1. Network Discovery & Scanning
| Tool Name | Official URL | Purpose |
| Nmap | https://nmap.org/ | Network exploration and security auditing |
| ZMap | https://zmap.io/ | Fast internet-wide network scanner |
| Masscan | https://github.com/robertdavidgraham/masscan | TCP port scanner, spews SYN packets |
| Netcat (ncat) | https://nmap.org/ncat/ | The “Swiss-army knife” for TCP/IP |
| Scapy | https://scapy.net/ | Packet manipulation and sniffing |
2. Vulnerability Scanning & Management
| Tool Name | Official URL | Purpose |
| OpenVAS (GVM) | https://www.openvas.org/ | Full-featured vulnerability scanner |
| Nikto | https://github.com/sullo/nikto | Web server vulnerability scanner |
| Nuclei | https://github.com/projectdiscovery/nuclei | Template-based vulnerability scanner |
| DefectDojo | https://www.defectdojo.org/ | Vulnerability management orchestration |
| Wapiti | https://wapiti.sourceforge.io/ | Web application vulnerability scanner |
3. Web Application Security
| Tool Name | Official URL | Purpose |
| OWASP ZAP | https://www.zaproxy.org/ | Integrated penetration testing tool for web apps |
| SQLmap | https://sqlmap.org/ | Automatic SQL injection and takeover tool |
| Burp Suite (Community) | https://portswigger.net/burp/communitydownload | Web proxy and analysis |
| Wfuzz | https://github.com/xmendez/wfuzz | Web application fuzzer |
| BeEF | https://beefproject.com/ | Browser Exploitation Framework |
4. Intrusion Detection & Prevention (IDS/IPS)
| Tool Name | Official URL | Purpose |
| Snort | https://www.snort.org/ | Network intrusion prevention system |
| Suricata | https://suricata.io/ | High-performance network IDS/IPS/NSM |
| Zeek (Bro) | https://zeek.org/ | Network security monitoring platform |
| OSSEC | https://www.ossec.net/ | Host-based IDS and log analysis |
| Wazuh | https://wazuh.com/ | Unified XDR and SIEM platform |
5. Digital Forensics & Incident Response (DFIR)
| Tool Name | Official URL | Purpose |
| The Sleuth Kit (TSK) | https://www.sleuthkit.org/ | File system analysis tools |
| Autopsy | https://www.autopsy.com/ | Digital forensics platform |
| Volatility | https://www.volatilityfoundation.org/ | Memory forensics framework |
| GRR | https://github.com/google/grr | Remote live forensics framework |
| Velociraptor | https://docs.velociraptor.app/ | Endpoint visibility and incident response |
6. Password Cracking & Identity
| Tool Name | Official URL | Purpose |
| John the Ripper | https://www.openwall.com/john/ | Fast password cracker |
| Hashcat | https://hashcat.net/hashcat/ | Advanced password recovery tool |
| Hydra | https://github.com/vanhauser-thc/thc-hydra | Network login cracker |
| Mimikatz | https://github.com/gentilkiwi/mimikatz | Windows credential extraction |
| BloodHound | https://github.com/BloodHoundAD/BloodHound | Active Directory relationship mapping |
7. Privacy, Encryption & VPN
| Tool Name | Official URL | Purpose |
| OpenVPN | https://openvpn.net/ | Secure tunneling and VPN |
| WireGuard | https://www.wireguard.com/ | Modern, fast, and simple VPN |
| VeraCrypt | https://www.veracrypt.fr/ | On-the-fly disk encryption |
| GnuPG (GPG) | https://gnupg.org/ | Secure communication and data storage |
| Tor | https://www.torproject.org/ | Anonymity and censorship circumvention |
8. Security Distributions (Operating Systems)
| Tool Name | Official URL | Purpose |
| Kali Linux | https://www.kali.org/ | Advanced penetration testing distro |
| Parrot Security | https://www.parrotsec.org/ | Security-focused OS for dev and ops |
| Qubes OS | https://www.qubes-os.org/ | Security through compartmentalization |
| Tails | https://tails.net/ | Amnesic incognito live system |
| Security Onion | https://securityonion.net/ | Threat hunting and log management distro |
9. Cloud & Infrastructure Security
| Tool Name | Official URL | Purpose |
| Falco | https://falco.org/ | Cloud-native runtime security |
| Trivy | https://github.com/aquasecurity/trivy | Vulnerability scanner for containers |
| Checkov | https://www.checkov.io/ | Infrastructure as Code (IaC) scanning |
| Prowler | https://github.com/prowler-cloud/prowler | AWS/Azure/GCP security assessment |
| Cloud Custodian | https://cloudcustodian.io/ | Rules engine for cloud management |
10. Exploitation & Post-Exploitation
| Tool Name | Official URL | Purpose |
| Metasploit | https://www.metasploit.com/ | Penetration testing framework |
| Empire | https://github.com/BC-SECURITY/Empire | PowerShell and Python post-exploitation |
| Covenant | https://github.com/cobbr/Covenant | .NET command and control framework |
| Responder | https://github.com/lgandx/Responder | LLMNR, NBT-NS and MDNS poisoner |
| Bettercap | https://www.bettercap.org/ | Network attack and monitoring framework |