Important Pentest Tools You must Check

PowerUpSQL
• SysInternals
• Donut
• Chisel
• Powermad
• Burpsuite
• Metasploit
• Powershell-Suite
• Rubeus
• Fuzzdb
• gobuster
• Acunetix
• Nessus
• Cobalt Strike
• PowerSploit
• Impacket
• PingCastle
• Process Hacker
• Hashcat
• John the Ripper
• Hydra
• Aircrack-ng
• Burpsuite
• Metasploit
•Lair – Reactive attack collaboration framework and web application built with meteor.
•Pentest Collaboration Framework (PCF) – Open source, cross-platform, and portable toolkit for automating routine pentest processes with a team.
•peda – Python Exploit Development Assistance for GDB.
•Industrial Exploitation Framework (ISF) – Metasploit-like exploit framework based on routersploit designed to target Industrial Control Systems (ICS), SCADA devices, PLC firmware, and more.
•Decker – Penetration testing orchestration and automation framework, which allows writing declarative, reusable configurations capable of ingesting variables and using outputs of tools it has run as inputs to others.
•Faraday – Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.
• CrackMapExec – Swiss army knife for pentesting networks.
•SigPloit – Signaling security testing framework dedicated to telecom security for researching vulnerabilites in the signaling protocols used in mobile (cellular phone) operators.•
•ACLight – Script for advanced discovery of sensitive Privileged •Accounts – includes Shadow Admins.
• AQUATONE – Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.•
•CloudFail – Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
•DNSDumpster – Online DNS recon and search service.
•Mass Scan – TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
•OWASP Amass – Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc.
•celerystalk – Asynchronous enumeration and vulnerability scanner that “runs all the tools on all the hosts” in a configurable manner.
•kube-hunter – Open-source tool that runs a set of tests (“hunters”) for security issues in Kubernetes clusters from either outside (“attacker’s view”) or inside a cluster.
•Active Directory and Privilege Escalation (ADAPE) – Umbrella script that automates numerous useful PowerShell modules to discover security misconfigurations and attempt privilege escalation against Active Directory.
•GTFOBins – Curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
• LOLBAS (Living Off The Land Binaries and Scripts) – Documents binaries, scripts, and libraries that can be used for “Living Off The

https://github.com/enaqx/awesome-pentest