Tools and frameworks
AppSec / Product Security
DEFECT DOJO: Security program and vulnerability management tool. Features: Imports XML output from nmap, nikto, burp, qualys, nessus, ...Integrates to Jira. Generates reports.
ArcherySec: Centralize Vulnerability Assessment and Management for DevSecOps Team
Reapsaw: Reapsaw is a continuous security devsecops tool, which helps in enabling security into CI/CD Pipeline. It supports coverage for multiple programming languages.
HackerOne Hacktivity: See the latest hacker activity on HackerOne Bugcrowd VRT: Bugcrowd’s Vulnerability Rating Taxonomy
Kali Linux: The reference Linux-based VM for penetration testing
Commando VM by Fireeye: Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution
PentestBox is an Opensource PreConfigured Portable Penetration Testing Environment for the Windows Operating System
Metasploit: The world’s most used Penetration testing framework
PTF: Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration testing.
Faradaysec: Faradaysec is an Integrated Multiuser Pentest Environment that maps and leverages all the knowledge you generate in real time.
Armitage: Cyber Attack Management for Metasploit
Cobalt Strike: Adversary Simulation and Red team Operations
OWTF: OWASP Offensive Web Testing Framework Pwndrop: Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV
ISF: Industrial Control System (ICS) Exploitation Framework based on Python
smod: MODBUS Penetration Testing Framework
PLCscan: Siemens S7 PLC scanner IEC62443
NIST 800-82: NIST 800-82 Guide to Industrial Control Systems (ICS) Security
conpot: ICS/SCADA honeypot. Simulating Siemens S7 and other protocols modscan: Modbus OT devices scanner for Windows
Social Engineering tools
gophish: Open-Source Phishing Toolkit SET: Open-source penetration testing framework designed for social engineering