The Top 241 Penetration Testing Open Source Projects

Awesome Open Source

Awesome Open Source

Combined Topics

penetration-testing x

Advertising 📦 10

Application Programming Interfaces 📦 124

Applications 📦 192

Artificial Intelligence 📦 78

Blockchain 📦 73

Build Tools 📦 113

Cloud Computing 📦 80

Code Quality 📦 28

Collaboration 📦 32

Command Line Interface 📦 49

Community 📦 83

Companies 📦 60

Compilers 📦 63

Computer Science 📦 80

Configuration Management 📦 42

Content Management 📦 175

Control Flow 📦 213

Data Formats 📦 78

Data Processing 📦 276

Data Storage 📦 135

Economics 📦 64

Frameworks 📦 215

Graphics 📦 110

Hardware 📦 152

Integrated Development Environments 📦 49

Learning Resources 📦 166

Libraries 📦 129

Lists Of Projects 📦 22

Machine Learning 📦 347

Mapping 📦 64

Marketing 📦 15

Mathematics 📦 55

Messaging 📦 98

Networking 📦 315

Operating Systems 📦 89

Operations 📦 121

Package Managers 📦 55

Programming Languages 📦 245

Runtime Environments 📦 100

Science 📦 42

Security 📦 396

Social Media 📦 27

Software Architecture 📦 72

Software Development 📦 72

Software Performance 📦 58

Software Quality 📦 133

Text Editors 📦 49

Text Processing 📦 136

User Interface 📦 330

User Interface Components 📦 514

Version Control 📦 30

Virtualization 📦 71

Web Browsers 📦 42

Web Servers 📦 26

Web User Interface 📦 210

The Top 241 Penetration Testing Open Source Projects

Categories > Security > Penetration Testing

Awesome Hacking ⭐ 43,641

A collection of various awesome lists for hackers, pentesters and security researchers

Payloadsallthethings ⭐ 23,319

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Awesome Hacking Resources ⭐ 10,671

A collection of hacking / penetration testing resources to make you better!

H4cker ⭐ 9,239

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

Hacker Roadmap ⭐ 6,567

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

Awesome Web Security ⭐ 5,926

🐶 A curated list of Web Security materials and resources.

Dirsearch ⭐ 5,858

Web path scanner

Monkey ⭐ 5,107

Infection Monkey - An automated pentest tool

Nishang ⭐ 5,071

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

Thc Hydra ⭐ 4,786

Commando Vm ⭐ 4,550

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. [email protected]

Infosec_reference ⭐ 3,702

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Awesome Infosec ⭐ 3,374

A curated list of awesome infosec courses and training resources.

Awesome Web Hacking ⭐ 3,328

A list of web application security

Cheatsheet God ⭐ 3,060

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Whatweb ⭐ 3,029

Next generation web scanner

Osmedeus ⭐ 3,011

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Penetration_testing_poc ⭐ 2,952

有关渗透测试的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Faraday ⭐ 2,941

Collaborative Penetration Test and Vulnerability Management Platform

Free Security Ebooks ⭐ 2,881

Free Security and Hacking eBooks

Hacking Security Ebooks ⭐ 2,858

Top 100 Hacking & Security E-Books (Free Download)

Arachni ⭐ 2,845

Web Application Security Scanner Framework

Lscript ⭐ 2,741

The LAZY script will make your life easier, and of course faster.

Cameradar ⭐ 2,524

Cameradar hacks its way into RTSP videosurveillance cameras

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Awesome Pentest Cheat Sheets ⭐ 2,312

Collection of the cheat sheets useful for pentesting

Discover ⭐ 2,283

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.

Awesome Shodan Queries ⭐ 2,210

🔍 A collection of interesting, funny, and depressing search queries to plug into https://shodan.io/ 👩‍💻

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

Vulscan ⭐ 1,950

Advanced vulnerability scanning with Nmap NSE

Astra ⭐ 1,734

Automated Security Testing For REST API's

Reconnoitre ⭐ 1,682

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Nosqlmap ⭐ 1,665

Automated NoSQL database enumeration and web application exploitation tool.

Learn Web Hacking ⭐ 1,642

Study Notes For Web Hacking / Web安全学习笔记

Oscprepo ⭐ 1,637

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.

Awesome Hacking ⭐ 1,517

Awesome hacking is an awesome collection of hacking tools.

Active Directory Exploitation Cheat Sheet ⭐ 1,435

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Osintgram ⭐ 1,372

Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

Ssh Mitm ⭐ 1,334

SSH man-in-the-middle tool

Pentest Guide ⭐ 1,325

Penetration tests guide based on OWASP including test cases, resources and examples.

One Lin3r ⭐ 1,275

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

Gitjacker ⭐ 1,266

🔪 Leak git repositories from misconfigured websites

Penetration Testing Platform

Owasp Masvs ⭐ 1,053

The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security.

Ezxss ⭐ 1,038

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Awsbucketdump ⭐ 1,030

Security Tool to Look For Interesting Files in S3 Buckets

Psattack ⭐ 1,022

A portable console aimed at making pentesting with PowerShell a little easier.

