A collection of awesome resources, tools, and other shiny things for Network Security.
- GIAC Penetration Tester (GPEN) SEC560: Enterprise Penetration Testing
- GIAC Security Essentials (GSEC) SEC401: Security Essentials - Network, Endpoint, and Cloud
- GIAC Certified Intrusion Analyst (GCIA) SEC503: Network Monitoring and Threat Detection In-Depth
- GIAC Network Forensic Analyst (GNFA) FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
- GIAC Systems and Network Auditor (GSNA) AUD507: Auditing & Monitoring Networks, Perimeters & Systems
- SEC580: Metasploit for Enterprise Penetration Testing
- Practical Network Penetration Tester
- CCNP Security 350-701 SCOR Implementing and Operating Cisco Security Core Technologies (SCOR)
- CCNP Security 300-710 SNCF Securing Networks with Cisco Firepower (SNCF)
- CCNP Security 300-715 SISE Implementing and Configuring Cisco Identity Services Engine (SISE)
- CyberOps Professional 300-215 CBRFIR Conducting Forensic Analysis and Incident Response Using Cisco Technologies for CyberOps (CBRFIR)
- CyberOps CyberOps Professional 350-201 CBRCOR Performing CyberOps Using Cisco Security Technologies (CBRCOR)
- CyberOps CyberOps Associate 200-201 CBROPS Threat Hunting and Defending using Cisco Technologies for CyberOps (CBROPS)
- CyberOps CyberOps Professional 300-220 CBRTHD Conducting Threat Hunting and Defending using Cisco Technologies for CyberOps (CBRTHD)
- Palo Alto Networks Certified Cybersecurity Entry-level Technician
- Palo Alto Networks Certified Network Security Administrator
- Palo Alto Networks Certified Network Security Engineer
- Palo Alto Networks Certified Security Automation Engineer
- Palo Alto Networks Certified Detection and Remediation Analyst
- Check Point Certified Security Administrator
- Check Point Certified Security Expert
- LogRhythm Platform Administration (LRPA) Certification
- LogRhythm Security Analyst (LRSA) Certification
- LogRhythm Advanced Product Training
- LogRhythm Cloud Administration (LRCA) Certification
- Splunk Core Certified User
- Splunk Core Certified Power User
- Splunk Core Certified Advanced Power User
- Splunk Cloud Certified Admin
- Splunk Enterprise Certified Admin
- Splunk Enterprise Certified Architect
- Splunk Core Certified Consultant
- Splunk Certified Developer
- Splunk Enterprise Security Certified Admin
- Splunk IT Service Intelligence Certified Admin
- Splunk SOAR Certified Automation Developer
- IBM Certified SOC Analyst - IBM QRadar SIEM V7.3.2
- Microsoft Certified: Security Operations Analyst Associate
- Microsoft Sentinel Ninja: The complete level 400 training
- Certified Network Defender
- Network Defense Essentials
- Certified SoC Analyst
- Certified Incident Handler
- Certified Digital Forensics
- Certified Threat Hunter
- Comptia CYSA+
- Comptia Pentest+
- Comptia CASP+
- Offensive Security Wireless Professional
- eLearnSecurity Network Defense Professional
- eLearnSecurity Certified Digital Forensics Professional
- eLearnSecurity Certified Threat Hunting Professional
- CREST Certified Network Intrusion Analyst
- CREST Certified Host Intrusion Analyst
- CREST Practitioner Intrusion Analyst
- CREST Registered Intrusion Analyst
- Pentesting with Metasploit
- Wi-Fi Security and Pentesting
- Windows System Programming: Fundamentals
- Airodump-NG Scan Visualizer
- Network Pentesting
- VoIP Traffic Analysis
- Windows Red Team Lab
- Windows System Programming: Processes and Threads
- Windows System Programming: Security
- Windows Kernel Programming: Processes and Threads Monitoring
- Windows Kernel Programming: Fundamentals
- Certified Red Team Professional
- Certified Read Team Expert
- Certified Azure AD Professional
- Huawei HCIA-Security
- JNCIA-SEC Associate
- JNCIA-SEC Specialist
- JNCIA-SEC Professional
- A client for the Apple Filing Protocol (AFP)
- A packet inspection engine with capabilities of learning without any human intervention.
