Ninjutsu is a penetration testing operating system based on Windows that focuses on its use by red teamers and bug hunters.
It includes a complete portable "arsenal" for security experts, but also includes pre-installed and pre-installed Android Pentesting Integrated Environmental.
In addition, it protects your privacy by configuring and customizing Windows 10, disabling data collection services to improve your anonymity.
Specifications
- Windows 10 with pre-installed tools Penetration Testing, Red Teaming and Android Security Testing Integrated Environment.
- More than 800 penetration testing tools.
- Free and Open source programs.
- Contains command line.
- Terminal with many features.
- Customized Windows 10 with many tweaks and settings.
- Protect your property.
- Disable many features from windows.
- Remove unwanted Windows items.
- Remove / Disable many Windows programs and services.
programs
Information Gathering (Red Teaming) (100 / Tools)
ADACLScanner
R3con1z3r-Web information gathering
ADExplorer
Recon-Dog
ADOffline
Recon-ng
ADRecon
Reconspider-Advanced (OSINT)
AdFind-Command line Active Directory query
Red Rabbit
amass
RedRabbit - Red Team PowerShell Script
Aquatone
ScrapedIn - LinkedIn Scraper
Asset Finder
Searchsploit
Atscan
SharpHound
BaseQuery- Organize public combo-lists & data breaches
SharpHound
BeRoot
SharpView
Bettercap
Sherlock-find usernames across social networks
blood hound
ShodanSploit
Bloodhound-Custom-Queries
Spider Foot
BridgeKeeper - Scrape employee names
SpoolerScanner
censys subdomains Finder
Sub Finder
CloudBunny-Find the real IP behind WAF
SubOver-Subdomain Takeover Tool
Cloud_Enum - Multi-cloud OSINT
Sublist3r
CrossLinked - LinkedIn enumeration tool
Sudomy-Powerful Subdomain Enumeration
Dirble - WebSite Directory Scanning
Turbolist3r
Dump Users
URLCrazy
Watson
email extractor
WhatBreach-OSINT tool to find breached
Email verify
WhatWAF
EmailHarvester
WhatWeb
EyeWitness
WhatsMyName- User Enumeration
FOCA v3.4.6.2
WinScanX GUI
Fierce
WinScanX-CL
Findomain
Windows Exploit Suggester
Get-ReconInfo
XCTR-Hacking-Tools
GoBuster
browseList
Gowitness-Web screenshot utility
ffuf - Fuzz Faster
Hunter
h8mail- Email OSINT and breach hunting
InSpy - LinkedIn enumeration
identYwaf
Lazagne- Credentials recovery
mimikatz
LinkedIn Recon Tool - LinkedInt
nbtscan
LittleBrother-Information gathering (OSINT)
Nmap
MSOLSpray - A Password Spraying Tool
pockint
Maltego
recon-ng - Web
Mass-Maillist-Cleaner
srvinfo
NetRipper
subDomainsBrute
Nirsoft Launcher
subdomain-bruteforce
Nmap - Zenmap GUI
subjack-Subdomain Takeover tool
OneForAll - Subdomain Scanner
theHarvester
Photon-fast crawler designed for OSINT
wafw00f
PowerView
wePWNise
PowerView_dev
winfo
Prowl - Email harvesting tool
zenmap
Active Directory Tools (Red Teaming) (199 / Tools):
Administration Tools
sqlcmd
Sysinternals
Evasion (Red Teaming) (22 / Tools):
AVIATOR_x64
PSAttack
AVIator - Antivirus Evasion Project
PowerLessShell
CheckPlease
PowerShdll
DefenderCheck
PowerShell Armor-Evading anti-virus
DotNetToJScript
StarFighters
Invoke-CradleCrafter
SysWhispers-AV-EDR evasion
Invoke-DOSfuscation
demiguise
