You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Infoga: Infoga is a tool gathering email accounts informations (ip,hostname,country,...) from different public source (search engines, pgp key servers and shodan) and check if emails was leaked using haveibeenpwned.com API. Is a really simple tool, but very effective for the early stages of a penetration test or just to know the visibility of your company in the Internet.
Opanda IExif: It is a professional Exif viewer in Windows / IE / Firefox, From a photographer's eye, It displays the image taken from digital camera and every item of EXIF data in the image from beginning to end.
Web Data Extractor: Web Data Extractor Pro is a web scraping tool specifically designed for mass-gathering of various data types. It can harvest URLs, phone and fax numbers, email addresses, as well as meta tag information and body text. Special feature of WDE Pro is custom extraction of structured data.
Extracting Website Links
Link Extractor: Very simple tool which allows scrapping all the links from any web page in Internet.
Netpeak Spider: Desktop tool for day-to-day SEO audit, fast issue check, comprehensive analysis, and website scraping.
Octoparse: Octoparse is a free, multi-award winning web scraping software to turn websites into structured data without coding.
Maltego: Maltego is an open source intelligence (OSINT) and graphical link analysis tool for gathering and connecting information for investigative tasks.
OSRFramework: The Open Sources Research Framework is a AGPLv3+ project by i3visio focused on providing API and tools to perform more accurate online researches.
Raccoon: A high performance offensive security tool for reconnaissance and vulnerability scanning.
Social-Engineer Toolkit (SET): It is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly.
ShellPhish: Phishing Tool for Instagram, Facebook, Twitter, Snapchat, Github.napchat, Github.
Monitoring webpages for updates and changes
visualping: Monitor website changes… so you don't have to!
Website-Watcher: Monitor websites for new content and changes.
Path Analyzer Pro: Path Analyzer Pro delivers advanced network route-tracing with performance tests, DNS, whois, and network resolution to investigate network issues. By integrating all these powerful features into one simple graphical interface, Path Analyzer Pro has become a must-have tool for any network, systems, or security professional on Windows and Mac OS X.
Creepy: Creepy is a geolocation OSINT tool. Gathers geolocation related information from online sources, and allows for presentation on map, search filtering based on exact location and/or date, export in csv format or kml for further analysis in Google Maps.
foller.me: Twitter analytics application that gives you rich insights about any public Twitter profile. We gather near real-time data about topics, mentions, hashtags, followers, location and more!
Followerwonk: Help to explore and grow one's social graph by digging deeper into Twitter analytics.
Wappalyzer: Identifies technologies on websites, including content management systems, ecommerce platforms, JavaScript frameworks, analytics tools and much more.
Website informer: Evaluates authority and popularity of websites you are visiting.
What's that site running? | Netcraft: Find out the infrastructure and technologies used by any site using results from our internet data mining.
Zaproxy: The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications.
Website footprinting using spiders
ParseHub: It is a free and powerful web scraping tool. With our advanced web scraper, extracting data is as easy as clicking on the data you need.
SpiderFoot: Automates OSINT collection and helps you find what matters
Web Data Extractor: It is a web scraping tool specifically designed for mass-gathering of various data types. It can harvest URLs, phone and fax numbers, email addresses, as well as meta tag information and body text. Special feature of WDE Pro is custom extraction of structured data.
webscarab-ng: WebScarab-NG is a complete rewrite of the old WebScarab application, with a special focus on making the application more user-friendly.
Colasoft Packet Builder: Colasoft Packet Builder enables creating custom network packets; users can use this tool to check their network protection against attacks and intruders. Colasoft Packet Builder includes a very powerful editing feature. Besides common HEX editing raw data, it features a Decoding Editor allowing users to edit specific protocol field values much easier.
hping: hping3 is a network tool able to send custom TCP/IP packets and to display target replies like ping do with ICMP replies. hping3 can handle fragmentation, and almost arbitrary packet size and content, using the command line interface.
HTTPort 3.SNFM: HTTPort allows you to bypass your HTTP proxy, which is blocking you from the Internet. With HTTPort you may use various Internet software from behind the proxy, ex. e-mail, instant messengers, P2P file sharing, ICQ, News, FTP, IRC, etc.
Megaping: MegaPing is the ultimate must-have toolkit that provides essential utilities for Information System specialists, system administrators, IT solution providers or individuals.
netCut: With netCut, you can know who has is or has been on your WIFI, his name, device brand, what time in, what time out.
NetScanTools: NetScanTools Pro is an integrated collection of internet information gathering and network troubleshooting utilities for Network Professionals. Research IPv4 addresses, IPv6 addresses, hostnames, domain names, email addresses and URLs automatically** or with manual tools. It is designed for the Windows operating system GUI. **Automated tools are started interactively by the user. Include a promiscous detection scanner.
