Latest Cyber Security Tools



This is a powerful XSS scanner made in python 3.7.

The main features of this tool are-

  1. crawling all links on a website (craw……..

OWASP Nettacker


This tool is an Automated Penetration Testing Framework. The main aim of this project was to automate information gathering, vulnerability scanning, and eventually generating a report for the network.

This tool detects bypass firewall/IDS/IPS devices by using TCP SYN, ACK, ICMP, and many other protocols. This tool makes a competitive edge compared to the other available scanners making it o the best.



This tool enables the user to find a person’s accounts and emails and breached emails.

Features: –



Kraker is a distributed password brute-force system. The main focus of this tool is ease of its use.

Kraker allows the user to run and manage hashcat on different servers and workstations. The developer had two main goals while creating this tool-

  • To create the simplest tool for hash cracking
  • To make the tool fault-tolerant



Packer-Fuzzer is a fast and efficient scanner for the security detection of website which were created using JavaScript module bundler like Webpack.

This tool can automatically generate a report from the result of the scan on the basis of the user’s detection result. The content of this report and other derivatives content cannot represent the position and views of the team.



This is an experimental tool for windows. PentestBro combines cans, whois, port scanning, banner grabbing and web enumeration into one tool. PentestBro uses subdomain list of SecList. This tool also uses Nmap service probe for banner grabbing and list of paths for web enumeration.

This tool was created only educational purpose and not for unethical practices.



Subcert is a subdomain enumeration tool, that finds all the valid subdomains from certificate transparency logs.

This tool was created only for educational purposes and not for any unethical practices.



URS or Universal Reddit Scrapper is a comprehensive Reddit scrapping command line tool written in python and integrates multiple features.

This tool was created only for educational purposes and not for any unethical practices.



This tool, also known as Pocket Intelligence, is an OSINT swiss army knife, for the DFIR/OSINT professionals. This tool is very light-weight, this provides the users with capabilities of OSINT in a very compact form.



This is an enumeration and information gathering tool.

This tool was created only for educational purposes and not for any unethical practices.



This tool is a very fast and highly customisable tool used in defence of network built using SQL and REST/gRPC protocol.

This tool is used to scrape and defend the against the dangerous threats that systems face on the internet. This tool is used by both companies and individuals to protect themselves against the threats. 



This tool scans for open AWS S2 buckets and dumps the content. This tool tries to collect all information that are available about a bucket, but the interpretation of the result depends on the user.

This tool was made only for educational purpose and should for unethical and illegal purposes.



This tool is a customisable wordlist and password generator. It can easily create permutations and combinations of words

This tool was made only for educational purpose and should for unethical and illegal purposes.



This tool is a utility with Apache2 license, which was re-written in python 3.X. This tool is used by pen testers and admins to find the admin panel of a website.

There are other tools for this purpose, but they are not as effective as this tool, which makes it useful. This tool also has the capability to hide your identity by using tor.



Black Mamba is a tool that is a multi-client post exploitation framework added with some spyware features. This tool works with multiple connections at the same time. It was developed with python and Qt Framework which have multiple features for a post exploitation step.

Atomic-Red-Team-Intelligence-C2 (ARTi-C2)


This is a modern execution framework that is created to enhance the security teams to scale the attack scenario from single and multi-breach point targets. The main target is to create actionable attack intelligence which will improve the effective security products and incident response.



This is a Ruby platform that is used for research of vulnerability and development of exploits. Ronin allows for the rapid development and distribution of code, exploits, payloads, Scanners, and via Repositories.



 This tool is an Azure Function that is used to validate and relay Cobalt Strike Beacon traffic by undergoing verification of the requests that are coming based on Cobalt Strike Malleable C2 profile.

GVM Docker


This tool is a Docker image for Greenbone Vulnerability Management with OpenVAS. There are improvements that have been made that can enhance the stability and functionality. 

