匿名隐藏工具
- Anonmously Surf (https://github.com/Und3rf10w/kali-anonsurf)
- Multitor (https://github.com/trimstray/multitor)
信息收集工具
- 网络映射 (nmap) (https://github.com/nmap/nmap)
- Dracnmap (https://github.com/Screetsec/Dracnmap)
- 端口扫描
- Xerosploit (https://github.com/LionSec/xerosploit)
- RED HAWK (全能扫描) (https://github.com/Tuhinshubhra/RED_HAWK)
- ReconSpider(用于所有扫描) (https://github.com/bhavsec/reconspider)
- IsItDown (检查网站是否宕机)
- Infoga - 电子邮件OSINT (https://github.com/m4ll0k/Infoga)
- ReconDog (https://github.com/s0md3v/ReconDog)
- Striker (https://github.com/s0md3v/Striker)
- SecretFinder (类似API等) (https://github.com/m4ll0k/SecretFinder)
- 使用Shodan查找信息 (https://github.com/m4ll0k/Shodanfy.py)
- rang3r(Python 2.7) (https://github.com/floriankunushevci/rang3r)
- Ranger Reloaded (Python 3+) (https://github.com/joeyagreco/ranger-reloaded)
- Breacher (https://github.com/s0md3v/Breacher)
字典生成器
- Cupp (https://github.com/Mebus/cupp.git)
- WordlistCreator (https://github.com/Z4nzu/wlcreator)
- GoblinWordGenerator (https://github.com/UndeadSec/GoblinWordGenerator.git)
- 密码列表 (14亿条明文密码) (https://github.com/Viralmaniar/SMWYG-Show-Me-What-You-Got)
无线攻击工具
- WiFi-Pumpkin (https://github.com/P0cL4bs/wifipumpkin3)
- pixiewps (https://github.com/wiire/pixiewps)
- 蓝牙蜜罐GUI框架 (https://github.com/andrewmichaelsmith/bluepot)
- Fluxion (https://github.com/thehackingsage/Fluxion)
- Wifiphisher (https://github.com/wifiphisher/wifiphisher)
- Wifite (https://github.com/derv82/wifite2)
- EvilTwin (https://github.com/Z4nzu/fakeap)
- Fastssh (https://github.com/Z4nzu/fastssh)
SQL注入工具
- Sqlmap工具 (https://github.com/sqlmapproject/sqlmap)
- NoSqlMap (https://github.com/codingo/NoSQLMap)
- Damn Small SQLi Scanner (https://github.com/stamparm/DSSS)
- Explo (https://github.com/dtag-dev-sec/explo)
- Blisqy (https://github.com/JohnTroony/Blisqy)
- Leviathan - 高效率的大范围审计工具 (https://github.com/leviathan-framework/leviathan)
- SQLScan (https://github.com/Cvar1984/sqlscan)
钓鱼工具
- Setoolkit - (https://github.com/trustedsec/social-engineer-toolkit)
- SocialFish - (https://github.com/UndeadSec/SocialFish)
- HiddenEye - (https://github.com/DarkSecDevelopers/HiddenEye)
- Evilginx2 - (https://github.com/kgretzky/evilginx2)
- I-See_You- (https://github.com/Viralmaniar/I-See-You)
- SayCheese- (https://github.com/hangetzzu/saycheese)
- QR Code Jacking - (https://github.com/cryptedwolf/ohmyqr)
- ShellPhish - (https://github.com/An0nUD4Y/shellphish)
- BlackPhish - (https://github.com/iinc0gnit0/BlackPhish)
网络攻击工具
- Web2Attack - (https://github.com/santatic/web2attack)
- Skipfish - (https://tools.kali.org/information-gathering/skipfish)
- 子域名发现 - (https://github.com/aboul3la/Sublist3r)
- CheckURL - (https://github.com/UndeadSec/checkURL)
- Blazy - (https://github.com/UltimateHackers/Blazy)
- 子域名接管 - (https://github.com/m4ll0k/takeover)
- Dirb - (https://tools.kali.org/web-applications/dirb)
后渗透工具
- Vegile - Ghost In The Shell - (https://github.com/Screetsec/Vegile)
- Chrome Keylogger - (https://github.com/UndeadSec/HeraKeylogger)
取证工具
- Autopsy - (https://www.sleuthkit.org/autopsy/)
- Wireshark - (https://www.wireshark.org/)
- Bulk Extractor - (https://github.com/simsong/bulk_extractor)
- Disk Clone and ISO Image Acquire - (https://guymager.sourceforge.io/)
