pwnHACKER // TOOLS

Ethical Hacking Arsenal — Use Responsibly

// SECURITY ADVISORY — USE A VPN

Your ISP monitors everything you do online. Without encryption, your IP is exposed and your activity is logged. Surfshark masks your traffic, bypasses geo-restrictions, and keeps you anonymous — for less than $0.06/day. We use it. We recommend it. Don't hack unprotected.

⚡ GET SURFSHARK — 87% OFF + 3 MONTHS FREE
— ARSENAL // LOADED —
TOOLS // SEARCH & FILTER
root@pwnhacker:~$ 15 TOOLS
[OS] Kali Linux
Recon Exploit Free

The gold standard for penetration testers. Kali Linux is a Debian-based OS pre-loaded with 600+ security tools covering everything from network analysis to forensics. It's the foundation of any serious ethical hacking lab — run it live, in a VM, or on bare metal.

PlatformLinux (Bare Metal / VM / Live USB) LicenseFree / Open Source Maintained byOffensive Security Use CasesPen TestingCTFSecurity Research Downloadkali.org/get-kali/ ↗
Nmap
Recon Free

Network Mapper — the essential tool for network discovery and security auditing. Nmap uses raw IP packets to determine hosts on a network, services they're running, OS versions, firewalls in use, and dozens of other characteristics. Indispensable for any recon phase.

PlatformLinux / Windows / macOS LicenseFree / Open Source (GPL) Use CasesPort ScanningOS DetectionService Enum Downloadnmap.org ↗
root@kali:~$ sudo apt install nmap
[M] Metasploit Framework
Exploit Free

The world's most used penetration testing framework. Metasploit contains thousands of pre-built exploits, payloads, and auxiliary modules. It enables security professionals to simulate attacks, test defenses, and validate remediation efforts in a controlled environment.

PlatformLinux / Windows / macOS LicenseCommunity: Free | Pro: Paid Maintained byRapid7 Use CasesExploitationPost-ExploitationPayload Delivery Downloadmetasploit.com ↗
root@kali:~$ sudo apt install metasploit-framework
[W] Wireshark
Forensics Recon Free

The world's foremost network protocol analyzer. Wireshark lets you capture and interactively browse network traffic, drilling into packet-level detail across hundreds of protocols. Essential for diagnosing network issues, studying protocol behavior, and spotting anomalies.

PlatformLinux / Windows / macOS LicenseFree / Open Source (GPL) Use CasesPacket AnalysisTraffic CaptureProtocol Study Downloadwireshark.org ↗
root@kali:~$ sudo apt install wireshark
)))) Aircrack-ng
Wireless Password Free

The definitive wireless network security toolkit. Aircrack-ng covers monitoring, attacking, testing, and cracking Wi-Fi security protocols. Capable of cracking WEP keys and WPA/WPA2-PSK passphrases through captured handshakes and dictionary attacks. jT's personal wireless testing staple.

PlatformLinux / Windows / macOS LicenseFree / Open Source (GPL) Use CasesWEP CrackingWPA HandshakePacket Injection Downloadaircrack-ng.org ↗
root@kali:~$ sudo apt install aircrack-ng
[K] Kismet
Wireless Recon Free

A powerful wireless network detector, sniffer, and IDS. Kismet works passively — detecting networks without sending any packets — making it ideal for wardriving and covert wireless surveillance. Supports Wi-Fi, Bluetooth, RF, and more via software-defined radio. Featured in pwnHACKER's dedicated guide.

PlatformLinux (Kali recommended) LicenseFree / Open Source (GPL) Use CasesWardrivingPassive SniffingIDSBluetooth Blog PostComplete Kismet Guide ↗ Downloadkismetwireless.net ↗
root@kali:~$ sudo apt install kismet
[B] Burp Suite
Web Exploit Free / Paid

The industry-standard web application security testing platform. Burp Suite's intercepting proxy lets you examine and manipulate every HTTP/S request and response between browser and server. Ideal for finding XSS, SQL injection, IDOR, and authentication flaws.

