Kali Linux - The one, the only. Kali Linux is an open-source, Debian-based Linux distribution geared towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering.
pimpmykali - Fixes for new imported Kali Linux virtual machines
Penetration Testing: Using Kali Linux - pg. 55
ParrotOS - Parrot OS, the flagship product of Parrot Security is a GNU/Linux distribution based on Debian and designed with Security and Privacy in mind. It includes a full portable laboratory for all kinds of cyber security operations, from pentesting to digital forensics and reverse engineering, but it also includes everything needed to develop your own software or keep your data secure.
Commando-VM - Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution.
ThreatBox - A handy offensive linux distro that uses a set of Ansible playbooks for automation and deployment.
Exegol - Exegol is a fully configured docker with many useful additional tools, resources (scripts and binaries for privesc, credential theft etc.) and some configuration (oh-my-zsh, history, aliases, colorized output for some tools). It can be used in pentest engagements, bugbounty, CTF, HackTheBox, OSCP lab & exam and so on.
https://houdini.secsi.io/ - HOUDINI (Hundreds of Offensive and Useful Docker Images for Network Intrusion) is a curated list of Network Security related Docker Images for Network Intrusion purposes.
Impacket - Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch, as well as parsed from raw data, and the object oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library.
Nishang - Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing.
PowerSharpPack - Many usefull offensive CSharp Projects wraped into Powershell for easy usage.
PowerHub - PowerHub is a convenient post exploitation tool for PowerShell which aids a pentester in transferring data, in particular code which may get flagged by endpoint protection
threatbox - Offensive distribution loaded with Ansible scripts for offensive automation.Utility techniques are ones you might not use every engagement, but are still super important to have. Sometimes these supplementary techniques will be the only way you can exploit your target.
expect - Expect is a tool for automating interactive applications according to a script. Following the script, Expect knows what can be expected from a program and what the correct response should be.
0trace - A traceroute tool that can be run within an existing, open TCP connection, therefore bypassing some types of stateful packet filters with ease.
fping - fping is a ping like program which uses the Internet Control Message Protocol (ICMP) echo request to determine if a target host is responding.
hping3 - hping3 is a network tool able to send custom ICMP/UDP/TCP packets and to display target replies like ping does with ICMP replies.
Netwox Toolkit - Toolbox netwox helps to find and solve network problems.
goldeneye - GoldenEye is a HTTP DoS Test Tool. This tool can be used to test if a site is susceptible to Deny of Service (DoS) attacks. Is possible to open several parallel connections against a URL to check if the web server can be compromised.
siege - Siege is an regression test and benchmark utility. It can stress test a single URL with a user defined number of simulated users, or it can read many URLs into memory and stress them simultaneously.