Security Tools
Master the 137 tools used by security professionals. From reconnaissance to exploitation, these tools form the backbone of cyber security operations. Install, configure, and learn the most essential tools across every domain of security.
Reconnaissance
Tools for discovering hosts, services, subdomains, and attack surfaces. The first phase of any security assessment.
Nmap
Network discovery and security auditing tool. Port scanning, service detection, and OS fingerprinting.
Shodan
Search engine for internet-connected devices. Find servers, databases, and IoT devices.
Censys
Internet-wide scanning and monitoring platform for discovering hosts and certificates.
Amass
In-depth attack surface mapping and asset discovery tool for subdomain enumeration.
Subfinder
Fast passive subdomain enumeration tool using various online sources.
theHarvester
Gather emails, subdomains, hosts, and employee names from public sources.
Recon-ng
Full-featured web reconnaissance framework with independent modules.
Exploitation
Frameworks and tools for exploiting vulnerabilities, post-exploitation, and penetration testing.
Metasploit
The world's most used penetration testing framework. Exploit development and payload delivery.
Burp Suite
Leading web application security testing tool with scanner, proxy, and intruder.
Caido
Modern web security testing proxy designed for penetration testers.
SQLMap
Automatic SQL injection detection and exploitation tool.
NetExec
Network service exploitation tool for SMB, WMI, WinRM, and more.
Impacket
Collection of Python classes for working with network protocols and SMB.
BloodHound
Active Directory attack path analysis tool using graph theory.
CrackMapExec
Post-exploitation tool for Active Directory environments.
Analysis
Tools for capturing, inspecting, and analyzing network traffic and protocols.
Wireshark
Network protocol analyzer. Capture and inspect packets in real-time.
Forensics
Digital forensics tools for analyzing memory dumps, disk images, and file systems during incident response.
Volatility
Memory forensics framework for analyzing RAM dumps from Windows, Linux, and Mac.
Autopsy
Digital forensics platform for analyzing disk images and file systems.
FTK Imager
Forensic imaging tool for creating and analyzing disk images.
Password Cracking
Tools for cracking password hashes, brute-forcing logins, and testing credential strength.
Hashcat
Advanced password recovery utility supporting GPU acceleration and multiple hash types.
John the Ripper
Password cracker supporting multiple hash formats with auto-detection.
Hydra
Fast network logon cracker supporting many protocols (SSH, FTP, HTTP, SMB).
Reverse Engineering
Disassemblers, decompilers, and analysis platforms for examining binaries and understanding software behavior.
Ghidra
Software reverse engineering framework developed by the NSA. Decompiles binaries.
IDA Pro
The industry-standard disassembler and debugger for reverse engineering.
Radare2
Open-source reverse engineering framework with command-line tools.
Binary Ninja
Modern interactive disassembler, decompiler, and binary analysis platform.
Web Tools
Scanners, fuzzers, and brute-force tools for testing web applications and servers.
Nikto
Web server scanner testing for dangerous files, outdated software, and misconfigurations.
Dirb / Dirbuster
Web content scanner for brute-forcing directories and files.
Wfuzz
Web application fuzzer for brute-forcing web applications.
Gobuster
Directory/file & DNS busting tool written in Go.
Getting Started
Install and set up the most essential security tools on your system.
Nmap
# Debian / Ubuntu
sudo apt update && sudo apt install nmap
# Basic scan
nmap -sV -sC target.com
# Aggressive full scan
nmap -A -p- target.com
Metasploit
# Install Metasploit Framework
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
chmod 755 msfinstall
./msfinstall
# Launch
msfconsole
SQLMap
# Install from source
git clone https://github.com/sqlmapproject/sqlmap.git
# Basic SQL injection test
python sqlmap.py -u "http://target.com/page?id=1" --dbs
# With POST data
python sqlmap.py -u "http://target.com/login" --data="user=admin&pass=*" --batch
Hashcat
# Install
sudo apt install hashcat
# Crack MD5 hashes
hashcat -m 0 hashes.txt /usr/share/wordlists/rockyou.txt
# Crack NTLM hashes (GPU)
hashcat -m 1000 hashes.txt /usr/share/wordlists/rockyou.txt
Ghidra
# Download from https://ghidra-sre.org/
# Requires JDK 17+
sudo apt install openjdk-17-jdk
# Extract and run
unzip ghidra_*.zip
cd ghidra_* && ./ghidraRun
Wireshark
# Install
sudo apt install wireshark
sudo usermod -aG wireshark $USER
# Capture from command line (tshark)
tshark -i eth0 -f "port 80" -w capture.pcap
Burp Suite
# Download Community Edition from PortSwigger
# https://portswigger.net/burp/communitydownload
# Or install on Kali
sudo apt install burpsuite
# Configure browser proxy to 127.0.0.1:8080
# Import Burp CA certificate for HTTPS interception