacks.
• 🌐 BeEF (Browser Exploitation Framework) – Exploits browser vulnerabilities for client-side attacks.
• 💻 ExploitDB – Archive of public exploits and proof-of-concept code.
• 📜 SearchSploit – Offline version of ExploitDB for quick exploit searching.
• 🐍 sqlmap – Automated SQL injection exploitation tool.
• 📤 Commix – Automated command injection vulnerability scanner.
• 🖥️ RouterSploit – Exploits vulnerabilities in routers, IoT, and embedded devices.
• 📲 SET (Social Engineering Toolkit) – Human hacking via phishing, payloads, and more.
• 🕵️‍♂️ Empire – Post-exploitation framework for PowerShell agents.
• 🧑‍💻 Pupy – Cross-platform post-exploitation remote access tool (RAT).
• 🧨 Sliver – C2 framework for adversary simulation and red teaming.
• 🐚 Shellter – Dynamic shellcode injector for Windows executables.
• 🐦 Merlin – Post-exploitation command & control server using HTTP/2.
• 🧙‍♂️ Covenant – C#-based post-exploitation platform.
• 🔒 PowerSploit – PowerShell scripts for post-exploitation.
• 🔎 Windows Exploit Suggester – Suggests exploits based on Windows OS versions.
• 📦 PayloadsAllTheThings – Collection of payloads for exploits, fuzzing, and pentesting.
• 🧑‍💻 Fuzzbunch – NSA’s exploit framework (part of the Shadow Brokers leak).
• 🛠️ CrackMapExec – Swiss army knife for post-exploitation in Windows environments.

📡 Wireless Attacks

• 📡 Aircrack-ng – WiFi cracking suite
• 🛠️ Reaver – WPS attack tool
• 🧑‍💻 Fern WiFi Cracker – Wireless network auditing tool
• 🔓 Wifite – Automated wireless attack tool
• 🛡️ Kismet – Wireless network detector & sniffer
• 🌐 MDK3 – Wireless network attack tool
• 🎯 PixieWPS – WPS offline attack tool
• 🧠 WPA2 Wordlist Generator – Generate custom WPA2 wordlists
• 🕵️‍♂️ Bully – WPS attack tool for brute-forcing
• 🔄 Evil Twin – Create fake AP for capturing handshakes
• 🚀 WiFi-Pumpkin – Man-in-the-middle framework for Wi-Fi networks
• 🧩 Airgeddon – Multi-use bash script for wireless auditing
• 🧑‍💻 Ghost Phisher – Wireless network attack tool for phishing
• 🧑‍🔧 NoCatSplash – Captive portal for Wi-Fi networks
• 🦠 Wifiphisher – Phishing tool for Wi-Fi networks
• 📡 WLANPi – Wireless attack platform for pen-testers
• 🛠️ Cowpatty – Tool for offline WPA2 cracking
• 🌐 Scapy – Python tool for packet manipulation and analysis
• 📶 NetStumbler – Wi-Fi scanner for Windows
• 🔒 Wi-Fi Pineapple – Wireless attack platform by Hak5

🧑‍💻 Forensics Tools

• 🧑‍💻 Autopsy – Digital forensics platform for analyzing hard drives and smartphones.
• 🧠 Volatility – Memory forensics framework for analyzing RAM dumps.
• 🗂️ Binwalk – Firmware analysis tool for extracting embedded files.
• 🔍 Sleuth Kit (TSK) – Command-line tools for disk image investigation.
• 🧑‍💻 ExifTool – Metadata extractor for images, videos, and documents.
• 🗃️ TestDisk – Disk recovery tool to restore lost partitions.
• 🔄 PhotoRec – File recovery software for deleted files from disks.
• 🧑‍💻 Foremost – File carving tool for data recovery based on headers.
• 🔑 Hashdeep – File hashing tool with recursive hashing & audit mode.
• 🧑‍💻 Bulk Extractor – Extracts email, URLs, and other artifacts from raw data.
• 🗄️ Digital Forensics Framework (DFF) – Open-source platform for digital forensics.
• 🧑‍💻 Xplico – Network forensics tool to reconstruct network sessions.
• 🧑‍💻 NetworkMiner – Passive network packet analyzer for network forensics.
• 🧑‍💻 Pdf-parser – Analyze and extract content from PDF files.
• 🧑‍💻 RegRipper – Windows registry analysis tool.
• 🧑‍💻 PEView – Portable executable (PE) file viewer for malware analysis.
• 🧑‍💻 YARA – Malware pattern-matching tool used by researchers.
• 🧑‍💻 HxD – Hex editor for raw disk editing and analysis.
• 🧑‍💻 FTK Imager – Disk imaging and evidence preview tool.
• 🧑‍💻 Capstone – Disassembly framework for binary analysis.

