Awesome Open Source
Awesome Open Source
Combined Topics
penetration-testing
x
Advertising
📦 10
All Projects
Application Programming Interfaces
📦 124
Applications
📦 192
Artificial Intelligence
📦 78
Blockchain
📦 73
Build Tools
📦 113
Cloud Computing
📦 80
Code Quality
📦 28
Collaboration
📦 32
Command Line Interface
📦 49
Community
📦 83
Companies
📦 60
Compilers
📦 63
Computer Science
📦 80
Configuration Management
📦 42
Content Management
📦 175
Control Flow
📦 213
Data Formats
📦 78
Data Processing
📦 276
Data Storage
📦 135
Economics
📦 64
Frameworks
📦 215
Games
📦 129
Graphics
📦 110
Hardware
📦 152
Integrated Development Environments
📦 49
Learning Resources
📦 166
Legal
📦 29
Libraries
📦 129
Lists Of Projects
📦 22
Machine Learning
📦 347
Mapping
📦 64
Marketing
📦 15
Mathematics
📦 55
Media
📦 239
Messaging
📦 98
Networking
📦 315
Operating Systems
📦 89
Operations
📦 121
Package Managers
📦 55
Programming Languages
📦 245
Runtime Environments
📦 100
Science
📦 42
Security
📦 396
Social Media
📦 27
Software Architecture
📦 72
Software Development
📦 72
Software Performance
📦 58
Software Quality
📦 133
Text Editors
📦 49
Text Processing
📦 136
User Interface
📦 330
User Interface Components
📦 514
Version Control
📦 30
Virtualization
📦 71
Web Browsers
📦 42
Web Servers
📦 26
Web User Interface
📦 210
The Top 241 Penetration Testing Open Source Projects
Categories
>
Security
>
Penetration Testing
Awesome Hacking
⭐
43,641
A collection of various awesome lists for hackers, pentesters and security researchers
Payloadsallthethings
⭐
23,319
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Awesome Hacking Resources
⭐
10,671
A collection of hacking / penetration testing resources to make you better!
H4cker
⭐
9,239
This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.
Hacker Roadmap
⭐
6,567
📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.
Awesome Web Security
⭐
5,926
🐶 A curated list of Web Security materials and resources.
Dirsearch
⭐
5,858
Web path scanner
Monkey
⭐
5,107
Infection Monkey - An automated pentest tool
Nishang
⭐
5,071
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
Thc Hydra
⭐
4,786
hydra
Commando Vm
⭐
4,550
Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution.
[email protected]
Infosec_reference
⭐
3,702
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
Awesome Infosec
⭐
3,374
A curated list of awesome infosec courses and training resources.
Awesome Web Hacking
⭐
3,328
A list of web application security
Cheatsheet God
⭐
3,060
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
Whatweb
⭐
3,029
Next generation web scanner
Osmedeus
⭐
3,011
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Penetration_testing_poc
⭐
2,952
有关渗透测试的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Faraday
⭐
2,941
Collaborative Penetration Test and Vulnerability Management Platform
Free Security Ebooks
⭐
2,881
Free Security and Hacking eBooks
Hacking Security Ebooks
⭐
2,858
Top 100 Hacking & Security E-Books (Free Download)
Arachni
⭐
2,845
Web Application Security Scanner Framework
Lscript
⭐
2,741
The LAZY script will make your life easier, and of course faster.
Cameradar
⭐
2,524
Cameradar hacks its way into RTSP videosurveillance cameras
Wstg
⭐
2,352
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Awesome Pentest Cheat Sheets
⭐
2,312
Collection of the cheat sheets useful for pentesting
Discover
⭐
2,283
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
Awesome Shodan Queries
⭐
2,210
🔍 A collection of interesting, funny, and depressing search queries to plug into https://shodan.io/ 👩💻
Pacu
⭐
1,971
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
Vulscan
⭐
1,950
Advanced vulnerability scanning with Nmap NSE
Astra
⭐
1,734
Automated Security Testing For REST API's
Reconnoitre
⭐
1,682
A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
Nosqlmap
⭐
1,665
Automated NoSQL database enumeration and web application exploitation tool.
Learn Web Hacking
⭐
1,642
Study Notes For Web Hacking / Web安全学习笔记
Oscprepo
⭐
1,637
A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.
Awesome Hacking
⭐
1,517
Awesome hacking is an awesome collection of hacking tools.
Active Directory Exploitation Cheat Sheet
⭐
1,435
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Osintgram
⭐
1,372
Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname
Ssh Mitm
⭐
1,334
SSH man-in-the-middle tool
Pentest Guide
⭐
1,325
Penetration tests guide based on OWASP including test cases, resources and examples.
One Lin3r
⭐
1,275
Gives you one-liners that aids in penetration testing operations, privilege escalation and more
Gitjacker
⭐
1,266
🔪 Leak git repositories from misconfigured websites
Fuxi
⭐
1,115
Penetration Testing Platform
Owasp Masvs
⭐
1,053
The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security.
Ezxss
⭐
1,038
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Awsbucketdump
⭐
1,030
Security Tool to Look For Interesting Files in S3 Buckets
Psattack
⭐
1,022
A portable console aimed at making pentesting with PowerShell a little easier.
