A powerful collection of tools designed for social engineering research, penetration testing, and security awareness training. These tools help security researchers understand human manipulation tactics and improve defense mechanisms.
- Phishing Attack Automation: Generate convincing phishing pages and email templates.
- Vishing Tool: Automate phone-based social engineering attacks for security assessments.
- Pretexting Scripts: Pre-built scenarios to test employee awareness.
- Baiting Simulations: Tools to create malware-laden bait files for educational use.
- Impersonation Templates: Ready-made impersonation scripts for authorized social engineering tests.
- Report Generator: Auto-generate detailed vulnerability and awareness reports.
- Quid Pro Quo Tool: Simulate exchange-of-service scenarios to raise awareness.
- Smishing Tool: Create and deploy SMS-based phishing messages.
- Tailgating Simulator: Educate teams on unauthorized access attempts.
- Dumpster Diving Awareness Module: Train employees on securing discarded information.
- Evilginx: Advanced phishing framework that bypasses 2FA.
- GoPhish: Phishing framework for security awareness training.
- Modlishka: Reverse proxy tool for automated phishing campaigns.
- SocialFish: User-friendly tool for creating realistic phishing pages.
- King Phisher: Phishing campaign toolkit with detailed reporting features.
- PhishX: Multi-functional tool for email spoofing, SMS phishing, and fake login pages.
- BlackEye: Popular tool for crafting phishing pages for major platforms.
- HiddenEye: Phishing tool supporting multi-platform credential harvesting.
- EvilnoVNC: Advanced tool using noVNC for browser-based phishing attacks.
- CredSniper: Automated phishing kit for realistic login page replicas.
- Caller ID Spoofer: Enables fake caller ID manipulation for security testing.
- PrankDial: Automated voice prank system for awareness training.
- PhoneInfoga: Tool for gathering phone number intelligence.
- SpoofCard: A tool for spoofing caller ID for testing and awareness campaigns.
- FireRTC: A VoIP tool that allows anonymous and secure calling.
- Hushed: A tool that provides temporary phone numbers for secure communication.
- MySudo: Privacy-focused app for secure calls, messaging, and browsing.
- Maltego: Excellent for gathering intelligence and building convincing pretexts.
- theHarvester: Ideal for collecting email addresses, names, and data for realistic scenarios.
- Sherlock: Finds social media accounts to build detailed pretexts.
- Recon-ng: A powerful framework for information gathering.
- OSINT Framework: Resource collection for identifying targets and developing credible stories.
- Canarytokens - Generates tracking links, documents, and web bugs to detect unauthorized access or data theft.
- Glastopf - Web application honeypot designed to emulate known vulnerabilities to attract and analyze attackers.
- HoneyPy - Lightweight honeypot that simulates services to lure and analyze malicious behavior.
- Kippo - SSH honeypot designed to log brute force attacks and session activities.
- Artillery - Honeypot solution for detecting and blocking malicious activities.
- Dionaea - Honeypot framework designed to capture malware through exploitation techniques.
- T-Pot - All-in-one honeypot platform combining multiple honeypot tools in a single framework.
- WordPot - Honeypot designed to mimic WordPress installations for detecting malicious scans and attacks.
- Cowrie - SSH and Telnet honeypot designed to track malicious activities on vulnerable systems.
- Conpot - ICS/SCADA honeypot to simulate industrial control systems for security research.
- SET (Social Engineering Toolkit) - Powerful tool for creating convincing impersonation scenarios, including email, SMS, and website templates.
- Evilginx - Advanced phishing and impersonation framework that bypasses 2FA using reverse proxy attacks.
- GoPhish - User-friendly phishing toolkit with custom email impersonation capabilities.
- Modlishka - Reverse proxy tool for automating credential theft through impersonated login pages.
- Phishing Frenzy - Tool for creating highly customizable phishing templates and campaigns.
- King Phisher - Phishing toolkit for crafting tailored impersonation campaigns.
- EvilnoVNC - VNC-based impersonation tool that simulates desktop environments for phishing.
- PhishX - Tool with impersonation templates for email, SMS, and fake login pages.
- BlackEye - Tool for cloning websites and impersonating popular platforms.
- HiddenEye - Multi-platform phishing tool for creating convincing impersonation scenarios.
- Dradis - Collaboration and report generation platform for security assessments with automated data integration.
- Faraday - Centralized platform for security teams with integrated report generation features.
