Documentation Hub

Category: Network Reconnaissance and Security
Description: Aircrack-ng is a complete suite of tools for wireless network auditing. It is primarily used for penetration testing of Wi-Fi networks, allowing analysts to assess network security by decrypting WEP and WPA/WPA2-PSK keys. Aircrack-ng includes a series of utilities for capturing packets, injecting traffic, and performing deauthentication attacks, making it an indispensable tool for any security auditor who needs to evaluate the robustness of a wireless network. It is widely used in both security audits and forensic investigations, where the ability to analyze and exploit vulnerabilities in Wi-Fi networks is crucial.
Official URL: https://www.aircrack-ng.org/

Category: Data Collection
Description: Amass is an advanced tool for subdomain collection and asset enumeration in networks. Developed by OWASP, Amass is capable of performing exhaustive mapping of an organization’s domain infrastructure, identifying subdomains, IP addresses, and other network assets that could be susceptible to attacks. It is an indispensable tool in the arsenal of any cybersecurity professional who needs to map and analyze an organization’s attack surface. Amass is highly configurable and can be integrated with other data collection tools, offering detailed and accurate results crucial for planning and executing penetration tests and security audits.
Official URL: https://github.com/OWASP/Amass

Category: Utilities
Description: Cherrytree is a hierarchical note-taking application that allows users to organize information in a tree structure. It is a versatile tool for saving and managing notes, task lists, code snippets, and long documents. Cherrytree supports note storage in XML or SQLite formats, providing flexibility in how data is saved and accessed. It also offers advanced features such as syntax highlighting, image and table insertion, and the ability to export notes in various formats, making it a popular choice for programmers, researchers, and anyone who needs a robust tool for managing information.
Official URL: https://www.giuspen.com/cherrytree/

Category: Browsers
Description: Chromium is an open-source web browser that serves as the basis for Google Chrome and other browsers. It is distinguished by its focus on speed, security, and support for the latest web standards. As open-source software, Chromium offers transparency and full control over the software, making it a preferred choice for users and developers who value customization and privacy. Additionally, Chromium supports extensions and web applications, allowing users to expand its functionality according to their needs. Although it lacks some proprietary features of Google Chrome, such as synchronization with a Google account, Chromium remains a robust and efficient choice for web browsing.
Official URL: https://www.chromium.org/

Category: Image and Video Analysis
Description: Cytoscape is a widely used software platform for visualizing and analyzing molecular interaction networks and complex biological data. This software is essential in bioinformatics, allowing researchers to integrate diverse biological data and visualize molecular and genomic interactions in an intuitive graphical environment. In addition to visualization, Cytoscape offers robust tools for analyzing large datasets, facilitating pattern identification, hypothesis creation, and interpretation of experimental results. Its extensibility through plugins allows customization and expansion of its capabilities, making it adaptable to specific research needs in systems biology, cell biology, and other scientific disciplines requiring the interpretation of complex biological networks.
Official URL: https://cytoscape.org/

Dnsrecon
Category: Data Collection
Description: Dnsrecon is a DNS information gathering tool that allows analysts to perform DNS queries, WHOIS lookups, and subdomain enumeration. It is widely used in security audits to identify misconfigured DNS settings, hidden subdomains, and other aspects of the DNS infrastructure that could be exploited by attackers. Dnsrecon supports a variety of data collection techniques, such as DNS zone transfers, and can be integrated into automated workflows for efficient DNS audits. Its flexibility and ability to perform advanced queries make it an essential tool for any cybersecurity professional.
Official URL: https://github.com/darkoperator/dnsrecon

Category: Network Reconnaissance and Security
Description: Ettercap is a powerful tool for performing Man-in-the-Middle (MITM) attacks on local networks. It can intercept, manipulate, and analyze network traffic in real-time, making it an essential tool for security auditors who need to assess a network’s vulnerability to interception attacks. Ettercap supports a wide variety of network protocols and offers multiple methods for performing MITM attacks, including ARP poisoning and DNS spoofing. In addition to its attack capabilities, Ettercap is also used in network forensic analysis, allowing investigators to capture and examine network traffic to identify suspicious behavior and potential threats.
Official URL: https://www.ettercap-project.org/

