Security Testing Tools

Security Testing Tools

Standard Security Testing Tools Employed By Gotham Security

NameDescriptionAssociated Security Assessments
Aircrack-ng

Set of tools for auditing wireless networks.

Wifi Pentesting
AlienVault OTX

Open Threat Intelligence Community

Recon & OSINTExternal Network Pentesting
Amass

network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques, maintained by OWASP.

Recon & OSINTExternal Network Pentesting
AstraGlide

Python3 port of the abandoned API fuzzing tool Astra

API Pentesting
Autorize

BurpSuite plugin to test authorization controls without having to manually send requests to repeater and copy/paste different user tokens and replay them; it automates this process for you.

Web App PentestingAPI PentestingMobile App Pentesting
BeastMaster

BEAST PoC (TLS 1.0 + CBC)

Internal Network PentestingExternal Network PentestingWeb App Pentesting
binwalk

Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.

Mobile App PentestingStatic Code AnalysisOther
Bloodhound

Graphical Active Directory trust relationship explorer.

Internal Network Pentesting
Brakeman

Static analysis security vulnerability scanner for Ruby on Rails applications.

Mobile App PentestingStatic Code AnalysisDynamic Code Analysis
BuiltWith

Technology lookup tool for websites.

Recon & OSINTSocial Engineering
Burp Suite

Intercepting proxy that can be used to modify HTTP requests/responses

Web App PentestingAPI PentestingMobile App PentestingCode Tampering
CeWL

Generates custom wordlists by spidering a target's website and collecting unique words.

External Network PentestingInternal Network PentestingRecon & OSINT
Cheat Engine

Memory debugger and hex editor for running applications.

Runtime Tampering
Cloudimized

Cloudimized is a Google Cloud Platform (GCP) configuration scanning tool. It allows monitoring changes of selected resources.

Cloud PentestingCloud Risk Analysis
CloudSploit

CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts, including: Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI), and GitHub.

Cloud PentestingCloud Risk Analysis
Coda Intelligence

Vulnerability Management Solution Operating under the NIST Cybersecurity Framework

External Network PentestingInternal Network PentestingPurple Teaming
Codebeat (open source)

Open source implementation of commercial static code analysis tool with GitHub integration.

Static Code Analysis
crackpkcs12

Multithreaded program to crack PKCS#12 files (.p12  and .pfx  extensions), such as TLS/SSL certificates.

Wifi Pentesting
Criminal IP

Web-based OSINT information platform

Recon & OSINTExternal Network Pentesting
CTF - Reverse Shell Generator

Hosted Reverse Shell generator with a ton of functionality -- (great for CTFs)

Internal Network PentestingExternal Network PentestingWeb App Pentesting
dnschef

Highly configurable DNS proxy for pentesters.

External Network PentestingWeb App Pentesting
dnSpy

Tool to reverse engineer .NET assemblies.

Runtime TamperingCode Tampering
DNSRecon

Back up to DNS Zone Transfer. Can be used for more reasons aside from just DNS Zone Transfer testing.

Recon & OSINTExternal Network Pentesting
DNSTwist

Open source phishing domain scanner to identify potentially malicious typosquatted domains.

Recon & OSINTSocial EngineeringExternal Network Pentesting
dorker.py

Python script for executing Google dorks

Recon & OSINTExternal Network Pentesting
Evilnginx2

evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection.

Social Engineering
FiercePhish

This is a very interesting tool. It seems that this PyGo Phish - this seems, more or less like an email sending tool that is just wrapped in the idea of phishing. Create the links with GoPhish and still host with GoPhish, but send with Fiece Phish

Social Engineering
GCPBucketBrute

A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.

Cloud Risk AnalysisCloud Pentesting
GoPhish

Open source phishing toolkit

Social Engineering
GrayHatWarfare

OSINT platform to search for Cloud assets

Social Engineering
Hashcat

Fast hash cracking utility with support for most known hashes as well as OpenCL and CUDA acceleration.

Internal Network PentestingExternal Network PentestingWifi Pentesting
Headstart

Lazy man's Windows privilege escalation tool utilizing PowerSploit.

Internal Network Pentesting
HexEdit.js

Browser-based hex editing.

Reverse EngineeringCode TamperingRuntime TamperingStatic Code AnalysisDynamic Code Analysis
Hybrid Analysis

Online malware scanner.

Traditional Risk Analysis
IIS-Shortname-Scanner

Command line tool to exploit the Windows IIS tilde information disclosure vulnerability.

External Network PentestingInternal Network PentestingWeb App Pentesting
impacket

Collection of Python classes for working with network protocols.

Internal Network Pentesting
John the Ripper

Fast password cracker.

External Network PentestingInternal Network Pentesting
JWT Cracker

Simple HS256 JWT token brute force cracker.

