Pentesting Toolset
This is a list of our toolset that we recommend for running pentests. You know or you want to know something else? Ask us!
Helper Tools
| For this | We use |
|---|---|
| Pentest Reporting | SysReptor |
| Screenshots | Flameshot |
| Note Taking | SysReptor |
| Diagrams | Excalidraw (also available in SysReptor) |
Pentests in General
| For this | We use |
|---|---|
| Encoding/Decoding | CyberChef (also available in SysReptor) |
| Data Leak Lookup | SysLeaks, Kaduu, HIBP |
| PW Cracking | hashcat, Hashtopolis |
| PW Lists | SysLeaks, Weakpass |
| Open TCP Ports | portquiz |
Web Tests
| For this | We use |
|---|---|
| Web App Testing | Burp Professional |
| Directory and File Search | dirsearch, gobuster |
| Web Spider and Endpoint Detection | katana |
| Web Vuln Scanner | Burp Professional, nuclei |
| SSL Inspection | sslyze, tls-scanner |
| SQLi Exploitation | sqlmap |
| Cookie Cracking | cookiemonster |
| JWT Tampering | jwt_tool |
| Secret Discovery | TruffleHog |
Burp Plugins
| For this | We use |
|---|---|
| Authorization Testing | Auth Analyzer, Autorize |
| JWT Testing | JSON Web Tokens, JWT Editor |
| SAML Testing | SAML Raider |
| Endpoint Detection via JS | JS Link Finder |
| Additional Vuln Scans | Active Scan++, Upload Scanner |
| HTTP Request Smuggling | HTTP Request Smuggler |
| ViewState Editing | ViewState Editor |
| Java Platform Scanner | J2EEScan |
| Pingback Erkennung | Collaborator Everywhere |
| sqlmap Integration | SQLiPy Sqlmap Integration |
| IP Restriction Bypass | IP Rotate |
| WAF Bypass | nowafpls |
Active Directory & Windows Tests
We provide some of the following tools precompiled at GitHub.
| For this | We use |
|---|---|
| AD Enumeration | BloodHound, ADRecon, NetExec |
| AD CS Exploitation | Certify, Certipy |
| AD Queries | PowerView, SeatBelt |
| AD Analysis | PingCastle, PurpleKnight |
| DNS Dump | adidnsdump |
| Windows Password Extraction | mimikatz, lsassy, pypykatz |
| Local Credential Extraction | LaZagne |
| Powershell Runspace | Stracciatella |
| MachineAccountQuota/DNS Exploitation | Powermad |
| Kerberos Interactions | Rubeus, Kerbrute |
| Network Protocol Attacks | Impacket, Responder, Inveigh |
| Local Privesc | SharpUp, WinPEAS, LinPEAS, Crassus |
| Local Process Monitoring | Process Monitor |
| SCCM Credential Gathering | SharpSCCM |
| RDP MitM | pyrdp |
| Shadow Credential Exploitation | Whisker |
| WSUS Abuse | SharpWSUS |
| Entra ID Authentications | ROADtools |
| SMB Share Audit | Snaffler |