NetSurveyor: It is an 802.11 (WiFi) network discovery tool that gathers information about nearby wireless access points in real time and displays it in useful ways. Similar in purpose to NetStumbler, it includes many more features.
Network Topology Mapper: Network mapping software designed to automatically map your network.
wireshark: Wireshark is a network traffic analyzer, or "sniffer", for Linux, macOS, *BSD and other Unix and Unix-like operating systems and for Windows. It uses Qt, a graphical user interface library, and libpcap and npcap as packet capture and filtering libraries.
Network Spoofer: Lets you change websites on other people’s computers from an Android phone. After downloading simply log onto a Wifi network, choose a spoof to use and press start.
Ettercap: It is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.
Protection
ARP AntiSpoofer: A utility for detecting and resisting BIDIRECTIONAL ARP spoofing. It can anti-spoof for not only the local host, but also other hosts in the same subnet. It is as well a handy helper for gateways which don't work well with ARP.
ArpON: It is a Host-based solution that make the ARP standardized protocol secure in order to avoid the Man In The Middle (MITM) attack through the ARP spoofing, ARP cache poisoning or ARP poison routing attack.
Hyenae: It is a highly flexible platform independent network packet generator. It allows you to reproduce several MITM, DoS and DDoS attack scenarios, comes with a clusterable remote daemon and an interactive attack assistant.
hping3: hping3 is a network tool able to send custom TCP/IP packets and to display target replies like ping do with ICMP replies. hping3 can handle fragmentation, and almost arbitrary packet size and content, using the command line interface.
Low Orbit Ion Cannon (LOIC): An open source network stress tool, written in C#. Based on Praetox's LOIC project.
Protection
Anti DDoS Software: Monitors each incoming and outgoing packet in Real-Time. It displays the local address, remote address, and other information of each network flow. Anti DDoS Guardian limits network flow number, client bandwidth, client concurrent TCP connection number, and TCP connection rate. It also limits the UDP bandwidth, UDP connection rate, and UDP packet rate.
Active Directory Explorer: It is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database, define favorite locations, view object properties and attributes without having to open dialog boxes, edit permissions, view an object's schema, and execute sophisticated searches that you can save and re-execute.
Advanced IP Scanner: Reliable and free network scanner to analyse LAN. The program shows all network devices, gives you access to shared folders, provides remote control of computers (via RDP and Radmin), and can even remotely switch computers off. It is easy to use and runs as a portable edition. It should be the first choice for every network admin.
Amass: The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.
enum4linux: It is a Linux alternative to enum.exe for enumerating data from Windows and Samba hosts.
EyeWitness: EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
Global Network Inventory: Global Network Inventory is a powerful and flexible software and hardware inventory system that can be used as an audit scanner in an agent-free and zero deployment environments. If used as an audit scanner, it only requires full administrator rights to the remote computers you wish to scan. Global Network Inventory can audit remote computers and even network appliances, including switches, network printers, document centers, etc.
gobuster: Directory/File, DNS and VHost busting tool written in Go.
jxplorer: It is a cross platform LDAP browser and editor. It is a standards compliant general purpose LDAP client that can be used to search, read and edit any standard LDAP directory, or any directory service with an LDAP or DSML interface.
Knock: Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for DNS zone transfer and to try to bypass the wildcard DNS record automatically if it is enabled. Now knockpy supports queries to VirusTotal subdomains, you can setting the API_KEY within the config.json file.
massdns: A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration).
NetBIOS Enumerator: This application was suggested to show how to use remote network support and how to deal with some other interesting web technics like SMB.
NetScanTools: NetScanTools Pro is an integrated collection of internet information gathering and network troubleshooting utilities for Network Professionals. Research IPv4 addresses, IPv6 addresses, hostnames, domain names, email addresses and URLs automatically** or with manual tools. It is designed for the Windows operating system GUI. **Automated tools are started interactively by the user.
Footprinting and reconnaissance
Competitive Intelligence Gathering
What did this company begin? How did it develop?
What are the company's plans?
What expert do opinions say about the company?
Enumerate people, emails,...
Email tracking tools
Extracting Metadata of Public Documents
Extracting Website Links
Find TLD's domains
Footprinting
Instagram
IP geolocation lookup
Mirroring entire website
Monitoring webpages for updates and changes
Monitoring website traffic of target company
Phone number
Traceroute
Twitter
Website footprinting
Website footprinting using spiders
Networks
Android
ARP
ARP Poisoning
Protection
DHCP
DHCP starvation attack
Rogue DHCP attack
DoS
Protection
MAC address
MAC flood attack
MAC Spoofing
Enumeration