FireFly IDS


This is an Intrusion Detection System which inspired IDS for Nature-Inspired Cyber Security. 



This tool can generate a Linux Kernel module for custom rules with Netfilter hooking. In case of a attack, the attacker will not be able to find the kernel module that is hidden if you have HiddenWall in your system



This tool is mainly used to ensure security of the web servers o organizations. Till now, BAT can check headers of website and give recommendation on how to make it better. 

This tool is made only for educational purposes and it is not responsible for any use in illegal environment.



WordPress recon is a vulnerability assessment tool in CMS and WordPress, which was developed in Go and script in Lua. 

Features: –

  1. Detection WAF 
  2. Random User-Agent
  3. Tor Proxy
  4. Enumerator
  5. Enumerator Version 
  6. Brute Force 
  7. Scripts
  8. Vulnerability Version Checking (Plugins) (Beta)

DeepWeb Scanner


This tool can search for hidden deep web pages.

A simple script to scrape deep net to seek out pages. It will return those files if found and save them in a file. The number of requests can be estimated by multiplying the amount of threads width the depth number.

Defeat- Defender


This tool is a powerful batch script that can dismantle complete windows defender. This can also bypass the tamper protection.

After it got admin permission it will disable defender:-

Infection Monkey


This is an open-source security tool that is used to test the resiliency of data centers to breaches and the internal server function. Several methods are used by the tool to self-propagate across the data centers to report the success to the server of the tool.

Main parts of the tool-

  1. Monkey- This is the tool that propagates through another machine to other machines by infecting them.
  2. Monkey Island- This is a dedicated server that is used to visualize and track the progress of the infection Monkey.



This is a command-line network packet crafting and injection utility.

This project is command line based, designed as portable human IP stack for UNIX like and Windows system. This suite allows scripting of injected packets from simple shell script and it is broken down by protocol.



This tool is used to enable monitor mode and packet injection in raspberrypi.

This script works on Raspberry Pi 3B/B+, Raspberry Pi Zero W (Tested on Raspbian OS) and can be used to install Re4son Kernel which enables monitor mode & packet injection in Raspberry Pi.



This tool helps to find out the real IP behind the CloudFlare protected websites.

This tool helps in searching for the genuine IP of a website that is protected by CloudFlare, this information will be very useful for further presentation. The tool can generate several information like CloudFlare IP, Real IP, Hostname, name of organization, city, and country and postal, time zone. 



This is a data leak checker and OSINT tool. Oblivion focuses on monitoring of new leaks of data in real time, and it notifies the user about such event. It is possible to detect and verify the occurrence of any leakage in the data 

Fortinet’s Fortigate


This is a constantly updated firewall which is excellent in the function of a software firewall. This can block sketchy websites and downloads of malware, look for threats in encrypted data for threats. It has AI enabled software that constantly monitors all the network’s active users. This tool has the capability to block the latest malware even if it is encountered for the first time.

Fortinet’s Fortigate

GFI LanGuard


This comprises continuous monitoring, scanning and patching. This is a very popular and useful tool which can be used by a company to demonstrate security compliance. It provides software and network auditing for the vulnerable areas in systems like mobiles and desktops. This can also create patches for Mac, Windows and Linux systems.

GFI LanGuard

Entersoft Ensight


This is a modern security assessment tool which is used to protect the enterprise apps against the latest and the most notorious cyber-attacks. It provides penetration testing tools which enables the users to scan the database systems, infrastructure analysis, code review, etc.

Entersoft Ensight



Ncat, formerly known as Netcat is often referred to as the Swiss army knife in networking.

This tool is used to view and record the datas on TCP and UDP network connections. This works as a back end listener and which allows port scanning and port listening. Ncat can also be used to transfer files. 


VMWARE Secure State


VMWare Secure State helps the customers to close the loop on cloud security and reduces the risks through detection and remediation in real-time. It has a flexible remediation framework, that has a design that enables collaboration between cloud security and the DevOps team. This was one of the first companies to virtualize the x86 architecture successfully.

