List of available Online-Tools and Resources for different stages of Pentesting.
Most essential Tools and Services are marked with an „!„
Also check out the WhiteHat Website: https://www.whitehat.de/pentesting-unter-macos-hacking-tools-fuer-den-mac
Cross Category:
| Name | URL | Comment |
| BurpSuite ! | https://portswigger.net/burp | Daily Driver for Application Pentesting and more. |
Investigation and Reconnaissance: #
| Name | URL | Comment |
| Nmap ! | https://nmap.org/ | Crucial Tool for Scanning Ports and Services. |
| DNS-Checker | https://dnschecker.org/ | Analyze DNS Propagation |
| CVE-Details | https://www.cvedetails.com/ | Displays CVE Details and Vulnerabilities |
| Exploit-DB | https://www.exploit-db.com/ | Database of known Exploits (Can also be installed local: brew install exploitdb) |
| EmailHeaders | https://mxtoolbox.com/EmailHeaders.aspx | Mail Header Analyzer |
Gaining Access / Exploitation: #
| Name | URL | Comment |
| Metasploit Framework ! | https://www.metasploit.com/ | Exploitation and Pentesting Framework |
| Kerbrute | https://github.com/ropnop/kerbrute | Bruteforce and Enumerate valid Active-Directory Accounts through Kerberos Pre-Authentication |
| Rubeus | https://github.com/GhostPack/Rubeus | Raw Kerberos interaction and abuse. Including „Kerberoasting„ |
Cracking and Decoding: #
| Name | URL | Comment |
| Crackstation | https://crackstation.net/ | Password Hash Cracker 1.5 Billion Password Hashes |
| CyberChef (WEB) | https://gchq.github.io/CyberChef/ | Encryption/Decryption of various Kinds. (For unknown cipher-method use the Magic Function with increasing Depth) |
| PayloadsAllTheThings ! | https://github.com/swisskyrepo/PayloadsAllTheThings | „PayloadAllTheThings“ provides various Payloads for different scenarios |
| XSS-Payloads | http://www.xss-payloads.com/ | Cross Site Scripting Payloads |
| Hashes.Com ! | https://hashes.com/en/decrypt/hash | Hash Identification and Cracking |
Privilege Escalation & Enumeration:
| Name | URL | Comment |
| PowerSploit(PowerUp) | https://github.com/PowerShellMafia/PowerSploit/tree/master/Privesc | Windows Privilege Escalation Tool after gained Access. |
| LinEnum | https://github.com/rebootuser/LinEnum/blob/master/LinEnum.sh | Linux PrivEsc Enumeration Script |
Post Exploitation: #
| Name | URL | Comment |
| BloodHound | https://github.com/BloodHoundAD/BloodHound | BloodHound uses graph theory to reveal the hidden and often unindended relationships within an Active Directory or Azure environment |
| Mimikatz | https://github.com/gentilkiwi/mimikatz/wiki | Extract plaintexts passwords, hash, PIN code and kerberos tickets from memory |
Mobile Application Testing
| Name | URL | Comment |
| Mobile Security Framework MobSF ! | https://github.com/MobSF/Mobile-Security-Framework-MobSF | Mobile-App Pentesting, Malware Analysis, Security Assessment, Static and Dynamic Code analysis. |
| MARA-Framework | https://github.com/xtiankisutsa/MARA_Framework | Mobile Application Reverse engineering and Analysis Framework |