Web App PentestingAPI PentestingDynamic Code AnalysisMobile App Pentesting
jwt_tool

A toolkit for validating, forging, scanning and tampering JWTs (JSON Web Tokens).

Web App Pentesting
ldapdomaindump

Active directory domain information dumper

Internal Network Pentesting
ldapsearch

Linux command line utility for querying LDAP servers.

Internal Network Pentesting
Legion

Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.

Internal Network PentestingExternal Network Pentesting
LinEnum

Linex enumeration tool for priviledge escalation.

Internal Network Pentesting
Linkedin2username

OSINT Tool: Generate username lists from companies on LinkedIn.

Recon & OSINTSocial Engineering
LinPEAS

A series of scripts for Linux priviledge escalation.

Internal Network Pentesting
Linus

Security auditing tool for Linux and macOS.

Internal Network Pentesting
Linux Exploit Suggester

Heuristic reporting on potentially viable exploits for a given GNU/Linux system.

Internal Network Pentesting
Log4jCenter

VMWare vCenter Log4Shell exploitation tool.

External Network PentestingInternal Network PentestingWeb App Pentesting
Log4jShell_Scanner

This shell script scans a vulnerable web application that is using a version of apache-log4j < 2.15.0. This application is a static implementation, which means it does not perform domain, sub-domain, or webpage discovery.

External Network PentestingInternal Network PentestingWeb App Pentesting
Lucy

Commercial phishing and smsishing platform

Social Engineering
Maltego

Proprietary software for open source intelligence and forensics, from Paterva.

Recon & OSINT
Mass Scan

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

External Network PentestingInternal Network Pentesting
Mentalist

Graphical tool for custom wordlist generation

Internal Network PentestingExternal Network Pentesting
Metasploit

Software for offensive security teams to help verify vulnerabilities and manage security assessments.

Internal Network PentestingExternal Network PentestingWeb App PentestingAPI Pentesting
mimikatz

Credentials extraction tool for Windows operating system.

Internal Network Pentesting
mitmproxy

Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

Web App PentestingAPI PentestingCloud PentestingDynamic Code AnalysisMobile App Pentesting
Modlishka

Flexible reverse proxy tool for phishing engagements.

Social Engineering
Mxtoolbox

Email domain and DNS lookup.

Recon & OSINTExternal Network Pentesting
Ncat

TCP/IP command line utility supporting multiple protocols, included with Nmap.

Internal Network PentestingExternal Network Pentesting
Nessus

Commercial vulnerability assessment tool, sold by Tenable.

External Network PentestingInternal Network PentestingWeb App PentestingCloud Risk AnalysisCloud Pentesting
Netdiscover

Simple and quick network scanning tool.

Internal Network Pentesting
netsniff-ng

Swiss army knife for for network sniffing.

Internal Network Pentesting
Netsparker Web Application Security Scanner

Commercial web application security scanner to automatically find many different types of security flaws.

Internal Network PentestingWeb App Pentesting
Network Detective

White Box tool used for network analysis, enumeration of users, permission, shares, and assets, sold by Rapidfiretools.

Purple TeamingTraditional Risk AnalysisOther
Network-Tools.com

Website offering an interface to numerous basic network utilities like pingtraceroutewhois , and more.

External Network PentestingInternal Network Pentesting
Nexpose

Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.

Internal Network PentestingExternal Network Pentesting
Nikto

Noisy but fast black box web server and web application vulnerability scanner.

Web App PentestingInternal Network PentestingExternal Network Pentesting
nmap

Free security scanner for network exploration & security audits.

Recon & OSINTExternal Network PentestingInternal Network PentestingPurple Teaming
noPhish

phishing toolkit which provides an docker and noVNC based infrastructure.

Social Engineering
NoVNC

both a HTML VNC client JavaScript library and an application built on top of that library.

Social Engineering
OpenVAS

Open source implementation of the popular Nessus vulnerability assessment system.

Internal Network PentestingExternal Network Pentesting
OWASP Dependency Check

Open source static analysis tool that enumerates dependencies used by Java and .NET software code (with experimental support for Python, Ruby, Node.js, C, and C++) and lists security vulnerabilities associated with the dependencies.

Static Code Analysis
OWASP Zed Attack Proxy (ZAP)

Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.

Web App Pentesting
Pacu

AWS exploitation framework.

Cloud PentestingCloud Risk AnalysisPurple Teaming
peda

Python Exploit Development Assistance for GDB.

Code TamperingRuntime TamperingReverse Engineering
Pentest-tools

Web based platform for several open source reconnaissance and exploitation tools.

Recon & OSINTExternal Network Pentesting
PimpMyKali

Provides fixes for new imported Kali Linux virtual machines — including impacket

Internal Network Pentesting
plasma

Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.

