The Top 254 Penetration Testing Open Source Projects

Awesome Open Source

Awesome Open Source

Combined Topics

penetration-testing x

Advertising 📦 10

Application Programming Interfaces 📦 124

Applications 📦 192

Artificial Intelligence 📦 78

Blockchain 📦 73

Build Tools 📦 113

Cloud Computing 📦 80

Code Quality 📦 28

Collaboration 📦 32

Command Line Interface 📦 49

Community 📦 83

Companies 📦 60

Compilers 📦 63

Computer Science 📦 80

Configuration Management 📦 42

Content Management 📦 175

Control Flow 📦 213

Data Formats 📦 78

Data Processing 📦 276

Data Storage 📦 135

Economics 📦 64

Frameworks 📦 215

Graphics 📦 110

Hardware 📦 152

Integrated Development Environments 📦 49

Learning Resources 📦 166

Libraries 📦 129

Lists Of Projects 📦 22

Machine Learning 📦 347

Mapping 📦 64

Marketing 📦 15

Mathematics 📦 55

Messaging 📦 98

Networking 📦 315

Operating Systems 📦 89

Operations 📦 121

Package Managers 📦 55

Programming Languages 📦 245

Runtime Environments 📦 100

Science 📦 42

Security 📦 396

Social Media 📦 27

Software Architecture 📦 72

Software Development 📦 72

Software Performance 📦 58

Software Quality 📦 133

Text Editors 📦 49

Text Processing 📦 136

User Interface 📦 330

User Interface Components 📦 514

Version Control 📦 30

Virtualization 📦 71

Web Browsers 📦 42

Web Servers 📦 26

Web User Interface 📦 210

The Top 254 Penetration Testing Open Source Projects

Categories > Security > Penetration Testing

Awesome Hacking ⭐ 45,161

A collection of various awesome lists for hackers, pentesters and security researchers

Payloadsallthethings ⭐ 27,981

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Awesome Hacking Resources ⭐ 11,017

A collection of hacking / penetration testing resources to make you better!

H4cker ⭐ 9,772

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

Hacker Roadmap ⭐ 7,102

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

Dirsearch ⭐ 6,461

Web path scanner

Awesome Web Security ⭐ 6,242

🐶 A curated list of Web Security materials and resources.

Nishang ⭐ 5,425

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

Monkey ⭐ 5,352

Infection Monkey - An automated pentest tool

Thc Hydra ⭐ 5,154

Commando Vm ⭐ 4,757

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. [email protected]

Infosec_reference ⭐ 3,886

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Awesome Infosec ⭐ 3,583

A curated list of awesome infosec courses and training resources.

Awesome Web Hacking ⭐ 3,497

A list of web application security

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Cheatsheet God ⭐ 3,320

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Penetration_testing_poc ⭐ 3,269

有关渗透测试的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Whatweb ⭐ 3,206

Next generation web scanner

Osmedeus ⭐ 3,172

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Faraday ⭐ 3,055

Collaborative Penetration Test and Vulnerability Management Platform

Free Security Ebooks ⭐ 2,998

Free Security and Hacking eBooks

Hacking Security Ebooks ⭐ 2,998

Top 100 Hacking & Security E-Books (Free Download)

Arachni ⭐ 2,891

Web Application Security Scanner Framework

Lscript ⭐ 2,890

The LAZY script will make your life easier, and of course faster.

Cameradar ⭐ 2,631

Cameradar hacks its way into RTSP videosurveillance cameras

Awesome Shodan Queries ⭐ 2,474

🔍 A collection of interesting, funny, and depressing search queries to plug into https://shodan.io/ 👩‍💻

Awesome Pentest Cheat Sheets ⭐ 2,429

Collection of the cheat sheets useful for pentesting

Discover ⭐ 2,400

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.

Osintgram ⭐ 2,283

Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

Vulscan ⭐ 2,111

Advanced vulnerability scanning with Nmap NSE

Active Directory Exploitation Cheat Sheet ⭐ 1,880

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Learn Web Hacking ⭐ 1,785

Study Notes For Web Hacking / Web安全学习笔记

Astra ⭐ 1,784

Automated Security Testing For REST API's

Nosqlmap ⭐ 1,779

Automated NoSQL database enumeration and web application exploitation tool.

Oscprepo ⭐ 1,773

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.

Reconnoitre ⭐ 1,748

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Awesome Hacking ⭐ 1,644

Awesome hacking is an awesome collection of hacking tools.

Pentest Guide ⭐ 1,507

Penetration tests guide based on OWASP including test cases, resources and examples.

Ssh Mitm ⭐ 1,364

SSH man-in-the-middle tool

One Lin3r ⭐ 1,317

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

Gitjacker ⭐ 1,311

🔪 Leak git repositories from misconfigured websites

Owasp Masvs ⭐ 1,157

The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security.

