| Essential | BurpSuite | Web Application Testing | https://portswigger.net/burp |
| Recon | nmap | Port Scanner | https://nmap.org |
| Recon | DNS-Checker | Analyze DNS Propagation | https://dnschecker.org |
| Recon | CVE-Details | Displays CVE Details and Vulnerabilities | https://cvedetails.com |
| Recon | Exploit-DV | Database of known Exploits | https://exploit-db.com |
| Recon | EmailHeaders | Mail Header Analyzer | https://mxtoolbox.com/EmailHeaders.aspx |
| Exploitation | Metasploit Framework | Penetration Testing Framework | https://metasploit.com |
| Exploitation | Kerbrute | AD Brute Force and Enumeration | https://github.com/ropnop/kerbrute |
| Exploitation | Rubeus | Raw Kerberos interaction and abuse | https://github.com/GhostPack/Rubeus |
| Decoding | Crackstation | Hash Cracker | https://crackstation.net |
| Decoding | Cyber Chef | Encryption/Decrytoin of various Kinds | https://gchq.github.io/CyberChef |
| Decoding | Hashes.com | Hash Identification and Analyzis | https://hashes.com/en/decrypt/hash |
| Enum | GraphQL Voyager | GraphQL Visualisation Tool | https://graphql-kit.com/graphql-voyager/ |
| Payload | PayloadsAllTheThings | Various Payloads for different Scenarios | https://github.com/swisskyrepo/PayloadsAllTheThings |
| Payload | XSS Payloads | Cross Site Scripting Payloads | https://xss-payloads.com |
| PrivEsc | PowerSploit | Windows PrivEsc Tool | https://github.com/PowerShellMafia/PowerSploit |
| PrivEsc | LinEnum | Linux PrivEsc Skript | https://github.com/rebootuser/LinEnum |
| Post | BloodHound | AD Analyzer with Graph Theory | https://github.com/BloodHoundAD/BloodHound |
| Post | Mimikatz | Extractation Hashes, Pins, TGT | https://github.com/gentilkiwi/mimikatz/wiki |
| Mobile | MobSF | Mobile App Pentesting Framework | https://github.com/MobSF/Mobile-Security-Framework-MobSF |
| Mobile | MARA Framework | Mobile App Pentesting Framework | https://github.com/xtiankisutsa/MARA_Framework |
Cipherspace