⏳ Stress Testing

• 🐌 Slowloris – HTTP DoS tool for keeping many connections open
• 🛰️ LOIC – Low Orbit Ion Cannon for stress testing
• 🐻 HULK – HTTP flood tool that makes use of varied requests
• 🦸 GoldenEye – Python-based HTTP denial-of-service tool
• 💨 Tsunami – Network stress testing and security evaluation
• 🛑 R-U-Dead-Yet – Simple DoS testing tool
• 🧯 DDoS-Sim – DDoS simulation tool
• 💥 Xerxes – Powerful DDoS attack tool for testing purposes
• 🎯 Web-Hulk – Web server stress testing tool
• 🚀 Synful – SYN flood tool for stress testing
• 💣 LOIC-PowerShell – PowerShell-based LOIC for DDoS testing
• 🌐 T50 – A powerful stress testing tool that simulates multiple attack vectors
• 🌪️ RIP-Lite – Lightweight stress testing tool for HTTP and SOCKS
• 🐉 Stress-ng – A tool that can stress test the CPU, RAM, I/O, and more
• 🛠️ XDT – DDoS testing tool with multi-protocol support
• 🥂 Botnet – DDoS botnet attack simulation tool
• 🔨 DDOS-Exploit – Exploit kit for DDoS stress testing
• 🛡️ Fudp – A multi-threaded UDP flooder for stress testing
• ⚡ BlackHAT – A stress testing framework for web applications

🕵️‍♀️ Sniffing & Spoofing

• 🌐 Wireshark – Network protocol analyzer
• 🕵️‍♂️ Ettercap – Man-in-the-middle attack tool
• ⚡ BetterCAP – Flexible network attack & monitoring tool
• 📡 Tcpdump – Command-line packet analyzer
• 🌍 Nessus – Vulnerability scanner with sniffing capabilities
• 🐍 Scapy – Python-based interactive packet manipulation program
• 🌐 MITMf – Man-in-the-middle framework for network attacks
• 🦊 Fakenet-NG – Fake network traffic generation tool
• 🐾 Dsniff – Collection of network monitoring tools for penetration testers
• 🎯 Responder – LLMNR, NBT-NS, and MDNS poisoner for internal network attacks
• 💻 Ettercap-NG – Enhanced version of Ettercap with additional features
• 🧑‍💻 Arp-Spoof – Tool to intercept network traffic by sending ARP packets
• 🌐 WiFi-Pumpkin – WiFi spoofing tool
• 🎣 Aircrack-ng – Suite for wireless network auditing and cracking WEP/WPA keys
• 🧩 Xplico – Network forensics tool that extracts applications’ data from pcap files
• 📊 Pry-Fi – A tool to find and exploit vulnerabilities in wireless networks
• 🕵️‍♀️ Kismet – Wireless network detector, sniffer, and intrusion detection system
• 🐍 Burp Suite – Web vulnerability scanner and network attack tool with advanced interception features
• 💻 Snoopy – Sniffing & spoofing tool focused on DNS & HTTP traffic
• 📡 Snort – Open-source network intrusion detection & prevention system

