Primary Use Case

Offensive security professionals and penetration testers use HackTools to efficiently conduct web application security assessments without switching between multiple resources. It centralizes commonly used payloads, shell generators, and encoding tools within the browser, enabling faster exploitation and testing workflows.

Key Features

Dynamic Reverse Shell generator supporting PHP, Bash, Ruby, Python, Perl, Netcat

TTY Shell Spawning capabilities

Predefined XSS, SQLi, and Local File Inclusion payloads

Base64 Encoder/Decoder and Hash Generators (MD5, SHA1, SHA256, SHA512, SM3)

Collection of useful Linux commands for port forwarding and SUID exploitation

Various data exfiltration and remote download methods

Command Palette for quick access to all functions via keyboard shortcuts

Accessible as a browser extension popup or full DevTools tab

Insights & Recommendations

HackTools is transitioning from a browser extension to a web application due to browser environment limitations; users are encouraged to try the web app at https://hacktools.sh. The tool is designed to aid penetration testers but should be used responsibly and legally. The Command Palette significantly enhances usability by enabling fast keyboard-driven access to all features.

Installation

Install the extension from the Firefox Add-ons store: https://addons.mozilla.org/en-US/firefox/addon/hacktools
Or install from the Chrome Web Store: https://chrome.google.com/webstore/detail/hack-tools/cmbndhnoonmghfofefkcccljbkdpamhi?hl=en
For Safari users, refer to the GitHub issues page for the extension link: https://github.com/LasCC/Hack-Tools/issues/88
Alternatively, access the latest alpha web app version at https://hacktools.sh
To build from source, clone the repository and follow build instructions in the README (not provided here)

Usage

Open HackTools popup or DevTools tab with F12

Access the tool interface within the browser for quick payload and tool usage

CTRL + K (or ⌘ + K on macOS)

Open the Command Palette to quickly search and execute any function within HackTools

Use arrow keys (↑ and ↓) and Enter

Navigate and select commands or payloads within the Command Palette

Generate reverse shell payloads in PHP, Bash, Ruby, Python, Perl, or Netcat

Create dynamic reverse shell commands tailored to the target environment

Use built-in XSS, SQLi, and LFI payloads

Quickly inject common exploitation payloads during penetration tests

Encode or decode Base64 strings

Transform data for obfuscation or decoding during testing

Generate hashes (MD5, SHA1, SHA256, SHA512, SM3)

Create cryptographic hashes for testing or verification purposes

Smart Usage Notes

Integrate HackTools with automated penetration testing frameworks like Metasploit or custom CI/CD pipelines for continuous security validation.Use the dynamic reverse shell generators to simulate realistic attack scenarios during red team exercises.Leverage the command palette and quick access features to improve operational efficiency during live engagements.Combine HackTools payloads with blue team detection rules to enhance detection of common exploitation techniques.Transition to the upcoming web application version for better scalability and integration with cloud-based testing environments.

OpenSec Atlas

HackTools

About This Tool

Primary Use Case

Key Features

Insights & Recommendations

Installation

Usage

Smart Usage Notes

Security Capability Profile

Tags

You Might Also Like