Exploit Tools and Kits
Konboot – Used to bypass Windows and MacOS logins
Metasploit – Project developed by Rapid7 as a portable network tool, scans and exploits known vulnerabilities
Smbexec – Python class by Impacket that transfers commands and exfiltrates data using SMB
Veil – Creates python-based Metasploit payloads that bypass common anti-virus solutions
Forensic Tools (Pentesting)
Mimikatz – Name for both the tool and exploit on Microsoft Windows that extracts passwords stored in memory
Windows Credential Editor – Lists Windows logon sessions and can add, change, list, and delete associated credentials
General Purpose
arp-scan – Very fast ARP packet scanner that shows active IPv4 devices on a subnet
CDPSnarf – Network sniffer that extracts information from Cisco Discovery Protocol packets
Cloudfrunt – Python-based tool that identifies misconfigured CloudFront domains
cUrl – Command line tool for transferring data with URL syntax with support for many protocols
dns2tcp – A tunneling tool that encapsulates TCP traffic over DNS
EyeWitness – Captures screenshots of websites, provides header info, and attempts to identify default credentials
Netcat – Networking utility that reads and writes data across TCP/IP connections
Nmap – Powerful open-source port scanning tool
nmlookup – Queries NetBIOS names and map them to IP addresses in a network
p0f – Utilizes an array of passive traffic fingerprinting mechanisms to identify a machine’s OS
socat (SOcket CAT) –Multi-purpose utility that transfers data bidirectionally between two addresses
SSHScan – Set of scripts that enumerate SSH ciphers and algorithms
Wireshark – Open-source network protocol analyzer that captures packets from a network connection
masscan – Mass IP port scanner that quickly identifies live hosts within large network subnets
Man in the Middle
Bettercap – Comprehensive suite for man-in-the-middle attacks including sniffing for credentials, spoofing, and manipulating HTTP/S or TCP traffic in real-time
MitM6 – Exploits the default configuration of Windows to take over the default DNS server
Responder – Collects NTLM challenge/response hashes by exploiting LLMNR and NetBIOS
tcpdump – Command line tool that prints out a description of the contents of packets on a network interface
Wireshark – Open-source network protocol analyzer that captures packets from a network connection
Password Attacks
Aircrack-ng – 802.11 WEP and WPA-PSK key cracking program that can recover keys once enough data packets have been captured
Cewl – Generates a word list for password cracking by spidering URLs
Hashcat – Open-source password recovery tool that supports CPUs, GPUs, and other hardware accelerators for password cracking
Hydra – Parallelized login cracker that supports attacking numerous protocols
John The Ripper – Open-source password and hash cracker known for its speed
snmpwalk – SNMP application to query a network entity for a tree of information
Post-Exploitation
Metasploit – Project developed by Rapid7 as a portable network tool, scans and exploits known vulnerabilities
Meterpreter – Advanced backdoor that uses a dynamically extensible payload to explore the target machine and execute code
Netcat – Networking utility that reads and writes data across TCP/IP connections
Reconnaissance
Amass – Performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques
crt.sh – Provides a searchable database of certificate transparency logs
Dehashed – Provides free deep-web scans to retrieve information uploaded to the internet after a data breach or leak
discover.sh – Python script that provides the ability to enumerate General DNS Records for a given domain
dnsrecon – Used for enumeration through DNS
Fierce – DNS reconnaissance tool that helps locate non-contiguous IP space and hostnames against specified domain
hunter.io – Indexes professional email addresses and employees found on the web
phonebook.cz – Lists all domains, email addresses, or URLs for the given input domain
Recon-ng – Suite of tools and scripts for passive and active discovery
reconftw – Combines many techniques to enumerate subdomains and automate reconnaissance
search.censys.io – Web-based search platform that assesses attack surfaces for Internet-connected devices
SHODAN – Search engine for computers and devices on the Internet
Subfinder – Subdomain discovery tool that returns valid subdomains for websites using passive online sources
sublist3r – Python tool designed to enumerate subdomains of websites using OSINT
whois – Tool for domain name searches
Social Engineering
GoPhish – Powerful, open-source phishing framework
Social Engineering Toolkit – Open-source penetration testing framework designed for social engineering
Vulnerability Scanners
Nessus – The most popular commercial vulnerability tool available to detect known threats
Nmap – Uses the Nmap Scripting Engine (NSE) to detect and verify known vulnerabilities and misconfigurations
ODAT – (Oracle Database Attacking Tool) Open-source tool that tests the security of Oracle Databases remotely
QualysGuard – Commercial vulnerability scanner known for up-to-date plugins and reliability
WPScan – Vulnerability scanner for WordPress sites
Wireless
Aircrack-ng – An 802.11 WEP and WPA-PSK key cracking program that can recover keys once enough data packets have been captured
inSSIDer – Wi-Fi network discovery tool that displays every wireless hotspot’s MAC address, encryption, signal strength, and channel
Kismet – An 802.11 Layer 2 wireless network detector, sniffer, and intrusion detection system for Wi-Fi, Bluetooth, Zigbee, RF, and other protocols
WiGLE WiFi Wardriving – An Android application used for collecting information about access points
Web Applications
BurpSuite – Intercepts and proxies HTTP traffic and utilizes many tools to audit web applications
DirBuster – Multi-threaded application that brute forces directories and files names on web application servers
feroxbuster – Performs Forced Browsing to enumerate and access resources or sensitive information that are accessible but not referenced by a web application
gobuster – Brute-forces URIs, including directories and files, and DNS subdomains
Nikto – Command-line vulnerability scanner that scans webservers for dangerous files/CGIs, outdated server software, and other problems
Sqlmap – Open-source scanner that detects and exploits SQL injection flaws
WPScan – Vulnerability scanner for WordPress sites
Zed Attack Proxy (ZAP) – Open-source web application security scanner that intercepts and proxies HTTP traffic
Connect with Dara Security
Thank you for your interest in Dara Security. We look forward to helping you secure your data and achieve compliance.
© Dara Security 2025
