Offensive security tools are used to discover/confirm the existence of security holes and test the ability of an organization to detect and respond to security incidents. Many offensive security tools are free or open-source.
DISCLAIMER Information provided on this site is intended to improve security for everyone. The use of some of the tools listed on this site without implicit permission from the target is probably illegal in your jurisdiction. There is no need to get arrested and go to prison doing something stupid. There are bug bounty programs and penetration testing jobs that pay well, with little risk of time in prison. Do not hack shit you do not have permission to hack!
Ok, so here is the deal. There are countless offensive tools at this point and new ones coming out all the time. I look to Twitter to keep track of new tools and what is popular. Follow a bunch of hackers on Twitter and you will have a steady stream of good tools to look into. Here are some of my favorites.
Bloodhound https://github.com/BloodHoundAD/BloodHound/wiki – Once you have credentials, where do you go first? Bloodhound pulls data from Active Directory and visualizes privileged accounts and what they have access to.
Demon Linux – https://www.demonlinux.com/ Demon Linux is a lesser known offensive security distribution, but it is very good and has a lot of features Kali does not. It was also built to be more stable than Kali.
Kali Linux – https://www.kali.org/ – Kali Linux pentesting distribution.
Metasploit – http://www.metasploit.com/ – Metasploit pentesting framework. One of the best known hacking toolkits. Has exploits, but also a lot of useful auxiliary tools that can do things like password guessing.
Nmap – https://nmap.org/ – Nmap port scanner.
Responder https://github.com/lgandx/Responder– Responder is an awesome tool once you get in or for internal tests. It makes Windows networks rain passwords and password hashes.,
Shodan – https://www.shodan.io/ – Shodan scans the Internet and provides a searchable interface to the information collected.
Eyewitness – https://github.com/FortyNorthSecurity/EyeWitness – Eyewitness can take Nmap or Nessus scan results and use those to browse out to any open web ports and take screenshots of what shows up when you load the page. This allows you to quickly see what is running on the various open web ports via a nice report view and is really useful if you are dealing with dozens or more web servers.