Category: Metadata Analysis
Description: ExifTool is a powerful command-line application for reading, writing, and editing metadata in image files, video files, and other multimedia formats. This tool is essential for analysts who need to access embedded information in files, such as camera details, date and time, GPS location, and other critical data that can be key in forensic investigations and intelligence analysis. ExifTool supports a wide range of metadata formats, including EXIF, IPTC, XMP, and many others, making it a versatile and reliable tool in any workflow related to image analysis and data retrieval. Its flexibility and power make it ideal for automating metadata extraction and modification in large volumes of files.
Official URL: https://exiftool.org/

EyeWitness
Category: Data Collection
Description: EyeWitness is a tool designed to capture screenshots of websites and services, particularly useful for identifying potentially vulnerable configurations and services during a security assessment. EyeWitness can take screenshots of web applications, RDP desktops, and VNC services, providing visual context that helps analysts quickly identify possible attack vectors. In addition to capturing images, EyeWitness also generates detailed reports that include metadata and descriptions, facilitating the review and analysis of penetration test results. Its ability to automate the capture and documentation of evidence makes EyeWitness a valuable tool in security audits and forensic analysis.
Official URL: https://github.com/FortyNorthSecurity/EyeWitness

Category: Browsers
Description: Firefox is an open-source web browser developed by Mozilla, known for its focus on privacy, security, and flexibility through extensions. Firefox allows users to browse the web securely, with protection against trackers, control over cookies, and advanced customization options. This browser is widely used by both regular users and cybersecurity professionals due to its commitment to user privacy and transparency in its development. Additionally, Firefox is compatible with a vast library of extensions that enhance its functionality, making it a versatile tool for a variety of applications, from basic browsing to online analysis and research.
Official URL: https://www.mozilla.org/firefox/

Category: Image and Video Analysis
Description: Gephi is an open-source software designed for the visualization and exploration of all types of graphs and networks. It is widely used in various fields, such as social network analysis, biology, academic research, and cybersecurity, due to its ability to handle large datasets and its flexibility in representing complex relationships. Gephi allows users to visualize and manipulate graph structures intuitively, facilitating pattern identification, community detection, and advanced statistical analysis of network topology. Its interactive graphical interface and ability to handle large data volumes make it an essential tool for researchers and analysts working with complex data and diverse information sources.
Official URL: https://gephi.org/

Category: Image and Video Analysis
Description: ImageMagick is a set of software tools designed for creating, editing, compositing, or converting bitmap images. This application is known for its ability to manipulate images on a large scale and automate processes, making it ideal for projects requiring the processing of large volumes of images. ImageMagick supports a wide variety of image formats, enabling complex operations such as image transformation, special effects creation, and file optimization for web or print publication. Its versatility and power have made it an indispensable tool in graphic design, digital photography, and multimedia editing, as well as in cloud workflow automation.
Official URL: https://imagemagick.org/

Maltego
Category: Data Collection
Description: Maltego is a powerful data collection and analysis tool that allows users to build and visualize relationship graphs between people, groups, companies, domains, and other types of entities. It is widely used in intelligence investigations and forensic analysis due to its ability to integrate data from multiple sources and uncover hidden connections. Maltego facilitates the creation of complex relationship maps, allowing analysts to identify patterns and relationships that are not immediately apparent. Additionally, its modular architecture allows the integration of custom transforms, significantly extending its analysis capabilities. Maltego is essential for professionals who require a clear and structured view of interrelated data in complex investigations.
Official URL: https://www.maltego.com/

