Forum Thread: Ninjutsu Project Penetration Testing/Red Teaming Distribution Based on Windows

Ninjutsu Project

Ninjutsu is Penetration testing/Red Teaming distribution based on Windows focused on Penetration Testing, Red Teaming, Android Penetration Testing.

It includes a full portable arsenal for security experts, but it also includes pre-configured and installed Android Pentesting Integrated Environmental, In addition, protect your privacy by tweak and customize Windows 10, disable the collection services/Apps to improving your anonymity/performance.

Security

Ninjutsu OS includes a full arsenal of security-oriented tools to perform penetration tests, security audits, and more.

Privacy

Ninjutsu includes Proxycap , Shut10, WPD10, and simple Dnscrypt which designed to defend your privacy and your identity.

Features

  • Windows 10 Pre-Installed Penetration Testing, Red Teaming, and Android Security Testing Integrated Environment.
  • More than 800 penetration testing tools.
  • Free and Open source Tools.
  • Prefills the commandline.
  • Terminal with many useful features.
  • Customize Windows 10 with powerful tweak and optimize.
  • Protect your privacy by tweak and customize Windows 10.
  • Disable many of the annoying features built into windows.
  • Unwanted Windows components removal.
  • Remove/Disable many Windows programs and services.

Tools :

ninjutsu-os.github.io/Tools/

Community :

Twitter : twitter.com/ninjutsu_os
Telegram : t.me/Ninjutsu_os
Discord : discord.gg/ySmjw9
GitHub : github.com/Ninjutsu-OS/Ninjutsu

Download :

ninjutsu-os.github.io/Download/

The SHA-1 hash/MD5 for Ninjutsu-v1.0.iso
File name : Ninjutsu-v1.0.iso
SHA1: 76C2A51F5CEE12CE35FDF88B2261662C54D8B770
MD5: FD295F038577D12CCAEE844D8BA99F8E

Username : Administrator
Password : toor

Ninjutsu Creator

  • Hasan Al-Qawzai

FAQ :

ninjutsu-os.github.io/FAQ/

Guide :

ninjutsu-os.github.io/guide/

Screenshot

Image via imgur.com

Desktop :

Image via imgur.com
Image via imgur.com
Image via imgur.com
Image via imgur.com
Image via imgur.com
Image via imgur.com
Image via imgur.com
Image via imgur.com
Image via imgur.com
Image via imgur.com
Image via imgur.com
Image via imgur.com
Image via imgur.com

Information Gathering Tools

Image via imgur.com

Exploitation Tools

Image via imgur.com

Red Team Toolkit

Image via imgur.com

Android Pentesting Integrated Environmental

Image via imgur.com

Web Application PT Tools

Image via imgur.com

Context menu (Mouse Right-click Features)

Image via imgur.com
Image via imgur.com
Image via imgur.com
Image via imgur.com
Image via imgur.com

Ninjutsu OS for Pentesting/Red Teaming Tools Kit

Red Teaming

Information Gathering (Red Teaming)(100/Tools)

