Awesome Penetration Testing Resources and Tools
This article compiles a comprehensive, categorized collection of penetration testing resources—including anonymity tools, antivirus evasion utilities, books, CTF frameworks, Docker containers, network analysis tools, OSINT platforms, and more—providing security professionals and researchers with a valuable reference for offensive security engagements.
A curated list of penetration testing resources and tools, supported by the Netsparker Web Application Security Scanner.
Content
Anonymous tools (e.g., I2P, Nipe, OnionScan, Tor)
Antivirus evasion tools (e.g., AVET, CarbonCopy, Hyperion, Shellter, Veil, peCloak)
Books (DEF CON recommendations, defensive programming, hacker handbooks, Android, automotive, browser, database, macOS, mobile, reverse engineering, social engineering, Windows, etc.)
CTF tools (e.g., RsaCtfTool, fast development frameworks)
Collaboration tools for blue‑team tracking
Conferences and events (e.g., DEF CON, Black Hat, BSides, RSA, etc.)
Docker containers (vulnerable web apps, OWASP projects, penetration‑testing distributions)
File‑format analysis tools (Hachoir, Kaitai Struct, Veles)
GNU/Linux utilities (Hwacha, LinEnum, Linux Exploit Suggester, UNIX‑privesc‑check)
Hash‑cracking tools (Hashcat, John the Ripper, JWT Cracker, etc.)
Hex editors (0xED, Bless, Frhed, Hex Fiend, etc.)
Industrial control/SCADA tools (ISF, s7scan)
Multi‑paradigm frameworks (Armitage, AutoSploit, Decker, Faraday, Metasploit, Pupy)
Network tools (masscan, nmap, THC Hydra, Zarp, etc.)
DDoS tools (Anevicon, HOIC, LOIC, Memcrashed, SlowLoris, T50, UFONet)
Leak tools (Cloakify, DET, Iodine, TrevorC2, pwnat)
Recon tools (ACLight, CloudFail, DNSDumpster, Mass Scan, XRay, etc.)
Protocol analyzers and sniffers (Wireshark, tcpdump, Dshell, etc.)
Traffic replay/edit tools (TraceWrangler, WireEdit, bittwist, hping3, scapy, tcpreplay)
MITM/proxy tools (BetterCAP, Ettercap, mitmproxy, etc.)
TLS/SSL testing tools (SSLyze, testssl.sh, tls_prober)
Wireless tools (Aircrack-ng, Airgeddon, Fluxion, Kismet, Reaver, etc.)
Vulnerability scanners (celerystalk, Nessus, OpenVAS, Vuls)
Web vulnerability scanners (Arachni, Nikto, WPScan, w3af, etc.)
OSINT tools (AQUATONE, Censys, FOCA, Shodan, theHarvester, etc.)
Online resources, code examples, development resources, lock‑picking guides, OSINT collections, Linux distributions, journals, physical‑access tools, reverse‑engineering tools, security‑education courses, side‑channel tools, social‑engineering tools, static analysis programs, vulnerability databases, web exploitation tools, Android/Windows/macOS specific tools, etc.
Penetration Testing Report Templates
Public test reports from consulting firms and academic groups
T&VS Pentest Report Template
Web Application Security Assessment Report Template (Lucideus)
Source: https://pub.intelligentx.net/collection-awesome-penetration-testing-resources-tools-and-other-shiny-things
Architects Research Society
A daily treasure trove for architects, expanding your view and depth. We share enterprise, business, application, data, technology, and security architecture, discuss frameworks, planning, governance, standards, and implementation, and explore emerging styles such as microservices, event‑driven, micro‑frontend, big data, data warehousing, IoT, and AI architecture.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.