PlatformLinux / Windows / macOS (Java) LicenseCommunity: Free | Pro: ~$449/yr Maintained byPortSwigger Use CasesHTTP ProxySQLiXSSAPI Testing Downloadportswigger.net ↗
[S] Shodan
OSINT Recon Free / Paid

The search engine for Internet-connected devices. Shodan continuously crawls the internet and indexes open ports, banners, and services exposed on billions of devices — from routers and cameras to industrial control systems. Invaluable for external attack surface mapping and target research.

PlatformWeb / API / CLI LicenseFree (limited) | Paid plans available Blog PostShodan Getting Started Guide ↗ Use CasesIoT DiscoveryBanner GrabAttack Surface Websiteshodan.io ↗
[J] John the Ripper
Password Free

A fast, free, and open-source password security auditing and recovery tool. John the Ripper supports hundreds of hash and cipher types, automatically detects password hash types, and can run dictionary, brute-force, and hybrid attacks. The go-to tool for cracking password hashes.

PlatformLinux / Windows / macOS LicenseFree / Open Source (GPL) Use CasesHash CrackingDictionary AttackBrute Force Downloadopenwall.com/john ↗
root@kali:~$ sudo apt install john
[N] Nikto
Web Recon Free

An open-source web server scanner that performs comprehensive tests against web servers — checking for dangerous files, outdated server software, version-specific problems, and common misconfigurations. Fast and noisy — not stealthy, but thorough.

PlatformLinux / Windows / macOS (Perl) LicenseFree / Open Source (GPL) Use CasesWeb Server AuditMisconfig DetectionCVE Checks Downloadgithub.com/sullo/nikto ↗
root@kali:~$ sudo apt install nikto
[X] Xeuledoc
OSINT Free

A Python-based OSINT tool that extracts metadata from public Google Documents — including author names, account IDs, creation dates, and sharing permissions. Surprisingly powerful for deanonymizing document creators who share files carelessly. Featured on pwnHACKER.

PlatformLinux / macOS / Windows (Python) LicenseFree / Open Source (MIT) Blog PostOSINT Google Document Info ↗ Use CasesGoogle Doc MetadataAccount OSINTDeanonymization Downloadgithub.com/Malfrats/xeuledoc ↗
root@kali:~$ pip3 install xeuledoc
Storm-Breaker
Exploit OSINT Free

A social engineering tool that — with user consent — can access a target device's camera, microphone, and geolocation through a crafted link. Used in controlled security demonstrations and training to illustrate how browser permissions can be abused. For ethical use and security awareness only.

PlatformLinux / Termux (Python) LicenseFree / Open Source Blog PostStorm-Breaker Guide ↗ Use CasesSocial Eng TrainingCamera Access DemoAwareness Downloadgithub.com/ultrasecurity ↗
[Z] OWASP ZAP
Web Free

The Zed Attack Proxy — OWASP's flagship web security scanner. ZAP is both an intercepting proxy and an automated vulnerability scanner for web applications. Designed for both beginners and seasoned professionals, it integrates easily into CI/CD pipelines for automated security testing.

PlatformLinux / Windows / macOS (Java) LicenseFree / Open Source (Apache 2.0) Maintained byOWASP Foundation Use CasesWeb Vuln ScanActive ScanCI/CD Integration Downloadzaproxy.org ↗
[H] Hashcat
Password Free

The world's fastest and most advanced GPU-accelerated password recovery tool. Hashcat supports over 300 hash types and five attack modes — dictionary, combinator, brute-force, mask, and rule-based. With modern GPUs it can test billions of candidates per second.

PlatformLinux / Windows / macOS LicenseFree / Open Source (MIT) Use CasesGPU Hash CrackingMD5/SHA/bcryptWordlist Attack Downloadhashcat.net ↗
root@kali:~$ sudo apt install hashcat
[M] Maltego
OSINT Recon Free / Paid

The premier visual link analysis and OSINT investigation platform. Maltego maps relationships between people, organizations, domains, IPs, infrastructure, and social networks using graph-based visualizations. Transforms automate data gathering from hundreds of sources in a single workspace.

PlatformLinux / Windows / macOS (Java) LicenseCommunity: Free | Pro: Paid Maintained byMaltego Technologies Use CasesGraph AnalysisPeople OSINTDomain Recon Downloadmaltego.com ↗
[ NO TOOLS MATCH QUERY ]