Network Security Red Book: 700+ Tools from Recon to Internal Penetration

Half/Full Automation Exploitation Tools

rengine – Automated reconnaissance framework – https://github.com/yogeshojha/rengine

Slack – Security service integration platform – https://github.com/qiwentaidi/Slack

reconFTW – Collection of 30 tools for information gathering – https://github.com/six2dez/reconftw

Yakit – Single‑operator weapon library – https://github.com/yaklang/yakit

CyberEdge – Internet asset mapping tool – https://github.com/Symph0nia/CyberEdge

nemo_go – Automated information‑gathering platform – https://github.com/hanc00l/nemo_go

ApolloScanner – Automated cruise‑scan framework – https://github.com/b0bac/ApolloScanner

ScopeSentry-Scan – Distributed asset collection and vulnerability scanning – https://github.com/Autumn-27/ScopeSentry-Scan

QingScan – Vulnerability scanner glue, calls 30+ tools – https://github.com/78778443/QingScan

AlliN – Rapid point‑to‑point comprehensive penetration tool – https://github.com/P1-Team/AlliN

dddd – Bulk information collection and supply‑chain vulnerability detection – https://github.com/SleepingBag945/dddd

ShuiZe_0x727 – One‑stop service: domain input → full asset collection & vulnerability detection – https://github.com/0x727/ShuiZe_0x727

Information Collection Tools

Asset Discovery

gau – Extracts target‑related information from multiple sites – https://github.com/lc/gau

ENScan_GO – Tool based on major enterprise information APIs – https://github.com/wgpsec/ENScan_GO

ARL-plus-docker – Enhanced ARL with OneForAll and others – https://github.com/ki9mu/ARL-plus-docker

InfoSearchAll – Aggregates multiple web‑mapping platforms for fast search and merge – https://github.com/ExpLangcn/InfoSearchAll

ARL – Fast reconnaissance and target‑related internet asset association – https://github.com/TophantTechnology/ARL

Subdomain Collection

subfinder – Passive online resource‑based subdomain discovery – https://github.com/projectdiscovery/subfinder

OneForAll – Powerful subdomain collection tool – https://github.com/shmilylty/OneForAll

ksubdomain – Stateless subdomain brute‑forcing tool – https://github.com/knownsec/ksubdomain

LayerDomainFinder – Subdomain mining tool – https://github.com/euphrat1ca/LayerDomainFinder

Directory Scanning

katana – Next‑generation crawling framework from ProjectDiscovery – https://github.com/projectdiscovery/katana

dirsearch – Web path scanning tool – https://github.com/maurosoria/dirsearch

ffuf – Fuzzing tool written in Go – https://github.com/ffuf/ffuf

URLFinder – Faster, more complete Golang implementation of JSFinder – https://github.com/pingc0y/URLFinder

gospider – Spider that discovers directories missed by search engines – https://github.com/jaeles-project/gospider

Fingerprint Identification

wappalyzergo – Golang implementation of Wappalyzer fingerprinting – https://github.com/projectdiscovery/wappalyzergo

WhatWeb – Web application fingerprinting tool – https://github.com/urbanadventurer/WhatWeb

EHole – Red‑team focused system fingerprint detection – https://github.com/EdgeSecurityTeam/EHole

ObserverWard – Cross‑platform fingerprinting tool – https://github.com/0x727/ObserverWard

Port Scanning

naabu – Fast port scanner written in Go – https://github.com/projectdiscovery/naabu

MX1014 – Flexible, lightweight, fast port scanner – https://github.com/L-codes/MX1014

ServerScan – High‑concurrency network scanner and service detection – https://github.com/Adminisme/ServerScan

Frontend Encryption/Decryption

Galaxy – Burp plugin that makes encrypted traffic testing as easy as plaintext – https://github.com/outlaws-bai/Galaxy

autoDecoder – Custom packet processing for encryption, decryption, brute‑forcing – https://github.com/f0ng/autoDecoder