- 374.16e7036 Sniffer syn and backscatter packets.
- Network monitoring tool with flow control.
- Network monitoring client for Argus.
- A tool that uses ARP to discover and fingerprint IP hosts on the local network
- Monitor ARP changes in ethernet networks.
- A simple tool about ARP broadcast, ARP attack, and data transmission.
- GUI-based python tool for arp poisoning and dns poisoning attacks.
- Client/server implementation of the TFTP protocol that implements RFCs 1350, 2090, 2347, 2348, and 2349
- Easily connect to a VPN in a country of your choice.
- A complete, highly portable implementation of the DNS protocol
- Provide an open source framework for automated botnet monitoring.
- Firewall bypass script based on DNS history records.
https://github.com/vincentcox/bypass-firewalls-by-DNS-history
- Command-line WebDAV client for Unix
https://github.com/notroj/cadaver https://notroj.github.io/cadaver/
- A tool for evading Proxy categorisation.
- A freeware tool to trace tcp, udp etc. sessions and fetch application data from snoop or tcpdump logs.
- Protocol Analysis/Decoder Framework.
- Script for listing the IP addresses contained in a CIDR netblock.
- Poison, reset, spoof, redirect MITM script.
- A Network Pentesting Tool
- A merciless sentinel which will seek sensitive files containing critical info leaking through your network.
- Data Exfiltration Toolkit.
- DHCP option injector.
- A network simulation tool, based on UML (User Mode Linux) that can simulate big Linux networks on a single PC
- DNS Diagnostics and Performance Measurement Tools.
- File transfer via DNS.
- A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities.
- DNS Exfiltration tool for stealthily sending files over DNS requests..
- Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.
- Caffeinated Packet Analyzer.
- Python script/security tool to test Dynamic Trunking Protocol configuration on a switch.
- NAT-aware multipath tracerouting tool.
- A simple Mode S decoder for RTLSDR devices.
- Graphical network monitor for various OSI layers and protocols
- Tool that limits bandwidth of devices on the same network without access.
- The BGP swiss army knife of networking.
- A Egress filter mapping application with additional functionality.
- A penetration testing tool that allows you to punch reverse TCP tunnels out of a compromised network.
- A network traffic inspection tool.
- Utility to ping multiple hosts at once
- IPMI remote console and system management software
- Non-DNS IP-to-country resolver C library & utils
https://dev.maxmind.com/geoip/release-notes/2022#geoip-legacy-databases-have-been-retired?lang=en
- Automatically spawn a reverse shell fully interactive for Linux or Windows victim.
- Global Socket moving data from here to there securely, fast and trough NAT/Firewalls
- A simple GTK/command line TCP/IP packet generator.
- A simple program that checks if a host in an ethernet network is a gateway to Internet.
- A collection of tool that allows capturing TCP/IP packets and filtering them based on Lua policy files.
- This tool can perform man-in-the-middle and switch flooding attacks. It has 4 major functions, 3 of which attempt to man-in-the-middle one or more computers on a network with a passive method or flood type method.
https://packetstormsecurity.com/files/81368/Hackers-Hideaway-ARP-Attack-Tool.html
- A command-line oriented TCP/IP packet assembler/analyzer.
- This is a python script that uses the Max-Forwards header in HTTP and SIP to perform a traceroute-like scanning functionality.
https://packetstormsecurity.com/files/107167/Traceroute-Like-HTTP-Scanner.html
- A ping-like tool for http-requests
- Just another tool in C to do DDoS (with spoofing).
- Flexible platform independent packet generator.
- A security tool for proxying and recording HTTP and HTTPs traffic.
- A full-featured C++ implementation of the I2P router
- Collection of classes for working with network protocols
- Automated security testing tool for networks.
- Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
- Monitors network activity on a network.
- Can decapsulate traffic encapsulated within GRE, IPIP, 6in4, ESP (ipsec) protocols, and can also remove IEEE 802.1Q (virtual lan) header.
