The Top 803 Penetration Testing Open Source Projects on Github

Awesome Open Source

Awesome Open Source

Combined Topics

penetration-testing x

Advertising 📦 9

Application Programming Interfaces 📦 120

Applications 📦 181

Artificial Intelligence 📦 72

Blockchain 📦 70

Build Tools 📦 111

Cloud Computing 📦 79

Code Quality 📦 28

Collaboration 📦 30

Command Line Interface 📦 48

Community 📦 81

Companies 📦 60

Compilers 📦 60

Computer Science 📦 74

Configuration Management 📦 39

Content Management 📦 167

Control Flow 📦 197

Data Formats 📦 77

Data Processing 📦 266

Data Storage 📦 132

Economics 📦 60

Frameworks 📦 198

Graphics 📦 103

Hardware 📦 148

Integrated Development Environments 📦 47

Learning Resources 📦 147

Libraries 📦 119

Lists Of Projects 📦 21

Machine Learning 📦 336

Mapping 📦 61

Marketing 📦 15

Mathematics 📦 55

Messaging 📦 97

Networking 📦 304

Operating Systems 📦 84

Operations 📦 120

Package Managers 📦 52

Programming Languages 📦 229

Runtime Environments 📦 96

Science 📦 42

Security 📦 375

Social Media 📦 26

Software Architecture 📦 70

Software Development 📦 68

Software Performance 📦 57

Software Quality 📦 127

Text Editors 📦 45

Text Processing 📦 131

User Interface 📦 310

User Interface Components 📦 465

Version Control 📦 29

Virtualization 📦 68

Web Browsers 📦 38

Web Servers 📦 25

Web User Interface 📦 194

The Top 803 Penetration Testing Open Source Projects on Github

Categories > Security > Penetration Testing

Awesome Hacking ⭐ 47,884

A collection of various awesome lists for hackers, pentesters and security researchers

Payloadsallthethings ⭐ 32,216

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Awesome Hacking Resources ⭐ 11,232

A collection of hacking / penetration testing resources to make you better!

H4cker ⭐ 10,395

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

Dirsearch ⭐ 7,202

Web path scanner

Hacker Roadmap ⭐ 6,715

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

Awesome Web Security ⭐ 6,508

🐶 A curated list of Web Security materials and resources.

Scanners Box ⭐ 5,561

A powerful hacker toolkit collected more than 10 categories of open source scanners from Github - 安全行业从业者自研开源扫描器合辑

Thc Hydra ⭐ 5,559

Monkey ⭐ 5,546

Infection Monkey - An automated pentest tool

Nishang ⭐ 5,417

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

Commando Vm ⭐ 4,887

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. [email protected]

Sn1per ⭐ 4,853

Attack Surface Management Platform | Sn1perSecurity LLC

Infosec_reference ⭐ 4,121

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Penetration_testing_poc ⭐ 3,804

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Awesome Web Hacking ⭐ 3,728

A list of web application security

Awesome Infosec ⭐ 3,658

A curated list of awesome infosec courses and training resources.

Whatweb ⭐ 3,385

Next generation web scanner

Rengine ⭐ 3,383

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

Cheatsheet God ⭐ 3,291

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Faraday ⭐ 3,162

Collaborative Penetration Test and Vulnerability Management Platform

Osmedeus ⭐ 3,103

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Free Security Ebooks ⭐ 2,988

Free Security and Hacking eBooks

Lscript ⭐ 2,921

The LAZY script will make your life easier, and of course faster.

Arachni ⭐ 2,907

Web Application Security Scanner Framework

Hacking Security Ebooks ⭐ 2,886

Top 100 Hacking & Security E-Books (Free Download)

Osintgram ⭐ 2,842

Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

Cameradar ⭐ 2,745

Cameradar hacks its way into RTSP videosurveillance cameras

Discover ⭐ 2,540

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

Active Directory Exploitation Cheat Sheet ⭐ 2,325

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Learn Web Hacking ⭐ 2,248

Study Notes For Web Hacking / Web安全学习笔记

Awesome Pentest Cheat Sheets ⭐ 2,095

Collection of the cheat sheets useful for pentesting

Vulscan ⭐ 2,069

Advanced vulnerability scanning with Nmap NSE

Astra ⭐ 1,800

Automated Security Testing For REST API's

Awesome Hacking ⭐ 1,785

Awesome hacking is an awesome collection of hacking tools.

