• Tools
  • Active Directory
  • Cloud Pentesting
  • Cryptography
  • File Inclusion
  • Networking
  • Note Taking
  • Open Redirect
  • OSINT
  • Proxy and Scanners
  • Reversing
  • Server-Side Request Forgery (SSRF)
  • Social Engineering Tools
  • Steganography
  • Subdomain
  • SQL Injection
  • Template Injection
  • XML external entity (XXE) injection
  • Wordlists
  • Other Important

Tools

Active Directory

1. NetExec
2. Responder
3. BloodHound
4. Impacket
5. Evil-WinRM
6. enum4linux

Cloud Pentesting

1. cloudfrunt
2. Bucket Finder
3. CloudFail

Cryptography

1. Hashidentifier: hashid
2. Ares
3. https://quipqiup.com/ Auto Cipher Decoder
4. CryptoS.py
5. Cipher Identifier
6. Symbol Cipher List
7. Cook Decoder
8. Cryptii
9. Hash Identifier
10. Zero Byte Decoder Online
11. Zero Width Char Encoder 1
12. Zero Width Char Encoder 2
13. RSA CTF Tool

File Inclusion

1. LFISuite
2. fimap

Networking

1. NMap
2. rustscan

Note Taking

1. Cherry Tree FOSS Note Taking
2. draw.io
3. EverNote Free

Open Redirect

1. Open Redirect Scanner

OSINT

1. Name to Social Media
2. Face Image Search
3. Image Time
4. geospy.ai
5. Dark Web OSINT Tools
6. Location
7. File Match Search: FileChef, File Search Engine, de digger, SearchFiles.de, NAPALM FTP Indexer, FileListing
8. Telegram Bot List
9. News by Location: Instagram Locations, Snapchat Map

Proxy and Scanners

1. mitmproxy
2. Burp Suite
3. OWASP ZAP

Reversing

1. Radare GUI

Server-Side Request Forgery (SSRF)

1. See-SURF
2. AllThingsSSRF
3. ssrf-sheriff
4. Burpsuite Extension: Collaborator Everywhere

Social Engineering Tools

1. Fake SMS

Steganography

1. AperiSolve
2. strings file.wav
3. exiftool file.wav
4. exiv2 file.wav
5. foremost -i file.wav
6. binwalk –dd “.*” file.wav
7. steghide extract -sf file.wav
8. stegseek
9. outguess -r file.mp3 output.txt
10. OpenStego
11. Steganography (Image)
12. Image Steganography
13. Stegsolve
14. python3 -m pip install stegpy
15. WavSteg
16. Spectogram Tools: Audacity, Sonic Visualiser, Spectrum Analyzer, sciencemusic

Subdomain

1. curl -s https://raw.githubusercontent.com/ZishanAdThandar/pentest/main/scripts/subauto.sh | bash -s domain.com
2. curl -s "http://web.archive.org/cdx/search/cdx?url=*.hackerone.com/*&output=text&fl=original&collapse=urlkey" | sort | sed -e 's_https*://__' -e "s//.//" -e 's/:.//' -e 's/^www.//' | uniq
3. Subdomain Takeover

SQL Injection

1. sqlmap
2. jSQL Injection

Template Injection

1. tplmap

XML External Entity (XXE) Injection

1. XXExploiter
2. XXEinjector
3. oxml_xxe
4. xxer

Wordlists

1. PayloadsAllTheThings
2. SecLists
3. FuzzDB
4. api worlist
5. rockyou.txt

Other Important

1. HackiFy Tools and Wordlists Auto Installer
2. CheatSheet-God
3. ctf-wiki
4. Awesome CTF
5. Hacker101
6. All CVE with PoC