- Command-line interface to IPMI-enabled devices
- Network monitoring tools, including ping
- Using IPv6 to Bypass Security.
- A network monitor of sorts.
- Kick devices off your network by performing an ARP Spoof attack.
- A LAT terminal daemon for Linux and BSD.
https://sourceforge.net/projects/linux-decnet/files/latd/1.31/
- A library written in C dedicated to active network measurements with examples, such as paris-ping and paris-traceroute.
- High-level, multiplatform C++ network packet sniffing and crafting library.
- An open source network stress tool for Windows.
- A small utility to change your NIC's MAC address
- Lookup MAC addresses in the IEEE MA-L/OUI public listing.
- A packet generator that supports forging ARP, IP, TCP, UDP, ICMP and the ethernet header as well.
https://packetstormsecurity.com/files/83892/Maketh-Packet-Generator.2.0.html
- Analyze a system's network communication using graphical representations of network traffic.
- A high-performance DNS stub resolver in C.
- A Man in the Middle tool to demonstrate protocol middling attacks.
- A simple yet effective python3 script to perform DNS spoofing via ARP poisoning.
- An open source large scale IPv4 full PCAP capturing, indexing and database system.
- A tool for manipulation of raw packets that allows a large number of options.
https://packetstormsecurity.com/files/119132/Mptcp-Packet-Manipulator.9.0.html
- A collection of tools and resources to explore MPTCP on your network. Initially released at Black Hat USA 2014.
- Combines the functionality of traceroute and ping into one tool (CLI version)
- Network Diagnostic Tool.
- A tool to circumvent 802.1x Network Access Control on a wired LAN.
- Some tools for NetBIOS and DNS investigation, attacks, and communication.
- Allows you to mount volumes of NetWare servers under Linux.
https://linux.softpedia.com/get/System/Filesystems/ncpfs-1464.shtml
- A command-line network packet crafting and injection utility.
- A graphical network connections viewer similar in functionality to netstat.
- A network connection establishment and management script.
- Can be used to make a graphical representation of the surrounding network.
- A collection of network scan/recon tools that are relatively small compared to their larger cousins.
https://packetstormsecurity.com/files/86076/NetReconn-Scanning-Tool-Collection.76.html
- Small and handful utility design to alter the contents of packets forwarded thru network in real time.
- Post-exploitation network mapper.
- Pivot point discovery tool.
- A set of tools to collect and process netflow data.
- A grep-like utility that allows you to search for network packets on an interface.
- A tool to receive notifications from kernel through netlink socket, and generate logs related to interfaces, neighbor cache(ARP,NDP), IP address(IPv4,IPv6), routing, FIB rules, traffic control.
- Network Infrastructure Parser
https://packetstormsecurity.com/files/66253/nipper-0.11.7.zip.html
- A netgear switch discovery tool. It contains some extra features like bruteoforce and setting a new password.
- A Network Security Tool for packet manipulation that allows a large number of options.
- A real time packet processor. Reads the packet from an input module, match the packet using rules and connection tracking information and then send it to a target module.
- Linux GUI packet generator tool for ethernet
- A tool that provides a basic SQL-frontend to PCAP-files.
- An open source utility to allow sending and receiving TCP and UDP packets.
- A network auditing tool. Its value is derived from its ability to customize, inject, monitor, and manipulate IP traffic.
http://packetfactory.openwall.net/projects/packit/index.html
- Packet CAPture Forensic Evidence eXtractor.
- Tries to repair your broken pcap and pcapng files.
- An 'invisible' network tap aimed at red teams.
- A portable, platform independent and powerful network pivoting toolkit.
- A simple utility to classify packets into flows.
- Small set of multi-purpose passive network monitoring tools [NetFlow IPFIX sFlow libpcap BGP BMP IGP Streaming Telemetry].
- A Firewall analyzer written in ruby
- A tool that allows any number of clients behind NATs to communicate with a server behind a separate NAT with no port forwarding and no DMZ setup on any routers in order to directly communicate with each other.
- Network attack tool like yersinia but written in Python.
