Awesome Open Source
Awesome Open Source
Combined Topics
pentesting x
Advertising 📦 9
All Projects
Application Programming Interfaces 📦 120
Applications 📦 181
Artificial Intelligence 📦 72
Blockchain 📦 70
Build Tools 📦 111
Cloud Computing 📦 79
Code Quality 📦 28
Collaboration 📦 30
Command Line Interface 📦 48
Community 📦 81
Companies 📦 60
Compilers 📦 60
Computer Science 📦 74
Configuration Management 📦 39
Content Management 📦 167
Control Flow 📦 197
Data Formats 📦 77
Data Processing 📦 266
Data Storage 📦 132
Economics 📦 60
Frameworks 📦 198
Games 📦 122
Graphics 📦 103
Hardware 📦 148
Integrated Development Environments 📦 47
Learning Resources 📦 147
Legal 📦 28
Libraries 📦 119
Lists Of Projects 📦 21
Machine Learning 📦 336
Mapping 📦 61
Marketing 📦 15
Mathematics 📦 55
Media 📦 228
Messaging 📦 97
Networking 📦 304
Operating Systems 📦 84
Operations 📦 120
Package Managers 📦 52
Programming Languages 📦 229
Runtime Environments 📦 96
Science 📦 42
Security 📦 375
Social Media 📦 26
Software Architecture 📦 70
Software Development 📦 68
Software Performance 📦 57
Software Quality 📦 127
Text Editors 📦 45
Text Processing 📦 131
User Interface 📦 310
User Interface Components 📦 465
Version Control 📦 29
Virtualization 📦 68
Web Browsers 📦 38
Web Servers 📦 25
Web User Interface 📦 194

