Windows#
Microsoft Windows.
Software#
This page lists all projects using this programming language or deployment platform. Only the main server-side requirements, packaging or distribution formats are considered.
BurpSuite#
For pentesting web applications. Can replay and modify requests, fuzz request values, proxy between the browser and site, etc.
CUPP#
Common User Password Profiler
Generates password word lists based knowledge known about a user.
Datadog#
Infrastructure monitoring tool.
10 servers free for 2 years via GitHub Education Pack.
Deepsound#
Hides files within audio.
dnSpy#
.NET / Unity decompiler.
Enum_AzureSubdomains#
“A Metasploit Auxiliary module for enumerating public Azure services by locating valid subdomains through various DNS queries.”
Evilginx#
“Evilginx is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection.”
F00L.DE#
Collection of miscellaneous tools such as vigenere cipher cracking, file analysis, etc.
Web App Windows Mac Linux Freeware Source Given with No License
Ghidra#
Suite of tools for software reverse engineering developed by the NSA.
gpp-decrypt#
Ruby script used to decrypt Microsoft Group Policy preferences strings. Included in Kali by default.
Hashcat#
Password hash cracker.
ILSpy#
.NET / Unity decompiler.
Malcat#
“Malcat is a feature-rich hexadecimal editor / disassembler for Windows and Linux targeted to IT-security professionals.”
Metasploit#
“The world’s most used penetration testing framework.”
Microsoft Security Complaince Toolkit#
“Policy Analyzer is a utility for analyzing and comparing sets of Group Policy Objects (GPOs). It can highlight when a set of Group Policies has redundant settings or internal inconsistencies, and can highlight the differences between versions or sets of Group Policies.”
NetworkMiner#
NetworkMiner is an open source network forensics tool that extracts artifacts, such as files, images, emails and passwords, from captured network traffic in PCAP files.
Nmap#
Network port scanner tool.
OpenStego#
Stegonography application for data hiding and watermarking.
OWASP WebGoat#
“WebGoat is a deliberately insecure application that allows interested developers just like you to test vulnerabilities commonly found in Java-based applications that use common and popular open source components.”
OWASP ZAP#
For pentesting web applications. Can replay and modify requests, fuzz request values, proxy between the browser and site, etc.
PSBits Offline GPO Analysis#
Analyze Microsoft Group Policy files offline.
sig2n#
Python scripts to perform JWT algorithm confusion.
Usage instructions from PortSwigger here.
Snort#
IDS/IPS that does packet monitoring and logging based on rules.
Suricata#
IDS/IPS that does packet monitoring and logging based on rules. Similar to Snort but multithreaded.
tcpdump#
CLI data network packet analyzer. Can dump to pcap files.
VirtualBox#
Virtual machine hypervisor. Generally used to create Kali or Parrot VMs separate from your host operating system.
Wireshark#
Network packet sniffer that can capture from interfaces in real time or read pcap files.