- Creepy – Geolocation OSINT tool
- Hash Analyzer – Tool to identify hash types
- WAScan – Web Application Scanner
- Sn1per – Automated pentest recon scanner
- Impacket – Collection of Python classes/tools for working with network protocols
- BloodHound – Identify highly complex attack paths in Active Directory
- InfoG – Neat information gathering tool
- OSCP prep tips – Site with tips and links for prepping for OSCP cert
- DIY Rubber Ducky – A “Rubber Ducky” device using a Raspberry Pi Zero
- Crackstation – A resource to quickly crack hashes against known breaches
- Hashtopolis – Distributed hash cracking application
- cewl – Wordlist generation tool
- pspy – Monitor linux processes without root permissions
- Web-Shells – Collection of useful PHP remote shells
- php-reverse-shell – A quick and simple PHP reverse shell leveraging netcat
- red-team-cheatsheet – A quick checklist of things to try specific to Windows OS
- windows-exploit-suggester – Tool to test patch levels of target Windows machine
- PayloadsAllTheThings – A list of useful payloads and bypass for Web Application Security and Pentest/CTF
- GTFOBins – A list of Unix binaries that can be exploited by an attacker to bypass local security restrictions
- SecLists – A collection of multiple types of lists used during security assessments, collected in one place
Casey Trader 