# Tools
    - [Metaspoit]( Penetration testing software
    - [BeEF]( The Browser Exploitation Framework
    - [PTF]( Penetration Testers Framework
    - [Bettercap]( MITM framework
    - [Nessus]( Vulnerability scanner
    - [AutoNessus]( Auto Nessus
    - [BDFProxy]( Patch Binaries via MITM (BackdoorFactory)
    - [Xplico]( Network Forensic Analysis Tool (eg. parse pcap file)
    - [Sqlmap]( Automatic SQL injection and database takeover tool
    - [jsql-injection]( Java application for automatic SQL database injection
    - [HoneyProxy]( MITM
    - [Gophish]( Open-Source Phishing Framework
    - [SET]( Social-Engineer Toolkit
    - [USBRubberDucky]( USB Rubber Ducky
    - [USB Wifi Ducky]( Upload, save and run keystroke injection payloads with an ESP8266 + ATMEGA32U4
    - [WHID]( WiFi HID Injector for Fun & Profit - An USB Rubberducky On Steroids.
    - [SimplyEmail]( Email recon framework
    - [WiFI pineapple]( WiFI pineapple (mitm)
    - [makeMyCSRF]( makeMyCSRF is a tool that can be used to automate auto-submit HTML form creation
    - [Weeman]( HTTP Server for phishing
    - [PlugBot]( The PlugBot: Hardware Botnet Research Project
    - [Pwn Phone]( Portable pentesting device
    - [EmPyre]( A post-exploitation OS X/Linux agent written in Python 2.7
    - [Mimikatz]( A little tool to play with Windows security ([videos](
    - [Acunetix]( Scanner to check for XSS, SQL Injection and other web vulnerabilities
    - [Burp Suite]( The leading toolkit for web application security testing
    - [Burp NoPE Proxy]( Non-HTTP Protocol Extension (NoPE) Proxy and DNS for Burp Suite.
    - [ntopng]( High-speed web-based traffic analysis
    - [nethogs]( Linux 'net top' tool
    - [jnettop]( traffic visualiser
    - [Lynis]( Security auditing tool for Linux, macOS, and UNIX-based systems
    - [Volatility]( An advanced memory forensics framework
    - [Radare]( portable reversing framework
    - [Android Fallible]( Secrets leak in Android apps
    - [XssPy]( Web Application XSS Scanner
    - [Unicorn]( Tool for using a PowerShell downgrade attack and inject shellcode straight into memory
    - [changeme]( A default credential scanner
    - [Mercure]( Tool for security managers who want to train their collaborators to phishing
    - [catphish]( For phishing and corporate espionage
    - [Security Checklist]( The SaaS CTO Security Checklist
    - [cgPwn]( A lightweight VM for hardware hacking, RE (fuzzing, symEx, exploiting etc) and wargaming tasks
    - [pwlist]( Password lists obtained from strangers attempting to log in to my server
    - [howmanypeoplearearound]( Count the number of people around you by monitoring wifi signals
    - [xss-listener]( XSS Listener is a penetration tool for easy to steal data with various XSS
    - [owasp-mstg]( The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering
    - [KeychainCracker]( macOS keychain cracking tool
    - [Microsploit]( Fast and easy create backdoor office exploitation using module metasploit packet
    - [InjectProc]( Process Injection Techniques
    - [expdevBadChars]( Bad Characters highlighter for exploit development
    - [massExpConsole]( Collection of Tools and Exploits with a CLI UI
    - [getsploit]( Command line utility for searching and downloading exploits
    - [Findsploit]( Find exploits in local and online databases instantly
    - [vulscan]( Advanced vulnerability scanning with Nmap NSE
    - [psychoPATH]( a blind webroot file upload & LFI detection tool
    - [repo-supervisor]( Scan your code for security misconfiguration, search for passwords and secrets
    - [xssor]( Hack with Javascript (online tool)
