April 18, 2023 2 min to read

Pentesting Tool List of Doom

If at first you don't succeed, sudo !!

This article is a collection of a whole ton (metric or imperial, dealer’s choice) of tools and resources useful for smashing labs and engagements. Remember - use these tools for good. It’s not cool to knock over something you don’t own and don’t have legal right to be messing with.

Massive props to 0sm1um_ for originally compiling this list for us to knock over boxes on HTB. This list has been a lifesaver more than a few times and we both hope it helps you too!

Table of Contents

• Info, Learning & Methodologies
• Shells
• Data Analysis, Encryption, Encoding
• Fuzzing & Content Discovery
• Payloads
• Reverse Engineering
• Exploitation
• Bug Bounty Enumeration
• OSINT

Info, Learning & Methodologies

HackTricks: A handbook of techniques, tricks and tools for hacking almost anything.

Shells

RevShells: Reverse shell generator.
p0wny-shell: Basic in browser PHP Web Shell via File Upload
Wwwolf’s php web shell: Another PHP Shell but works on UNIX/Windows without modification.

Data Analysis, Encryption, Encoding

CyberChef: A web app for encryption, encoding, compression and data analysis.
Ares: Automatically decrypt encryptions without knowing the key or cipher, faster than CyberChef.
RsaCtfTool: RSA Multi Attack Tool.
Dcode: Site for Encoding/Decoding different ciphers.

Fuzzing & Content Discovery

Feroxbuster: Fast & recursive content discovery tool.

Payloads

PayloadAllTheThings: A list of payloads for almost anything web app.

Reverse Engineering

dnSpy: .NET Debugger and Assembly Editor.

Exploitation

Responder: Rogue Authentication Server & Poisoner for a variety of protocols.
RunasCs: Run Windows processes with different permissions to current user’s logon perms.
Chisel: Fast TCP Tunnel via HTTP/SSH, useful for bypassing Firewalls.
SweetPotato: All 7 potatoes in one. System Priv Esc tool for Windows.

Bug Bounty Enumeration

Crt.sh: Searchable Database of Certificate Transparency Logs
Subfinder: A tool for finding subdomain targets using passive online sources.
httpx-toolkit: Mass HTTP probing kit, useful for making sure your list of targets are alive.

OSINT

TinEye: Powerful Reverse Image search through large index from web crawling.
Yandex: Google but Russian. It’s Reverse Image search doesn’t prioritise recent images like Google does, making recon of old, unpopular images easier.
Sherlock: Applies given username(s) to popular URLs of Social Media sites and returns live results.

Stay curious and happy hacking!

(Title image by Dominick Guzzo on Flickr. Licensed under Creative Commons Attribution-NonCommercial-ShareAlike (CC BY-NC-SA 2.0) )