# Tools & Kits 🧰

> A curated kit for red/blue/purple work. Opinionated, lightweight, and actually maintained.

## Recon & Discovery
- **Nmap** — nmap.org  
- **Wireshark** — wireshark.org  
- **Shodan** — shodan.io  
- **Censys** — censys.io  
- **Subfinder** — github.com/projectdiscovery/subfinder

## Web App Testing
- **Burp Suite** — ports­wigger.net/burp  
- **OWASP ZAP** — owasp.org/www-project-zap/  
- **SecLists** — github.com/danielmiessler/SecLists  
- **fuzzdb** — github.com/fuzzdb-project/fuzzdb

## Exploitation Frameworks
- **Metasploit** — metasploit.com  
- **BeEF** — beefproject.com

## Reverse Engineering / Binary
- **radare2** — github.com/radareorg/radare2  
- **Ghidra** — ghidra-sre.org  
- **BinNavi** — github.com/google/binnavi

## MITM / Phishing
- **BetterCAP** — bettercap.org  
- **mitmproxy** — mitmproxy.org  
- **Evilginx** — github.com/kgretzky/evilginx

## Privilege Escalation Helpers
- **LinEnum** — github.com/rebootuser/LinEnum  
- **linux-exploit-suggester** — github.com/mzet-/linux-exploit-suggester  
- **BeRoot** — github.com/AlessandroZ/BeRoot

## Malware & Forensics
- **malice** — github.com/maliceio/malice  
- **linux-explorer** — github.com/intezer/linux-explorer

## Wordlists & CTI
- **SecLists** — (again, because you’ll forget)  
- **Exploit-DB** — exploit-db.com  
- **Rapid7 DB** — rapid7.com/db

> Got a better tool? Add it under the right section, alphabetically. If it’s niche, add a one-liner why it’s worth anyone’s time.