    - [xray]( XRay is a tool for recon, mapping and OSINT gathering from public networks
    - [Frida]( Inject JavaScript to explore native apps on Windows, macOS, Linux, iOS, Android, and QNX
    - [objection]( runtime mobile exploration (based on Frida)
    - [pwnbox]( Docker container with tools for binary reverse engineering and exploitation
    - [backdoor-apk]( shell script that simplifies the process of adding a backdoor to any Android APK file
    - [Attify OS]( Distro for pentesting IoT devices
    - [Zeus]( AWS Auditing & Hardening Tool
    - [EvilAbigail]( Automated Linux evil maid attack (backdoors initrd)
    - [mitm-router]( Man-in-the-middle wireless access point inside a docker container
    - [Dracnmap]( Exploit Network and Gathering Information with Nmap
    - [RastLeak]( Tool To Automatic Leak Information Using Hacking With Engine Searches
    - [pupy]( remote administration and post-exploitation tool (python)
    - [pwndsh]( Post-exploitation framework (bash) ([presentation](
    - [kwetza]( Python script to inject existing Android applications with a Meterpreter payload
    - [zmap]( ZMap Internet Scanner
    - [zgrab]( Application layer scanner that operates with ZMap
    - [OpenVAS]( The world's most advanced Open Source vulnerability scanner and manager
    - [Vulny-Code-Static-Analysis]( Basic script to detect vulnerabilities into a PHP source code
    - [knockpy]( Knock Subdomain Scan
    - [BoopSuite]( A Suite of Tools written in Python for wireless auditing and security testing ([demo](
    - [DataSploit]( An OSINT Framework to perform various recon techniques
    - [domain_analyzer]( Analyze the security of any domain by finding all the information possible
    - [Luckystrike]( A PowerShell based utility for the creation of malicious Office macro documents ([demo](
    - [sqlcheck]( Automatically identify anti-patterns in SQL queries
    - [SSRF Testing](
    - [XFLTReaT]( Tunnelling Framework ([kitploit](
    - [rudra]( Framework for exhaustive analysis of (PCAP and PE) files
    - [PenBox]( Penetration Testing Framework - The Tool With All The Tools , The Hacker's Repo ([website](
    - [post-exploitation]( Post Exploitation Collection
    - [p0wnedShell]( PowerShell Runspace Post Exploitation Toolkit
    - [sshpry]( Seamlessly spy on SSH session like it is your tty
    - [cameradar]( Cameradar hacks its way into RTSP CCTV cameras
    - [DET]( Data Exfiltration Toolkit
    - [AhMyth-Android-RAT]( Android Remote Administration Tool
    - [cve-search]( tool to perform local searches for known vulnerabilities
    # Use cases
    - []( Indicators of Compromises (IOC) of our various investigations
    # Devices
    - [Emutag]( Mifare ultralight and ntag2x3 emulator
    - [WiFi deauther OLED V2](
    - [Mobile Hack Gear](
    # Wifi
    - [bully-vanilla]( Bully is a new implementation of the WPS brute force attack
    - [boxon](  Détecteur box vulnérables à la brèche PIN NULL ([topic](
    - [NullWpsPinAuto]( Simple bash script intended to exploit the Null Wps Pin breach automatically
    # Blog / Docs
    - [The definitive guide to form-based website authentication](
    - [Improved Persistent Login Cookie Best Practice](
    - [Nmap Cheat Sheet](
    - [XSS Cheat Sheet](
    # Training
    - [HackTheBox](
    - [Hacker House](
    - [Docker Hacking Challenge](
    # Misc
    - [Collection of CSP bypasses](
    # Other lists
    - [](
    - [](
    - [](
    - [](
    - [](
    - [](
    - [](
    - [](
    - [](
    - [](
    Codiga Logo
    Codiga Hub
    • Rulesets
    • Playground
    • Snippets
    • Cookbooks
    soc-2 icon

    We are SOC-2 Compliance Certified

    G2 high performer medal

    Codiga – All rights reserved 2022.