Code TamperingReverse Engineering
Postman

API development tool which helps to build, test and modify APIs.

Web App PentestingAPI Pentesting
PowerSploit

PowerShell Post-Exploitation Framework.

Internal Network Pentesting
Principle Mapper

Open source AWS IAM vulnerability analysis tool.

Cloud PentestingAPI PentestingWeb App PentestingMobile App Pentesting
Printer Exploitation Toolkit (PRET)

Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.

Internal Network Pentesting
Prowler

Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness.

Cloud PentestingCloud Risk AnalysisPurple Teaming
pyShodan

Python 3 script for interacting with Shodan API. Has three modes of operation: making an API query for a search term, a single IP address, or for a list of IP addresses in a .txt file.

Recon & OSINTExternal Network Pentesting
Radare2

Open source, crossplatform reverse engineering framework.

Code TamperingReverse EngineeringRuntime Tampering
recon-ng

Full-featured Web Reconnaissance framework written in Python.

Recon & OSINT
Responder

Open source NBT-NS, LLMNR, and MDNS poisoner.

Internal Network Pentesting
Responder-Windows

Windows version of the above NBT-NS/LLMNR/MDNS poisoner.

Internal Network Pentesting
Reverse Shell Generator

Web based tool to generate reverse shells

Web App PentestingInternal Network PentestingExternal Network Pentesting
S3Scanner

A tool to find open S3 buckets and dump their contents

External Network PentestingCloud PentestingCloud Risk Analysis
Scout Suite

Open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments.

Cloud Risk AnalysisCloud PentestingPurple Teaming
Secret Scanner

Searches for common keys and secrets in a stupidly simple way.

Web App PentestingAPI PentestingStatic Code AnalysisMobile App PentestingCloud PentestingCloud Risk Analysis
ShellCheck

Static code analysis tool for shell script.

Static Code Analysis
Shodan

Database containing information on all accessible domains on the internet obtained from passive scanning.

Recon & OSINTExternal Network Pentesting
smbmap

Handy SMB enumeration tool.

Internal Network Pentesting
Sn1per

Sniper that can be used in VPENBOX07. Roughly the same tool as what is used in PT Tools

External Network Pentesting
sobelow

Security-focused static analysis for the Phoenix Framework.

Static Code Analysis
SQLmap

Automated SQL injection and database takeover tool.

Web App PentestingAPI PentestingExternal Network Pentesting
SSL Server Test (Qualys)

Performs analysis of the configuration of any SSL web server on the public Internet.

Web App Pentesting
SSLScan

Quick command line tool for checking TLS/SSL configuration.

External Network PentestingInternal Network PentestingWeb App Pentesting
SSLyze

Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.

External Network PentestingInternal Network PentestingWeb App Pentesting
tplmap

Automatic server-side template injection and Web server takeover tool.

Web App Pentesting
TruePeopleSearch

OSINT tool for individual research.

Recon & OSINTSocial EngineeringStatic Code Analysis
truffleHog

Git repo scanner.

Static Code Analysis
Turbo Intruder

Burp extension for sending intruder requests at high speeds, mainly for race condition exploitation situations

Web App PentestingAPI PentestingDynamic Code AnalysisMobile App Pentesting
Virus Total

Free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.

External Network PentestingRecon & OSINT
VisualCodeGrepper

Open source static code analysis tool with support for Java, C, C++, C#, PL/SQL, VB, and PHP. VisualCodeGrepper also conforms to OWASP best practices.

Static Code Analysis
wafw00f

Identifies and fingerprints Web Application Firewall (WAF) products.

External Network PentestingWeb App Pentesting
WDK/WinDbg

Windows Driver Kit and WinDbg.

Reverse EngineeringRuntime TamperingCode TamperingOther
wifi-pickle

Fake access point attacks.

Wifi Pentesting
Wifite

Automated wireless attack tool.

Wifi Pentesting
WinPEAS

A series of scripts for Windows Priviledge escalation.

Internal Network Pentesting
Wireshark

Widely-used graphical, cross-platform network protocol analyzer.

Internal Network PentestingTraditional Risk Analysis
WPScan

Black box WordPress vulnerability scanner.

External Network PentestingRecon & OSINT
WPSploit

Exploit WordPress-powered websites with Metasploit.

External Network Pentesting
Yersinia

Packet and protocol analyzer with MITM capability.

Internal Network Pentesting

Who We Are

image

Initially founded in 2013 in the heart of New York City, Gotham Security is an Abacus Group company that focuses on providing boutique cybersecurity services. Gotham Security delivers high-quality penetration testing, malicious adversary simulation, compliance program development, and threat intelligence services to organizations all across the world, including many Fortune 1000 companies.

© 2023 Gotham Security

https://github.com/GoVanguard
https://www.linkedin.com/company/gotham-security/