Invoke-Obfuscation
nps
Invoke-Phant0m
pafishmacro
Macro Pack-Automatize Obfuscation & Generation of MS Office
tvasion - Anti virus evasion
PSAmsi
xencrypt-Anti-virus evasion Tool
Exploitation (Red Teaming) (64 / Tools):
ADAPE
PowerShell Suite
API Monitor x64
PowerSploit
API Monitor x86
PowerUpSQL
BetterBackdoor-create & Control a backdoor
PowerZure - Assessing Azure security
CVE-2019-1040-Scanner
PrivExchange
Chisel - Fast TCP tunnel over HTTP
PrivescCheck Win -Privilege Escalation Enumeration
CrackMapExecWin
Privilege-Escalation-Awesome-Scripts-Suite
CredsLeaker - credentials stealer
ROADtools - Azure AD Exploration Framework
STEAM
ROADtools-GUI - Azure AD Exploration Framework
Dumpert
RedTeam CSharp Scripts
Evil-Winrm-Ultimate WinRM shell for pentesting
RedTeam Powershell Scripts
EvilClippy
Red_Team - Useful Scripts
EvilURL- Generate unicode domains
ReverseTCPShell - PowerShell ReverseTCP Shell
Eviloffice
RottenPotatoNG
Exchange-AD-Privesc
Sharp Suite
GadgetToJScript
SharpClipHistory
Generate-Macro
SharpExchangePriv
GhostPack
SharpExec
Invoke-ACLPwn
SharpSploit
Invoke-DCOM
Shellerator-bind-reverse shell Generator
Invoke-GoFetch
SpoolSample
Invoke-PSImage
UACME
Invoke-PowerThIEf
impacket-examples-windows
Jalesc-Linux Privileges Escalating
juicy-potato
Meterpeter-C2 Powershell Command & Control Framework
kali-windows-binaries
MicroBurst - PowerShell Toolkit for Attacking Azure
lsassy-Extract credentials from lsass remotely
NetshHelperBeacon
luckystrike
Orca
metatwin
PSReflect
nishang
PowerLurk
ruler
PowerPriv
vsown
PowerSharpPack-Useful offensive CSharp Projects
volcano
Password Attacks (Red Teaming) (18 / Tools):
ADFSpray - MS Password Spray Attack
Get-LAPSPasswords
LAPSToolkit
ASREPRoast
Internal Monologue
MSOLSpray - A Password Spraying Tool
Check-LocalAdminHash
Inveigh
MailSniper
CredNinja
Invoke-TheHash
RiskySPN
DSInternals
KeeFarce
SessionGopher
DomainPasswordSpray
KeeThief
mimikittenz
Vulnerability Analysis (Red Teaming) (6 / Tools):
AD Control Paths
Grouper2
PowerSharpPack-Useful offensive CSharp Projects
Egress-Assess
NtdsAudit
zBang
Information Gathering (119 / Tools):
AWSBucketDump
AdFind-Command line Active Directory query
amass
Aquatone
Asset Finder
Atscan
BaseQuery- Organize public combo-lists & data breaches
Bettercap
BridgeKeeper - Scrape employee names
Bucket-Stream-Find Amazon S3 Bucket
Cansina - Web Content Discovery
Censys Subdomain Finder
CloudBunny-Find the real IP behind WAF
Cloud_Enum - Multi-cloud OSINT
Cloudfail
Cloudmare
CrossLinked - LinkedIn enumeration tool
DNS Recognition
DirBuster
Dirble - WebSite Directory Scanning
Dirsearch - Web path scanner
Droopescan
Dump Users
ESmai
email extractor
Email verify
EmailHarvester
Essential NetTools
EyeWitness
FOCA v3462
Fierce
FinalRecon - All-In-One Web Reconnaissance
Findomain
fprobe-scan Domains Subdomains for http-https
Git-Hound
Git-Leak
GitHack - Git folder disclosure exploit
GitMiner-Advanced mining for Github content
Github-Dork
Gitrob
Gobuster
Goby - Attack surface mapping
Gowitness-Web screenshot Utility
Hunter
InSpy - LinkedIn enumeration
IoTSeeker
Kicks3-S3 bucket finder
Lazagne- Credentials recovery
