Every so often I post a tweet on Twitter asking for people’s arsenal of different tools whether for security, coding or whatever. I decided to repost my list of favorite offensive security tools and asked others they liked to use:
What I got back was an impressive list of tools penetration testing and red team operations tools, many of which were new to me which I can now learn from. I wanted to make sure to share these out but be careful where you get them from and how you use them (best in a virtual machine to be safe):
Kerbrute Impacket Rubeus PoshADCS Kekeo Powershell LOLBAS WDAC Bypass Repo Charlotte Donut RunasCS ADFSDump Proxychains4 Sshuttle LAPSDumper Evilginx2 Mitm6 Dirsearch SecLists BurpSuite SSH PowerView AADInternals TokenTactics Visual Studio (Code) PowerUp PowerUpSQL Rubeus Chisel GoPhish Fierce Shodan MFAsweep o365enum WireShark CobaltStrike Snaffler for looting smb shares Hive by hexway for reporting and team collaboration Pacu for AWS Stormspotter for Azure Empire Badrats CrackMapExec Impacket Metasploit MimiKatz BloodHound Evil-WinRM SharPersist PwnCat (CalebStewart version) Gobuster Responder PowerShell Hashcat SQLMap Dehashed Inveigh Powermad Rpcdump Ldapsearch Rpcclient zaproxy ffuf assetfinder gau postman waybackurls intelx.io phpggc ysoserial binwalk Pingcastle Adalanche Sharpkatz curl Netcat Feroxbuster Rustscan
Remember, use these for good. :)