VMWARE Secure State



BlueVector is an emerging security tool that can provide real-time advanced threat detection. It uses technologies like Artificial Intelligence, Machine Learning in its network intrusion detection system. BlueVector has three components, the AI-based Detection Engine, Intelligence Decision Support, and Connectors Framework for detecting, Intelligent Decision Support, and Connectors framework for analyzing, the file-less and file-based malware, for example, Zero Day malware.




Webroot is a cloud-based platform which can be used by all kinds of business as well as the individual. This performs predictive threat analysis to protect the system against threats. It provides threat intelligence services and for the endpoints, it provides multi-vector protection. 




Snort is a free intrusion detection system (IDS) that is used to detect and prevent intrusions in the network and also performs many functions like monitoring network packets, streaming data to your screen, etc. This performs packet analysis behind the firewall in real-time. This adds a new level of defense to your system.




Wfuzz has been created to facilitate the task in web applications assessments and it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload.

A payload in Wfuzz is a source of data.

This simple concept allows any input to be injected in any field of an HTTP request, allowing to perform complex web security attacks in different web application components

Wfuzz Tool | IEMLabs



WebSploit Is An Open Source Project For:

  • Social Engineering Works
  • Scan,Crawler & Analysis Web
  • Automatic Exploiter
  • Support Network Attacks
  • Autopwn – Used From Metasploit For Scan and Exploit Target Service
  • wmap – Scan,Crawler Target Used From Metasploit wmap plugin
WebSploit Tool | IEMLabs



ebScarab is designed to be a tool for anyone who needs to expose the workings of an HTTP(S) based application, whether to allow the developer to debug otherwise difficult problems, or to allow a security specialist to identify vulnerabilities in the way that the application has been designed or implemented.

It aims to become a tool that may be used automatically or interactively

to test web applications for their security.

WebScarab Tool | IEMLabs



w3af is a Web Application Attack and Audit Framework which aims to identify and exploit all web application vulnerabilities. This package provides a graphical user interface (GUI) for the framework. If you want a command-line application only, install w3af-console. The framework has been called the “metasploit for the web”, but it’s actually much more than that, because it also discovers the web application vulnerabilities using black-box scanning techniques!.

w3af Tool | IEMLabs



PadBuster is a Perl script for automating Padding Oracle Attacks. PadBuster provides the capability to decrypt the arbitrary ciphertext, encrypt arbitrary plaintext, and perform automated response analysis to determine whether a request is vulnerable to padding oracle attacks.

PadBuster Tool | IEMLabs



OWASP Joomla! Vulnerability Scanner (JoomScan) is an open source project, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployments. Implemented in Perl, this tool enables seamless and effortless scanning of Joomla installations, while leaving a minimal footprint with its lightweight and modular architecture. It not only detects known offensive vulnerabilities, but also is able to detect many misconfigurations and admin-level shortcomings that can be exploited by adversaries to compromise the system.

JoomScan Tool | IEMLabs



 This JBoss script deploys a JSP shell on the target JBoss AS server. Once deployed, the script uses its upload and command execution capability to provide an interactive session.

Features include:

  • Multiplatform support – tested on Windows, Linux and Mac targets
  • Support for bind and reverse bind shells
  • Meterpreter shells and VNC support for Windows targets
Jboss-autopwn Tool | IEMLabs



Grabber is a black box web application vulnerability scanner that looks for SQL Injection,

Blind SQL injection, XSS vulnerability and File include injection. 


The tool aims to be quite generic, and can work with any kind of web application

regardless of the server side programming language. The tool is designed to be 

a simple, efficient way to detect vulnerabilities in a small simple

Grabber Tool | IEMLabs



Gobuster is a tool used to brute-force:

  • URIs (directories and files) in web sites.
  • DNS subdomains (with wildcard support).