🔐 Password Attacks

• 🔥 John the Ripper – Password cracking tool for various password hashes.
• 🧑‍💻 Hydra – Brute-force tool that supports a wide range of protocols.
• ⚡ Hashcat – Advanced password recovery using GPUs.
• 🐍 Medusa – A speedy, parallelized login brute-forcer.
• 🌐 Aircrack-ng – WiFi password cracking suite.
• 🔐 Wifite – Wireless network attack tool focused on WPA/WPA2.
• 🧠 THC-Hydra – A very fast network login cracker.
• 🎯 Hash-Toolkit – A tool for password hash cracking.
• 🛠️ Brutus – An old but reliable password cracker for HTTP, FTP, and more.
• 🔑 Burp Suite – A popular web vulnerability scanner with password attack features.
• 🧑‍💻 Ophcrack – A Windows password cracker using rainbow tables.
• 💻 Cain & Abel – A versatile tool for cracking various password hashes, sniffing networks, and decoding passwords.
• 🔐 L0phtCrack – Windows password auditing and recovery tool.
• 🧩 CrackStation – A free online service for cracking password hashes using dictionary attacks.
• 🔓 RainbowCrack – A tool that utilizes rainbow tables to crack passwords.
• 🧑‍💻 Medusa – Parallelized login brute-forcer for multiple protocols.
• 🔥 Patator – A multi-purpose brute-forcing tool that supports numerous protocols.
• 🛡️ RSMangler – A hash bruteforce tool for creating password dictionaries.
• 🧑‍💻 CrackMapExec – A post-exploitation tool for automating credential validation.
• 🕵️‍♀️ SudoKiller – A tool for privilege escalation that can be used for password cracking in Unix-based systems.

🌐 Web Application Analysis

• 🧑‍💻 Burp Suite – Web security testing toolkit.
• 🕵️ OWASP ZAP – Open-source web application scanner.
• 🐍 SQLmap – Automated SQL injection tool.
• 📜 Wappalyzer – Identify technologies on websites.
• 🧑‍💻 Dirb – Web content scanner.
• 📂 Gobuster – Directory and DNS brute-forcing.
• 🔍 Nikto – Web server vulnerability scanner.
• 🧑‍💻 Sublist3r – Subdomain enumeration.
• 🕵️ Amass – Network mapping and subdomain enumeration.
• 📝 Httpx – Fast HTTP probing.
• 🌐 FFUF – Fast web fuzzer.
• 🧑‍💻 WhatWeb – Identify web technologies.
• 🛠️ Nuclei – Vulnerability scanning and templating.
• 🧑‍💻 XSStrike – XSS detection and exploitation.
• 🐞 Commix – Automated command injection.
• 🔥 WPScan – WordPress security scanner.
• 🛡️ Cmsmap – CMS detection and exploitation.
• 🔍 Arachni – Advanced web vulnerability scanner.
• 🕵️ Waybackurls – Fetch URLs from Wayback Machine.
• 🧑‍💻 Unfurl – Extract URLs and data from URLs.

🧑‍💻 Reverse Engineering

• 🧠 Ghidra – Open-source software reverse engineering framework.
• 🔎 Radare2 – Command-line reverse engineering toolkit.
• 🛠️ OllyDbg – 32-bit assembler-level debugger for Windows.
• 🧑‍💻 IDA Pro – Industry-standard interactive disassembler.
• 🐍 Binary Ninja – Interactive binary analysis platform.
• 🛡️ x64dbg – Open-source Windows debugger for x64 and x86.
• 🧬 Cutter – GUI for Radare2 with advanced analysis features.
• 📝 Hopper – Mac & Linux disassembler with powerful analysis.
• 🧑‍💻 dnSpy – .NET debugger and assembly editor.
• 🔄 RetDec – Open-source decompiler for machine code.
• ⚙️ angr – Python framework for binary analysis.
• 🧑‍💻 Frida – Dynamic instrumentation toolkit.
• 🔗 Binary Analysis Toolkit (BAT) – Malware analysis and binary inspection.
• 🐛 Rizin – Fork of Radare2 with a focus on usability.
• 🗂️ PEiD – Detect packers, cryptors, and compilers.
• 🧑‍💻 DiE (Detect It Easy) – Portable executable identifier.
• 📊 LIEF – Library for parsing and modifying executables.
• 🔍 Snowman – Native code to C++ decompiler.
• 🧑‍💻 APKTool – Decompile and rebuild Android APKs.
• 🔓 JEB Decompiler – Commercial decompiler for Android and other platforms.

