Security Tools

Master the 137 tools used by security professionals. From reconnaissance to exploitation, these tools form the backbone of cyber security operations. Install, configure, and learn the most essential tools across every domain of security.

Reconnaissance

Tools for discovering hosts, services, subdomains, and attack surfaces. The first phase of any security assessment.

Nmap

Network discovery and security auditing tool. Port scanning, service detection, and OS fingerprinting.

Reconnaissance Network

Shodan

Search engine for internet-connected devices. Find servers, databases, and IoT devices.

Reconnaissance

Censys

Internet-wide scanning and monitoring platform for discovering hosts and certificates.

Reconnaissance

Amass

In-depth attack surface mapping and asset discovery tool for subdomain enumeration.

Reconnaissance

Subfinder

Fast passive subdomain enumeration tool using various online sources.

Reconnaissance

theHarvester

Gather emails, subdomains, hosts, and employee names from public sources.

Reconnaissance

Recon-ng

Full-featured web reconnaissance framework with independent modules.

Reconnaissance

Exploitation

Frameworks and tools for exploiting vulnerabilities, post-exploitation, and penetration testing.

Metasploit

The world's most used penetration testing framework. Exploit development and payload delivery.

Exploitation

Burp Suite

Leading web application security testing tool with scanner, proxy, and intruder.

Exploitation Web

Caido

Modern web security testing proxy designed for penetration testers.

Exploitation Web

SQLMap

Automatic SQL injection detection and exploitation tool.

Exploitation Web

NetExec

Network service exploitation tool for SMB, WMI, WinRM, and more.

Exploitation Windows

Impacket

Collection of Python classes for working with network protocols and SMB.

Exploitation Windows

BloodHound

Active Directory attack path analysis tool using graph theory.

Exploitation Windows

CrackMapExec

Post-exploitation tool for Active Directory environments.

Exploitation Windows

Analysis

Tools for capturing, inspecting, and analyzing network traffic and protocols.

Wireshark

Network protocol analyzer. Capture and inspect packets in real-time.

Analysis Network

Forensics

Digital forensics tools for analyzing memory dumps, disk images, and file systems during incident response.

Volatility

Memory forensics framework for analyzing RAM dumps from Windows, Linux, and Mac.

Forensics

Autopsy

Digital forensics platform for analyzing disk images and file systems.

Forensics

FTK Imager

Forensic imaging tool for creating and analyzing disk images.

Forensics

Password Cracking

Tools for cracking password hashes, brute-forcing logins, and testing credential strength.

Hashcat

Advanced password recovery utility supporting GPU acceleration and multiple hash types.

Password

John the Ripper

Password cracker supporting multiple hash formats with auto-detection.

Password

Hydra

Fast network logon cracker supporting many protocols (SSH, FTP, HTTP, SMB).

Password

Reverse Engineering

Disassemblers, decompilers, and analysis platforms for examining binaries and understanding software behavior.

Ghidra

Software reverse engineering framework developed by the NSA. Decompiles binaries.

Reverse Engineering

IDA Pro

The industry-standard disassembler and debugger for reverse engineering.

Reverse Engineering

Radare2

Open-source reverse engineering framework with command-line tools.

Reverse Engineering

Binary Ninja

Modern interactive disassembler, decompiler, and binary analysis platform.

Reverse Engineering

Web Tools

Scanners, fuzzers, and brute-force tools for testing web applications and servers.

Nikto

Web server scanner testing for dangerous files, outdated software, and misconfigurations.

Web Reconnaissance

Dirb / Dirbuster

Web content scanner for brute-forcing directories and files.

Web Reconnaissance

Wfuzz

Web application fuzzer for brute-forcing web applications.

Web Exploitation

Gobuster

Directory/file & DNS busting tool written in Go.

Web Reconnaissance

Getting Started

Install and set up the most essential security tools on your system.

Note
Most of these tools come pre-installed on Kali Linux. If you're using another distribution, use the commands below to install them.

Nmap

bash
# Debian / Ubuntu
sudo apt update && sudo apt install nmap

# Basic scan
nmap -sV -sC target.com

# Aggressive full scan
nmap -A -p- target.com

Metasploit

bash
# Install Metasploit Framework
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
chmod 755 msfinstall
./msfinstall

# Launch
msfconsole

SQLMap

bash
# Install from source
git clone https://github.com/sqlmapproject/sqlmap.git

# Basic SQL injection test
python sqlmap.py -u "http://target.com/page?id=1" --dbs

# With POST data
python sqlmap.py -u "http://target.com/login" --data="user=admin&pass=*" --batch

Hashcat

bash
# Install
sudo apt install hashcat

# Crack MD5 hashes
hashcat -m 0 hashes.txt /usr/share/wordlists/rockyou.txt

# Crack NTLM hashes (GPU)
hashcat -m 1000 hashes.txt /usr/share/wordlists/rockyou.txt

Ghidra

bash
# Download from https://ghidra-sre.org/
# Requires JDK 17+
sudo apt install openjdk-17-jdk

# Extract and run
unzip ghidra_*.zip
cd ghidra_* && ./ghidraRun

Wireshark

bash
# Install
sudo apt install wireshark
sudo usermod -aG wireshark $USER

# Capture from command line (tshark)
tshark -i eth0 -f "port 80" -w capture.pcap

Burp Suite

bash
# Download Community Edition from PortSwigger
# https://portswigger.net/burp/communitydownload

# Or install on Kali
sudo apt install burpsuite

# Configure browser proxy to 127.0.0.1:8080
# Import Burp CA certificate for HTTPS interception