Reconnoitre ⭐ 1,701

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Nosqlmap ⭐ 1,691

Automated NoSQL database enumeration and web application exploitation tool.

Oscprepo ⭐ 1,662

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.

Awesome Shodan Queries ⭐ 1,575

🔍 A collection of interesting, funny, and depressing search queries to plug into https://shodan.io/ 👩‍💻

Nettacker ⭐ 1,461

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

Pentest Guide ⭐ 1,387

Penetration tests guide based on OWASP including test cases, resources and examples.

Ssh Mitm ⭐ 1,350

SSH man-in-the-middle tool

Gitjacker ⭐ 1,309

🔪 Leak git repositories from misconfigured websites

One Lin3r ⭐ 1,289

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

Owasp Masvs ⭐ 1,252

The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security.

Pwncat ⭐ 1,194

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

Awesome Ethical Hacking Resources ⭐ 1,177

🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.

Ezxss ⭐ 1,169

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Penetration Testing Platform

Hacktronian ⭐ 1,101

Tools for Hacking

Intrigue Core ⭐ 1,097

Discover Your Attack Surface!

Malicious Pdf ⭐ 1,060

Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator

Changeme ⭐ 1,058

A default credential scanner.

Awsbucketdump ⭐ 1,037

Security Tool to Look For Interesting Files in S3 Buckets

Penetration Testing Tools ⭐ 992

A collection of more than 160+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.

EMBA - The security analyzer for embedded device firmware.

Dsinternals ⭐ 964

Directory Services Internals (DSInternals) PowerShell Module and Framework

Rapidscan ⭐ 960

🆕 The Multi-Tool Web Vulnerability Scanner.

Evillimiter ⭐ 928

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

Androl4b ⭐ 916

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

Digispark Scripts ⭐ 898

USB Rubber Ducky type scripts written for the DigiSpark.

Passhunt ⭐ 898

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

Babysploit ⭐ 885

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

Awesome Oscp ⭐ 878

A curated list of awesome OSCP resources

Interlace ⭐ 867

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

Lockdoor Framework ⭐ 853

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

An HTTP/HTTPS intercept proxy written in Go.

Breaking And Pwning Apps And Servers Aws Azure Training ⭐ 806

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

Vhostscan ⭐ 800

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Scripts ⭐ 788

Scripts I use during pentest engagements.

Pentest Report Generator

Damn Vulnerable Graphql Application ⭐ 751

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

Gorsair ⭐ 746

Gorsair hacks its way into remote docker containers that expose their APIs

Chimera ⭐ 744

Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )

Htshells ⭐ 710

Self contained htaccess shells and attacks

Mutillidae ⭐ 703

OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF and OWASP BWA. The existing version can be updated on these platforms. With dozens of vulnerabilities and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, corporate web sec training courses, and as an "assess the assessor" target for vulnerability assessment software. A containerized version of the application is available as a companion project.

Thc Ipv6 ⭐ 700

IPv6 attack toolkit

Swiftnessx ⭐ 699

A cross-platform note-taking & target-tracking app for penetration testers.

Sublert ⭐ 687

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

Hacking Toolkit

Active Directory Exploitation Cheat Sheet ⭐ 659

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Powershell Rat ⭐ 646

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

Passphrase Wordlist ⭐ 633

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

Dotdotpwn ⭐ 628

DotDotPwn - The Directory Traversal Fuzzer

Hashview ⭐ 620

A web front-end for password cracking and analytics

Easy_hack ⭐ 618

Hack the World using Termux

Scantron ⭐ 617

A distributed nmap / masscan scanning framework complete with scan scheduling, engine pooling, subsequent scan port diff-ing, and an API client for automation workflows.

