Categorised tool index — one line per tool with a link. Notes on specific tool tradecraft live in their own pages under red-team-index or under the relevant topic.

Web / API

• Burp Suite — the proxy.
• Caido — Rust-native modern proxy alternative.
• ffuf — content / parameter fuzzer.
• Nuclei — template-based scanner.
• httpx — HTTP probe.
• katana — crawler.
• arjun — parameter discovery.
• GraphQL Voyager — schema viewer.
• kiterunner — API endpoint discovery.

Recon

• Amass — asset discovery.
• Subfinder — passive subdomain enum.
• Assetfinder.
• waybackurls.
• gau — get-all-urls.
• trufflehog — secret scanning across git history.
• gitleaks.

Network

• Nmap · Masscan.
• RustScan.
• Responder — LLMNR / NBT-NS / mDNS poisoner.
• Impacket — Python AD toolbox.
• CrackMapExec / NetExec.
• evil-winrm.

AD / Windows post-ex

• BloodHound CE · SharpHound.
• Certify — AD CS abuse.
• Rubeus — Kerberos.
• Mimikatz.
• SharpView.
• PowerView.

Linux post-ex

• LinPEAS / WinPEAS.
• LinEnum.
• pspy — process snooping.
• GTFOBins.

Exploit dev

• WinDbg.
• x64dbg.
• IDA Free · Ghidra · Binary Ninja.
• mona.py — Immunity / WinDbg helper for exploit dev.
• pwntools — Linux CTF exploit dev.
• Frida · radare2.

Red team

• Sliver — open-source C2.
• Mythic — multi-agent C2 framework.
• Havoc.
• Cobalt Strike (commercial, license required).
• Brute Ratel (commercial).
• Inceptor — payload template-er.
• chisel · ligolo-ng — pivoting.

Cloud

• Pacu — AWS exploitation framework.
• ScoutSuite — multi-cloud auditor.
• Prowler — AWS / Azure / GCP security assessment.
• Stormspotter — Azure / Entra graph.
• ROADtools / ROADrecon — Entra ID enumeration.
• GCP IAM Privilege Escalation — GCP method scripts.
• kubectl-who-can · peirates — K8s.

AI red team

• garak — LLM scanner.
• PyRIT — automated red-team prompts.
• PromptInject.
• llm-attacks (GCG suffixes).
• Awesome LLM Security.