The categories
hackingtoolforgot: Cloud · Container · Mobile · API · AI/LLM Red-Team · Supply-Chain · OSINT 2026 · Blue-Team · Modern Recon.
Quick Install · Categories · Why HaxBox · Architecture · Roadmap · Contribute
Most "all-in-one hacking" repos stopped curating around 2020. Modern offensive and defensive work happens in places those lists don't cover — cloud control planes, Kubernetes, mobile runtimes, GraphQL APIs, LLM prompt surfaces, and software supply chains. HaxBox is the curated, opinionated, current answer.
Old hackingtool style repos |
HaxBox | |
|---|---|---|
| Last meaningful update | 2020–2021 | 2026 |
| Cloud security (AWS / Azure / GCP) | ❌ | ✅ Prowler, ScoutSuite, CloudFox, Pacu |
| Container & Kubernetes | ❌ | ✅ Trivy, kube-hunter, Peirates, kubescape |
| Mobile (Android/iOS) | ✅ MobSF, Frida, Objection, jadx, Drozer | |
| API & GraphQL testing | ❌ | ✅ Kiterunner, InQL, graphql-cop, Akto |
| AI / LLM red-teaming | ❌ | ✅ Garak, PyRIT, promptfoo, llm-guard |
| Supply-chain security | ❌ | ✅ Syft, Grype, OSV-Scanner, cosign |
| Blue-team & DFIR | ❌ | ✅ Velociraptor, Wazuh, Sigma, Atomic Red Team |
| Modern recon (ProjectDiscovery) | ❌ | ✅ nuclei, httpx, katana, naabu, dnsx |
| Reporting & note-taking | ❌ | ✅ SysReptor, PwnDoc, Obsidian recipes |
| One-line installer | ✅ tested on Kali 2024+, Ubuntu 22.04+, WSL2 | |
| Architecture diagram | ❌ | ✅ See Architecture |
| Issue/PR templates, CoC, SECURITY.md | ❌ | ✅ Full GitHub community files |
╔══════════════════════════════════════════════════════════════╗
║ _ _ _ __ __ ____ ___ __ __ ║
║ | | | | / \ \ \/ / | __ ) / _ \ \ \/ / ║
║ | |_| | / _ \ \ / | _ \ | | | | \ / ║
║ | _ |/ ___ \ / \ | |_) || |_| | / \ ║
║ |_| |_/_/ \_\/_/\_\ |____/ \___/ /_/\_\ ║
║ ║
║ The 2026 Cybersecurity Toolbox · v1.0 · MIT ║
╚══════════════════════════════════════════════════════════════╝
[ 1] Anonymity & Privacy ( 6 tools )
[ 2] OSINT & Information Gathering ( 14 tools )
[ 3] Modern Recon (ProjectDiscovery)( 11 tools )
[ 4] Web Application Testing ( 18 tools )
[ 5] API & GraphQL ( 9 tools )
[ 6] Cloud Security ( 12 tools )
[ 7] Container & Kubernetes ( 10 tools )
[ 8] Mobile Application Testing ( 11 tools )
[ 9] Wireless & SDR ( 9 tools )
[10] Forensics & DFIR ( 12 tools )
[11] Reverse Engineering ( 10 tools )
[12] Exploitation Frameworks ( 7 tools )
[13] Password & Hash Attacks ( 9 tools )
[14] Phishing & Social Engineering ( 6 tools )
[15] Hardware & IoT ( 8 tools )
[16] Steganography ( 6 tools )
[17] AI / LLM Red Team ( 9 tools ) ⭐ NEW
[18] Supply Chain Security ( 8 tools ) ⭐ NEW
[19] Blue Team & Detection ( 11 tools ) ⭐ NEW
[20] CTF Helpers ( 9 tools )
[21] Reporting & Notes ( 6 tools )
[22] Automation & Workflows ( 7 tools )
[23] Learning Resources ( links )
[s] Search [u] Update Catalog [d] Doctor [q] Quit
>
⚠️ Authorized testing only. Use HaxBox exclusively on systems you own or have written permission to assess. See SECURITY.md and the responsible-use notice.
curl -fsSL https://raw.githubusercontent.com/SharpWizard/haxbox/main/install.sh | bashgit clone https://github.com/SharpWizard/haxbox.git
cd haxbox
python3 haxbox.pygit clone https://github.com/SharpWizard/haxbox.git
cd haxbox
python haxbox.pyThe launcher uses Python standard library only — no pip install required.
1 · Anonymity & Privacy — Tor, ProxyChains, Mullvad, Whonix, Tails, AnonSurf
Stay invisible during recon and engagements you have authorization for.