📝 Reporting Tools

• 📄 Dradis – Collaboration and reporting platform for pentesters.
• 🧑‍💻 Faraday – Multi-user penetration testing IDE.
• 🌳 MagicTree – Pentesting productivity tool for data aggregation and reporting.
• 📊 Serpico – Simplifying pentest reporting using templates.
• 📝 LaTeX – High-quality typesetting system often used for security reports.
• 📑 reNgine – Automated reconnaissance framework with reporting.
• 🧑‍💻 ReconNote – Web-based notes manager for recon and reporting.
• 📝 Pentracker – Pentest reporting and management tool.
• 📄 Markdown – Lightweight markup language for clean report writing.
• 📄 Ghostwriter – Reporting and engagement management platform.
• 📊 VulnReport – Automated vulnerability reporting platform.
• 📋 Katana Framework – Post-exploitation and reporting utility.
• 📑 Pentest-Report-Template – Professional pentest report LaTeX template.
• 📄 ProofSuite – Automated proof of concept and reporting tool.
• 🧑‍💻 VulnWhisperer – Vulnerability management reporting with Nessus, Qualys, and OpenVAS.
• 📜 RiskSense – Risk-based vulnerability management and reporting.
• 📝 Pentestly – Powershell-based post-exploitation and reporting.
• 📄 SecReport – Report generation tool for pentesters.
• 📋 PwnDoc – Pentest reporting tool with customizable templates.
• 🧑‍💻 PenTest-Wiki – Knowledge base for pentesting & reporting references.

🎭 Social Engineering Tools

• 🧑‍💻 SET (Social-Engineer Toolkit) – Advanced framework for social engineering attacks.
• 📧 King Phisher – Phishing campaign toolkit for testing and training.
• 🎣 Phishing Frenzy – Phishing campaign automation platform.
• 🪤 Gophish – Open-source phishing toolkit for awareness and testing.
• 📩 Evilginx2 – Phishing toolkit using reverse proxy for capturing credentials & tokens.
• 🕵️‍♀️ HiddenEye – Modern phishing tool with advanced social engineering features.
• 🔥 BlackEye – Phishing tool with site cloning capabilities.
• 🛜 Zphisher – Advanced phishing tool with tunneling support.
• 📡 SocialFish – Social engineering phishing framework.
• 🧑‍💻 HiddenEye Reborn – Improved version of HiddenEye for phishing & spoofing.
• 🧑‍💻 EvilPhish – Social engineering tool for phishing websites.
• 📬 ShellPhish – Automated phishing tool supporting multiple templates.
• 🧑‍💻 CamPhish – Webcam phishing attack tool.
• 🕵️ Weeman – HTTP server-based phishing framework.
• 📲 QRGen – QR code phishing generator.
• 🕵️ PyPhisher – Python-based phishing toolkit with multiple site templates.
• 🕸️ AdvPhishing – Advanced phishing tool with login page cloning.
• 🎯 SocialBox – Brute-force social media hacking toolkit.
• 🧑‍💻 XPhisher – Advanced phishing tool with inbuilt tunneling.
• 🌐 CredSniper – Phishing framework with two-factor authentication bypass support.

🧩 Miscellaneous

• 🐉 Kali Linux – Advanced penetration testing and security auditing OS.
• 🦜 Parrot Security OS – Security-focused OS for pentesting and privacy.
• 🧑‍💻 BackBox – Ubuntu-based Linux distro for penetration testing.
• 🕵️ BlackArch Linux – Arch-based OS with 2800+ hacking tools.
• 🔎 Pentoo – Security-focused Gentoo-based Linux.
• 🧑‍💻 Tails – Privacy and anonymity-focused live OS.
• 🧪 CAINE – Digital forensics live Linux distro.
• 🧑‍💻 Bugtraq – Linux distro for pentesting & malware analysis.
• 🔒 Whonix – Anonymous OS based on Tor.
• 🧠 DEFT Linux – Digital evidence & forensics toolkit.
• 🌐 Subgraph OS – Secure Linux distro with hardened kernel.
• 🧑‍💻 ArchStrike – Arch Linux repository for security tools.
• 🧑‍💻 Fedora Security Lab – Fedora spin for security auditing.
• 🧑‍💻 SamuraiWTF – Web application penetration testing environment.
• 🔎 Cyborg Hawk – Security distro for penetration testing.
• 🧑‍💻 Matriux Krypton – Debian-based security distribution.
• 🔥 NodeZero – Ubuntu-based penetration testing OS.
• 🧑‍💻 GnackTrack – Linux live distribution for penetration testing.
• 🛡️ SELKS – Suricata-based IDS/IPS platform.
• 🕵️‍♂️ PentestBox – Penetration testing toolkit for Windows.

---