Network Mapping and Service Enumeration Tools

Headscale is a self-hosted control plane for private mesh networking that enables the creation of secure, encrypted peer-to-peer networks. By acting as a centralized coordination server, it manages device authentication, cryptographic key exchange, and network topology, allowing distributed infrastructure to communicate without relying on third-party services. It implements a zero-trust security architecture, verifying device and user identity before granting access to internal resources. The project distinguishes itself by providing a fully independent, self-hosted alternative for managing network overlays. It integrates with external identity providers to automate user authentication and enforces granular, declarative access control policies across a fleet of devices. Administrators can manage the network through a web-based dashboard, a REST API, or a gRPC interface, providing flexibility for both manual oversight and programmatic automation. The system supports a wide range of networking capabilities, including remote subnet routing, exit node configuration, and automated DNS management. It ensures connectivity across diverse environments through relay-based NAT traversal, which facilitates communication even when direct peer-to-peer connections are blocked by firewalls. The platform also maintains state persistence using a relational database and automates security through integrated TLS certificate management. The software is available as a standalone binary or via containerized deployment, with support for cross-platform clients across various mobile and desktop operating systems.

Th3inspector is a command-line open-source intelligence reconnaissance tool used for gathering public information on websites, phone numbers, and network records. It functions as a central interface for collecting technical metadata and performing various lookups to build profiles of target entities. The project provides specialized verification utilities for validating email addresses, phone numbers, and credit card bank identification numbers. It also includes tools for retrieving domain registration age, ownership records, and identified subdomains from global databases. Additional capabilities cover network analysis and infrastructure reconnaissance, including IP geolocation, open port scanning, and the identification of running services. The tool can also resolve original server addresses by attempting to bypass proxy protections.

Clash Meta for Android is a system-level network utility that functions as a rule-based proxy engine for mobile devices. It operates by intercepting system-wide network traffic through a virtual interface, allowing it to route data packets through configurable tunnels based on domain, IP, and geo-location patterns. By acting as a transparent proxy, the application manages connectivity and enhances privacy for all installed software on the device. The project distinguishes itself by utilizing a high-performance, cross-compiled proxy kernel that handles concurrent connections and protocol translation directly on mobile hardware. It supports advanced proxy management, including the ability to handle multiple protocols and load balancing, while providing dynamic configuration hot-reloading to update routing rules and server endpoints in real-time without interrupting the networking service. Beyond core routing, the application provides content filtering and blocking capabilities to restrict unwanted network requests at the device level. It facilitates secure mobile connectivity by encapsulating outgoing data within encrypted tunnels, ensuring privacy when operating across various network environments. The software is distributed as an Android application, utilizing a low-overhead interface to bridge the native user interface with the underlying networking kernel.

Reticulum is a decentralized networking stack that enables encrypted, peer-to-peer communication over diverse physical mediums without relying on central infrastructure or IP protocols. It uses self-sovereign cryptographic identities for routing and authentication, replacing traditional IP addresses with collision-free globally unique addresses that require no central coordination. Every packet is encrypted by default using ephemeral key exchanges with forward secrecy, and unencrypted traffic is dropped as invalid. The stack unifies heterogeneous transport mediums—including LoRa radio, packet radio, serial links, WiFi, Ethernet, and TCP/IP—into a single self-configuring mesh through a plugin-based interface system. It provides autonomous path discovery and maintenance that adapts to topology changes without central servers, along with a resource transfer protocol for reliable data delivery from bytes to gigabytes. Built-in tools support encrypted messaging with offline delivery, real-time group chat, bulletin boards, voice calls, file synchronization, Git repository hosting, distributed web content browsing and hosting, and remote shell access over low-bandwidth links. Reticulum includes utilities for monitoring network health, probing paths, managing cryptographic identities, controlling interface behavior, and sharing blocklists for community-wide spam filtering. It supports anonymous communication by omitting source addresses from packets, and offers fallback to pure-Python cryptography when native libraries are unavailable. The stack can run as a background daemon on multiple platforms, including Android via Termux, and allows hosting public entrypoints for remote peers to join the mesh over the Internet.

AdGuardHome is a network-wide software solution that provides centralized control over domain name resolution, content filtering, and local network management. It functions as a recursive DNS server and DHCP address server, intercepting network traffic to enforce security policies and block unwanted content across all connected devices. By acting as a central gateway, it ensures that every device on a home or office network benefits from consistent protection and private, authenticated name resolution. The software distinguishes itself through granular client management and robust security features. It automatically identifies connected hardware to provide detailed traffic statistics and allows for the application of custom filtering rules to specific devices or groups. To ensure privacy, it supports encrypted DNS protocols, including DNS-over-HTTPS and DNS-over-TLS, and automates the acquisition and renewal of SSL certificates. Administrators manage these settings through a centralized web-based dashboard, which also provides tools for monitoring performance and configuring upstream routing. The platform is designed for flexible deployment across diverse environments, including virtual servers, single-board computers, and isolated containers. It maintains system state through human-readable configuration files and supports non-privileged execution to enhance security. The project emphasizes integrity and reliability, offering reproducible build verification and standardized packaging for various operating systems and hardware architectures.