ADACLScanner
R3con1z3r-Web information gathering
ADExplorer
Recon-Dog
ADOffline
Recon-ng
ADRecon
Reconspider-Advanced (OSINT)
AdFind-Command line Active Directory query
Red Rabbit
Amass
RedRabbit-Red Team PowerShell Script
Aquatone
ScrapedIn- LinkedIn Scraper
Asset Finder
Searchsploit
Atscan
SharpHound
BaseQuery- Organize public combo-lists & data breaches
SharpHound
BeRoot
SharpView
Bettercap
Sherlock-Find usernames across social networks
BloodHound
ShodanSploit
Bloodhound-Custom-Queries
SpiderFoot
BridgeKeeper-Scrape employee names
SpoolerScanner
Censys Subdomain Finder
Sub Finder
CloudBunny-Find the real IP behind WAF
SubOver-Subdomain Takeover Tool
Cloud_Enum-Multi-cloud OSINT
Sublist3r
CrossLinked- LinkedIn enumeration tool
Sudomy-Powerful Subdomain Enumeration
Dirble- WebSite Directory Scanning
Turbolist3r
Dump Users
URLCrazy
Watson
Email extractor
WhatBreach-OSINT tool to find breached
Email-verify
WhatWAF
EmailHarvester
WhatWeb
EyeWitness
WhatsMyName- User Enumeration
FOCA v3.4.6.2
WinScanX GUI
Fierce
WinScanX-CL
Findomain
Windows Exploit Suggester
Get-ReconInfo
XCTR-Hacking-Tools
GoBuster
browseList
Gowitness-Web screenshot utility
ffuf - Fuzz Faster
Hunter
h8mail- Email OSINT and breach hunting
InSpy - LinkedIn enumeration
identYwaf
Lazagne- Credentials recovery
mimikatz
LinkedIn Recon Tool -LinkedInt
nbtscan
LittleBrother-Information gathering (OSINT)
nmap
MSOLSpray - A Password Spraying Tool
pockint
Maltego
recon-ng - Web
Mass-Maillist-Cleaner
srvinfo
NetRipper
subDomainsBrute
Nirsoft Launcher
subdomain-bruteforce
Nmap - Zenmap GUI
subjack-Subdomain Takeover tool
OneForAll - Subdomain Scanner
theHarvester
Photon-fast crawler designed for OSINT
wafw00f
PowerView
wePWNise
PowerView_dev
winfo
Prowl - Email harvesting tool
zenmap

Active Directory Tools (Red Teaming)(199/Tools):

Administration Tools
sqlcmd
Sysinternals

Evasion (Red Teaming)(22/Tools):

AVIATOR_x64
PSAttack
AVIator- Antivirus Evasion Project
PowerLessShell
CheckPlease
PowerShdll
DefenderCheck
PowerShell Armoury-Evading anti-virus
DotNetToJScript
StarFighters
Invoke-CradleCrafter
SysWhispers-AV-EDR evasion
Invoke-DOSfuscation
demiguise
Invoke-Obfuscation
nps
Invoke-Phant0m
pafishmacro
Macro Pack-Automatize Obfuscation & Generation of MS Office
tvasion - Anti virus evasion
PSAmsi
xencrypt-Anti-virus evasion Tool

Exploitation (Red Teaming) (64/Tools):

ADAPE
PowerShell-Suite
API Monitor x64
PowerSploit
API Monitor x86
PowerUpSQL
BetterBackdoor-create & Control a backdoor
PowerZure- Assessing Azure security
CVE-2019-1040-Scanner
PrivExchange
Chisel - Fast TCP tunnel over HTTP
PrivescCheck Win -Privilege Escalation Enumeration
CrackMapExecWin
Privilege-Escalation-Awesome-Scripts-Suite
CredsLeaker-credentials stealer
ROADtools - Azure AD Exploration Framework
DAMP
ROADtools-GUI - Azure AD Exploration Framework
Dumpert
RedTeam CSharp Scripts
Evil-Winrm-Ultimate WinRM shell for pentesting
RedTeam Powershell Scripts
EvilClippy
Red_Team - Useful Scripts
EvilURL- Generate unicode domains
ReverseTCPShell- PowerShell ReverseTCP Shell
Eviloffice
RottenPotatoNG
Exchange-AD-Privesc
Sharp-Suite
GadgetToJScript
SharpClipHistory
Generate-Macro
SharpExchangePriv
GhostPack
SharpExec
Invoke-ACLPwn
SharpSploit
Invoke-DCOM
Shellerator-bind-reverse shell Generater
Invoke-GoFetch
SpoolSample
Invoke-PSImage
UACME
Invoke-PowerThIEf
impacket-examples-windows
Jalesc-Linux Privileges Escalating
juicy-potato
Meterpeter-C2 Powershell Command & Control Framework
kali-windows-binaries
MicroBurst - PowerShell Toolkit for Attacking Azure
lsassy-Extract credentials from lsass remotely
NetshHelperBeacon
luckystrike
Orca
metatwin
PSReflect
nishang
PowerLurk
ruler
PowerPriv
vssown
PowerSharpPack-Usefull offensive CSharp Projects
vulcan

