Tools

Tools for offensive and defensive security. Compiled by the members of Root66Tulsa Cyber Clubs.

Offensive Tools

Scanning

• Nmap - A network discovery and auditing tool.

• MassScan - Similar to Nmap, but is considered to be faster.

• AutoRecon - A multi-threaded network reconassiance tool to perform automated enumeration of services.

Web App

• Burp Suite - A tool mainly used for penetration testing of web applications.

• Sqlmap - Automated discovery of SQL injection vulnerabilities.

• Gobuster - A brute-forcing tool used for discovering DNS subdomains, website directories and files, and more.

Social Engineering

• GoPhish - An open-source phishing toolkit designed for businesses and pentesters.

Vulnerabilities

• Exploit-DB - Database of known exploits maintained by OffSec.

• Nessus - While not usually used by pentesters it can be used to identify vulnerabilities easier.

• Nmap NSE - Nmap scripting engine to automate the process of finding vulnerabilities.

Wireless

• Aircrack-Ng - All-in-one wireless attacking tool.

• Flipper Zero - Portable multi-tool for pentesters.

Defensive Tools

Network Monitoring

• Snort - A network intrusion detection system (IDS).

• Zeek (Bro) - A network security tool and can also be used for intrusion detection systems (IDS).

• WireShark - An open-source packet analyzer tool.

• Suritica - An open-source network analysis and threat detection tool.

SIEM/Data Management

• Elastic - A log management platform.

• Splunk - A log management platform.

• Cribl - Cribl is a data engine used for manipulating logs.

• Graylog - A log managment plaform.

• Security Onion - Free and open-source platform that provides threat hunting, security monitoring, and log management.

Misc

Open Source Intelligence (OSINT)

• Shodan - Search engine for Internet-connected devices.

• OSINT Framework - Collection of OSINTing tools.

• WayBackMachine - View archived websites starting from 1996.

• HaveIBeenPwned - Platform to check for leaked data online.

• DNSDumpster - Online platform to search DNS records.

• AbuseIPDB - IP address abuse reports.

• Cisco Talos - Threat Intel platform which also includes IP, domain, URL, and hash lookups.

• URLScan - Resource to scan websites without risks to your machine.

• Cloudflare Radar - A online hub which showcases internet traffic, tech trends, and insights.

• BBOT - A multi-purpose scanner.

GitRepos

• Awesome Security - A large collection of resources compiled by many contributers online.

• Cyber Detective's OSINT tools collection - Collection of OSINTing tools from Cyber Detective.

Disclaimer: Usage of offensive security tools against systems you do not own or have explicit permission to perform testing against is illegal and unethical.
The Golden Rule: "No Crimesies".