LinkedIn Recon Tool - LinkedInt
LittleBrother-Information gathering (OSINT)
Leetlinked - Scraping tool for LinkedIn
Maltego
Mass-Maillist-Cleaner
Mascan
Nirsoft Launcher
Nmap - Zenmap GUI
OneForAll - Subdomain Scanner
Pacu - AWS exploitation framework
Pathbrute - Directory Discovery Tool
Photon-fast crawler designed for OSINT
Prowl - Email harvesting tool
R3con1z3r-Web information gathering
Recon-Dog
Recon-ng
Reconspider-Advanced (OSINT)
RastLeak - Find leak information
Recurse Buster
RedRabbit - Red Team PowerShell Script
S3Scanner- Scan s3 buckets for security issues
SSL-Scan
ScrapedIn - LinkedIn Scraper
Searchsploit
Sherlock-Find usernames across social networks
ShodanSploit
Shuffledns - Enumerate valid subdomains
Slurp- Enumerates S3 buckets
Snoop - Nickname Search Tools OSINT
Spaghetti
Spider Foot
Sub Finder
SubOver-Subdomain Takeover Tool
Sublist3r
Sudomy-Powerful Subdomain Enumeration
Turbolist3r
URLCrazy
WhatBreach-OSINT tool to find breached
WhatWAF
WhatWeb
WhatsMyName- User Enumeration
WinScanX GUI
WinScanX-CL
Windows Exploit Suggester
XCTR-Hacking-Tools
browseList
ffuf - Fuzz Faster
gau (GetAllURLs)
git Grabber
h8mail- Email OSINT and breach hunting
hakrevdns - Reverse DNS lookups
hping
httprecon
httprobe - Scan Domains Subdomains for http-https
identYwaf
inSp3ctor-AWS S3 Bucket Finder
mimikatz
nbtscan
nc
nc64
Nmap
pockint
recon-ng - Web
s3recon - Amazon S3 bucket finder and crawler
shhgit - Find GitHub secrets
srvinfo
sslyze
subDomainsBrute
subjack-Subdomain Takeover tool
theHarvester
trufflehog- Searches through git repositories for secrets
wafw00f
winfo
Web Application Attack (80 / Tools):
Aquatone
SQLi-Hunter-SQLMAP API wrapper
Arjun
SQLmap
Atlas- Quick SQLMap Tamper Suggester
SSL-Scan
Atlas-Quick SQLMap Tamper Suggester
SSRFmap - SSRF Scanner
Atscan
See-SURF- find potential SSRF parameters
BSQLGUI
Shuriken-XSS
BruteXMLRPC
SleuthQL
BruteXSS
SoapUI 5.5.0
BurpSuite Free Edition
Spaghetti
CMSeeK - CMS Detection and Exploitation suite
TestSSL.sh
Cansina - Web Content Discovery
VBscan - vBulletin Vulnerability Scanner
Commix - Command injection exploit
Vega - Web vulnerability scanner
Corsy-CORS Misconfiguration Scanner
WAScan - Web Application Scanner
DSSS-sql-injection
WPScan - WordPress Vulnerability Scanner
Dalfox - XSS Scanning
Wapiti - Web Vulnerability Scanner
WebCruiser Scanner
DirBuster
Weblogic-Scanner
Dirble - WebSite Directory Scanning
WhatWAF - advanced firewall detection tool
Dirsearch - Web path scanner
WhatWeb
Droopescan
Wordpress Exploit Framework
ExploitMyUnion
XBruteForcer (CMS)
Eyewitness
XMLrpc-bruteforcer
Findom-XSS
XSS Freak
Fuxploider-File upload scanner and exploitation
XSS Loader Tools
Golismero
XSSfork - XSS Vulnerability Scan
Gowitness-Web screenshot utility
XSSpwn
IIS-ShortName-Scanner
XSSniper
IIS Shortname-Scan (Python)
XSStrike
Joomscan
XSpear - XSS Scanning
link JS Find – Extract Website URLs
bWAPP - vulnerable web-application
Link Finder
dotdotpwn - Directory Traversal Fuzzer
Nobody
ffuf - Fuzz Faster
NoSQLMap
httprecon
Nuclei - Web Scanner based on templates
identYwaf
OWASP Mutillidae- Vulnerable web application
jsql-injection-GUI
