The Top 233 Penetration Testing Open Source Projects

Awesome Open Source

Awesome Open Source

Combined Topics

penetration-testing x

Advertising 📦 10

Application Programming Interfaces 📦 124

Applications 📦 192

Artificial Intelligence 📦 78

Blockchain 📦 73

Build Tools 📦 113

Cloud Computing 📦 80

Code Quality 📦 28

Collaboration 📦 32

Command Line Interface 📦 49

Community 📦 83

Companies 📦 60

Compilers 📦 63

Computer Science 📦 80

Configuration Management 📦 42

Content Management 📦 175

Control Flow 📦 213

Data Formats 📦 78

Data Processing 📦 276

Data Storage 📦 135

Economics 📦 64

Frameworks 📦 215

Graphics 📦 110

Hardware 📦 152

Integrated Development Environments 📦 49

Learning Resources 📦 166

Libraries 📦 129

Lists Of Projects 📦 22

Machine Learning 📦 347

Mapping 📦 64

Marketing 📦 15

Mathematics 📦 55

Messaging 📦 98

Networking 📦 315

Operating Systems 📦 89

Operations 📦 121

Package Managers 📦 55

Programming Languages 📦 245

Runtime Environments 📦 100

Science 📦 42

Security 📦 396

Social Media 📦 27

Software Architecture 📦 72

Software Development 📦 72

Software Performance 📦 58

Software Quality 📦 133

Text Editors 📦 49

Text Processing 📦 136

User Interface 📦 330

User Interface Components 📦 514

Version Control 📦 30

Virtualization 📦 71

Web Browsers 📦 42

Web Servers 📦 26

Web User Interface 📦 210

The Top 233 Penetration Testing Open Source Projects

Categories > Security > Penetration Testing

Awesome Hacking ⭐ 42,380

A collection of various awesome lists for hackers, pentesters and security researchers

Payloadsallthethings ⭐ 20,945

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Awesome Hacking Resources ⭐ 10,330

A collection of hacking / penetration testing resources to make you better!

H4cker ⭐ 8,888

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

Awesome Web Security ⭐ 5,635

🐶 A curated list of Web Security materials and resources.

Dirsearch ⭐ 5,327

Web path scanner

Monkey ⭐ 4,993

Infection Monkey - An automated pentest tool

Nishang ⭐ 4,700

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

Hacker Roadmap ⭐ 4,472

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

Thc Hydra ⭐ 4,470

Commando Vm ⭐ 4,351

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. [email protected]

Infosec_reference ⭐ 3,483

An Information Security Reference That Doesn't Suck

Awesome Infosec ⭐ 3,250

A curated list of awesome infosec courses and training resources.

Awesome Web Hacking ⭐ 3,142

A list of web application security

Cheatsheet God ⭐ 2,935

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Faraday ⭐ 2,857

Collaborative Penetration Test and Vulnerability Management Platform

Osmedeus ⭐ 2,848

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Whatweb ⭐ 2,841

Next generation web scanner

Arachni ⭐ 2,830

Web Application Security Scanner Framework

Free Security Ebooks ⭐ 2,779

Free Security and Hacking eBooks

Hacking Security Ebooks ⭐ 2,723

Top 100 Hacking & Security E-Books (Free Download)

Lscript ⭐ 2,638

The LAZY script will make your life easier, and of course faster.

Penetration_testing_poc ⭐ 2,632

渗透测试有关的POC、EXP、脚本、提权、小工具等，欢迎补充、完善---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Cameradar ⭐ 2,443

Cameradar hacks its way into RTSP videosurveillance cameras

Awesome Pentest Cheat Sheets ⭐ 2,219

Collection of the cheat sheets useful for pentesting

Discover ⭐ 2,214

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Awesome Shodan Queries ⭐ 1,936

🔍 A collection of interesting, funny, and depressing search queries to plug into https://shodan.io/ 👩‍💻

Vulscan ⭐ 1,840

Advanced vulnerability scanning with Nmap NSE

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

Astra ⭐ 1,689

Automated Security Testing For REST API's

Reconnoitre ⭐ 1,621

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Nosqlmap ⭐ 1,606

Automated NoSQL database enumeration and web application exploitation tool.

Learn Web Hacking ⭐ 1,523

Study Notes For Web Hacking / Web安全学习笔记

Oscprepo ⭐ 1,515

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.

Awesome Hacking ⭐ 1,416

Awesome hacking is an awesome collection of hacking tools.

Ssh Mitm ⭐ 1,310

SSH man-in-the-middle tool

Active Directory Exploitation Cheat Sheet ⭐ 1,231

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

One Lin3r ⭐ 1,228

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

Pentest Guide ⭐ 1,205

Penetration tests guide based on OWASP including test cases, resources and examples.

Gitjacker ⭐ 1,179

🔪 Leak git repositories from misconfigured websites

Penetration Testing Platform

Psattack ⭐ 1,010

A portable console aimed at making pentesting with PowerShell a little easier.

Awsbucketdump ⭐ 999

Security Tool to Look For Interesting Files in S3 Buckets

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Intrigue Core ⭐ 982

Discover Your Attack Surface!

Owasp Masvs ⭐ 964

The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security.