2 · OSINT & Information Gathering — Maltego, Sherlock, Spiderfoot, GHunt, Holehe, theHarvester, +8 more
Modern OSINT stack as of 2026 — username, email, phone, social-graph, breach data.
- Maltego CE · Sherlock · Spiderfoot · GHunt · Holehe · theHarvester · Recon-ng · Photon · PhoneInfoga · Maigret · Snoop · Mosint · Toutatis · WhatsMyName
3 · Modern Recon (ProjectDiscovery) ⭐ — nuclei, httpx, katana, subfinder, naabu, dnsx, +5 more
The ProjectDiscovery suite — every bug bounty hunter's daily driver, missing from older toolkits.
4 · Web Application Testing — Burp, ZAP, sqlmap, ffuf, gobuster, dalfox, wpscan, +11 more
- Burp Suite Community · OWASP ZAP · sqlmap · ffuf · gobuster · feroxbuster · dalfox · wpscan · Nikto · Wapiti · XSStrike · Commix · Nuclei templates · Arjun · paramspider · SecLists · tplmap · SSRFmap
5 · API & GraphQL ⭐ — Kiterunner, InQL, graphql-cop, Akto, Postman, +4 more
REST and GraphQL API testing — almost completely absent from older toolkits despite APIs being where modern bugs live.
- Kiterunner · InQL · graphql-cop · GraphQL Voyager · Akto · Postman · Insomnia · Hetty · Caido
6 · Cloud Security ⭐ — Prowler, ScoutSuite, CloudFox, Pacu, +8 more
AWS, Azure, GCP — the auditing and exploitation tooling for cloud control planes.
- Prowler · ScoutSuite · CloudFox · Pacu · CloudSploit · Cartography · enumerate-iam · aws-recon · PMapper · Stormspotter · PurplePanda · Cloudbrute
7 · Container & Kubernetes ⭐ — Trivy, kube-hunter, kubescape, Peirates, +6 more
The container/k8s attack surface that didn't exist when older toolkits were built.
- Trivy · kube-hunter · kubescape · kube-bench · Peirates · Dockle · Falco · Hadolint · Checkov · krane
8 · Mobile Application Testing — MobSF, Frida, Objection, jadx, apktool, Drozer, +5 more
9 · Wireless & SDR — Aircrack-ng, Wifite, Bettercap, Kismet, Hcxdumptool, +4 more
- Aircrack-ng · Wifite2 · Bettercap · Kismet · Hcxdumptool · Reaver · Fluxion · Airgeddon · GNU Radio
10 · Forensics & DFIR ⭐ — Velociraptor, Volatility, Autopsy, Sleuthkit, plaso, +7 more
- Velociraptor · Volatility 3 · Autopsy · Sleuthkit · plaso/log2timeline · MISP · TheHive · Cortex · YARA · DFIR-IRIS · Hayabusa · Chainsaw
11 · Reverse Engineering — Ghidra, Cutter/Radare2, x64dbg, Binary Ninja, IDA Free, +5 more
12 · Exploitation Frameworks — Metasploit, Sliver, Mythic, Havoc, Empire, +2 more
Open-source C2 / framework references for authorized red-team operations.
- Metasploit Framework · Sliver · Mythic · Havoc · Empire (BC-Security) · Villain · Caldera
13 · Password & Hash Attacks — hashcat, John, hydra, kerbrute, CeWL, +4 more
- hashcat · John the Ripper · hydra · kerbrute · CeWL · crunch · Hashes.com lookups · Cupp · Mentalist
14 · Phishing & Social Engineering — GoPhish, evilginx2, SET, Modlishka, Zphisher, King-Phisher
For authorized awareness exercises only.
15 · Hardware & IoT — binwalk, firmwalker, EMBA, Routersploit, FACT, +3 more
- binwalk · firmwalker · EMBA · Routersploit · FACT · firmware-mod-kit · HardSploit · chipsec
16 · Steganography — steghide, zsteg, stegseek, exiftool, OpenStego, foremost
17 · AI / LLM Red Team ⭐⭐ NEW — Garak, PyRIT, promptfoo, llm-guard, vigil-llm, +4 more
The category that did not exist when older toolkits were written. As LLMs become production critical, prompt-injection / jailbreak / data-exfil testing is the new frontier.