Cloud_enum ⭐ 609

Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

Jackhammer ⭐ 599

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

Tactical Exploitation ⭐ 597

Modern tactical exploitation toolkit.

Phishing Frenzy ⭐ 594

Ruby on Rails Phishing Framework

Hosthunter ⭐ 560

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Linkedin2username ⭐ 547

OSINT Tool: Generate username lists for companies on LinkedIn

Vulnerable Ad ⭐ 537

Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab

Hackerpro ⭐ 529

All in One Hacking Tool for Linux & Android (Termux). Make your linux environment into a Hacking Machine. Hackers are welcome in our blog

Justtryharder ⭐ 522

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

Iprotate_burp_extension ⭐ 505

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

1-100 of 803 projects

Related Projects

Python Penetration Testing Projects (333)

Pentesting Penetration Testing Projects (266)

Hacking Penetration Testing Projects (245)

Security Penetration Testing Projects (199)

Hacking Pentesting Penetration Testing Projects (109)

Security Tools Penetration Testing Projects (103)

Python Pentesting Penetration Testing Projects (102)

Hacking Tool Penetration Testing Projects (100)

Penetration Testing Pentest Tool Projects (96)

Penetration Testing Pentest Projects (95)

Python Hacking Penetration Testing Projects (91)

Shell Penetration Testing Projects (89)

Penetration Testing Bugbounty Projects (86)

Cybersecurity Penetration Testing Projects (86)

Security Pentesting Penetration Testing Projects (81)

Security Hacking Penetration Testing Projects (69)

Python Security Penetration Testing Projects (68)

Python3 Penetration Testing Projects (67)

Penetration Testing Kali Linux Projects (61)

Pentesting Penetration Testing Pentest Tool Projects (60)

Penetration Testing Infosec Projects (59)

Python Hacking Tool Penetration Testing Projects (53)

Pentesting Penetration Testing Pentest Projects (52)

Vulnerability Penetration Testing Projects (51)

Security Tools Pentesting Penetration Testing Projects (51)

Penetration Testing Tool Projects (30)

Advertising 📦 9

Application Programming Interfaces 📦 120

Applications 📦 181

Artificial Intelligence 📦 72

Blockchain 📦 70

Build Tools 📦 111

Cloud Computing 📦 79

Code Quality 📦 28

Collaboration 📦 30

Command Line Interface 📦 48

Community 📦 81

Companies 📦 60

Compilers 📦 60

Computer Science 📦 74

Configuration Management 📦 39

Content Management 📦 167

Control Flow 📦 197

Data Formats 📦 77

Data Processing 📦 266

Data Storage 📦 132

Economics 📦 60

Frameworks 📦 198

Graphics 📦 103

Hardware 📦 148

Integrated Development Environments 📦 47

Learning Resources 📦 147

Libraries 📦 119

Lists Of Projects 📦 21

Machine Learning 📦 336

Mapping 📦 61

Marketing 📦 15

Mathematics 📦 55

Messaging 📦 97

Networking 📦 304

Operating Systems 📦 84

Operations 📦 120

Package Managers 📦 52

Programming Languages 📦 229

Runtime Environments 📦 96

Science 📦 42

Security 📦 375

Social Media 📦 26

Software Architecture 📦 70

Software Development 📦 68

Software Performance 📦 57

Software Quality 📦 127

Text Editors 📦 45

Text Processing 📦 131

User Interface 📦 310

User Interface Components 📦 465

Version Control 📦 29

Virtualization 📦 68

Web Browsers 📦 38

Web Servers 📦 25

Web User Interface 📦 194

"GitHub" is a registered trademark of GitHub, Inc. Awesome Open Source is not affiliated with GitHub.

All non readme contents or Github based topics or project metadata copyright Awesome Open Source 2018-2021