- Serpico - Simple and efficient tool for creating structured security reports using templates.
- MagicTree - Data consolidation and report generation tool designed for penetration testers.
- PwnDoc - Web application for generating penetration testing reports with custom templates.
- Vulnreport - Automated reporting platform for red teams and penetration testers.
- Reconmap - Open-source security platform with integrated reporting for security professionals.
- Pentest-Report-Generator - Tool for generating detailed pentest reports using markdown templates.
- ReportGenerator - Tool for converting code coverage reports into human-readable formats.
- LaTeX PenTest Report - LaTeX-based penetration testing report template for professional-grade reports.
- SET (Social Engineering Toolkit) - Provides various modules for social engineering attacks, including quid pro quo scenarios for awareness training.
- GoPhish - Open-source phishing framework that can be adapted for quid pro quo awareness campaigns.
- Modlishka - Reverse proxy tool useful for impersonation tactics in quid pro quo attacks.
- King Phisher - Advanced phishing platform for creating interactive quid pro quo awareness campaigns.
- Evilginx - Tool for simulating advanced social engineering attacks with interactive elements.
- PhishX - Multi-purpose social engineering tool capable of running quid pro quo attack scenarios.
- HiddenEye - Phishing tool that can simulate social engineering campaigns with quid pro quo elements.
- BlackEye - Social engineering tool designed for mimicking popular services for phishing and awareness.
- QRGen - QR code generator that can be adapted for quid pro quo simulations via malicious link creation.
- USB Rubber Ducky - Physical payload delivery device that can execute social engineering tactics in quid pro quo scenarios.
- SET (Social Engineering Toolkit) - Offers a powerful SMS spoofing module for conducting smishing awareness simulations.
- EvilSMS - Open-source tool for sending fake SMS messages during social engineering tests.
- SMS Spoofing Tool - Python-based SMS spoofing tool ideal for smishing awareness training.
- SMiShing Toolkit - Tool that helps security researchers craft convincing SMS phishing campaigns.
- GoPhish - Although designed for phishing, GoPhish can be adapted for smishing campaigns.
- HackTricks SMS Spoofer - SMS spoofing guide with practical scripts for security testing.
- SMS Bomber - Although designed for SMS spamming, it can be used in security simulations.
- Termux-SMS - Tool designed for Android devices via Termux to simulate SMS phishing campaigns.
- SMSSpoof - Python-based smishing framework for crafting believable SMS attacks.
- Spammer-Grab - Open-source tool designed to automate SMS testing campaigns.
- CCTV Simulator - Software for creating realistic CCTV simulations to train staff on identifying unauthorized access attempts.
- GuardPoint Pro - Access control platform with simulation features to assess tailgating vulnerabilities.
- iPass Simulator - Tool designed to simulate employee badge and access control bypass scenarios.
- Access Control Assessment Tool - Open-source utility for evaluating access point weaknesses in physical security.
- RFID Emulator - Tool for replicating RFID signals to test unauthorized entry points.
- Proxmark3 - RFID testing tool capable of simulating access card cloning in tailgating attack scenarios.
- OpenPath Security - Cloud-based access control solution with simulated attack features.
- BadgeRanger - Utility designed for testing security gaps related to access badges and entry systems.
- KeyDuino - Open-source NFC and RFID security tool useful for simulating tailgating scenarios.
- SpyRFID - Tool for analyzing RFID badge systems to evaluate security flaws.
- OSINT Framework - Open-source intelligence tool that helps demonstrate how discarded information can be exploited.
- Recon-ng - Powerful reconnaissance tool that can showcase how publicly available data can be gathered, mimicking dumpster diving tactics.
- DumpsterFire - Automated task chaining tool that simulates data leakage and mishandled information scenarios.
- Creepy - Tool for location tracking via metadata, showcasing how leaked digital information can be exploited.
- Maltego - Visual data mapping tool used to track exposed data often found through dumpster diving tactics.
- FOCA - Metadata analysis tool that reveals sensitive information in publicly available documents.
- ExifTool - Metadata extraction tool that educates users on hidden data exposure risks in files.
- Intel Techniques - Comprehensive OSINT platform for teaching digital footprint management and data security.
- TheHarvester - Tool for gathering information like emails, subdomains, and files that mimic data exposure risks.
- DataSploit - Open-source intelligence framework designed to identify exposed data points found in discarded digital resources.