Password Attacks (Red Teaming) (18/Tools):

ADFSpray - MS Password Spray Attack
Get-LAPSPasswords
LAPSToolkit
ASREPRoast
Internal-Monologue
MSOLSpray - A Password Spraying Tool
Check-LocalAdminHash
Inveigh
MailSniper
CredNinja
Invoke-TheHash
RiskySPN
DSInternals
KeeFarce
SessionGopher
DomainPasswordSpray
KeeThief
mimikittenz

Vulnerability Analysis (Red Teaming) (6/Tools):

AD Control Paths
Grouper2
PowerSharpPack-Usefull offensive CSharp Projects
Egress-Assess
NtdsAudit
zBang

Information Gathering (119/Tools):

AWSBucketDump
AdFind-Command line Active Directory query
Amass
Aquatone
Asset Finder
Atscan
BaseQuery- Organize public combo-lists & data breaches
Bettercap
BridgeKeeper-Scrape employee names
Bucket-Stream-Find Amazon S3 Bucket
Cansina - Web Content Discovery
Censys Subdomain Finder
CloudBunny-Find the real IP behind WAF
Cloud_Enum-Multi-cloud OSINT
Cloudfail
Cloudmare
CrossLinked- LinkedIn enumeration tool
DNS Recon
DirBuster
Dirble- WebSite Directory Scanning
Dirsearch- Web path scanner
Droopescan
Dump Users
ESmai
Email extractor
Email-verify
EmailHarvester
Essential NetTools
EyeWitness
FOCA v3462
Fierce
FinalRecon- All-In-One Web Reconnaissance
Findomain
Fprobe-Scan Domains Subdomains for http-https
Git-Hound
Git-Leak
GitHack-Git folder disclosure exploit
GitMiner-Advanced mining for content Github
Github-Dork
Gitrob
Gobuster
Goby - Attack surface mapping
Gowitness-Web screenshot Utility
Hunter
InSpy - LinkedIn enumeration
IoTSeeker
Kicks3-S3 bucket finder
Lazagne- Credentials recovery
LinkedIn Recon Tool -LinkedInt
LittleBrother-Information gathering (OSINT)
Leetlinked - Scraping tool for LinkedIn
Maltego
Mass-Maillist-Cleaner
Masscan
Nirsoft Launcher
Nmap - Zenmap GUI
OneForAll - Subdomain Scanner
Pacu - AWS exploitation framework
Pathbrute-Directory Discovery Tool
Photon-fast crawler designed for OSINT
Prowl - Email harvesting tool
R3con1z3r-Web information gathering
Recon-Dog
Recon-ng
Reconspider-Advanced (OSINT)
RastLeak - Find leak information
Recurse Buster
RedRabbit-Red Team PowerShell Script
S3Scanner- Scan s3 buckets for security issues
SSL-Scan
ScrapedIn- LinkedIn Scraper
Searchsploit
Sherlock-Find usernames across social networks
ShodanSploit
Shuffledns- Enumerate valid subdomains
Slurp- Enumerates S3 buckets
Snoop - Nickname Search Tools OSINT
Spaghetti
SpiderFoot
Sub Finder
SubOver-Subdomain Takeover Tool
Sublist3r
Sudomy-Powerful Subdomain Enumeration
Turbolist3r
URLCrazy
WhatBreach-OSINT tool to find breached
WhatWAF
WhatWeb
WhatsMyName- User Enumeration
WinScanX GUI
WinScanX-CL
Windows Exploit Suggester
XCTR-Hacking-Tools
browseList
ffuf - Fuzz Faster
gau (GetAllURLs)
git Graber
h8mail- Email OSINT and breach hunting
hakrevdns - Reverse DNS lookups
hping
httprecon
httprobe - Scan Domains Subdomains for http-https
identYwaf
inSp3ctor-AWS S3 Bucket Finder
mimikatz
nbtscan
nc
nc64
nmap
pockint
recon-ng - Web
s3recon-Amazon S3 bucket finder and crawler
shhgit-Find GitHub secrets
srvinfo
sslyze
subDomainsBrute
subjack-Subdomain Takeover tool
theHarvester
trufflehog- Searches through git repositories for secrets
wafw00f
winfo