Intrigue Core ⭐ 1,018

Discover Your Attack Surface!

Nettacker ⭐ 998

Automated Penetration Testing Framework

Passhunt ⭐ 964

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

Awesome Ethical Hacking Resources ⭐ 952

🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.

Changeme ⭐ 934

A default credential scanner.

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

An HTTP/HTTPS intercept proxy written in Go.

Androl4b ⭐ 913

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

Hacktronian ⭐ 893

Tools for Hacking

Active Directory Exploitation Cheat Sheet ⭐ 884

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Babysploit ⭐ 883

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

Scripts ⭐ 839

Scripts I use during pentest engagements.

Awesome Oscp ⭐ 825

A curated list of awesome OSCP resources

Rapidscan ⭐ 807

🆕 The Multi-Tool Web Vulnerability Scanner.

Dsinternals ⭐ 797

Directory Services Internals (DSInternals) PowerShell Module and Framework

Evillimiter ⭐ 781

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

Interlace ⭐ 778

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

Vhostscan ⭐ 776

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Breaking And Pwning Apps And Servers Aws Azure Training ⭐ 756

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

Htshells ⭐ 710

Self contained htaccess shells and attacks

Sublert ⭐ 708

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

Lockdoor Framework ⭐ 696

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Swiftnessx ⭐ 686

A cross-platform note-taking & target-tracking app for penetration testers.

Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )

Gorsair ⭐ 680

Gorsair hacks its way into remote docker containers that expose their APIs

Thc Ipv6 ⭐ 679

IPv6 attack toolkit

Phishing Frenzy ⭐ 647

Ruby on Rails Phishing Framework

Digispark Scripts ⭐ 646

USB Rubber Ducky type scripts written for the DigiSpark.

Hacking Toolkit

Jackhammer ⭐ 640

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

Powershell Rat ⭐ 640

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

Penetration Testing Tools ⭐ 636

A collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.

Dotdotpwn ⭐ 607

DotDotPwn - The Directory Traversal Fuzzer

Hashview ⭐ 603

A web front-end for password cracking and analytics

Damn Vulnerable Graphql Application ⭐ 591

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

Tactical Exploitation ⭐ 588

Modern tactical exploitation toolkit.

Passphrase Wordlist ⭐ 566

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

Easy_hack ⭐ 566

Hack the World using Termux

Scantron ⭐ 555

A distributed nmap / masscan scanning framework complete with an API client for automation workflows

Awesome Termux Hacking ⭐ 547

⚡️An awesome list of the best Termux hacking tools

A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)

Linkedin2username ⭐ 528

OSINT Tool: Generate username lists for companies on LinkedIn

Chimera ⭐ 525

Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

Hackerpro ⭐ 494

All in One Hacking Tool for Linux & Android (Termux). Make your linux environment into a Hacking Machine. Hackers are welcome in our blog

Iprotate_burp_extension ⭐ 492

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

Thc Archive ⭐ 479

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

NetCat for Windows

Pentestkit ⭐ 467

Useful tools and scripts during Penetration Testing engagements

Penetration Testing Study Notes ⭐ 463

Penetration Testing notes, resources and scripts

Justtryharder ⭐ 459

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

Vanquish ⭐ 451

Vanquish is Kali Linux based Enumeration Orchestrator. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases.

Hosthunter ⭐ 449

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Dradis Ce ⭐ 444

Dradis Framework: Colllaboration and reporting for IT Security teams

1-100 of 241 projects

Advertising 📦 10

Application Programming Interfaces 📦 124

Applications 📦 192

Artificial Intelligence 📦 78

Blockchain 📦 73

Build Tools 📦 113

Cloud Computing 📦 80

Code Quality 📦 28

Collaboration 📦 32

Command Line Interface 📦 49

Community 📦 83

Companies 📦 60

Compilers 📦 63

Computer Science 📦 80

Configuration Management 📦 42

Content Management 📦 175

Control Flow 📦 213

Data Formats 📦 78

Data Processing 📦 276

Data Storage 📦 135

Economics 📦 64

Frameworks 📦 215

Graphics 📦 110

Hardware 📦 152

Integrated Development Environments 📦 49

Learning Resources 📦 166

Libraries 📦 129

Lists Of Projects 📦 22

Machine Learning 📦 347

Mapping 📦 64

Marketing 📦 15

Mathematics 📦 55

Messaging 📦 98

Networking 📦 315

Operating Systems 📦 89

Operations 📦 121

Package Managers 📦 55

Programming Languages 📦 245

Runtime Environments 📦 100

Science 📦 42

Security 📦 396

Social Media 📦 27

Software Architecture 📦 72

Software Development 📦 72

Software Performance 📦 58

Software Quality 📦 133

Text Editors 📦 49

Text Processing 📦 136

User Interface 📦 330

User Interface Components 📦 514

Version Control 📦 30

Virtualization 📦 71

Web Browsers 📦 42

Web Servers 📦 26

Web User Interface 📦 210