TOOLS_ARSENAL

Network discovery and security auditing tool. The industry standard for port scanning and network mapping.

Fastest port scanner on the internet. Can scan the entire internet in under 6 minutes.

Search engine for internet-connected devices. Find vulnerable systems worldwide.

Internet-wide scanning platform providing visibility into devices and networks across the internet.

Full-featured reconnaissance framework with independent modules and database interaction.

In-depth attack surface mapping and asset discovery using open source information gathering.

The #1 web application security testing tool. Essential for finding web vulnerabilities.

Free alternative to Burp Suite. Great for automated scanning and manual testing.

Web server scanner that tests for dangerous files, outdated software, and misconfigurations.

Automatic SQL injection and database takeover tool. Supports virtually all database engines.

Fast web fuzzer written in Go. Excellent for directory/vhost/parameter discovery.

Fast and customizable vulnerability scanner based on YAML templates with 7000+ community templates.

WordPress security scanner. Detects vulnerable plugins, themes, and misconfigurations.

Directory/file, DNS, and vhost busting tool written in Go. Extremely fast.

The world's most used penetration testing framework. Contains thousands of exploits.

Commercial adversary simulation and red team operations platform.

Open source cross-platform adversary emulation/red team framework by BishopFox.

Post-exploitation and adversary emulation framework using PowerShell and Python agents.

Browser Exploitation Framework. Focuses on client-side attack vectors via web browsers.

The world's foremost network protocol analyzer. Essential for network troubleshooting.

Command-line packet analyzer. Lightweight alternative to Wireshark.

LLMNR, NBT-NS and MDNS poisoner. Captures NTLMv1/v2 hashes on the network.

Swiss Army knife for WiFi, Bluetooth, and network reconnaissance and MITM attacks.

Network forensic analysis tool for detecting OS, sessions, hostnames, and open ports.

World's fastest password cracker. Supports 300+ hash types with GPU acceleration.

Fast password cracker with support for many hash and cipher types.

Fast network logon cracker supporting numerous protocols including SSH, FTP, HTTP, and more.

Custom wordlist generator that spiders a target website to create targeted password lists.

Industry-leading vulnerability scanner with comprehensive coverage for network and web flaws.

Full-featured open-source vulnerability scanner. Free alternative to Nessus.

Comprehensive security scanner for containers, filesystems, git repos, and Kubernetes.

Complete suite for assessing WiFi network security. Supports WEP and WPA/WPA2 cracking.

Automated wireless attack tool. Simplifies WiFi auditing with automated workflows.

Wireless network and device detector, sniffer, wardriving tool, and WIDS framework.

Visual link analysis tool for OSINT and forensics. Maps relationships between data points.

Gathers emails, subdomains, hosts, employee names, and open ports from public sources.

Automated OSINT collection tool with 200+ data source modules for reconnaissance.

Hunt down social media accounts by username across 400+ social networks.

Digital forensics platform with GUI for analyzing hard drives and smartphones.

Advanced memory forensics framework for extracting artifacts from memory dumps.

Pattern matching tool for malware researchers to identify and classify malware samples.

Endpoint visibility and collection tool for digital forensic and incident response.

NSA's open-source software reverse engineering framework with powerful decompiler.

Industry-standard interactive disassembler and debugger for reverse engineering.

Open-source reverse engineering framework with CLI tools for binary analysis.

Multi-cloud security auditing tool for AWS, Azure, GCP, and more.

AWS & Azure security assessment tool aligned with CIS benchmarks and GDPR/HIPAA.

Cloud security posture management detecting misconfigurations across AWS, Azure, GCP.