Web Application Attack (80/Tools):

Aquatone
SQLi-Hunter-SQLMAP API wrapper
Arjun
SQLmap
Atlas- Quick SQLMap Tamper Suggester
SSL-Scan
Atlas-Quick SQLMap Tamper Suggester
SSRFmap-SSRF Scanner
Atscan
See-SURF- find potential SSRF parameters
BSQLGUI
Shuriken-XSS
BruteXMLRPC
SleuthQL
BruteXSS
SoapUI 5.5.0
BurpSuite Free Edition
Spaghetti
CMSeeK- CMS Detection and Exploitation suite
TestSSL.sh
Cansina - Web Content Discovery
VBscan - vBulletin Vulnerability Scanner
Commix - Command injection exploit
Vega - Web vulnerability scanner
Corsy-CORS Misconfiguration Scanner
WAScan - Web Application Scanner
DSSS-sql-injection
WPScan-WordPress Vulnerability Scanner
Dalfox - XSS Scanning
Wapiti-Web Vulnerability Scanner
WebCruiser Scanner
DirBuster
Weblogic-Scanner
Dirble- WebSite Directory Scanning
WhatWAF - advanced firewall detection tool
Dirsearch- Web path scanner
WhatWeb
Droopescan
Wordpress Exploit Framework
ExploitMyUnion
XBruteForcer (CMS)
Eyewitness
XMLrpc-bruteforcer
Findom-XSS
XSS-Freak
Fuxploider-File upload scanner and exploitation
XSS-Loader Tools
Golismero
XSSfork - XSS Vulnerability Scan
Gowitness-Web screenshot utility
XSSpwn
IIS-ShortName-Scanner
XSSsniper
IIS-Shortname-Scan (Python)
XSStrike
Joomscan
XSpear-XSS Scanning
Link JS Find - Extract URL Websites
bWAPP- vulnerable web-application
LinkFinder
dotdotpwn - Directory Traversal Fuzzer
Nikto
ffuf - Fuzz Faster
NoSQLMap
httprecon
Nuclei - Web Scanner based on templates
identYwaf
OWASP Mutillidae- Vulnerable web-application
jsql-injection-GUI
OWASP ZAP Proxy
jwtcat - Cracking JSON Web Token
Quick-SQL
pentest-tools
R3con1z3r-Web information gathering
sslyze
Recurse Buster
wafw00f
SPartan-Sharepoint
wfuzz
SQLMap-GUI

Wireless Attacks (36/Tools):

Airbase-ng
Airserv-ng
Easside-ng
Tkiptun-ng
Wpaclean
Aircrack-ng-GUI
Airtun-ng
Evil FOCA
WNetWatcher
ettercapNG
Aircrack-ng
Airventriloquist-ng
Jumpstart
Waircut
ivstools
Airdecap-ng
Besside-ng
Kstats
Wesside-ng
wifi-perfiles
Airdecloak-ng
Bettercap
Makeivs-ng
WifiChannelMonitor
Aireplay-ng
Buddy-ng
Packetforge-ng
WifiInfoView
Airodump-ng
Cain and abel
RouterScan
WirelessNetView
Airolib-ng
Dumpper
SSL-Strip
Wireshark

Exploitation Tools (35/Tools):

