Standard Security Testing Tools Employed By Gotham Security
| Name | Description | Associated Security Assessments |
|---|---|---|
Aircrack-ng | Set of tools for auditing wireless networks. | Wifi Pentesting |
AlienVault OTX | Open Threat Intelligence Community | Recon & OSINTExternal Network Pentesting |
Amass | network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques, maintained by OWASP. | Recon & OSINTExternal Network Pentesting |
AstraGlide | Python3 port of the abandoned API fuzzing tool Astra | API Pentesting |
Autorize | BurpSuite plugin to test authorization controls without having to manually send requests to repeater and copy/paste different user tokens and replay them; it automates this process for you. | Web App PentestingAPI PentestingMobile App Pentesting |
BeastMaster | BEAST PoC (TLS 1.0 + CBC) | Internal Network PentestingExternal Network PentestingWeb App Pentesting |
binwalk
| Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images. | Mobile App PentestingStatic Code AnalysisOther |
Bloodhound
| Graphical Active Directory trust relationship explorer. | Internal Network Pentesting |
Brakeman | Static analysis security vulnerability scanner for Ruby on Rails applications. | Mobile App PentestingStatic Code AnalysisDynamic Code Analysis |
BuiltWith
| Technology lookup tool for websites. | Recon & OSINTSocial Engineering |
Burp Suite | Intercepting proxy that can be used to modify HTTP requests/responses | Web App PentestingAPI PentestingMobile App PentestingCode Tampering |
CeWL | Generates custom wordlists by spidering a target's website and collecting unique words. | External Network PentestingInternal Network PentestingRecon & OSINT |
Cheat Engine
| Memory debugger and hex editor for running applications. | Runtime Tampering |
Cloudimized | Cloudimized is a Google Cloud Platform (GCP) configuration scanning tool. It allows monitoring changes of selected resources. | Cloud PentestingCloud Risk Analysis |
CloudSploit | CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts, including: Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI), and GitHub. | Cloud PentestingCloud Risk Analysis |
Coda Intelligence | Vulnerability Management Solution Operating under the NIST Cybersecurity Framework | External Network PentestingInternal Network PentestingPurple Teaming |
Codebeat (open source)
| Open source implementation of commercial static code analysis tool with GitHub integration. | Static Code Analysis |
crackpkcs12 | Multithreaded program to crack PKCS#12 files ( .p12
and .pfx
extensions), such as TLS/SSL certificates. | Wifi Pentesting |
Criminal IP | Web-based OSINT information platform | Recon & OSINTExternal Network Pentesting |
CTF - Reverse Shell Generator | Hosted Reverse Shell generator with a ton of functionality -- (great for CTFs) | Internal Network PentestingExternal Network PentestingWeb App Pentesting |
dnschef
| Highly configurable DNS proxy for pentesters. | External Network PentestingWeb App Pentesting |
dnSpy
| Tool to reverse engineer .NET assemblies. | Runtime TamperingCode Tampering |
DNSRecon | Back up to DNS Zone Transfer. Can be used for more reasons aside from just DNS Zone Transfer testing. | Recon & OSINTExternal Network Pentesting |
DNSTwist
| Open source phishing domain scanner to identify potentially malicious typosquatted domains. | Recon & OSINTSocial EngineeringExternal Network Pentesting |
dorker.py | Python script for executing Google dorks | Recon & OSINTExternal Network Pentesting |
Evilnginx2 | evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection. | Social Engineering |
FiercePhish | This is a very interesting tool. It seems that this PyGo Phish - this seems, more or less like an email sending tool that is just wrapped in the idea of phishing. Create the links with GoPhish and still host with GoPhish, but send with Fiece Phish | Social Engineering |
GCPBucketBrute | A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated. | Cloud Risk AnalysisCloud Pentesting |
GoPhish
| Open source phishing toolkit | Social Engineering |
GrayHatWarfare | OSINT platform to search for Cloud assets | Social Engineering |
Hashcat
| Fast hash cracking utility with support for most known hashes as well as OpenCL and CUDA acceleration. | Internal Network PentestingExternal Network PentestingWifi Pentesting |
Headstart
| Lazy man's Windows privilege escalation tool utilizing PowerSploit. | Internal Network Pentesting |
HexEdit.js | Browser-based hex editing. | Reverse EngineeringCode TamperingRuntime TamperingStatic Code AnalysisDynamic Code Analysis |
Hybrid Analysis
| Online malware scanner. | Traditional Risk Analysis |
IIS-Shortname-Scanner
| Command line tool to exploit the Windows IIS tilde information disclosure vulnerability. | External Network PentestingInternal Network PentestingWeb App Pentesting |
impacket | Collection of Python classes for working with network protocols. | Internal Network Pentesting |
John the Ripper | Fast password cracker. | External Network PentestingInternal Network Pentesting |
JWT Cracker
| Simple HS256 JWT token brute force cracker. | Web App PentestingAPI PentestingDynamic Code AnalysisMobile App Pentesting |