SpiderX – Automated bypass of frontend JS encryption using spider technology – https://github.com/LiChaser/SpiderX

JsRpc – Remote invocation of browser methods, avoiding code extraction – https://github.com/jxhczhl/JsRpc

Burp and Browser Plugins

Burp Plugins

HaE – Request highlighting and information extraction helper – https://github.com/gh0stkey/HaE

CaA – Analyzes HTTP messages and builds fuzzing dictionaries – https://github.com/gh0stkey/CaA

knife – Adds right‑click menu for smoother Burp usage – https://github.com/bit4woo/knife

domain_hunter_pro – Asset‑management Burp plugin – https://github.com/bit4woo/domain_hunter_pro

captcha-killer-modified – CAPTCHA recognition plugin – https://github.com/f0ng/captcha-killer-modified

BurpAPIFinder – Discovers unauthorized, sensitive, over‑privileged, login APIs – https://github.com/shuanx/BurpAPIFinder

BurpShiroPassiveScan – Passive Shiro detection plugin – https://github.com/pmiaowu/BurpShiroPassiveScan

Browser Extensions

mitaka – Chrome/Firefox extension for OSINT search – https://github.com/ninoseki/mitaka

Hack-Tools – Browser extensions useful for red‑team work – https://github.com/LasCC/Hack-Tools

FindSomething – Passive information leakage detection tool – https://github.com/momosecurity/FindSomething

Heimdallr – High‑risk fingerprint detection, honeypot alerts, and interception – https://github.com/graynjo/Heimdallr

Vulnerability Exploitation Tools

Vulnerability Scanning Frameworks/Tools

nuclei – Fast vulnerability scanner based on YAML DSL – https://github.com/projectdiscovery/nuclei

afrog – High‑performance, fast, stable PoC scanner – https://github.com/zan8in/afrog

xray – Powerful security assessment tool – https://github.com/chaitin/xray

Goby – Network security testing tool – https://github.com/gobysec/Goby

Middleware/Application Exploitation Tools

SpringBoot-Scan – Open‑source penetration framework for SpringBoot and high‑risk vulnerability exploitation – https://github.com/AabyssZG/SpringBoot-Scan

Struts2VulsScanTools – Vulnerability detection tool for all Struts2 versions – https://github.com/abc123info/Struts2VulsScanTools

VcenterKit – Comprehensive Vcenter penetration toolkit – https://github.com/W01fh4cker/VcenterKit

ShiroAttack2 – Comprehensive exploitation of Shiro deserialization vulnerabilities – https://github.com/SummerSec/ShiroAttack2

WeblogicTool – Weblogic vulnerability exploitation tool supporting memory‑shell injection – https://github.com/KimJun1010/WeblogicTool

Key CMS Exploitation Tools

I-Wanna-Get-All – OA vulnerability exploitation tool – https://github.com/R4gd0ll/I-Wanna-Get-All

Apt_t00ls – High‑risk vulnerability exploitation tool – https://github.com/White-hua/Apt_t00ls

ThinkphpGUI – Comprehensive ThinkPHP vulnerability exploitation tool – https://github.com/Lotus6/ThinkphpGUI

Information Leakage Exploitation Tools

cloudTools – Cloud asset management tool supporting OSS storage, RDS management, etc. – https://github.com/dark-kingA/cloudTools

JDumpSpider – HeapDump sensitive information extraction tool – https://github.com/whwlsfb/JDumpSpider

swagger-hack – Automated crawling and testing of all swagger‑ui interfaces – https://github.com/jayus0821/swagger-hack

Packer-Fuzzer – Scanning tool for Webpack and other frontend bundlers – https://github.com/rtcatc/Packer-Fuzzer

Database Exploitation Tools

MDUT – Version 2.0 database exploitation tool – https://github.com/SafeGroceryStore/MDUT

RedisEXP – Redis vulnerability exploitation tool – https://github.com/yuyan-sec/RedisEXP

