Cybersecurity Tools and Resources

A curated collection of tools, scripts, and cheat sheets for penetration testing, exploit development, and security research. For authorized security testing only.

Last updated: May 2026

Table of Contents

1. Active Directory
2. Web Application Security
3. Network & Infrastructure
4. Cloud Security
5. Container & Kubernetes
6. Privilege Escalation
7. Post-Exploitation & C2
8. Exploit Development
9. OSINT & Recon
10. Password & Hash Cracking
11. Cheat Sheets & References
12. Files and Tools
13. Contributing
14. License

---

Active Directory

Enumeration

• BloodHound - Graph-based AD attack path analysis and visualization.
• BloodHound.py - Agentless Python BloodHound data collector.
• BloodHound Custom Queries - Community query pack for BloodHound.
• ADModule - Microsoft-signed PowerShell AD module (AMSI-safe for enumeration).
• ldapdomaindump - Dump all domain info over LDAP to JSON/HTML/CSV.

Attacks

• Impacket - Python network protocol classes. Includes secretsdump, GetUserSPNs, psexec, wmiexec, and more.
• NetExec (nxc) - Actively maintained successor to CrackMapExec. SMB, RDP, SSH, LDAP, WinRM.
• Certipy - AD Certificate Services (ADCS) attack tool. ESC1–ESC13.
• Rubeus - Kerberos attack toolkit: AS-REP roasting, Kerberoasting, pass-the-ticket, S4U.
• Mimikatz - Credential extraction, pass-the-hash, pass-the-ticket, golden/silver tickets.
• Evil-WINRM - Feature-rich WinRM shell for pentesting.
• MitM6 - IPv6 DNS takeover combined with NTLM relay attacks.
• Responder - LLMNR/NBT-NS/mDNS poisoner for capturing NTLM credentials.

References

• Active Directory Attack (PayloadsAllTheThings) - Comprehensive attack methodology.
• Active Directory Security (adsecurity.org) - Sean Metcalf's definitive AD attack and defense blog.
• Active Directory Exploitation Cheat Sheet - Quick-reference enumeration and attack commands.
• AMSI Bypass (PowerShell) - AMSI bypass techniques collection.
• NTLM Relaying Guide - Practical NTLM relay attack walkthrough.

---

Web Application Security

Recon & Discovery

• Subfinder - Passive subdomain enumeration using 50+ sources.
• httpx - Fast HTTP toolkit for probing live hosts and extracting metadata.
• katana - High-speed web crawler and spider for attack surface mapping.
• ffuf - Fast web fuzzer for directories, parameters, vhosts, and more.
• feroxbuster - Fast, recursive, Rust-based content discovery tool.
• ParamSpider - Parameter mining from web archives without touching the target.
• Arjun - HTTP parameter discovery for hidden GET/POST parameters.
• gau - Fetch known URLs from Wayback Machine, OTX, and URLScan.

Scanning & Exploitation

• Nuclei - Template-based vulnerability scanner with 9,000+ community templates.
• SQLMap - Automated SQL injection detection and exploitation.
• Dalfox - XSS parameter analysis and automated scanning.
• JWT_Tool - JWT security testing: alg:none, weak secrets, JWKS injection.
• PayloadsAllTheThings - Comprehensive payload library for every vulnerability class.
• Big List of Naughty Strings - Edge-case test strings for input validation testing.

Proxies & Scanners

• Caido - Modern web security proxy and testing platform (Burp alternative).
• OWASP ZAP - Open-source web application security scanner.

References

• HackTricks — Web - Web application attack techniques and methodology.
• PortSwigger Web Security Academy - Free interactive labs covering all OWASP Top 10 vulnerabilities.
• OWASP Testing Guide - Methodical web application testing methodology.

---

Network & Infrastructure

• Nmap - The standard for network scanning and service/OS detection.
• Masscan - Internet-scale port scanner. Scans the entire internet in under 5 minutes.
• RustScan - Fast port scanner frontend that feeds results directly into Nmap.
• NetExec (nxc) - Network service enumeration and exploitation (SMB, RDP, SSH, LDAP).
• MANSPIDER - SMB file spider for finding credentials and sensitive data.
• Ligolo-ng - Advanced tunneling/pivoting using a TUN interface — no SOCKS needed.
• Chisel - Fast TCP/UDP tunnel over HTTP with SSH transport.
• Exploit-DB - Searchable public exploit and vulnerability archive.

---

Cloud Security

AWS

• Pacu - AWS exploitation framework modeled after Metasploit.
• CloudMapper - AWS network visualization and attack surface analysis.
• cloudsplaining - AWS IAM policy security assessment and least-privilege analysis.
• s3scanner - Find misconfigured open S3 buckets.