Category: Vulnerability Analysis
Description: Metasploit is a framework for developing, testing, and executing exploits against remote systems, allowing cybersecurity professionals to evaluate the security of systems by simulating real attacks. This tool is fundamental in pentesting as it facilitates the identification of vulnerabilities and the execution of exploits on network systems and web applications. Metasploit provides a wide range of modules that allow users to perform customized and automated attacks, making it a powerful tool for auditing security and improving system defenses. In addition to its utility in penetration testing, Metasploit is also a widely used educational platform in cybersecurity training.
Official URL: https://www.metasploit.com/

Category: Network Reconnaissance and Security
Description: netcat, often known as the “Swiss Army knife of networking,” is a versatile tool that allows users to read and write data across network connections using the TCP and UDP protocols. It is widely used in security testing, network analysis, and service debugging due to its ability to create simple yet powerful network connections. netcat can be used for port scanning, file transfer, remote connections, and much more, making it an indispensable tool for system administrators and security analysts. Its simplicity and efficiency have made it popular among IT professionals for both routine and advanced tasks in network administration and auditing.
Official URL: https://nc110.sourceforge.io/

Category: Network Reconnaissance and Security
Description: netdiscover is a network scanning tool designed to detect active nodes in wireless or wired networks by identifying IP and MAC addresses. It is particularly useful in environments where access to a DHCP server is unavailable or when a network’s topology needs to be mapped quickly. netdiscover can operate in both active and passive modes, allowing users to adapt to different network discovery scenarios. Its simplicity and efficiency make it an essential tool for network administrators and security auditors who need a fast and reliable scanner to identify devices connected to a network.
Official URL: https://github.com/alexxy/netdiscover

Category: Network Reconnaissance and Security
Description: Nmap (Network Mapper) is one of the most widely used tools for network scanning and discovery, as well as for security auditing. It allows users to discover hosts and services on a network, identifying open ports, software versions, and potential vulnerabilities. Nmap is highly configurable and supports a variety of scanning techniques, making it an essential tool for both network administrators and security professionals. In addition to its scanning capabilities, Nmap also includes a suite of additional tools, such as Ncat, Ndiff, and Nping, that extend its functionality and enable more advanced network analysis and diagnostics.
Official URL: https://nmap.org/

Osquery
Category: Data Collection
Description: Osquery is an open-source framework that allows users to perform SQL queries to explore and monitor the configuration and state of endpoints on a network. It is an essential tool for endpoint security, enabling administrators and security analysts to conduct audits and monitor system behavior in real-time. Osquery transforms the operating system into a relational database, allowing complex queries that can be automated to detect anomalies, manage configurations, and ensure compliance with security policies. Its flexibility and scalability make it ideal for large corporate environments that require detailed visibility of their IT assets.
Official URL: https://osquery.io/

phoneinfoga
Category: Data Collection
Description: phoneinfoga is an advanced tool for gathering information about phone numbers using OSINT. It can collect data on the owner’s identity, location, and other details related to a phone number by leveraging open sources of information. phoneinfoga is widely used in security investigations and forensic analysis, enabling researchers to uncover relevant information about a target through their phone number. The tool supports multiple search methods and is highly configurable, making it a flexible tool for professionals who need to conduct detailed and accurate investigations.
Official URL: https://github.com/sundowndev/phoneinfoga

Category: Social Networking
Description: Sherlock is an open-source tool designed to find usernames across various social networks and online platforms. It is an extremely useful tool in OSINT investigations, allowing researchers to track an individual’s presence across different platforms by quickly identifying profiles associated with a specific username. Sherlock is capable of searching more than 300 websites and platforms, making it a comprehensive tool for collecting personal information and identifying online profiles that may be related to suspicious or fraudulent activities.
Official URL: https://github.com/sherlock-project/sherlock