Because I wanted:

  1. something that didn’t have a fat Java GUI (console FTW).
  2. to build something that just worked on the command line.
  3. something that did not do recursive brute force.
Gobuster Tool | IEMLabs




Description – FunkLoad is a functional and load web tester, written in Python, whose main use cases are:

  • Functional testing of web projects, and thus regression testing as well.
  • Performance testing: by loading the web application and monitoring your servers it helps you to pinpoint bottlenecks, giving a detailed report of performance measurement.
  • Load testing tool to expose bugs that do not surface in cursory testing, like volume testing or longevity testing.
FunkLoad Tool | IEMLabs



 fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of SQL injection. It’s currently under heavy development but it’s usable.

fimap Tool | IEMLabs



DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these. However tools of this nature are often as only good as the directory and file list they come with.

DirBuster Tool | IEMLabs



DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects. It basically works by launching a dictionary based attack against a web server and analyzing the response.

DIRB comes with a set of preconfigured attack wordlists for easy usage but you can use your custom wordlists. Also DIRB sometimes can be used as a classic CGI scanner, but remember is a content scanner not a vulnerability scanner.

DIRB Tool | IEMLabs



Through the use of the Flex programming model and the ActionScript language, Flash Remoting was born. Flash applications can make requests to a remote server to call server side functions, such as looking up accounts, retrieving additional data and graphics, and performing complex business operations. However, the ability to call remote methods also increases the attack surface exposed by these applications. This tool will allow you to perform method enumeration and interrogation against flash remoting end points.

Deblaze Tool | IEMLabs



DAVTest tests WebDAV enabled servers by uploading test executable files, and then (optionally) uploading files which allow for command execution or other actions directly on the target. It is meant for penetration testers to quickly and easily determine if enabled DAV services are exploitable.

DAVTest supports:

DAVTest Tool | IEMLabs



The BlindElephant Web Application Fingerprinter attempts to discover the version

of a (known) web application by comparing static files at known locations against

precomputed hashes for versions of those files in all available releases. 


The technique is fast, low-bandwidth, non-invasive, generic, and highly automatable.

BlindElephant Tool | IEMLabs



Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.

It is smart, it trains itself by learning from the HTTP responses it receives during the audit process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify false-positives.

Arachni Tool | IEMLabs

Volatility Framework


The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer unprecedented visibility into the runtime state of the system.

Volatility Framework Tool | IEMLabs



RegRipper is an open source tool, written in Perl, for extracting/parsing information (keys, values, data) from the Registry and presenting it for analysis.

RegRipper consists of two basic tools, both of which provide similar capability. The RegRipper GUI allows the analyst to select a hive to parse, an output file for the results, and a profile (list of plugins) to run against the hive. When the analyst launches the tool against the hive, the results go to the file that the analyst designated. If the analyst chooses to parse the System hive, they might also choose to send the results to system.txt.

RegRipper Tool | IEMLabs



peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks. With peepdf it’s possible to see all the objects in the document showing the suspicious elements, supports the most used filters and encodings.

Peepdf Tool | IEMLabs



Guymager is a free forensic imager for media acquisition. Its main features are:

  • Easy user interface in different languages
  • Runs under Linux
  • Really fast, due to multi-threaded, pipelined design and multi-threaded data compression
Guymager Tool | IEMLabs



Foremost is a forensic program to recover lost files based on their headers, footers, and internal data structures. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers can be specified by a configuration file or you can use command line switches to specify built-in file types. These built-in types look at the data structures of a given file format allowing for a more reliable and faster recovery.

Foremost Tool | IEMLabs



extundelete is a utility that can recover deleted files from an ext3 or ext4 partition. The ext3 and ext4 file systems are the most common default file systems in Linux distributions like Mint, Mageia, or Ubuntu. extundelete uses information stored in the partition’s journal to attempt to recover a file that has been deleted from the partition.

