• ActiveMQ - ActiveMQ的PUT 上传getshellExP CVE-2016-3088





  • Kali - 一个Linux发行版,用来做数字取证和渗透测试。
  • ArchStrike - Arch GNU/Linux repository for security professionals and enthusiasts.
  • BlackArch - Arch GNU/Linux-based distribution for penetration testers and security researchers.
  • Network Security Toolkit (NST) - 网络安全工具包发行版
  • Pentoo -着眼于安全的基于Gentoo的 LiveCD
  • BackBox - 基于Ubuntu的发行版,用于渗透测试及安全评估
  • Parrot - Distribution similar to Kali, with multiple architecture.
  • Buscador - GNU/Linux virtual machine that is pre-configured for online investigators.
  • Fedora Security Lab - Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies.
  • The Pentesters Framework - Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that eliminates often unused toolchains.


  • Metasploit Framework - 应用最广的渗透测试软件
  • burp suite - 抓包工具,针对Web应用执行安全检测
  • ExploitPack - Graphical tool for penetration testing with a bunch of exploits.
  • BeEF - Command and control server for delivering exploits to commandeered Web browsers.
  • faraday - Collaborative penetration test and vulnerability management platform.
  • evilgrade - The update explotation framework.
  • routersploit - Automated penetration testing software for router.
  • redsnarf - Post-exploitation tool for grabbing credentials.
  • Bella - Pure Python post-exploitation data mining & remote administration tool for Mac OS.
  • Offensive Web Testing Framework (OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide.



  • Nexpose - 漏洞管理&风险控制软件
  • Nessus - 漏洞,配置,和合规检测
  • OpenVAS - 开源漏洞扫描器
  • Vuls - Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go.


  • Brakeman - Static analysis security vulnerability scanner for Ruby on Rails applications.
  • cppcheck - Extensible C/C++ static analyzer focused on finding bugs.
  • FindBugs - Free software static analyzer to look for bugs in Java code.
  • sobelow - Security-focused static analysis for the Phoenix Framework.


  • Nikto - Web服务器和Web应用程序漏洞扫描程序
  • Arachni - Scriptable framework for evaluating the security of web applications.
  • w3af - Web应用程序攻击和审计框架
  • Wapiti - Black box web application vulnerability scanner with built-in fuzzer.
  • SecApps - In-browser web application security testing suite.
  • WebReaver - Commercial, graphical web application vulnerability scanner designed for macOS.
  • WPScan - 黑盒wordpress扫描工具
  • cms-explorer - Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
  • joomscan - Joomla vulnerability scanner.


  • zmap - 开源网络端口扫描器
  • nmap - 免费的安全扫描器,用于网络勘测和安全审计
  • pig - GNU/Linux packet crafting tool.
  • scanless - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.
  • tcpdump/libpcap - Common packet analyzer that runs under the command line.
  • Wireshark - 一个Unix和Windows系统的传输协议分析工具
  • Network Tools - Different network tools: ping, lookup, whois, etc.
  • netsniff-ng - Swiss army knife for for network sniffing.
  • Intercepter-NG - Multifunctional network toolkit.
  • SPARTA - Network infrastructure penetration testing tool.
  • dnschef - Highly configurable DNS proxy for pentesters.
  • DNSDumpster - Online DNS recon and search service.
  • CloudFail - Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
  • dnsenum - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
  • dnsmap - Passive DNS network mapper.
  • dnsrecon - DNS enumeration script.
  • dnstracer - Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
  • passivedns-client - Library and query tool for querying several passive DNS providers.
  • passivedns - Network sniffer that logs all DNS server replies for use in a passive DNS setup.
  • Mass Scan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
  • Zarp - Network attack tool centered around the exploitation of local networks.
  • mitmproxy - Interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers.
  • Morpheus - Automated ettercap TCP/IP Hijacking tool.
  • mallory - HTTP/HTTPS proxy over SSH.
  • SSH MITM - Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.
  • Netzob - Reverse engineering, traffic generation and fuzzing of communication protocols.
  • DET - Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.
  • pwnat - Punches holes in firewalls and NATs.
  • dsniff - Collection of tools for network auditing and pentesting.
  • tgcd - Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.
  • smbmap - Handy SMB enumeration tool.
  • scapy - Python-based interactive packet manipulation program & library.
  • Dshell - Network forensic analysis framework.
  • Debookee (macOS) - Intercept traffic from any device on your network.
  • Dripcap - Caffeinated packet analyzer.
  • PRET - Printer Exploitation Toolkit offers commands useful for printer attacks and fuzzing.
  • Praeda - Automated multi-function printer data harvester for gathering usable data during security assessments.