Brute‑Force Exploitation Tools

thc-hydra – Brute‑force powerhouse – https://github.com/vanhauser-thc/thc-hydra

fscan – Comprehensive internal network scanning tool – https://github.com/shadow1ng/fscan

Internal Network Penetration Tools

Webshell Management Tools

antSword – Open‑source cross‑platform website management tool – https://github.com/AntSwordProject/antSword

Godzilla – "Godzilla" tool – https://github.com/BeichenDream/Godzilla

Behinder – "Ice Scorpion" dynamic binary‑encrypted website management client – https://github.com/rebeyond/Behinder

C2 Management Tools

Metasploit – Famous penetration testing framework – https://github.com/rapid7/metasploit-framework

Platypus – Reverse‑shell management tool – https://github.com/WangYihang/Platypus

sliver – Open‑source cross‑platform adversary simulation/red‑team framework – https://github.com/BishopFox/sliver

Lateral Movement Tools

NetExec – Large‑scale AD post‑exploitation tool based on CrackMapExec – https://github.com/Pennyw0rth/NetExec

impacket – Lateral penetration toolkit – https://github.com/fortra/impacket

wmiexec-Pro – Impacket‑based stealth lateral movement tool – https://github.com/XiaoliChan/wmiexec-Pro

Tunnel/Proxy Tools

frp – High‑performance internal‑network penetration reverse proxy – https://github.com/fatedier/frp

Neo-reGeorg – Improved version of reGeorg – https://github.com/L-codes/Neo-reGeorg

nps – Lightweight, high‑performance internal‑network penetration proxy server – https://github.com/ehang-io/nps

pystinger – Outbound tool that forwards traffic using a webshell – https://github.com/FunnyWolf/pystinger

Evasion and Persistence

AV_Evasion_Tool – AV‑evasion executable generator – https://github.com/1y0n/AV_Evasion_Tool

GobypassAV-shellcode – AV‑evasion shellcode loader – https://github.com/Pizz33/GobypassAV-shellcode

BypassAntiVirus – Remote‑control AV‑evasion series and supporting tools – https://github.com/TideSec/BypassAntiVirus

Infrastructure Setup and Labs

vulhub – Pre‑built vulnerable environments based on Docker‑Compose – https://github.com/vulhub/vulhub

GOAD – Vulnerable Active Directory lab – https://github.com/Orange-Cyberdefense/GOAD

vulfocus – Integrated vulnerability platform, ready to use – https://github.com/fofapro/vulfocus

upload-labs – Collection of labs covering all types of upload vulnerabilities – https://github.com/c0ny1/upload-labs

Operations and Incident Response

Response Tools

LinuxCheck – Linux information collection, incident response, and backdoor detection scripts – https://github.com/al0ne/LinuxCheck

QDoctor – Non‑traditional ARK (Anti‑RootKit) tool – https://github.com/QAX-Anti-Virus/QDoctor

APT-Hunter – Windows log event incident response tool – https://github.com/ahmedkhlief/APT-Hunter

FireKylin – Network security incident response tool – https://github.com/MountCloud/FireKylin

Webshell/Memory‑Shell Detection

kunwu – Next‑generation webshell detection engine – https://github.com/kunwu2023/kunwu

java-memshell-scanner – Scans Java memory shells via JSP scripts – https://github.com/c0ny1/java-memshell-scanner

DuckMemoryScan – Detects most memory‑shell evasion payloads – https://github.com/huoji120/DuckMemoryScan

Other Security Resources

javaweb-sec – Java security technology sharing – https://github.com/javaweb-sec/javaweb-sec

RedTeam_BlueTeam_HW – Red‑blue confrontation and defense tools and materials – https://github.com/Mr-xn/RedTeam_BlueTeam_HW

SecurityInterviewGuide – Interview guide for network security professionals – https://github.com/FeeiCN/SecurityInterviewGuide

CyberSecurityRSS – RSS feeds related to cybersecurity – https://github.com/zer0yu/CyberSecurityRSS