OWASP ZAP Proxy
jwtcat - Cracking JSON Web Token
Quick-SQL
pentest-tools
R3con1z3r-Web information gathering
sslyze
Recurse Buster
wafw00f
Spartan-Sharepoint
wfuzz
SQLMap-GUI
Wireless Attacks (36 / Tools):
Airbase-ng
Airserv-ng
Easside-ng
Tkiptun-ng
Wpaclean
aircrack-ng-GUI
Airtun-ng
Evil FOCA
WNetWatcher
ettercapNG
Aircrack-ng
Airventriloquist-ng
Jumpstart
Haircut
ivstools
airdecap-ng
besside-ng
Kstats
Wesside-ng
wifi-profiles
Airdecloak-ng
Bettercap
Makeivs-ng
WifiChannelMonitor
airplay-ng
Buddy-ng
Packetforge-ng
WifiInfoView
airodump-ng
Cain and Abel
RouterScan
WirelessNetView
Airolib-ng
dumper
SSL-Strip
Wireshark
Exploitation Tools (35 / Tools):
BSQLGUI
Shellerator-bind-reverse shell Generator
CVE-2019-1040-Scanner
Shuriken-XSS
Chisel - Fast TCP tunnel over HTTP
VBscan
DSSS-sql-injection
WebCruiser Scanner
EvilURL- Generate unicode domains
WinScanX GUI
Eviloffice
Windows Exploit Suggester
ExploitMyUnion
XSS Loader Tools
Goby - Attack surface mapping
XSSpwn
Jalesc-Linux Privileges Escalating
XSSniper
Metasploit
XSStrike
MicroBurst - PowerShell Toolkit for Attacking Azure
hjsplit
Nobody
jsql-injection-GUI
NoSQLMap
mimikatz
PowerZure - Assessing Azure security
nc
Privilege-Escalation-Awesome-Scripts-Suite
nc64
ROADtools - Azure AD Exploration Framework
subdomain-bruteforcer (SubBrute)
ROADtools-GUI - Azure AD Exploration Framework
wePWNise
SQLmap
Vulnerability Analysis (33 / Tools):
BSQLGUI
SQLmap
Weblogic-Scanner
DSSS-sql-injection
SSH Scan
WinScanX GUI
Droopescan
SSL-Scan
WinScanX-CL
ExploitMyUnion
Searchsploit
XSS Freak
Golismero
Shuriken-XSS
XSS Loader Tools
Joomscan
SleuthQL
XSSpwn
Nobody
Spaghetti
XSSniper
NoSQLMap
TestSSL.sh
XSStrike
OWASP Mutillidae- Vulnerable web application
VBscan
XSpear - XSS Scanning
OWASP ZAP Proxy
WAScan
bWAPP - vulnerable web-application
SMBGhost-CVE-2020-0796
WebCruiser Scanner
jsql-injection-GUI
Malware analysis (45 / Tools):
Autoruns
lockhunter
Task Explorer x64
exeinfope
Binwalk
Microsoft Sysinternals
Task Explorer
exiftool
Comodo Cleaning Essentials
PE Detective
UPXEasyGUI
loki-upgrader
CrowdInspect
PPEE
UniExtract
loki
CrowdInspect64
Process Hacker 2
Virus Total Uploader 22
ollydbg
Detect It Easy
ProcessActivityView
Volatility-CL
pdbripper
FLOSS
ProcessHacker
VolatilityWorkbench-gui
pestudio
FolderChangesView
Registry Changes View
Winja (VirusTotal Uploader)
peview
HijackCleaner64
Regshot-x64-ANSI
Wireshark
windump
ILProtectorUnpacker
Regshot-x64-Unicode
apateDNS
IREC-1916
RunPEDetector32
dnSpy-x86
KillSwitch
Sandboxed web browser
dnSpy
Mobile Security Tools (26 / Tools):
APK Easy Tool
Drozer
GDA-android-reversing-Tool
dex2smali
APK Editor Studio
Frida-discover
Mobile Security Framework (MobSF)
frida-objection
Android Debug Bridge (adb)
Frida-kill
Multi-Drive
frida-pigmentize
Apkid
frida-ls-devices
Nox
jadx-gui
Apktool
Frida-ps
OWASP ZAP Proxy
vulnerable apk
Bytecode-Viewer
Frida-trace
appmon
DB Browser for SQLite
Frida
dex2jar
Network Attack (32 / Tools):
Bettercap
FindSQLSrv-Python
Responder-Python
WinScanX GUI
BeyondTrustDiscoveryTool
Goby - Attack surface mapping
Answer back
Wireshark
BrowserListener - Python