  • Aircrack-ng - Set of tools for auditing wireless networks.
  • Kismet - Wireless network detector, sniffer, and IDS.
  • Reaver - Brute force attack against WiFi Protected Setup.
  • Wifite - Automated wireless attack tool.


  • SSLyze - SSL configuration scanner.
  • sslstrip - Demonstration of the HTTPS stripping attacks.
  • sslstrip2 - SSLStrip version to defeat HSTS.
  • tls_prober - Fingerprint a server's SSL/TLS implementation.

Web exploitation

  • OWASP Zed Attack Proxy (ZAP) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
  • Fiddler - Free cross-platform web debugging proxy with user-friendly companion tools.
  • Burp Suite - Integrated platform for performing security testing of web applications.
  • autochrome - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup.
  • Wordpress Exploit Framework - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
  • WPSploit - Exploit WordPress-powered websites with Metasploit.
  • SQLmap - Automatic SQL injection and database takeover tool.
  • tplmap - Automatic server-side template injection and Web server takeover tool.
  • weevely3 - Weaponized web shell.
  • Wappalyzer - Wappalyzer uncovers the technologies used on websites.
  • WhatWeb - Website fingerprinter.
  • BlindElephant - Web application fingerprinter.
  • wafw00f - Identifies and fingerprints Web Application Firewall (WAF) products.
  • fimap - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
  • Kadabra - Automatic LFI exploiter and scanner.
  • Kadimus - LFI scan and exploit tool.
  • liffy - LFI exploitation tool.
  • Commix - Automated all-in-one operating system command injection and exploitation tool.
  • DVCS Ripper - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.
  • GitTools - Automatically find and download Web-accessible .git repositories.

Hex Editors

  • HexEdit.js - Browser-based hex editing.
  • Hexinator - World's finest (proprietary, commercial) Hex Editor.
  • Frhed - Binary file editor for Windows.


  • Kaitai Struct - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
  • Veles - Binary data visualization and analysis tool.
  • Hachoir - Python library to view and edit a binary stream as tree of fields and tools for metadata extraction.


  • John the Ripper - Fast password cracker.
  • Hashcat - The more fast hash cracker.
  • CeWL - Generates custom wordlists by spidering a target's website and collecting unique words.


  • LOIC - Open source network stress tool for Windows.
  • JS LOIC - JavaScript in-browser version of LOIC.
  • SlowLoris - DoS tool that uses low bandwidth on the attacking side.
  • HOIC - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures.
  • T50 - Faster network stress tool.
  • UFONet - Abuses OSI layer 7 HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.


  • Social Engineer Toolkit (SET) - Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly.
  • King Phisher - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content.
  • Evilginx - MITM attack framework used for phishing credentials and session cookies from any Web service.
  • wifiphisher - Automated phishing attacks against WiFi networks.
  • Catphish - Tool for phishing and corporate espionage written in Ruby.


  • IDA Pro - Windows, GNU/Linux or macOS hosted multi-processor disassembler and debugger.
  • IDA Free - The freeware version of IDA v5.0.
  • WDK/WinDbg - Windows Driver Kit and WinDbg.
  • OllyDbg - x86 debugger for Windows binaries that emphasizes binary code analysis.
  • Radare2 - Open source, crossplatform reverse engineering framework.
  • x64dbg - Open source x64/x32 debugger for windows.
  • Immunity Debugger - Powerful way to write exploits and analyze malware.
  • Evan's Debugger - OllyDbg-like debugger for GNU/Linux.
  • Medusa disassembler - Open source interactive disassembler.
  • plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
  • peda - Python Exploit Development Assistance for GDB.
  • dnSpy - Tool to reverse engineer .NET assemblies.