jwt_tool | A toolkit for validating, forging, scanning and tampering JWTs (JSON Web Tokens). | Web App Pentesting |
ldapdomaindump
| Active directory domain information dumper | Internal Network Pentesting |
ldapsearch
| Linux command line utility for querying LDAP servers. | Internal Network Pentesting |
Legion | Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools. | Internal Network PentestingExternal Network Pentesting |
LinEnum | Linex enumeration tool for priviledge escalation. | Internal Network Pentesting |
Linkedin2username
| OSINT Tool: Generate username lists from companies on LinkedIn. | Recon & OSINTSocial Engineering |
LinPEAS
| A series of scripts for Linux priviledge escalation. | Internal Network Pentesting |
Linus
| Security auditing tool for Linux and macOS. | Internal Network Pentesting |
Linux Exploit Suggester
| Heuristic reporting on potentially viable exploits for a given GNU/Linux system. | Internal Network Pentesting |
Log4jCenter
| VMWare vCenter Log4Shell exploitation tool. | External Network PentestingInternal Network PentestingWeb App Pentesting |
Log4jShell_Scanner
| This shell script scans a vulnerable web application that is using a version of apache-log4j < 2.15.0. This application is a static implementation, which means it does not perform domain, sub-domain, or webpage discovery. | External Network PentestingInternal Network PentestingWeb App Pentesting |
Lucy | Commercial phishing and smsishing platform | Social Engineering |
Maltego | Proprietary software for open source intelligence and forensics, from Paterva. | Recon & OSINT |
Mass Scan | TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. | External Network PentestingInternal Network Pentesting |
Mentalist
| Graphical tool for custom wordlist generation | Internal Network PentestingExternal Network Pentesting |
Metasploit
| Software for offensive security teams to help verify vulnerabilities and manage security assessments. | Internal Network PentestingExternal Network PentestingWeb App PentestingAPI Pentesting |
mimikatz | Credentials extraction tool for Windows operating system. | Internal Network Pentesting |
mitmproxy
| Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers. | Web App PentestingAPI PentestingCloud PentestingDynamic Code AnalysisMobile App Pentesting |
Modlishka
| Flexible reverse proxy tool for phishing engagements. | Social Engineering |
Mxtoolbox | Email domain and DNS lookup. | Recon & OSINTExternal Network Pentesting |
Ncat | TCP/IP command line utility supporting multiple protocols, included with Nmap. | Internal Network PentestingExternal Network Pentesting |
Nessus | Commercial vulnerability assessment tool, sold by Tenable. | External Network PentestingInternal Network PentestingWeb App PentestingCloud Risk AnalysisCloud Pentesting |
Netdiscover
| Simple and quick network scanning tool. | Internal Network Pentesting |
netsniff-ng
| Swiss army knife for for network sniffing. | Internal Network Pentesting |
Netsparker Web Application Security Scanner | Commercial web application security scanner to automatically find many different types of security flaws. | Internal Network PentestingWeb App Pentesting |
Network Detective | White Box tool used for network analysis, enumeration of users, permission, shares, and assets, sold by Rapidfiretools. | Purple TeamingTraditional Risk AnalysisOther |
Network-Tools.com | Website offering an interface to numerous basic network utilities like ping
, traceroute
, whois
, and more. | External Network PentestingInternal Network Pentesting |
Nexpose
| Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7. | Internal Network PentestingExternal Network Pentesting |
Nikto
| Noisy but fast black box web server and web application vulnerability scanner. | Web App PentestingInternal Network PentestingExternal Network Pentesting |
nmap
| Free security scanner for network exploration & security audits. | Recon & OSINTExternal Network PentestingInternal Network PentestingPurple Teaming |
noPhish | phishing toolkit which provides an docker and noVNC based infrastructure. | Social Engineering |
NoVNC | both a HTML VNC client JavaScript library and an application built on top of that library. | Social Engineering |
OpenVAS | Open source implementation of the popular Nessus vulnerability assessment system. | Internal Network PentestingExternal Network Pentesting |
OWASP Dependency Check
| Open source static analysis tool that enumerates dependencies used by Java and .NET software code (with experimental support for Python, Ruby, Node.js, C, and C++) and lists security vulnerabilities associated with the dependencies. | Static Code Analysis |
OWASP Zed Attack Proxy (ZAP)
| Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications. | Web App Pentesting |
Pacu | AWS exploitation framework. | Cloud PentestingCloud Risk AnalysisPurple Teaming |
peda
| Python Exploit Development Assistance for GDB. | Code TamperingRuntime TamperingReverse Engineering |
Pentest-tools | Web based platform for several open source reconnaissance and exploitation tools. | Recon & OSINTExternal Network Pentesting |
PimpMyKali | Provides fixes for new imported Kali Linux virtual machines — including impacket | Internal Network Pentesting |
