Tools and frameworks


AppSec / Product Security

  • DEFECT DOJO: Security program and vulnerability management tool. Features: Imports XML output from nmap, nikto, burp, qualys, nessus, ...Integrates to Jira. Generates reports.
  • ArcherySec: Centralize Vulnerability Assessment and Management for DevSecOps Team
  • Reapsaw: Reapsaw is a continuous security devsecops tool, which helps in enabling security into CI/CD Pipeline. It supports coverage for multiple programming languages.
  • HackerOne Hacktivity: See the latest hacker activity on HackerOne
  • Bugcrowd VRT: Bugcrowd’s Vulnerability Rating Taxonomy

Red Team

  • Kali Linux: The reference Linux-based VM for penetration testing
  • Commando VM by Fireeye: Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution
  • PentestBox is an Opensource PreConfigured Portable Penetration Testing Environment for the Windows Operating System
  • Metasploit: The world’s most used Penetration testing framework
  • PTF: Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration testing.
  • Faradaysec: Faradaysec is an Integrated Multiuser Pentest Environment that maps and leverages all the knowledge you generate in real time.
  • Armitage: Cyber Attack Management for Metasploit
  • Cobalt Strike: Adversary Simulation and Red team Operations
  • OWTF: OWASP Offensive Web Testing Framework
  • Pwndrop: Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV

Purple Team

Blue Team


  • ISF: Industrial Control System (ICS) Exploitation Framework based on Python
  • smod: MODBUS Penetration Testing Framework
  • PLCscan: Siemens S7 PLC scanner
  • IEC62443
  • NIST 800-82: NIST 800-82 Guide to Industrial Control Systems (ICS) Security
  • conpot: ICS/SCADA honeypot. Simulating Siemens S7 and other protocols
  • modscan: Modbus OT devices scanner for Windows

Social Engineering tools

  • gophish: Open-Source Phishing Toolkit
  • SET: Open-source penetration testing framework designed for social engineering