  • ctf-tools - Collection of setup scripts to install various security research tools easily and quickly deployable to new machines.
  • Pwntools - Rapid exploit development framework built for use in CTFs.
  • RsaCtfTool - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks.


  • Common Vulnerabilities and Exposures (CVE) - Dictionary of common names (i.e., CVE Identifiers) for publicly known security vulnerabilities.
  • National Vulnerability Database (NVD) - United States government's National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine.
  • US-CERT Vulnerability Notes Database - Summaries, technical details, remediation information, and lists of vendors affected by software vulnerabilities, aggregated by the United States Computer Emergency Response Team (US-CERT).
  • Full-Disclosure - Public, vendor-neutral forum for detailed discussion of vulnerabilities, often publishes details before many other sources.
  • Bugtraq (BID) - Software security bug identification database compiled from submissions to the SecurityFocus mailing list and other sources, operated by Symantec, Inc.
  • Exploit-DB - Non-profit project hosting exploits for software vulnerabilities, provided as a public service by Offensive Security.
  • Microsoft Security Bulletins - Announcements of security issues discovered in Microsoft software, published by the Microsoft Security Response Center (MSRC).
  • Microsoft Security Advisories - Archive of security advisories impacting Microsoft software.
  • Mozilla Foundation Security Advisories - Archive of security advisories impacting Mozilla software, including the Firefox Web Browser.
  • Packet Storm - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
  • CXSecurity - Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a Google dork database for discovering the listed vulnerability.
  • SecuriTeam - Independent source of software vulnerability information.
  • Vulnerability Lab - Open forum for security advisories organized by category of exploit target.
  • Zero Day Initiative - Bug bounty program with publicly accessible archive of published security advisories, operated by TippingPoint.
  • Vulners - Security database of software vulnerabilities.
  • Inj3ct0r (Onion service) - Exploit marketplace and vulnerability information aggregator.
  • Open Source Vulnerability Database (OSVDB) - Historical archive of security vulnerabilities in computerized equipment, no longer adding to its vulnerability database as of April, 2016. Continued by Risk Based Security as a commercial VDB.



  • DEF CON - Annual hacker convention in Las Vegas.
  • Black Hat - Annual security conference in Las Vegas.
  • BSides - Framework for organising and holding security conferences.
  • CCC - Annual meeting of the international hacker scene in Germany.
  • DerbyCon - Annual hacker conference based in Louisville.
  • PhreakNIC - Technology conference held annually in middle Tennessee.
  • ShmooCon - Annual US East coast hacker convention.
  • CarolinaCon - Infosec conference, held annually in North Carolina.
  • CHCon - Christchurch Hacker Con, Only South Island of New Zealand hacker con.
  • SummerCon - One of the oldest hacker conventions, held during Summer.
  • Hack.lu - Annual conference held in Luxembourg.
  • Hackfest - Largest hacking conference in Canada.
  • HITB - Deep-knowledge security conference held in Malaysia and The Netherlands.
  • Troopers - Annual international IT Security event with workshops held in Heidelberg, Germany.
  • Hack3rCon - Annual US hacker conference.
  • ThotCon - Annual US hacker conference held in Chicago.
  • LayerOne - Annual US security conference held every spring in Los Angeles.
  • DeepSec - Security Conference in Vienna, Austria.
  • SkyDogCon - Technology conference in Nashville.
  • SECUINSIDE - Security Conference in Seoul.
  • DefCamp - Largest Security Conference in Eastern Europe, held anually in Bucharest, Romania.
  • AppSecUSA - Annual conference organised by OWASP.
  • BruCON - Annual security conference in Belgium.
  • Infosecurity Europe - Europe's number one information security event, held in London, UK.
  • Nullcon - Annual conference in Delhi and Goa, India.
  • RSA Conference USA - Annual security conference in San Francisco, California, USA.
  • Swiss Cyber Storm - Annual security conference in Lucerne, Switzerland.
  • Virus Bulletin Conference - Annual conference going to be held in Denver, USA for 2016.
  • Ekoparty - Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina.
  • 44Con - Annual Security Conference held in London.
  • BalCCon - Balkan Computer Congress, annualy held in Novi Sad, Serbia.
  • FSec - FSec - Croatian Information Security Gathering in Varaždin, Croatia.