The Top 1,321 Pentesting Open Source Projects on Github

Categories > Security > Pentesting
Sqlmap ⭐ 21,203
Automatic SQL injection and database takeover tool
Social Analyzer ⭐ 8,203
API, CLI & Web App for analyzing & finding a person's profile across +900 social media \ websites (Detections are updated regularly)
Ciphey ⭐ 8,119
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
Pentesting Bible ⭐ 8,066
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Owasp Mstg ⭐ 7,942
The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security development, testing and reverse engineering.
Dirsearch ⭐ 6,830
Web path scanner
Spiderfoot ⭐ 6,577
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Pupy ⭐ 6,546
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
Juice Shop ⭐ 5,833
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Red Teaming Toolkit ⭐ 5,359
This repository contains cutting-edge open-source security tools (OST) for red teamer.
Thc Hydra ⭐ 5,264
hydra
Ffuf ⭐ 5,263
Fast web fuzzer written in Go
Crackmapexec ⭐ 5,203
A swiss army knife for pentesting networks
Gobuster ⭐ 4,910
Directory/File, DNS and VHost busting tool written in Go
Rustscan ⭐ 4,540
🤖 The Modern Port Scanner 🤖
Infosec_reference ⭐ 4,001
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
Fuzzdicts ⭐ 3,684
Web Pentesting Fuzz 字典,一个就够了。
Airgeddon ⭐ 3,620
This is a multi-use bash script for Linux systems to audit wireless networks.
Wstg ⭐ 3,601
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Hetty ⭐ 3,495
Hetty is an HTTP toolkit for security research.
Hacktricks ⭐ 3,302
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
Cheatsheet God ⭐ 3,291
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
Rengine ⭐ 3,274
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
Whatweb ⭐ 3,172
Next generation web scanner
Faraday ⭐ 3,102
Collaborative Penetration Test and Vulnerability Management Platform
Xunfeng ⭐ 2,946
巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。
Lscript ⭐ 2,921
The LAZY script will make your life easier, and of course faster.
Mobileapp Pentest Cheatsheet ⭐ 2,905
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
Commix ⭐ 2,888
Automated All-in-One OS Command Injection Exploitation Tool.
Red Team Infrastructure Wiki ⭐ 2,746
Wiki to collect Red Team infrastructure hardening resources
Cameradar ⭐ 2,703
Cameradar hacks its way into RTSP videosurveillance cameras
Drozer ⭐ 2,623
The Leading Security Assessment Framework for Android.
Hack Tools ⭐ 2,566
The all-in-one Red Team extension for Web Pentester 🛠
Socialfish ⭐ 2,271
Educational Phishing Tool & Information Collector
Java Deserialization Cheat Sheet ⭐ 2,165
The cheat sheet about Java Deserialization vulnerabilities
Raccoon ⭐ 2,145
A high performance offensive security tool for reconnaissance and vulnerability scanning
Active Directory Exploitation Cheat Sheet ⭐ 2,086
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Evil Winrm ⭐ 2,060
The ultimate WinRM shell for hacking/pentesting
Pspy ⭐ 2,054
Monitor linux processes without root permissions
Redteaming Tactics And Techniques ⭐ 2,042
Red Teaming Tactics and Techniques
Learn Web Hacking ⭐ 2,041
Study Notes For Web Hacking / Web安全学习笔记
Winpwn ⭐ 1,864
Automation for internal Windows Penetrationtest / AD-Security
Defaultcreds Cheat Sheet ⭐ 1,794
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Linux Smart Enumeration ⭐ 1,773
Linux enumeration tool for pentesting and CTFs with verbosity levels
Archerysec ⭐ 1,744
Centralize Vulnerability Assessment and Management for DevSecOps Team
Vulmap ⭐ 1,712
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能
Fuxploider ⭐ 1,702
File upload vulnerability scanner and exploitation tool.
Evilosx ⭐ 1,685
An evil RAT (Remote Administration Tool) for macOS / OS X.
Awesome Mobile Security ⭐ 1,684
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Cr3dov3r ⭐ 1,658
Know the dangers of credential reuse attacks.
Ssrf Testing ⭐ 1,656
SSRF (Server Side Request Forgery) testing resources
Poc T ⭐ 1,627
渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework
Awesome Shodan Queries ⭐ 1,575
🔍 A collection of interesting, funny, and depressing search queries to plug into https://shodan.io/ 👩‍💻
Mitmap ⭐ 1,511
📡 A python program to create a fake AP and sniff data.
Kubernetes Goat ⭐ 1,502
Kubernetes Goat 🐐 is a "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security 🔐
Ruler ⭐ 1,485
A tool to abuse Exchange services
Ctfr ⭐ 1,472
Abusing Certificate Transparency logs for getting HTTPS websites subdomains.
Hackvault ⭐ 1,404
A container repository for my public web hacks!
Privesccheck ⭐ 1,370
Privilege Escalation Enumeration Script for Windows
Burpsuite Collections ⭐ 1,353
有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file
Cloudfail ⭐ 1,343
Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
Gitjacker ⭐ 1,309
🔪 Leak git repositories from misconfigured websites
Venom ⭐ 1,267
Venom - A Multi-hop Proxy for Penetration Testers
Deathstar ⭐ 1,244
Uses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.
Weird_proxies ⭐ 1,198
Reverse proxies cheatsheet
Reverse Shell ⭐ 1,178
Reverse Shell as a Service
Subjack ⭐ 1,158
Subdomain Takeover tool written in Go
Cloakify ⭐ 1,155
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Mongoaudit ⭐ 1,154
🔥 A powerful MongoDB auditing and pentesting tool 🔥
Keylogger ⭐ 1,144
A simple keylogger for Windows, Linux and Mac
Needle ⭐ 1,129
The iOS Security Testing Framework
Pwncat ⭐ 1,127
pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
Redsnarf ⭐ 1,075
RedSnarf is a pen-testing / red-teaming tool for Windows environments
Sudomy ⭐ 1,012
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Dirhunt ⭐ 1,009
Find web directories without bruteforce
Ksubdomain ⭐ 998
无状态子域名爆破工具
Sn0int ⭐ 975
Semi-automatic OSINT framework and package manager
Finalrecon ⭐ 963
The Last Web Recon Tool You'll Need
Malicious Pdf ⭐ 958
Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator
V3n0m Scanner ⭐ 955
Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Pentest ⭐ 940
⛔️ offsec batteries included
Holytips ⭐ 928
A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
Sprayingtoolkit ⭐ 925
Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient
Reconspider ⭐ 924
🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
P0wny Shell ⭐ 916
Single-file PHP shell
Server ⭐ 907
Hashtopolis - A Hashcat wrapper for distributed hashcracking
Emba ⭐ 903
emba - The security analyzer for embedded device firmware.
Babysploit ⭐ 885
👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍
Awesome Oscp ⭐ 878
A curated list of awesome OSCP resources
Learn365 ⭐ 869
This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.
Evillimiter ⭐ 859
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
Scanless ⭐ 848
online port scan scraper
Sessiongopher ⭐ 847
SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.
Dictionary Of Pentesting ⭐ 837
Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
Security ⭐ 830
Some of my security stuff and vulnerabilities. Nothing advanced. More to come.
Platypus ⭐ 810
🔨 A modern multiple reverse shell sessions manager written in go
Privesc ⭐ 807
A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
Breaking And Pwning Apps And Servers Aws Azure Training ⭐ 806
Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!
Perun ⭐ 794
Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架
Lockdoor Framework ⭐ 790
🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
1-100 of 1,321 projects