Intrigue Core
⭐
1,018
Discover Your Attack Surface!
Nettacker
⭐
998
Automated Penetration Testing Framework
Passhunt
⭐
964
Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.
Awesome Ethical Hacking Resources
⭐
952
🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.
Changeme
⭐
934
A default credential scanner.
Pwncat
⭐
932
pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
Broxy
⭐
916
An HTTP/HTTPS intercept proxy written in Go.
Androl4b
⭐
913
A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
Hacktronian
⭐
893
Tools for Hacking
Active Directory Exploitation Cheat Sheet
⭐
884
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Babysploit
⭐
883
👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍
Scripts
⭐
839
Scripts I use during pentest engagements.
Awesome Oscp
⭐
825
A curated list of awesome OSCP resources
Rapidscan
⭐
807
🆕 The Multi-Tool Web Vulnerability Scanner.
Dsinternals
⭐
797
Directory Services Internals (DSInternals) PowerShell Module and Framework
Evillimiter
⭐
781
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
Interlace
⭐
778
Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
Vhostscan
⭐
776
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Breaking And Pwning Apps And Servers Aws Azure Training
⭐
756
Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!
Htshells
⭐
710
Self contained htaccess shells and attacks
Sublert
⭐
708
Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
Lockdoor Framework
⭐
696
🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
Swiftnessx
⭐
686
A cross-platform note-taking & target-tracking app for penetration testers.
Brutal
⭐
682
Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )
Gorsair
⭐
680
Gorsair hacks its way into remote docker containers that expose their APIs
Thc Ipv6
⭐
679
IPv6 attack toolkit
Phishing Frenzy
⭐
647
Ruby on Rails Phishing Framework
Digispark Scripts
⭐
646
USB Rubber Ducky type scripts written for the DigiSpark.
Habu
⭐
642
Hacking Toolkit
Jackhammer
⭐
640
Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
Powershell Rat
⭐
640
Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.
Penetration Testing Tools
⭐
636
A collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.
Dotdotpwn
⭐
607
DotDotPwn - The Directory Traversal Fuzzer
Hashview
⭐
603
A web front-end for password cracking and analytics
Damn Vulnerable Graphql Application
⭐
591
Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.
Tactical Exploitation
⭐
588
Modern tactical exploitation toolkit.
Passphrase Wordlist
⭐
566
Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords
Easy_hack
⭐
566
Hack the World using Termux
Scantron
⭐
555
A distributed nmap / masscan scanning framework complete with an API client for automation workflows
Awesome Termux Hacking
⭐
547
⚡️An awesome list of the best Termux hacking tools
Whonow
⭐
536
A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)
Linkedin2username
⭐
528
OSINT Tool: Generate username lists for companies on LinkedIn
Chimera
⭐
525
Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.
Hackerpro
⭐
494
All in One Hacking Tool for Linux & Android (Termux). Make your linux environment into a Hacking Machine. Hackers are welcome in our blog
Iprotate_burp_extension
⭐
492
Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
Thc Archive
⭐
479
All releases of the security research group (a.k.a. hackers) The Hacker's Choice
Netcat
⭐
469
NetCat for Windows
Pentestkit
⭐
467
Useful tools and scripts during Penetration Testing engagements
Penetration Testing Study Notes
⭐
463
Penetration Testing notes, resources and scripts
Justtryharder
⭐
459
JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)
Vanquish
⭐
451
Vanquish is Kali Linux based Enumeration Orchestrator. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases.
Hosthunter
⭐
449
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Dradis Ce
⭐
444
Dradis Framework: Colllaboration and reporting for IT Security teams
1-100 of 241 projects
Next >
Advertising
📦 10
All Projects
Application Programming Interfaces
📦 124
Applications
📦 192
Artificial Intelligence
📦 78
Blockchain
📦 73
Build Tools
📦 113
Cloud Computing
📦 80
Code Quality
📦 28
Collaboration
📦 32
Command Line Interface
📦 49
Community
📦 83
Companies
📦 60
Compilers
📦 63
Computer Science
📦 80
Configuration Management
📦 42
Content Management
📦 175
Control Flow
📦 213
Data Formats
📦 78
Data Processing
📦 276
Data Storage
📦 135
Economics
📦 64
Frameworks
📦 215
Games
📦 129
Graphics
📦 110
Hardware
📦 152
Integrated Development Environments
📦 49
Learning Resources
📦 166
Legal
📦 29
Libraries
📦 129
Lists Of Projects
📦 22
Machine Learning
📦 347
Mapping
📦 64
Marketing
📦 15
Mathematics
📦 55
Media
📦 239
Messaging
📦 98
Networking
📦 315
Operating Systems
📦 89
Operations
📦 121
Package Managers
📦 55
Programming Languages
📦 245
Runtime Environments
📦 100
Science
📦 42
Security
📦 396
Social Media
📦 27
Software Architecture
📦 72
Software Development
📦 72
Software Performance
📦 58
Software Quality
📦 133
Text Editors
📦 49
Text Processing
📦 136
User Interface
📦 330
User Interface Components
📦 514
Version Control
📦 30
Virtualization
📦 71
Web Browsers
📦 42
Web Servers
📦 26
Web User Interface
📦 210