Massive List of Tools Hackers use in 2016

This is the most complete list of tools which hackers use to penetrate and hack environments. The tools which are listed here are free to use and there are tons of documentation available which allow you to get a better understanding on how to use the listed tools – and if you do not want to read, you can use the Youtube search engine to find videos which teach you how to use the listed hacking tools.

Do keep in mind that hacking a device which is not yours is illegal, and in some countries you can be jailed for hacking into devices. Use these tools at your own risk – we have only listed them here for education purposes.

Information gathering tools

Hackers often have to perform research before they are able to perform an attack, and in order to speed up their research, they can use information gathering tools – these tools will lookup various public and private sources for information which can be used by the hacker.

It is important for the hacker to know which tool to use in order to get the right information – for example, if a hacker wants to see which ports are enabled on an external server, the hacker can use the NMAP tool to perform a port scan on the designated target server.

 

Information gathering tools

acccheck copy-router-config enumIAX InTrace Parsero

theHarvester

ace-voip DMitry exploitdb iSMTP Recon-ng TLSSLed
Amap dnmap Fierce lbd SET twofi
Automater dnsenum Firewalk Maltego Teeth smtp-user-enum URLCrazy
bing-ip2hosts dnsmap fragroute masscan snmpcheck Wireshark
braa DNSRecon fragrouter Metagoofil sslcaudit WOL-E
CaseFile dnstracer Ghost Phisher Miranda SSLsplit Xplico
CDPSnarf dnswalk GoLismero Nmap sslstrip
cisco-torch DotDotPwn goofile ntop SSLyze
Cookie Cadger enum4linux hping3 p0f THC-IPV6

Vulnerability Analysis Tools

Vulnerability Analysis tools

BBQSQL DotDotPwn openvas-administrator

sqlmap

BED Greenbone Security Assistant openvas-cli Sqlninja
cisco-auditing-tool GSD openvas-manager sqlsus
cisco-global-exploiter HexorBase openvas-scanner THC-IPV6
cisco-ocs Inguma Oscanner tnscmd10g
cisco-torch jSQL Powerfuzzer unix-privesc-check
copy-router-config Lynis sfuzz Yersinia
DBPwAudit Nmap SidGuesser
Doona ohrwurm SIPArmyKnife

 

Exploitation Tools

  • Armitage
  • Backdoor Factory
  • BeEF
  • cisco-auditing-tool
  • cisco-global-exploiter
  • cisco-ocs
  • cisco-torch
  • Commix
  • crackle
  • jboss-autopwn
  • Linux Exploit Suggester
  • Maltego Teeth
  • SET
  • ShellNoob
  • sqlmap
  • THC-IPV6
  • Yersinia

Forensics Tools

  • Binwalk
  • bulk-extractor
  • Capstone
  • chntpw
  • Cuckoo
  • dc3dd
  • ddrescue
  • DFF
  • diStorm3
  • Dumpzilla
  • extundelete
  • Foremost
  • Galleta
  • Guymager
  • iPhone Backup Analyzer
  • p0f
  • pdf-parser
  • pdfid
  • pdgmail
  • peepdf
  • RegRipper
  • Volatility
  • Xplico

Wireless Attacks

  • Aircrack-ng
  • Asleap
  • Bluelog
  • BlueMaho
  • Bluepot
  • BlueRanger
  • Bluesnarfer
  • Bully
  • coWPAtty
  • crackle
  • eapmd5pass
  • Fern Wifi Cracker
  • Ghost Phisher
  • GISKismet
  • Gqrx
  • gr-scan
  • kalibrate-rtl
  • KillerBee
  • Kismet
  • mdk3
  • mfcuk
  • mfoc
  • mfterm
  • Multimon-NG
  • PixieWPS
  • Reaver
  • redfang
  • RTLSDR Scanner
  • Spooftooph
  • Wifi Honey
  • Wifitap
  • Wifite

Web Applications

  • apache-users
  • Arachni
  • BBQSQL
  • BlindElephant
  • Burp Suite
  • CutyCapt
  • DAVTest
  • deblaze
  • DIRB
  • DirBuster
  • fimap
  • FunkLoad
  • Grabber
  • jboss-autopwn
  • joomscan
  • jSQL
  • Maltego Teeth
  • PadBuster
  • Paros
  • Parsero
  • plecost
  • Powerfuzzer
  • ProxyStrike
  • Recon-ng
  • Skipfish
  • sqlmap
  • Sqlninja
  • sqlsus
  • ua-tester
  • Uniscan
  • Vega
  • w3af
  • WebScarab
  • Webshag
  • WebSlayer
  • WebSploit
  • Wfuzz
  • WPScan
  • XSSer
  • zaproxy

 

Stress Testing

  • DHCPig
  • FunkLoad
  • iaxflood
  • Inundator
  • inviteflood
  • ipv6-toolkit
  • mdk3
  • Reaver
  • rtpflood
  • SlowHTTPTest
  • t50
  • Termineter
  • THC-IPV6
  • THC-SSL-DOS

Sniffing & Spoofing

  • Burp Suite
  • DNSChef
  • fiked
  • hamster-sidejack
  • HexInject
  • iaxflood
  • inviteflood
  • iSMTP
  • isr-evilgrade
  • mitmproxy
  • ohrwurm
  • protos-sip
  • rebind
  • responder
  • rtpbreak
  • rtpinsertsound
  • rtpmixsound
  • sctpscan
  • SIPArmyKnife
  • SIPp
  • SIPVicious
  • SniffJoke
  • SSLsplit
  • sslstrip
  • THC-IPV6
  • VoIPHopper
  • WebScarab
  • Wifi Honey
  • Wireshark
  • xspy
  • Yersinia
  • zaproxy

Password Attacks

  • acccheck
  • Burp Suite
  • CeWL
  • chntpw
  • cisco-auditing-tool
  • CmosPwd
  • creddump
  • crunch
  • DBPwAudit
  • findmyhash
  • gpp-decrypt
  • hash-identifier
  • HexorBase
  • THC-Hydra
  • John the Ripper
  • Johnny
  • keimpx
  • Maltego Teeth
  • Maskprocessor
  • multiforcer
  • Ncrack
  • oclgausscrack
  • PACK
  • patator
  • phrasendrescher
  • polenum
  • RainbowCrack
  • rcracki-mt
  • RSMangler
  • SQLdict
  • Statsprocessor
  • THC-pptp-bruter
  • TrueCrack
  • WebScarab
  • wordlists
  • zaproxy

Maintaining Access

  • CryptCat
  • Cymothoa
  • dbd
  • dns2tcp
  • http-tunnel
  • HTTPTunnel
  • Intersect
  • Nishang
  • polenum
  • PowerSploit
  • pwnat
  • RidEnum
  • sbd
  • U3-Pwn
  • Webshells
  • Weevely
  • Winexe

Reverse Engineering

  • apktool
  • dex2jar
  • diStorm3
  • edb-debugger
  • jad
  • javasnoop
  • JD-GUI
  • OllyDbg
  • smali
  • Valgrind
  • YARA

Reporting Tools

  • CaseFile
  • CutyCapt
  • dos2unix
  • Dradis
  • KeepNote
  • MagicTree
  • Metagoofil
  • Nipper-ng
  • pipal

All of the tools which are mentioned above are pre-installed in the Kali Linux distro which you can download for free at https://www.kali.org/.