BSQLGUI
Shellerator-bind-reverse shell Generater
CVE-2019-1040-Scanner
Shuriken-XSS
Chisel - Fast TCP tunnel over HTTP
VBscan
DSSS-sql-injection
WebCruiser Scanner
EvilURL- Generate unicode domains
WinScanX GUI
Eviloffice
Windows Exploit Suggester
ExploitMyUnion
XSS-Loader Tools
Goby - Attack surface mapping
XSSpwn
Jalesc-Linux Privileges Escalating
XSSsniper
Metasploit
XSStrike
MicroBurst - PowerShell Toolkit for Attacking Azure
hjsplit
Nikto
jsql-injection-GUI
NoSQLMap
mimikatz
PowerZure- Assessing Azure security
nc
Privilege-Escalation-Awesome-Scripts-Suite
nc64
ROADtools - Azure AD Exploration Framework
subdomain-bruteforcer(SubBrute)
ROADtools-GUI - Azure AD Exploration Framework
wePWNise
SQLmap

Vulnerability Analysis (33/Tools):

BSQLGUI
SQLmap
Weblogic-Scanner
DSSS-sql-injection
SSH Scan
WinScanX GUI
Droopescan
SSL-Scan
WinScanX-CL
ExploitMyUnion
Searchsploit
XSS-Freak
Golismero
Shuriken-XSS
XSS-Loader Tools
Joomscan
SleuthQL
XSSpwn
Nikto
Spaghetti
XSSsniper
NoSQLMap
TestSSL.sh
XSStrike
OWASP Mutillidae- Vulnerable web-application
VBscan
XSpear-XSS Scanning
OWASP ZAP Proxy
WAScan
bWAPP- vulnerable web-application
SMBGhost-CVE-2020-0796
WebCruiser Scanner
jsql-injection-GUI

Malware analysis (45/Tools):

Autoruns
LockHunter
Task Explorer x64
exeinfope
Binwalk
Microsoft Sysinternals
Task Explorer
exiftool
Comodo Cleaning Essentials
PE Detective
UPXEasyGUI
loki-upgrader
CrowdInspect
PPEE
UniExtract
loki
CrowdInspect64
Process Hacker 2
VirusTotal Uploader 22
ollydbg
Detect It Easy
ProcessActivityView
Volatility-CL
pdbripper
FLOSS
ProcessHacker
VolatilityWorkbench-gui
pestudio
FolderChangesView
Registry Changes View
Winja (VirusTotal Uploader)
peview
HijackCleaner64
Regshot-x64-ANSI
Wireshark
windump
ILProtectorUnpacker
Regshot-x64-Unicode
apateDNS
IREC-1916
RunPEDetector32
dnSpy-x86
KillSwitch
Sandboxed Web Browser
dnSpy

Mobile Security Tools (26/Tools):

APK Easy Tool
Drozer
GDA-android-reversing-Tool
dex2smali
APK Editor Studio
Frida-discover
Mobile Security Framework (MobSF)
frida-objection
Android Debug Bridge (adb)
Frida-kill
Multi-Drive
frida-pygmentize
Apkid
Frida-ls-devices
Nox
jadx-gui
Apktool
Frida-ps
OWASP ZAP Proxy
vulnerable apk
Bytecode-Viewer
Frida-trace
appmon
DB Browser for SQLite
Frida
dex2jar

Network Attack (32/Tools):

Bettercap
FindSQLSrv-Python
Responder-Python
WinScanX GUI
BeyondTrustDiscoveryTool
Goby - Attack surface mapping
Responde
Wireshark
BrowserListener-Python
Icmp-Redirect-Python
RouterScan
ettercapNG
Cain
Jumpstart
RunFinger-Python
nc
Dumpper
MultiRelay-Python
SSH Scan
nc64
Essential NetTools
MultiRela
SSL-Strip
odict-Python
Evil FOCA
NetworkMiner
SnmpWalk
snmptest
FindSMB2UPTime-python
Nirsoft Launcher
Waircut
sslyze

Password Attacks (48/Tools):

