Facebook has recently released Pysa as open source after its success with Instagram security. The tool specifically aims at security teams facilitating bug fixes. Facebook Open Source Pysa Tool Facebook

Nmap Automator is a great tool for initial port scans of a given ip address. It automates the scan techniques which I use on each host, I selected it over any other similar tool since it avoids unnecessary

Turbolist3r is a subdomain enumeration tool which can identify subdomain takeovers. It is heavily based on sublist3r: Installation and usage git clone cd Turbolist3r/ pip3 install -r requirements.txt There

Damn Small XSS Scanner (DSXS) is a great tool for finding cross site scripting vulnerabilities, the tool has been developed in Python 3. It is really simple and the code can be analysed and used for learning.

Salsa-tools is a collection of three tools programmed with C# used to take over a windows machine and bypass AV and get a reverse shell without the need for PowerShell on the victim machine. Salsa-Tools

Definition Whatweb is web scanner written in Ruby to identify and recognise technologies used by a website including CMS, blogging platforms, statistic/analytics packages, Javascript libraries and much

Wifi Pumpkin is a security audit framework used to test the security of wifi against threats like man in the middle attacks. The tool also can create rogue Wi-Fi access points to hack WiFi via deauth attacks

TheFatRat is an easy to use tool which helps in generating backdoors, system exploitation, post exploitation attacks, browser attacks, DLL files, FUD payloads against Linux, Mac OS X, Windows, and Android.

Reconnoitre is a tool that was created to automate routine actions within the OSCP lab environment. It is a simple script, which can automate information gathering and service enumeration. It searches

MassBleed is an open source tool used for scanning SSL vulnerabilities in web applications. The tool can scan Heartbleed, CCS, Poodle, Winshock, and DROWN attack vulnerabilities in target web applications.

With Sherlock you can search across a vast number of social platforms for a username. This is useful for information gathering purposes, if you want to perform a sophisticated social engineering attack

Webvulnscan is a web application scanner that automates vulnerability assessment tasks. The tool can automatically detect different web application vulnerabilities including Cross Site Scripting (XSS),

Modlishka is a go based phishing proxy that takes your phishing campaigns to the next level. The main feature that makes it different from the other phishing tools, is that it supports 2FA authentication.

Sitadel is a python based web application scanner. It's flexible and has many different scanning options. It can get a full fingerprint of a server and bruteforce directories, admin pages, files etc. Also,

Winpayloads is a python based tool which combines some of the Powershell Empire features along with the metasploit framework to create windows payloads. It is simple to use and has some interesting options

Joomscan is a scanner by OWASP, which aims to automate the task for vulnerability assessments for Joomla based sites. Based in perl, this tool can enumerate the version, vulnerabilities, components, firewalls

MassExploitConsole is a python based easy-to-use cli tool for executing exploits. It has a collection of exploits to execute, built-in scanner for enumeration, built-in crawler and proxychains to hide

Galileo is a free web application auditing framework that can perform various penetration testing tasks, such as information gathering, fingerprinting, bruteforcing, injection test, and exploiting

Xerosploit is a python-based toolkit for creating efficient Man In The Middle attacks which combines the power of bettercap and nmap. The interface is pretty easy to use. It allows you to scan your network

Pythem is a python framework used for performing various security tests on networks and web applications. These include scanning, web crawling, web application bruteforcing, ARP spoofing, DNS spoofing,