Multi-Cloud

• Prowler - AWS/GCP/Azure security assessments and compliance (CIS, NIST, SOC2).
• ScoutSuite - Multi-cloud security auditing: AWS, GCP, Azure, OCI, Alibaba.
• CloudEnum - OSINT enumeration for AWS, Azure, and GCP exposed resources.
• TruffleHog - Find secrets in git history, S3, GCS, CircleCI, and more.
• Gitleaks - Fast secrets scanner for git repos and CI pipelines.

---

Container & Kubernetes

• CDK (Container Toolkit) - Container escape, privilege escalation, and lateral movement toolkit.
• deepce - Docker enumeration, escalation, and exploitation.
• kube-hunter - Active Kubernetes cluster penetration testing.
• kube-bench - CIS Kubernetes benchmark compliance checks.
• Trivy - Container image and IaC vulnerability scanner.
• Falco - Runtime security monitoring and anomaly detection.

---

Privilege Escalation

Linux

• LinPEAS - Automated Linux privilege escalation enumeration.
• GTFObins - Unix binaries that can be abused for privilege escalation and shell escapes.
• Linux Exploit Suggester 2 - Suggests kernel exploits based on running kernel version.

Windows

• WinPEAS - Automated Windows privilege escalation enumeration.
• Seatbelt - C# host security checks for post-exploitation enumeration.
• LOLBAS - Living Off the Land Binaries, Scripts, and Libraries for Windows.
• GodPotato - Token impersonation for SYSTEM on Windows Server 2012–2022.
• SharpUp - C# port of PowerUp for local privilege escalation checks.

---

Post-Exploitation & C2

For authorized penetration testing engagements only.

• Sliver - Open-source adversary simulation framework. HTTP/S, DNS, WireGuard, mTLS.
• Havoc - Modern C2 framework with advanced evasion and BOF support.
• Metasploit Framework - The industry-standard exploitation framework.
• Nishang - PowerShell offensive framework: shells, pivoting, privilege escalation.
• pwncat-cs - Post-exploitation platform with automated privesc and file transfer.
• Reverse Shell Generator - One-liner reverse shells for every language and OS.

---

Exploit Development

• pwntools - Python CTF and binary exploit development framework.
• GEF (GDB Enhanced Features) - GDB extension with heap analysis, ROP chain support, and exploit helpers.
• ROPgadget - ROP chain analysis and automated gadget search.
• one_gadget - Find one-gadget RCE execve("/bin/sh") in libc.
• checksec - Check binary hardening: NX, PIE, RELRO, canary, ASLR.

---

OSINT & Recon

• theHarvester - Email, domain, and name enumeration from public sources.
• Amass - Deep attack surface mapping and DNS enumeration.
• Shodan - Internet-wide device, service, and vulnerability search engine.
• crt.sh - Certificate Transparency log search for subdomain discovery.
• OSINT Framework - Categorized directory of OSINT tools and techniques.
• Recon-ng - Web reconnaissance framework with pluggable modules.
• SpiderFoot - Automated OSINT collection and relationship visualization.

---

Password & Hash Cracking

• Hashcat - GPU-accelerated password recovery. Supports 300+ hash algorithms.
• Hashcat Example Hashes - Hash type identification reference.
• John the Ripper - CPU-based password cracker with broad format support.
• Name That Hash - Automatically identify unknown hash types.
• CrackStation - Online hash lookup using large precomputed rainbow tables.
• SecLists - Wordlists for passwords, usernames, fuzzing, web shells, and more.

---

Cheat Sheets & References

• HackTricks - The definitive penetration testing knowledge base.
• GTFObins - Unix binary abuse for shells, file operations, and privilege escalation.
• LOLBAS - Windows living-off-the-land techniques.
• Revshells - Instant reverse shell one-liner generator for any language/OS.
• Active Directory Exploitation Cheat Sheet - AD attack quick reference.
• Active Directory Cheat Sheet - AD enumeration and exploitation command reference.
• OSCP Cheat Sheet (sushant747) - Comprehensive OSCP exam preparation guide.
• bugbounty-oneliners - One-liner commands for bug bounty recon pipelines.

---

Files and Tools

File	Description
Accesschk.zip	Sysinternals AccessChk — view effective permissions on objects
CVE-2020-0796-POC.zip	SMBGhost (CVE-2020-0796) proof-of-concept
JuicyPotato.exe	Token impersonation privilege escalation (pre-Server 2019)
Nishang/	PowerShell offensive scripts and payloads
Rubeus.exe	Kerberos attack toolkit
Seatbelt.exe	Windows host security enumeration
amsibypass.txt	AMSI bypass techniques for PowerShell
bugbounty-onliners.md	Bug bounty one-liners and recon commands
evil-winrm/	WinRM shell for pentesting
kaliupdatescript	Kali Linux update script
python_rev_shell.py	Python reverse shell
windows_rev_shell_working.php	PHP reverse shell (Windows targets)
tools.sh	Bash utility commands and shortcuts

---

Contributing

Contributions are welcome. Submit a pull request with new tools, updated links, or corrections. Please include a one-line description for each tool and verify links are active before submitting.

License

MIT License. See LICENSE for details.