SpiderFoot
Category: Data Collection
Description: SpiderFoot is an automated OSINT data collection tool that extracts information from a wide variety of public sources. This tool is ideal for conducting cyber intelligence investigations, as it can gather data on IP addresses, domain names, emails, and many other related entities. SpiderFoot allows for a comprehensive analysis of an organization or individual’s attack surface, identifying vulnerabilities and potential threats. Its web interface facilitates the configuration of scans and the review of results, enabling analysts to manage large volumes of information efficiently. Additionally, SpiderFoot is extensible, allowing the addition of custom modules to meet specific investigation needs.
Official URL: https://www.spiderfoot.net/

Category: Data Collection
Description: Sublist3r is a subdomain enumeration tool that helps security analysts identify and enumerate subdomains of a target domain using OSINT sources. Sublist3r can query multiple search engines like Google, Bing, Yahoo, and Baidu, as well as databases like VirusTotal. This tool is particularly useful during the reconnaissance phase of penetration testing, as it allows the discovery of additional attack surfaces that attackers may exploit. Sublist3r’s ability to integrate multiple sources and its focus on automation make it an indispensable tool for any cybersecurity professional seeking to conduct a complete mapping of a target’s infrastructure.
Official URL: https://github.com/aboul3la/Sublist3r

Category: Utilities
Description: Sublime Text is a sophisticated text editor that offers support for multiple programming languages, markup, and prose. It is known for its speed, efficiency, and a minimalist user interface that facilitates writing and editing code. Sublime Text is highly customizable through plugins and themes, allowing users to tailor the editor to their specific needs. It is a preferred tool among developers and programmers due to its ability to handle large projects, its powerful keyboard shortcut system, and its ease of use. Additionally, Sublime Text includes advanced features such as syntax highlighting, split editing, and regular expression search and replace, making it a robust and versatile editor.
Official URL: https://www.sublimetext.com/

Category: Data Collection
Description: theHarvester is a tool designed for collecting email addresses, subdomains, usernames, and IP addresses using public sources. It is widely used in the reconnaissance phase of penetration testing and security audits. theHarvester enables analysts to quickly gather relevant information about a target from sources such as search engines, PGP key servers, and social networks. Its focus on automation and integration with other security tools makes theHarvester a powerful choice for any professional needing to conduct an exhaustive analysis of a target’s online presence.
Official URL: https://github.com/laramies/theHarvester

Category: Browsers
Description: Tor Browser is a web browser that allows users to browse the Internet anonymously by hiding their IP address and encrypting network traffic through the Tor network. This browser is fundamental for protecting online privacy, avoiding censorship, and preventing online activity tracking. Tor Browser is based on Firefox and has been modified to eliminate any trace that could identify the user, ensuring a high level of anonymity. It is widely used by journalists, activists, and individuals who require enhanced privacy and security in their online activities.
Official URL: https://www.torproject.org/

Category: Reverse Engineering and Binary Analysis
Description: Volatility is an advanced memory forensics framework that allows forensic investigators to extract and analyze volatile data from RAM images. It is a fundamental tool in digital forensic analysis as it enables the recovery of critical information such as active processes, network connections, passwords, registry keys, and other volatile data not stored on hard drives. Volatility is especially useful in intrusion investigations, where memory analysis can reveal malicious activities that do not leave permanent traces on the file system. Its ability to support multiple memory image formats and its wide range of plugins make Volatility an indispensable tool for forensic analysts.
Official URL: https://www.volatilityfoundation.org/

Category: Network Reconnaissance and Security
Description: Wireshark is a network protocol analyzer that allows users to capture and explore network traffic in real-time. It is an essential tool for network administrators, security analysts, and developers, providing a detailed view of network communications and enabling the identification of problems, analysis of vulnerabilities, and detection of suspicious activity. Wireshark supports a wide range of protocols and offers powerful filtering and analysis capabilities, making it easier to interpret large volumes of network data. Its intuitive graphical interface and advanced analysis features make it an indispensable tool for anyone working with networks.
Official URL: https://www.wireshark.org/