Penetration-testing and security-audit tools, grouped by engagement phase. Only use them against systems you own or are explicitly authorized to test.
Map the target: discover hosts, open ports, subdomains, and services.
[nmap](/man/nmap)
[zenmap](/man/zenmap)
[masscan](/man/masscan)
[netdiscover](/man/netdiscover)
[amass](/man/amass)
[subfinder](/man/subfinder)
[dmitry](/man/dmitry)
[ike-scan](/man/ike-scan)
[enum4linux](/man/enum4linux)
[smbmap](/man/smbmap)
Scan discovered services for known weaknesses and misconfigurations.
[nikto](/man/nikto)
[nuclei](/man/nuclei)
[lynis](/man/lynis)
[nmap](/man/nmap)
Probe web applications: intercept requests, brute-force paths, and test for injection.
[burpsuite](/man/burpsuite)
[sqlmap](/man/sqlmap)
[gobuster](/man/gobuster)
[feroxbuster](/man/feroxbuster)
[dirb](/man/dirb)
[ffuf](/man/ffuf)
[wfuzz](/man/wfuzz)
[wpscan](/man/wpscan)
[whatweb](/man/whatweb)
[wafw00f](/man/wafw00f)
[skipfish](/man/skipfish)
[httrack](/man/httrack)
Generate wordlists and recover or test credentials, offline (hash cracking) and online (login brute-forcing).
[hashcat](/man/hashcat)
[john](/man/john)
[hydra](/man/hydra)
[medusa](/man/medusa)
[ncrack](/man/ncrack)
[ophcrack](/man/ophcrack)
[pyrit](/man/pyrit)
[rcrack](/man/rcrack)
[cewl](/man/cewl)
[crunch](/man/crunch)
Audit Wi-Fi networks and RFID/NFC cards.
[aircrack-ng](/man/aircrack-ng)
[wifite](/man/wifite)
[reaver](/man/reaver)
[kismet](/man/kismet)
[giskismet](/man/giskismet)
[mfoc](/man/mfoc)
[mfterm](/man/mfterm)
[chirpw](/man/chirpw)
Frameworks and tools for exploiting confirmed vulnerabilities and moving through a network.
[msfconsole](/man/msfconsole)
[msfpc](/man/msfpc)
[searchsploit](/man/searchsploit)
[sqlmap](/man/sqlmap)
[netexec](/man/netexec)
[crackmapexec](/man/crackmapexec)
[evil-winrm](/man/evil-winrm)
[setoolkit](/man/setoolkit)
[beef-xss](/man/beef-xss)
[yersinia](/man/yersinia)
[thc-ipv6](/man/thc-ipv6)
[termineter](/man/termineter)
Capture, inspect, and manipulate network traffic.
[wireshark](/man/wireshark)
[tcpdump](/man/tcpdump)
[mitmproxy](/man/mitmproxy)
[bettercap](/man/bettercap)
[ettercap](/man/ettercap)
[netsniff-ng](/man/netsniff-ng)
[driftnet](/man/driftnet)
[macchanger](/man/macchanger)
Analyze disks, memory dumps, and file artifacts after an incident.
[autopsy](/man/autopsy)
[volatility](/man/volatility)
[binwalk](/man/binwalk)
[bulk_extractor](/man/bulk_extractor)
[foremost](/man/foremost)
[hashdeep](/man/hashdeep)
[chkrootkit](/man/chkrootkit)
[galleta](/man/galleta)
[mdb-sql](/man/mdb-sql)
[sqlitebrowser](/man/sqlitebrowser)
Capture evidence and organize findings for the report.
[cutycapt](/man/cutycapt)
[keepnote](/man/keepnote)
[recordmydesktop](/man/recordmydesktop)