Get-LAPSPasswords
LAPSToolkit
ASREPRoast
Internal-Monologue
Check-LocalAdminHash
Inveigh
MailSniper
CredNinja
Invoke-TheHash
RiskySPN
DSInternals
KeeFarce
SessionGopher
DomainPasswordSpray
KeeThief
mimikittenz
ADFSpray - MS Password Spray Attack
MSOLSpray - A Password Spraying Tool
BruteXMLRPC
Md5Cracker
Bruter
Password Recovery
Cain
Patator - Brute-force
CeWL-Creating Custom Wordlists
Smtp-Cracker
Crunch
WinScanX GUI
Fast-RDP-Bruteforce
WinScanX-CL
Go-jwt-cracker
XBruteForcer (CMS)
Hash-Buster- Online Crack hashes
XMLrpc-bruteforcer
Hash-identifier
cap2hccap
Hashcat CLI
cap2hccapx
Hashcat GUI
jwtcat - Cracking JSON Web Token
IMAP Bruteforce
pydictor-dictionary builder for brute-force
John the Ripper
rainbowcrack-cl
John the Ripper GUI
rcrack-gui
Kraken-Password crack RAR ZIP 7z
thc-hydra-BruteForce

Password Recovery (17/Tools):
BulletsPassView
OperaPassView
RouterPassView
WebBrowserPassView
mailpv
pspv
ChromePass
PasswordFox
SniffPass
WirelessKeyView
mspass
rdpv
Dialupass
PstPassword
VNCPassView
iepv
netpass

Wordlists :

Payload-List
PayloadsAllTheThings
Probable-Wordlists
RobotsDisallowed
SecLists
fuzzdb

Reverse Engineering (13/Tools):

APK Easy Tool
Bytecode-Viewer
de4dot-net35
dnSpy-x86
ollydbg
Apktool
ResourceHacker
de4dot-net45-x64
dnSpy
Binwalk
de4dot-net35-x64
de4dot-net45
jadx-gui

Stress Testing (13/Tools):

DDos-Attack (Python)
Saddam-DDoS Amplification Tool
WhatWAF
DDos-Attackv1 (Python)
Slowloris HTTP DoS IPv6
identYwaf
HostDown- DDos Attack
Slowloris HTTP DoS
wafw00f
Impulse Denial-of-service ToolKit
THC-SSL-Dos
Perl Flood Script (DDoS)
TheDoomsday- Test DOS sustainablity

Proxy and Privacy Tools (8/Tools):

Epic Privacy Browser
Proxy-Scraper
Simple DnsCrypt
W10Privacy
OOSU10
ProxyCap
Tor Browser
WPD
Others
bWAPP, a buggy web application!
OWASP Mutillidae
OSINT Websites
Cheat Sheets Repositories

Remote Control Tools (13/Tools):

AnyDesk
OpenVPN GUI
nc
pageant
pscp
putty
telnet
HeidiSQL
TeamViewer
nc64
plink
psftp
puttygen

Utility Tools (57/Tools):

7-Zip File Manager
HeidiSQL
Search Everything
AnyDesk
HostsFileEditor
Simple DnsCrypt
AutoIt3
HxD
SumatraPDF
Boxstarter Shell
KeepNote
Task Explorer x64
CFF Explorer
KeepPass
Task Explorer
Chrome -with XSS Auditor disabled
MarkdownEdit
TeamViewer
Chrome
MobaXterm
Tor Browser
CyberChef
Mysql
Wireshark
DB Browser for SQLite
Neo4j_start.bat
cmder
Email extractor
Neo4j_stop.bat
hjsplit
Email-verify
NetworkMiner
neo4j-community
Epic Privacy Browser
Nirsoft Launcher
ngrok- reverse proxy
Essential NetTools
OpenVPN GUI
notepad++
FLOSS
PE Detective
peview
Fiddler
PHP
qBittorrent
FileZilla Server Interface
ProcessHacker
services
Firefox
Rainmeter
shellcode_launcher
Greenshot
RunAsDate
vlc
HTTP File Server (HFS)
ScreenToGif
xampp-control

Our Best Hacking & Security Guides

New Null Byte posts — delivered straight to your inbox.

Be the First to Respond

Share Your Thoughts

  • Hot
  • Active