- Garak — LLM vulnerability scanner
- PyRIT (Microsoft) — Python Risk Identification Toolkit
- promptfoo — LLM eval & red-team
- llm-guard — input/output guardrails
- vigil-llm — prompt injection detection
- Rebuff — self-hardening LLM firewall
- Counterfit (Microsoft) — adversarial ML
- HouYi — prompt injection research
- GPTFuzzer
18 · Supply Chain Security ⭐⭐ NEW — Syft, Grype, OSV-Scanner, cosign, dep-scan, +3 more
SBOMs, dependency CVEs, signing/attestation — the post-SolarWinds toolkit.
- Syft — SBOM generator
- Grype — vulnerability scanner
- OSV-Scanner (Google)
- Trivy
- cosign (sigstore)
- dep-scan
- Snyk CLI
- npm-audit-resolver
19 · Blue Team & Detection ⭐⭐ NEW — Wazuh, Sigma, Atomic Red Team, Suricata, Zeek, +6 more
Purple-team detection engineering. The defender's toolkit, often missing from offense-only repos.
- Wazuh · Sigma rules · Atomic Red Team · Caldera (MITRE) · Suricata · Zeek · OSSEC · Velociraptor · TheHive · MISP · Wazuh Detection Lab
20 · CTF Helpers — CyberChef, RsaCtfTool, pwntools, gef, pwndbg, +4 more
- CyberChef · RsaCtfTool · pwntools · gef · pwndbg · angr · stegsolve · aperisolve · Decoder.fr
21 · Reporting & Notes ⭐ — SysReptor, PwnDoc, Dradis, Obsidian, CherryTree, Trilium
Pentest report generation and structured note-taking — the unsexy stuff that wins clients.
22 · Automation & Workflows — n8n, reNgine, Axiom, Project Discovery workflows, BBRF, +2 more
23 · Learning Resources — HackTheBox, TryHackMe, PortSwigger Academy, OWASP, +many
Free and paid platforms to actually learn this stuff.
See
docs/categories.mdfor the full machine-readable catalog.
flowchart LR
User([User]) -->|menu / search| CLI[haxbox.py · TUI]
CLI --> Catalog[(tools catalog<br/>haxbox/data/tools.py)]
CLI --> Installer[Installer Engine]
CLI --> Doctor[Environment Doctor]
Installer -->|apt / pipx / git| System[(Local System)]
Installer -->|writes| State[(installed.json)]
Doctor -->|verifies| System
CLI -->|opens repo / docs| Browser([Browser])
classDef red fill:#ef4444,stroke:#7f1d1d,color:#fff,stroke-width:2px;
classDef orange fill:#f97316,stroke:#7c2d12,color:#fff;
classDef gray fill:#1f2937,stroke:#111827,color:#fff;
class CLI red
class Installer,Doctor orange
class Catalog,State,System,Browser gray
The launcher is stdlib-only Python. The tools catalog is a single source of truth (haxbox/data/tools.py) — every category, README section, and docs page is derived from it. Adding a tool is a one-line PR.
- v1.0 — Core launcher, 23 categories, 200+ tools, Linux/macOS/WSL2 install
- v1.1 — Native Windows tool detection (winget integration)
- v1.2 — Docker-based "ephemeral toolbox" mode (
haxbox box <category>) - v1.3 — Plugin system:
~/.haxbox/plugins/*.py - v1.4 — Catalog auto-update from GitHub releases (
haxbox update) - v2.0 — Web UI (FastAPI) with category drilldown + per-tool docs
Vote on what comes next in Discussions.
PRs that add a tool, fix an install command, or add a category are the most valuable. See CONTRIBUTING.md. All contributors are credited in releases.
# Add a tool in 4 lines
# 1. Edit haxbox/data/tools.py
# 2. Add: Tool(name="...", repo="...", install="apt install ...", category="recon")
# 3. Run python haxbox.py --validate
# 4. PRHaxBox catalogs and installs publicly available security tools. It does not include exploits, payloads, or evasion code. You are responsible for what you do with the tools it installs.
- ✅ Authorized penetration tests with written scope
- ✅ Bug bounty programs (within their rules)
- ✅ CTF and HackTheBox / TryHackMe labs
- ✅ Your own systems, networks, and accounts
- ✅ Defensive engineering (blue team, detection)
- ❌ Anything you don't have explicit permission to test
Unauthorized access to computer systems is illegal in virtually every jurisdiction. The maintainers accept no liability for misuse.
MIT © 2026 SharpWizard.
Tools cataloged here remain under their respective licenses — HaxBox does not redistribute them.
If this saves you time, drop a ⭐ — it's the only way the project gets discovered.
Made with 🖤 by red-teamers, blue-teamers, and people who refuse to maintain a 200-line apt install script in a Notion page.