Icmp-Redirect-Python
RouterScan
ettercapNG
Cain
Jumpstart
RunFinger-Python
nc
dumper
MultiRelay-Python
SSH Scan
nc64
Essential NetTools
MultiRela
SSL-Strip
odict-Python
Evil FOCA
NetworkMiner
snmpwalk
snmptest
FindSMB2UPTime - python
Nirsoft Launcher
Haircut
sslyze
Password Attacks (48 / Tools):
Get-LAPSPasswords
LAPSToolkit
ASREPRoast
Internal Monologue
Check-LocalAdminHash
Inveigh
MailSniper
CredNinja
Invoke-TheHash
RiskySPN
DSInternals
KeeFarce
SessionGopher
DomainPasswordSpray
KeeThief
mimikittenz
ADFSpray - MS Password Spray Attack
MSOLSpray - A Password Spraying Tool
BruteXMLRPC
Md5Cracker
Bruter
Password Recovery
Cain
Patator - Brute-force
CeWL - Creating Custom Wordlists
Smtp Cracker
Crunch
WinScanX GUI
Fast-RDP-Bruteforce
WinScanX-CL
Go-jwt-cracker
XBruteForcer (CMS)
Hash-Buster- Online Crack hashes
XMLrpc-bruteforcer
Hash-identifier
cap2hccap
Hashcat CLI
cap2hccapx
Hashcat GUI
jwtcat - Cracking JSON Web Token
IMAP Bruteforce
pydictor-dictionary builder for brute-force
John the Ripper
rainbowcrack-cl
John the Ripper GUI
rcrack-gui
Kraken-Password crack RAR ZIP 7z
thc-hydra-BruteForce
Password Recovery (17 / Tools):
BulletsPassView
OperaPassView
RouterPassView
WebBrowser PassView
mailpv
pspv
Chromepass
PasswordFox
SniffPass
WirelessKeyView
mspass
rdpv
dialupass
PstPassword
VNCPassView
iepv
netpass
Wordlists:
Payload-List
PayloadsAllTheThings
Probable-Wordlists
RobotsDisallowed
SecLists
fuzzdb
Reverse Engineering (13 / Tools):
APK Easy Tool
Bytecode-Viewer
de4dot-net35
dnSpy-x86
ollydbg
Apktool
ResourceHacker
de4dot-net45-x64
dnSpy
Binwalk
de4dot-net35-x64
de4dot-net45
jadx-gui
Stress Testing (13 / Tools):
DDos Attack (Python)
Saddam-DDoS Amplification Tool
WhatWAF
DDos-Attackv1 (Python)
Slowloris HTTP DoS IPv6
identYwaf
HostDown - DDos Attack
Slowloris HTTP DoS
wafw00f
Impulse Denial-of-service ToolKit
THC-SSL-Dos
Perl Flood Script (DDoS)
TheDoomsday- Test DOS sustainablity
Proxy and Privacy Tools (8 / Tools):
Epic Privacy Browser
Proxy-Scraper
Simple DnsCrypt
W10Privacy
WSO10
ProxyCap
Tor Browser
Wpd
Others
bWAPP, a buggy web application!
OWASP Mutillidae
OSINT Websites
Cheat Sheets Repositories
Remote Control Tools (13 / Tools):
AnyDesk
openvpn GUI
nc
pageant
pscp
putty
telnet
HeidiSQL
TeamViewer
nc64
plink
psftp
PuTTYgen
Utility Tools (57 / Tools):
7-Zip FileManager
HeidiSQL
Search Everything
AnyDesk
HostsFileEditor
Simple DnsCrypt
AutoIt3
HxD
SumatraPDF
Boxstarter Shell
KeepNote
Task Explorer x64
CFF Explorer
KeepPass
Task Explorer
Chrome - with XSS Auditor disabled
MarkdownEdit
TeamViewer
Chrome
MobaXterm
Tor Browser
Cyber Chef
Mysql
Wireshark
DB Browser for SQLite
Neo4j_start.bat
cmdr
email extractor
Neo4j_stop.bat
hjsplit
Email verify
NetworkMiner
neo4j-community
Epic Privacy Browser
Nirsoft Launcher
warm-reverse proxy
Essential NetTools
openvpn GUI
notepad + +
FLOSS
PE Detective
peview
Fiddler
PHP
qBittorrent
FileZilla Server Interface
ProcessHacker
services
Firefox
Rainmeter
shellcode_launcher
Greenshot
RunAsDate
vlc
HTTP File Server (HFS)
Screen To Gif
xampp-control
Application snapshots
The mangnet link gives 404
try copying a link with a right click
Done θενξ: D