Passhunt ⭐ 945

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

Nettacker ⭐ 920

Automated Penetration Testing Framework

An HTTP/HTTPS intercept proxy written in Go.

Changeme ⭐ 900

A default credential scanner.

Androl4b ⭐ 895

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

Babysploit ⭐ 875

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

Awesome Ethical Hacking Resources ⭐ 871

🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

Scripts ⭐ 822

Scripts I use during pentest engagements.

Active Directory Exploitation Cheat Sheet ⭐ 814

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Hacktronian ⭐ 787

Tools for Hacking

Vhostscan ⭐ 739

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Breaking And Pwning Apps And Servers Aws Azure Training ⭐ 733

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

Dsinternals ⭐ 724

Directory Services Internals (DSInternals) PowerShell Module and Framework

Interlace ⭐ 716

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

Rapidscan ⭐ 711

🆕 The Multi-Tool Web Vulnerability Scanner.

Htshells ⭐ 701

Self contained htaccess shells and attacks

Evillimiter ⭐ 700

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

Awesome Oscp ⭐ 686

A curated list of awesome OSCP resources

Sublert ⭐ 681

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

Gorsair ⭐ 675

Gorsair hacks its way into remote docker containers that expose their APIs

Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )

Thc Ipv6 ⭐ 657

IPv6 attack toolkit

Swiftnessx ⭐ 652

A cross-platform note-taking & target-tracking app for penetration testers.

Phishing Frenzy ⭐ 631

Ruby on Rails Phishing Framework

Jackhammer ⭐ 628

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

Lockdoor Framework ⭐ 617

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Hacking Toolkit

Powershell Rat ⭐ 607

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

Hashview ⭐ 593

A web front-end for password cracking and analytics

Dotdotpwn ⭐ 581

DotDotPwn - The Directory Traversal Fuzzer

Tactical Exploitation ⭐ 580

Modern tactical exploitation toolkit.

Digispark Scripts ⭐ 575

USB Rubber Ducky type scripts written for the DigiSpark.

Penetration Testing Tools ⭐ 558

A collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.

Passphrase Wordlist ⭐ 527

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

Scantron ⭐ 518

A distributed nmap / masscan scanning framework complete with an API client for automation workflows

A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)

Katanaframework ⭐ 482

The New Hacking Framework

Easy_hack ⭐ 478

Hack the World using Termux

Linkedin2username ⭐ 477

OSINT Tool: Generate username lists for companies on LinkedIn

Thc Archive ⭐ 460

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

Pentestkit ⭐ 456

Useful tools and scripts during Penetration Testing engagements

Iprotate_burp_extension ⭐ 447

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

Penetration Testing Study Notes ⭐ 443

Penetration Testing notes, resources and scripts

NetCat for Windows

Vanquish ⭐ 440

Vanquish is Kali Linux based Enumeration Orchestrator. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases.

Dradis Ce ⭐ 438

Dradis Framework: Colllaboration and reporting for IT Security teams

Powerops ⭐ 409

PowerShell Runspace Portable Post Exploitation Tool aimed at making Penetration Testing with PowerShell "easier"

Awesome Termux Hacking ⭐ 404

⚡️An awesome list of the best Termux hacking tools

Hackerpro ⭐ 401

All in One Hacking Tool for Linux & Android (Termux). Make your linux environment into a Hacking Machine. Hackers are welcome in our blog

Archstrike ⭐ 398

An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.

Andrax Mobile Pentest ⭐ 394

ANDRAX The first and unique Penetration Testing platform for Android smartphones

Slackor ⭐ 388

A Golang implant that uses Slack as a command and control server

1-100 of 233 projects

Advertising 📦 10

Application Programming Interfaces 📦 124

Applications 📦 192

Artificial Intelligence 📦 78

Blockchain 📦 73

Build Tools 📦 113

Cloud Computing 📦 80

Code Quality 📦 28

Collaboration 📦 32

Command Line Interface 📦 49

Community 📦 83

Companies 📦 60

Compilers 📦 63

Computer Science 📦 80

Configuration Management 📦 42

Content Management 📦 175

Control Flow 📦 213

Data Formats 📦 78

Data Processing 📦 276

Data Storage 📦 135

Economics 📦 64

Frameworks 📦 215

Graphics 📦 110

Hardware 📦 152

Integrated Development Environments 📦 49

Learning Resources 📦 166

Libraries 📦 129

Lists Of Projects 📦 22

Machine Learning 📦 347

Mapping 📦 64

Marketing 📦 15

Mathematics 📦 55

Messaging 📦 98

Networking 📦 315

Operating Systems 📦 89

Operations 📦 121

Package Managers 📦 55

Programming Languages 📦 245

Runtime Environments 📦 100

Science 📦 42

Security 📦 396

Social Media 📦 27

Software Architecture 📦 72

Software Development 📦 72

Software Performance 📦 58

Software Quality 📦 133

Text Editors 📦 49

Text Processing 📦 136

User Interface 📦 330

User Interface Components 📦 514

Version Control 📦 30

Virtualization 📦 71

Web Browsers 📦 42

Web Servers 📦 26

Web User Interface 📦 210