Extundelete Tool | IEMLabs



Dumpzilla application is developed in Python 3.x and has as purpose extract all forensic interesting information of Firefox, Iceweasel and Seamonkey browsers to be analyzed. Due to its Python 3.x development, might not work properly in old Python versions, mainly with certain characters.

DumpzillaTool | IEMLabs



diStorm is a lightweight, easy-to-use and fast decomposer library. diStorm disassembles instructions in 16, 32 and 64 bit modes. Supported instruction sets: FPU, MMX, SSE, SSE2, SSE3, SSSE3, SSE4, 3DNow! (w/ extensions), new x86-64 instruction sets, VMX, AMD’s SVM and AVX!. The output of the new interface of diStorm is a special structure that can describe any x86 instruction, this structure can be later formatted into text for display too.

Distorm3 Tool | IEMLabs



 DFF (Digital Forensics Framework) is a free and Open Source computer forensics software built on top of a dedicated Application Programming Interface (API).

It can be used both by professional and non-expert people in order to quickly and easily collect, preserve and reveal digital evidence without compromising systems and data.

  • Preserve digital chain of custody: Software write blocker, cryptographic hash calculation
DFF Tool | IEMLabs



Like dd, dd_rescue does copy data from one file or block device to another. You can specify file positions (called seek and Skip in dd). There are several differences:

  • dd_rescue does not provide character conversions.
  • The command syntax is different. Call dd_rescue -h.
ddrescue Tool | IEMLabs



This little program will enable you to view some information and

change user passwords in a Windows NT SAM user database file.

You do not need to know the old passwords.

However, you need to get at the file some way or another yourself.


chntpw Tool | IEMLabs



Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community.

Created by Nguyen Anh Quynh, then developed and maintained by a small community, Capstone offers some unparalleled features:

capstone Tools | IEMLabs



Binwalk is a tool for searching a given binary image for embedded files and executable code. Specifically, it is designed for identifying files and code embedded inside of firmware images. Binwalk uses the libmagic library, so it is compatible with magic signatures created for the Unix file utility. Binwalk also includes a custom magic signature file which contains improved signatures for files that are commonly found in firmware images such as compressed/archived files, firmware headers, Linux kernels, bootloaders, filesystems, etc.

Binwalk Tool | IEMLabs



To attack multiple WEP, WPA, and WPS encrypted networks in a row. This tool is customizable to be automated with only a few arguments. Wifite aims to be the “set it and forget it” wireless auditing tool.


  • sorts targets by signal strength (in dB); cracks closest access points first
wifite Tool | IEMLabs



Wifitap is a proof of concept for communication over WiFi networks using traffic injection.

Wifitap allows any application do send and receive IP packets using 802.11 traffic capture and injection over a WiFi network simply configuring wj0, which means :

  • setting an IP address consistent with target network address range
  • routing desired traffic through it
Wifitap Tool | IEMLabs



Wifiphisher is a security tool that mounts automated phishing attacks against Wi-Fi networks in order to obtain credentials or infect the victims with ‘malware’. It is a social engineering attack that can be used to obtain WPA/WPA2 secret passphrases and unlike other methods, it does not require any brute forcing.

After achieving a man-in-the-middle position using the Evil Twin attack, Wifiphisher redirects all HTTP requests to an attacker-controlled phishing page.


Wifiphisher Tool | IEMLabs

Wifi Honey


This script creates five monitor mode interfaces, four are used as APs and the fifth is used for airodump-ng. To make things easier, rather than having five windows all this is done in a screen session which allows you to switch between screens to see what is going on. All sessions are labelled so you know which is which.

wifi-honey Tool | IEMLabs



Spooftooph is designed to automate spoofing or cloning Bluetooth device information. Make a Bluetooth device hide in plain site.