- A couple of beta stage tools for data exfiltration.
- Minimal DNS server written in Python; it always replies with a 127.0.0.1 A-record.
- Python client for the whois.cymru.com service
- Python client for the whois.cymru.com service
- internet redirection server
https://netbsd.pkgs.org/9/netbsd-amd64/rinetd-0.62nb3.tgz.html https://manpages.ubuntu.com/manpages/bionic/man8/rinetd.8.html
- Detects, reconstructs and analyzes any RTP session
- A modern port listener and reverse shell.
- Send copies of (UDP) datagrams to multiple receivers, with optional sampling and spoofing.
- Powerful interactive packet manipulation program written in Python (tools)
- Discover, Identify, and Manipulate SDN-Based Networks
- Sniffer that intents to sniff HTTP packets and attempts to reconstruct interesting authentication data from websites that do not employ proper secure cookie auth. seth 100.80b3813 Perform a MitM attack and extract clear text credentials from RDP connections.
- A collection of traffic analysis tools developed by the CERT NetSA to facilitate security analysis of large networks.
- An open source real-time network topology and protocols analyzer.
- Packet Trace Parser for TCP, SMTP Emails, and HTTP Cookies.
- A Packet Capture Generator for IDS and Regular Expression Evaluation.
- SNMP scanner and attacking tool.
- A free open source utility to get information via SNMP protocols.
- Multipurpose relay
- A tool to let you view information about open connections. It is similar to the tool of the same name that is included in FreeBSD, trying to faithfully reproduce as much functionality as is possible.
- Secure pipe daemon
- A Linux packet crafting tool. Supports IPv4, IPv6 including extension headers, and tunneling IPv6 over IPv4.
- SSL/SSH/OpenVPN/XMPP/tinc port multiplexer
- A program that allows you to encrypt arbitrary TCP connections inside SSL
- Swiss Army Knife SMTP; Command line SMTP testing, including TLS and AUTH
- A TCP stream replay tool to support real testing of Internet server applications.
- Get protocol statistics from tcpdump pcap files.
- Powerful command-line packet analyzer
- Extracts files from captured TCP sessions. Support live streams and pcap files.
- Captures data transmitted as part of TCP connections then stores the data conveniently
- Gives the ability to replay previously captured traffic in a libpcap format
- A TCP dump file analysis tool.
- A traceroute implementation using TCP packets.
- A utility written in Python that lets you monitor forwarded TCP connections or HTTP proxy connections.
- TCP/IP Gender Changer Daemon utility.
- Complete tool set to attack the inherent protocol weaknesses of IPv6 and ICMP6
- VPN (Virtual Private Network) daemon
- Pure python Tor client implementation.
- a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments.
- This program hides UDP traffic as TCP traffic in order to bypass certain firewalls.
- Tunnels TCP over UDP packets.
https://github.com/astroza/udptunnel https://manpages.ubuntu.com/manpages/xenial/man1/udptunnel.1.html
- A powerful nmap frontend.
- Clear-text protocol simulator.
- WebSocket to TCP proxy/bridge.
- Limit the bandwidth of one or more network adapters.
- Efficient and advanced man in the middle framework.
- A mini webserver with FTP support for XXE payloads.
- Yet Another Flowmeter.
- A network tool designed to take advantage of some weakness in different network protocols.
- A new tool set to do NTLM Authentication relaying unlike any other tool currently out there.
- Fast CLI DNS Lookup Tool.
- A powerful network analysis framework that is much different from the typical IDS you may know.
- Handy auxiliary programs related to the use of the Zeek Network Security Monitor.
- SSH and Telnet client with ZMODEM file transfer capability
- https://en.kali.tools/
- https://blackarch.org/networking.html
- https://en.kali.tools/all/?category
- https://en.kali.tools/all/?category=networking
- https://en.kali.tools/all/?category=wireless
- https://en.kali.tools/all/?category=voip
- https://en.kali.tools/all/?category=tunnel
- https://en.kali.tools/all/?category=bluetooth
- https://en.kali.tools/all/?category=radio
- https://en.kali.tools/all/?category=scanner