Subfinder is a security reconnaissance framework designed for subdomain enumeration and attack surface management. It functions as a discovery engine that identifies and maps internet-exposed infrastructure, cloud-hosted assets, and network ranges to maintain a comprehensive inventory of an organization's digital footprint. The project distinguishes itself through a modular, template-driven scanning engine that executes security checks against discovered assets. It leverages cloud-native asset discovery to query provider APIs and infrastructure metadata, while supporting distributed agent orchestration to parallelize discovery workloads across remote nodes. For dynamic web application analysis, the tool incorporates headless browser rendering to execute client-side code and capture visual state. The platform provides a broad capability surface for security operations, including asynchronous interaction monitoring to detect blind vulnerabilities and server-side request forgery. It features a domain-specific language for granular filtering of scan results and supports pipeline-oriented data streaming to integrate findings into external security tools and reporting systems. The software is implemented in Go and provides a command-line interface for executing discovery tasks and managing security workflows.

This project is a comprehensive cybersecurity tool collection designed to support security research, penetration testing, and vulnerability assessment. It functions as a unified penetration testing suite, providing a centralized environment where professionals can access a wide range of offensive security utilities to identify system weaknesses and study attack vectors. The platform distinguishes itself through a modular architecture that aggregates disparate security scripts into a single, hierarchical command-line interface. It simplifies the management of these utilities by integrating external repositories, allowing users to fetch and organize third-party tools directly into a structured local directory. By utilizing a categorized menu system and shell-based process execution, the suite enables efficient navigation and direct invocation of specialized tools for tasks ranging from forensic analysis and reverse engineering to exploit development. The toolkit covers a broad spectrum of security domains, including web and wireless attack vectors, cloud security, payload creation, and social media analysis. It also incorporates automated environment setup to handle the installation of necessary system packages and language runtimes, ensuring compatibility across its diverse collection of utilities.

Clash-rules provides a standardized, declarative system for managing network traffic routing across desktop and mobile proxy clients. It functions as a centralized configuration provider that uses structured rule sets to categorize outgoing requests, allowing users to define whether specific connections should be proxied, rejected, or routed directly. The project distinguishes itself through its comprehensive, curated rulesets that enable granular control over network behavior. By employing domain-pattern matching, CIDR-based network analysis, and application-specific signatures, it ensures consistent traffic management across diverse environments. It also supports automated synchronization, allowing proxy clients to fetch updated routing logic from external sources without manual intervention. The platform covers a broad range of traffic management capabilities, including regional content access, local network optimization, and malicious traffic filtering. These features allow for the systematic blocking of advertising and tracking domains while ensuring that private, local, and internal network resources bypass proxy tunnels to maintain direct connectivity.

Scapy is a network packet manipulation tool and protocol analysis suite designed for crafting, sending, sniffing, and dissecting network traffic. It functions as a framework for building custom network tools that interact directly with low-level packet headers and payloads, enabling users to perform security research and network diagnostics. The system distinguishes itself through a layer-based construction model that allows users to define protocols as stacked objects, which automatically handle checksums and field offsets. It utilizes dynamic field reflection to map packet structures to binary data formats and employs a raw socket interface to bypass standard transport layer restrictions for custom packet injection. The platform provides a comprehensive capability set for network security testing, automated scanning, and traffic simulation. It includes a protocol dissection engine that recursively parses binary streams into structured objects, supported by stateful flow tracking to correlate packets into logical sessions. Users can capture and analyze live traffic through a background sniffing loop to troubleshoot communication patterns and verify protocol implementations.

This project is an automated security testing suite designed to detect and exploit database vulnerabilities. It functions as a command-line utility that streamlines the identification, verification, and exploitation of web application flaws by automating the injection of malicious payloads into input parameters. The tool provides a comprehensive framework for database enumeration, allowing users to extract schema information, user data, and system configurations from identified injection points. What distinguishes this tool is its sophisticated engine for dynamic payload adaptation and heuristic fingerprinting, which adjusts injection techniques in real-time based on server responses. It supports advanced post-exploitation capabilities, including remote command execution on the underlying host operating system and file system access through database-level vulnerabilities. To navigate restricted environments, the software incorporates out-of-band data exfiltration channels and a middleware pipeline for applying user-defined transformations to bypass security filters and web application firewalls. The suite covers a broad range of operational requirements, including stateful session management, anti-CSRF token handling, and extensive request customization. It supports various target specification methods, such as proxy log analysis and remote API management, while offering granular control over scan performance and detection thresholds. The software is distributed as a command-line application, with configuration management supported through external file loading and command-line arguments.