Penetration Testing Platform

Nettacker ⭐ 1,131

Automated Penetration Testing Framework

Ezxss ⭐ 1,108

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Pwncat ⭐ 1,098

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

Awsbucketdump ⭐ 1,067

Security Tool to Look For Interesting Files in S3 Buckets

Intrigue Core ⭐ 1,053

Discover Your Attack Surface!

Awesome Ethical Hacking Resources ⭐ 1,051

🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.

Active Directory Exploitation Cheat Sheet ⭐ 1,041

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Psattack ⭐ 1,029

A portable console aimed at making pentesting with PowerShell a little easier.

Hacktronian ⭐ 1,022

Tools for Hacking

Passhunt ⭐ 986

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

Changeme ⭐ 971

A default credential scanner.

Awesome Oscp ⭐ 941

A curated list of awesome OSCP resources

Androl4b ⭐ 926

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

An HTTP/HTTPS intercept proxy written in Go.

Babysploit ⭐ 899

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

Rapidscan ⭐ 893

🆕 The Multi-Tool Web Vulnerability Scanner.

Dsinternals ⭐ 876

Directory Services Internals (DSInternals) PowerShell Module and Framework

emba - The security analyzer for embedded device firmware.

Evillimiter ⭐ 870

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

Scripts ⭐ 854

Scripts I use during pentest engagements.

Vhostscan ⭐ 832

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Interlace ⭐ 826

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

Breaking And Pwning Apps And Servers Aws Azure Training ⭐ 814

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

Lockdoor Framework ⭐ 791

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Sublert ⭐ 745

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

Htshells ⭐ 742

Self contained htaccess shells and attacks

Digispark Scripts ⭐ 732

USB Rubber Ducky type scripts written for the DigiSpark.

Gorsair ⭐ 726

Gorsair hacks its way into remote docker containers that expose their APIs

Penetration Testing Tools ⭐ 725

A collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.

Damn Vulnerable Graphql Application ⭐ 724

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

Swiftnessx ⭐ 721

A cross-platform note-taking & target-tracking app for penetration testers.

Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )

Easy_hack ⭐ 711

Hack the World using Termux

Thc Ipv6 ⭐ 705

IPv6 attack toolkit

Awesome Termux Hacking ⭐ 701

⚡️An awesome list of the best Termux hacking tools

Hacking Toolkit

Powershell Rat ⭐ 669

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

Phishing Frenzy ⭐ 663

Ruby on Rails Phishing Framework

Dotdotpwn ⭐ 651

DotDotPwn - The Directory Traversal Fuzzer

Jackhammer ⭐ 646

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

Chimera ⭐ 639

Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

Hashview ⭐ 620

A web front-end for password cracking and analytics

Scantron ⭐ 608

A distributed nmap / masscan scanning framework complete with scan scheduling, engine pooling, subsequent scan port diff-ing, and an API client for automation workflows.

Hackerpro ⭐ 605

All in One Hacking Tool for Linux & Android (Termux). Make your linux environment into a Hacking Machine. Hackers are welcome in our blog

Tactical Exploitation ⭐ 596

Modern tactical exploitation toolkit.

Passphrase Wordlist ⭐ 582

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

Justtryharder ⭐ 572

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

Pentest Report Generator

Linkedin2username ⭐ 568

OSINT Tool: Generate username lists for companies on LinkedIn

A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)

Cloud_enum ⭐ 540

Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

Hosthunter ⭐ 525

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Iprotate_burp_extension ⭐ 520

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

Sifter aims to be a fully loaded Op Centre for Pentesters

NetCat for Windows

Thc Archive ⭐ 503

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

1-100 of 254 projects

Advertising 📦 10

Application Programming Interfaces 📦 124

Applications 📦 192

Artificial Intelligence 📦 78

Blockchain 📦 73

Build Tools 📦 113

Cloud Computing 📦 80

Code Quality 📦 28

Collaboration 📦 32

Command Line Interface 📦 49

Community 📦 83

Companies 📦 60

Compilers 📦 63

Computer Science 📦 80

Configuration Management 📦 42

Content Management 📦 175

Control Flow 📦 213

Data Formats 📦 78

Data Processing 📦 276

Data Storage 📦 135

Economics 📦 64

Frameworks 📦 215

Graphics 📦 110

Hardware 📦 152

Integrated Development Environments 📦 49

Learning Resources 📦 166

Libraries 📦 129

Lists Of Projects 📦 22

Machine Learning 📦 347

Mapping 📦 64

Marketing 📦 15

Mathematics 📦 55

Messaging 📦 98

Networking 📦 315

Operating Systems 📦 89

Operations 📦 121

Package Managers 📦 55

Programming Languages 📦 245

Runtime Environments 📦 100

Science 📦 42

Security 📦 396

Social Media 📦 27

Software Architecture 📦 72

Software Development 📦 72

Software Performance 📦 58

Software Quality 📦 133

Text Editors 📦 49

Text Processing 📦 136

User Interface 📦 330

User Interface Components 📦 514

Version Control 📦 30

Virtualization 📦 71

Web Browsers 📦 42

Web Servers 📦 26

Web User Interface 📦 210