plasma | Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code. | Code TamperingReverse Engineering |
Postman | API development tool which helps to build, test and modify APIs. | Web App PentestingAPI Pentesting |
PowerSploit | PowerShell Post-Exploitation Framework. | Internal Network Pentesting |
Principle Mapper | Open source AWS IAM vulnerability analysis tool. | Cloud PentestingAPI PentestingWeb App PentestingMobile App Pentesting |
Printer Exploitation Toolkit (PRET) | Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features. | Internal Network Pentesting |
Prowler | Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. | Cloud PentestingCloud Risk AnalysisPurple Teaming |
pyShodan | Python 3 script for interacting with Shodan API. Has three modes of operation: making an API query for a search term, a single IP address, or for a list of IP addresses in a .txt file. | Recon & OSINTExternal Network Pentesting |
Radare2 | Open source, crossplatform reverse engineering framework. | Code TamperingReverse EngineeringRuntime Tampering |
recon-ng | Full-featured Web Reconnaissance framework written in Python. | Recon & OSINT |
Responder
| Open source NBT-NS, LLMNR, and MDNS poisoner. | Internal Network Pentesting |
Responder-Windows
| Windows version of the above NBT-NS/LLMNR/MDNS poisoner. | Internal Network Pentesting |
Reverse Shell Generator | Web based tool to generate reverse shells | Web App PentestingInternal Network PentestingExternal Network Pentesting |
S3Scanner | A tool to find open S3 buckets and dump their contents | External Network PentestingCloud PentestingCloud Risk Analysis |
Scout Suite | Open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. | Cloud Risk AnalysisCloud PentestingPurple Teaming |
Secret Scanner | Searches for common keys and secrets in a stupidly simple way. | Web App PentestingAPI PentestingStatic Code AnalysisMobile App PentestingCloud PentestingCloud Risk Analysis |
ShellCheck
| Static code analysis tool for shell script. | Static Code Analysis |
Shodan | Database containing information on all accessible domains on the internet obtained from passive scanning. | Recon & OSINTExternal Network Pentesting |
smbmap | Handy SMB enumeration tool. | Internal Network Pentesting |
Sn1per | Sniper that can be used in VPENBOX07. Roughly the same tool as what is used in PT Tools | External Network Pentesting |
sobelow
| Security-focused static analysis for the Phoenix Framework. | Static Code Analysis |
SQLmap | Automated SQL injection and database takeover tool. | Web App PentestingAPI PentestingExternal Network Pentesting |
SSL Server Test (Qualys) | Performs analysis of the configuration of any SSL web server on the public Internet. | Web App Pentesting |
SSLScan
| Quick command line tool for checking TLS/SSL configuration. | External Network PentestingInternal Network PentestingWeb App Pentesting |
SSLyze | Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations. | External Network PentestingInternal Network PentestingWeb App Pentesting |
tplmap
| Automatic server-side template injection and Web server takeover tool. | Web App Pentesting |
TruePeopleSearch
| OSINT tool for individual research. | Recon & OSINTSocial EngineeringStatic Code Analysis |
truffleHog
| Git repo scanner. | Static Code Analysis |
Turbo Intruder | Burp extension for sending intruder requests at high speeds, mainly for race condition exploitation situations | Web App PentestingAPI PentestingDynamic Code AnalysisMobile App Pentesting |
Virus Total | Free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware. | External Network PentestingRecon & OSINT |
VisualCodeGrepper
| Open source static code analysis tool with support for Java, C, C++, C#, PL/SQL, VB, and PHP. VisualCodeGrepper also conforms to OWASP best practices. | Static Code Analysis |
wafw00f
| Identifies and fingerprints Web Application Firewall (WAF) products. | External Network PentestingWeb App Pentesting |
WDK/WinDbg | Windows Driver Kit and WinDbg. | Reverse EngineeringRuntime TamperingCode TamperingOther |
wifi-pickle
| Fake access point attacks. | Wifi Pentesting |
Wifite | Automated wireless attack tool. | Wifi Pentesting |
WinPEAS | A series of scripts for Windows Priviledge escalation. | Internal Network Pentesting |
Wireshark
| Widely-used graphical, cross-platform network protocol analyzer. | Internal Network PentestingTraditional Risk Analysis |
WPScan
| Black box WordPress vulnerability scanner. | External Network PentestingRecon & OSINT |
WPSploit
| Exploit WordPress-powered websites with Metasploit. | External Network Pentesting |
Yersinia | Packet and protocol analyzer with MITM capability. | Internal Network Pentesting |
Who We Are
Initially founded in 2013 in the heart of New York City, Gotham Security is an Abacus Group company that focuses on providing boutique cybersecurity services. Gotham Security delivers high-quality penetration testing, malicious adversary simulation, compliance program development, and threat intelligence services to organizations all across the world, including many Fortune 1000 companies.
© 2023 Gotham Security
Where To Find Us
- 655 Third Avenue, 8th Floor, New York, NY 10017
- (212) 696-0500
- [email protected]
- PGP: d3ad3162de9e98dca18f59421c683c3cedf22cf0