- Toolsley - (https://www.toolsley.com/)
载荷生成工具
- The FatRat - https://github.com/Screetsec/TheFatRat
- Brutal - https://github.com/Screetsec/Brutal
- Stitch - https://nathanlopez.github.io/Stitch
- MSFvenom Payload Creator - https://github.com/g0tmi1k/msfpc
- Venom Shellcode Generator - https://github.com/r00t-3xp10it/venom
- Spycam - https://github.com/indexnotfound404/spycam
- Mob-Droid - https://github.com/kinghacker0/Mob-Droid
- Enigma - https://github.com/UndeadSec/Enigma
Exploit 框架
- RouterSploit - https://github.com/threat9/routersploit
- WebSploit - https://github.com/The404Hacking/websploit
- Commix - https://github.com/commixproject/commix
- Web2Attack - https://github.com/santatic/web2attack
反向工程工具
- Androguard - https://github.com/androguard/androguard
- Apk2Gold - https://github.com/lxdvs/apk2gold
- JadX - https://github.com/skylot/jadx
DDOS 攻击工具
- Asyncrone- https://github.com/fatihsnsy/aSYNcrone
- UFOnet - https://github.com/epsylon/ufonet
- GoldenEye - https://github.com/jseidl/GoldenEye
远程管理员工具 (RAT)
- Stitch - https://github.com/nathanlopez/Stitch
- Pyshell - https://github.com/knassar702/pyshell
XSS 攻击工具
- DalFox(Finder of XSS): https://github.com/hahwul/dalfox
- XSS Payload Generator: https://github.com/capture0x/XSS-LOADER.git
- ExtendedXSSSearcherandFinder:https://github.com/Damian89/extended-xss-search
- XSS-Freak: https://github.com/PR0PH3CY33/XSS-Freak
- XSpear: https://github.com/hahwul/XSpear
- XSSCon: https://github.com/menkrep1337/XSSCon
- XanXSS: https://github.com/Ekultek/XanXSS
- AdvancedXSSDetectionSuite:https://github.com/UltimateHackers/XSStrike
- RVuln: https://github.com/iinc0gnit0/RVuln
- Cyclops:https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking
隐写工具
- SteganoHide
- StegnoCracker
- StegoCracker: https://github.com/W1LDN16H7/StegoCracker
Whitespace: https://github.com/beardog108/snow10
社交媒体暴力破解
- Instagram Attack: https://github.com/chinoogawa/instaBrute
- AllinOneSocialMediaAttack: https://github.com/Matrix07ksa/Brute_Force
- Facebook Attack: https://github.com/Matrix07ksa/Brute_Force
Application Checker: https://github.com/jakuta-tech/underhanded
Android 渗透工具
- Keydroid: https://github.com/F4dl0/keydroid
- MySMS: https://github.com/papusingh2sms/mysms
- Lockphish: https://github.com/JasonJerry/lockphish
- DroidCam (Capture Image): https://github.com/kinghacker0/WishFish
- EvilApp (Hijack Session): https://github.com/crypticterminal/EvilApp
- HatCloud: https://github.com/HatBashBR/HatCloud
IDN Homograph 攻击
- EvilURL: https://github.com/UndeadSec/EvilURL
电子邮件验证工具
Knockmail: https://github.com/4w4k3/KnockMail
Hash 破解工具
- Hash Buster: https://github.com/s0md3v/Hash-Buster
Wifi Deauthenticate
- WifiJammer-NG: https://github.com/MisterBianco/wifijammer-ng
KawaiiDeauther: https://github.com/aryanrtm/KawaiiDeauther
社交媒体查找工具
- FindSocialMediaByFacialRecognationSystem: https://github.com/Greenwolf/social_mapper
- Find SocialMedia By UserName: https://github.com/xHak9x/finduser
- Sherlock: https://github.com/sherlock-project/sherlock
SocialScan | Username or Email: https://github.com/iojw/socialscan
载荷注入器
- Debinject: https://github.com/UndeadSec/Debinject
Pixload: https://github.com/chinarulezzz/pixload
网络爬虫
- Gospider: https://github.com/jaeles-project/gospider