Related Projects

Python Pentesting Projects (521)
Hacking Pentesting Projects (370)
Security Pentesting Projects (312)
Pentesting Penetration Testing Projects (248)
Pentesting Pentest Tool Projects (206)
Pentesting Pentest Projects (181)
Shell Pentesting Projects (155)
Pentesting Redteam Projects (146)
Security Tools Pentesting Projects (143)
Python Hacking Pentesting Projects (135)
Pentesting Bugbounty Projects (134)
Pentesting Hacking Tool Projects (129)
Pentesting Infosec Projects (123)
Linux Pentesting Projects (109)
Python Security Pentesting Projects (109)
Python3 Pentesting Projects (108)
Hacking Pentesting Penetration Testing Projects (101)
Cybersecurity Pentesting Projects (96)
Python Pentesting Pentest Tool Projects (96)
Python Python3 Pentesting Projects (96)
Python Pentesting Penetration Testing Projects (95)
Security Hacking Pentesting Projects (89)
Pentesting Exploit Projects (85)
Go Pentesting Projects (78)
Security Pentesting Penetration Testing Projects (76)
Python Pentesting Pentest Projects (71)
Pentesting Kali Linux Projects (71)
Pentesting Ctf Projects (70)
Pentesting Exploitation Projects (66)
Hacking Pentesting Pentest Projects (66)
Pentesting Redteaming Projects (65)
Pentesting Enumeration Projects (63)
Advertising 📦 9
All Projects
Application Programming Interfaces 📦 120
Applications 📦 181
Artificial Intelligence 📦 72
Blockchain 📦 70
Build Tools 📦 111
Cloud Computing 📦 79
Code Quality 📦 28
Collaboration 📦 30
Command Line Interface 📦 48
Community 📦 81
Companies 📦 60
Compilers 📦 60
Computer Science 📦 74
Configuration Management 📦 39
Content Management 📦 167
Control Flow 📦 197
Data Formats 📦 77
Data Processing 📦 266
Data Storage 📦 132
Economics 📦 60
Frameworks 📦 198
Games 📦 122
Graphics 📦 103
Hardware 📦 148
Integrated Development Environments 📦 47
Learning Resources 📦 147
Legal 📦 28
Libraries 📦 119
Lists Of Projects 📦 21
Machine Learning 📦 336
Mapping 📦 61
Marketing 📦 15
Mathematics 📦 55
Media 📦 228
Messaging 📦 97
Networking 📦 304
Operating Systems 📦 84
Operations 📦 120
Package Managers 📦 52
Programming Languages 📦 229
Runtime Environments 📦 96
Science 📦 42
Security 📦 375
Social Media 📦 26
Software Architecture 📦 70
Software Development 📦 68
Software Performance 📦 57
Software Quality 📦 127
Text Editors 📦 45
Text Processing 📦 131
User Interface 📦 310
User Interface Components 📦 465
Version Control 📦 29
Virtualization 📦 68
Web Browsers 📦 38
Web Servers 📦 25
Web User Interface 📦 194
"GitHub" is a registered trademark of GitHub, Inc. Awesome Open Source is not affiliated with GitHub.

All non readme contents or Github based topics or project metadata copyright Awesome Open Source 2018-2021