TOOLS
Field reference for offensive and defensive tooling. Curated market tools, framework internals, external archives, and a practitioner shortlist of Kali Linux essentials.
POPULAR
Network mapper. SYN/UDP scanning, service detection, NSE scripts, and OS fingerprinting. The baseline recon tool.
HTTP/S intercepting proxy. Repeater, Intruder, scanner, and extension API for web app testing.
Packet dissector. Live capture and PCAP analysis with display filters and protocol decoders.
AD attack path analysis. Ingests ACL/ACE and group membership into a graph of privilege escalation routes.
Commercial adversary simulation platform. Beacon C2, malleable profiles, team server. Licensed red-team software.
GPU password recovery. Rule and mask attacks across hundreds of hash formats.
Python protocol implementations. secretsdump, psexec, getTGT, and SMB/Kerberos tooling for Windows networks.
Reverse engineering IDE. Disassembly, decompilation, scripting, and binary diffing.
Malware identification language. String/hex patterns with boolean conditions over scanned files.
Memory forensics. Extract processes, credentials, network connections, and kernel artifacts from RAM dumps.
Template scanner. YAML checks for CVEs, misconfigs, and exposed services at scale.
SQL injection automation. DB fingerprinting, data dump, file read, and OS command execution via SQLi.
METASPLOIT
Metasploit Framework is a modular exploitation platform maintained by Rapid7 and the open-source community. Ruby runtime, PostgreSQL database for workspace state, and a unified module interface for the full attack lifecycle.
Deliver payloads against vulnerable services. Targets specific CVEs or logic bugs with configurable options (RHOST, RPORT, target index).
Shellcode staged or single. Meterpreter (reflective DLL), reverse/bind TCP, HTTPS, and custom stagers. msfvenom generates standalone binaries and shellcode.
Scanning, fuzzing, credential brute-force, and info gathering without delivering a payload. Example: auxiliary/scanner/smb/smb_version.
Transform shellcode to evade bad-char filters and naive AV. x86/shikata_ga_nai is the default polymorphic encoder.
NOP sled generators for buffer overflow alignment. Platform-specific opcode sequences.
Post-exploitation on established sessions. Hash dump, pivot, persistence, privilege escalation modules.
Windows-specific bypass techniques for AMSI, AppLocker, and ETW prior to payload delivery.
- msfconsole
- Interactive REPL. search, use, set, run, sessions, routes. Tab completion and resource script execution (-r).
- msfvenom
- Payload generator CLI. -p payload, -f format (exe, elf, raw, ps1), encoders, badchars, iterations.
- resource scripts
- Automated command sequences (.rc files). Chain recon, exploit, and post modules for repeatable engagements.
- msfdb / workspace
- PostgreSQL-backed state. Hosts, services, creds, loot, and session history persist across runs.
Other Sources
Curated malware corpus and reference library. Indexed samples, writeups, and scripture-style documentation for researchers tracing lineage and behavior.
Malware archive and threat intel repository. Historical samples, papers, and community-sourced collections. Primary source for offline malware research.
Exploit and tool search engine. Aggregates Exploit-DB, GitHub PoCs, and Metasploit modules into one query interface.
White-box web pentester from Keygraph. Reads source repos, maps attack surfaces, runs browser and CLI exploits in Docker workers. Reports only validated PoCs. AGPL CLI; targets Injection, XSS, SSRF, auth, and authorization flaws.
Commercial AppSec platform built on Shannon. Code Property Graph SAST, continuous pentest runs, finding deduplication, auto-remediation PRs with re-test verification. Self-hosted and air-gapped deployment.