  • Clone and log Bluetooth device information
  • Generate a random new Bluetooth profile
  • Change Bluetooth profile every X seconds
Spooftooph Tool | IEMLabs



A cross platform Python frequency scanning GUI for USB TV dongles, using the OsmoSDR rtl-sdr library.

In other words a cheap, simple Spectrum Analyser.

The scanner attempts to overcome the tuner’s frequency response by averaging scans from both the positive and negative frequency offers of the baseband data.

RTLSDR Scanner Tool | IEMLabs



fang is a small proof-of-concept application to find non discoverable bluetooth devices. This is done by brute forcing the last six (6) bytes of the bluetooth address of the device and doing a read_remote_name(). This release of redfang now supports multiple threads and has now been modified for multiple devices and the code has been streamlined.


Redfang Tool | IEMLabs



Pixiewps is a tool written in C used to bruteforce offline the WPS pin exploiting the low or non-existing entropy of some APs (pixie dust attack). It is meant for educational purposes only. All credits for the research go to Dominique Bongard.


PixieWPS Tool | IEMLabs



Toolkit containing samples and various tools based on and around libnfc and crapto1, with emphasis on Mifare Classic NXP/Philips RFID cards.

mfcuk Tool | IEMLabs



gr-scan is a program written in C++, and built upon GNU Radio, rtl-sdr, and the OsmoSDR Source Block. It is intended to scan a range of frequencies and print a list of discovered signals. It should work with any device that works with that block, including Realtek RTL2832U devices. I developed this software using a Compro U620F, which uses an E4000 tuner.

Gr-scan Tool | IEMLabs



Gqrx is a software defined radio receiver powered by the GNU Radio SDR framework and the Qt graphical toolkit. Gqrx supports many of the SDR hardware available, including Funcube Dongles, rtl-sdr, HackRF and USRP devices. See supported devices for a complete list. Gqrx is free and hacker friendly software.

Gqrx Tool | IEMLabs



GISKismet is a wireless recon visualization tool to represent data gathered using Kismet in a flexible manner. GISKismet stores the information in a database so that the user can generate graphs using SQL. GISKismet currently uses SQLite for the database and GoogleEarth / KML files for graphing. GISKismet supports Kismet-newcore and Kismet-devel.

GISKismet Tool | IEMLabs



 The FreeRADIUS Server Project is a high performance and highly configurable multi-protocol policy server, supporting RADIUS, DHCPv4 and VMPS. It is available under the terms of the GNU GPLv2. Using RADIUS allows authentication and authorization for a network to be centralized, and minimizes the number of changes that have to be done when adding or deleting new users to a network.

FreeRADIUS Tool | IEMLabs

Fern Wifi Cracker


Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks.

Fern Wifi Cracker currently supports the following features:

Fern Wifi Cracker Tool | IEMLabs



EAP-MD5 is a legacy authentication mechanism that does not provide sufficient protection for user authentication credentials. Users who authenticate using EAP-MD5 subject themselves to an offline dictionary attack vulnerability. This tool reads from a live network interface in monitor-mode, or from a stored libpcap capture file, and extracts the portions of the EAP-MD5 authentication exchange.

eapmd5pass Tool | IEMLabs



Implementation of an offline dictionary attack against WPA/WPA2 networks using PSK-based authentication (e.g. WPA-Personal). Many enterprise networks deploy PSK-based authentication mechanisms for WPA/WPA2 since it is much easier than establishing the necessary RADIUS, supplicant and certificate authority architecture needed for WPA-Enterprise authentication.

coWPAtty Tool | IEMLabs



Bully is a new implementation of the WPS brute force attack, written in C. It is conceptually identical to other programs, in that it exploits the (now well known) design flaw in the WPS specification. It has several advantages over the original reaver code. These include fewer dependencies, improved memory and cpu performance, correct handling of endianness, and a more robust set of options. It runs on Linux, and was specifically developed to run on embedded Linux systems (OpenWrt, etc) regardless of architecture.

Bully Tool | IEMLabs