The Top 358 Pentesting Open Source Projects

Awesome Open Source

Awesome Open Source

Combined Topics

Advertising 📦 10

Application Programming Interfaces 📦 124

Applications 📦 192

Artificial Intelligence 📦 78

Blockchain 📦 73

Build Tools 📦 113

Cloud Computing 📦 80

Code Quality 📦 28

Collaboration 📦 32

Command Line Interface 📦 49

Community 📦 83

Companies 📦 60

Compilers 📦 63

Computer Science 📦 80

Configuration Management 📦 42

Content Management 📦 175

Control Flow 📦 213

Data Formats 📦 78

Data Processing 📦 276

Data Storage 📦 135

Economics 📦 64

Frameworks 📦 215

Graphics 📦 110

Hardware 📦 152

Integrated Development Environments 📦 49

Learning Resources 📦 166

Libraries 📦 129

Lists Of Projects 📦 22

Machine Learning 📦 347

Mapping 📦 64

Marketing 📦 15

Mathematics 📦 55

Messaging 📦 98

Networking 📦 315

Operating Systems 📦 89

Operations 📦 121

Package Managers 📦 55

Programming Languages 📦 245

Runtime Environments 📦 100

Science 📦 42

Security 📦 396

Social Media 📦 27

Software Architecture 📦 72

Software Development 📦 72

Software Performance 📦 58

Software Quality 📦 133

Text Editors 📦 49

Text Processing 📦 136

User Interface 📦 330

User Interface Components 📦 514

Version Control 📦 30

Virtualization 📦 71

Web Browsers 📦 42

Web Servers 📦 26

Web User Interface 📦 210

The Top 358 Pentesting Open Source Projects

Categories > Security > Pentesting

Sqlmap ⭐ 19,471

Automatic SQL injection and database takeover tool

Pentesting Bible ⭐ 7,718

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

Owasp Mstg ⭐ 7,078

The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security development, testing and reverse engineering.

Social Analyzer ⭐ 6,960

API, CLI & Web App for analyzing & finding a person's profile across 350+ social media websites (Detections are updated regularly)

Ciphey ⭐ 6,399

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

Dirsearch ⭐ 5,633

Web path scanner

Red Teaming Toolkit ⭐ 4,752

A collection of open source and commercial tools that aid in red team operations.

Thc Hydra ⭐ 4,630

Crackmapexec ⭐ 4,546

A swiss army knife for pentesting networks

Juice Shop ⭐ 4,308

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Gobuster ⭐ 4,276

Directory/File, DNS and VHost busting tool written in Go

Fast web fuzzer written in Go

Infosec_reference ⭐ 3,626

An Information Security Reference That Doesn't Suck

Rustscan ⭐ 3,430

🤖 The Modern Port Scanner 🤖

Airgeddon ⭐ 3,218

This is a multi-use bash script for Linux systems to audit wireless networks.

Hetty ⭐ 3,128

Hetty is an HTTP toolkit for security research.

Fuzzdicts ⭐ 3,077

Web Pentesting Fuzz 字典,一个就够了。

Cheatsheet God ⭐ 3,008

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Whatweb ⭐ 2,948

Next generation web scanner

Xunfeng ⭐ 2,932

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

Faraday ⭐ 2,899

Collaborative Penetration Test and Vulnerability Management Platform

Lscript ⭐ 2,697

The LAZY script will make your life easier, and of course faster.

Red Team Infrastructure Wiki ⭐ 2,649

Wiki to collect Red Team infrastructure hardening resources

Mobileapp Pentest Cheatsheet ⭐ 2,648

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

Commix ⭐ 2,543

Automated All-in-One OS Command Injection Exploitation Tool

Cameradar ⭐ 2,484

Cameradar hacks its way into RTSP videosurveillance cameras

Drozer ⭐ 2,455

The Leading Security Assessment Framework for Android.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Socialfish ⭐ 2,096

Educational Phishing Tool & Information Collector

Awesome Shodan Queries ⭐ 2,077

🔍 A collection of interesting, funny, and depressing search queries to plug into https://shodan.io/ 👩‍💻

Hack Tools ⭐ 2,055

The all-in-one Red Team extension for Web Pentester 🛠

Raccoon ⭐ 2,010

A high performance offensive security tool for reconnaissance and vulnerability scanning

Java Deserialization Cheat Sheet ⭐ 1,956

The cheat sheet about Java Deserialization vulnerabilities

Hacktricks ⭐ 1,942

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

Monitor linux processes without root permissions

Fuxploider ⭐ 1,730

File upload vulnerability scanner and exploitation tool.

Cr3dov3r ⭐ 1,645

Know the dangers of credential reuse attacks.

Evilosx ⭐ 1,643

An evil RAT (Remote Administration Tool) for macOS / OS X.

Archerysec ⭐ 1,603

Centralize Vulnerability Assessment and Management for DevSecOps Team

Poc T ⭐ 1,595

渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework

Learn Web Hacking ⭐ 1,593

Study Notes For Web Hacking / Web安全学习笔记

Evil Winrm ⭐ 1,589

The ultimate WinRM shell for hacking/pentesting

Awesome Mobile Security ⭐ 1,569

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Redteam Tactics And Techniques ⭐ 1,531

Red Teaming Tactics and Techniques

Ssrf Testing ⭐ 1,528

SSRF (Server Side Request Forgery) testing resources

Ruler ⭐ 1,490

A tool to abuse Exchange services

Mitmap ⭐ 1,484

📡 A python program to create a fake AP and sniff data.

Abusing Certificate Transparency logs for getting HTTPS websites subdomains.

Defaultcreds Cheat Sheet ⭐ 1,432

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Linux Smart Enumeration ⭐ 1,426

Linux enumeration tool for pentesting and CTFs with verbosity levels

Active Directory Exploitation Cheat Sheet ⭐ 1,348

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Hackvault ⭐ 1,320

A container repository for my public web hacks!

Pentesting_toolkit ⭐ 1,268

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

Reverse Shell ⭐ 1,256

Reverse Shell as a Service

Winpwn ⭐ 1,237

Automation for internal Windows Penetrationtest / AD-Security

Gitjacker ⭐ 1,237

🔪 Leak git repositories from misconfigured websites

Cloudfail ⭐ 1,229

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

Venom ⭐ 1,213

Venom - A Multi-hop Proxy for Penetration Testers

Deathstar ⭐ 1,206

Uses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.

Subjack ⭐ 1,172

Subdomain Takeover tool written in Go

Mongoaudit ⭐ 1,171

🔥 A powerful MongoDB auditing and pentesting tool 🔥

Cloakify ⭐ 1,129

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Needle ⭐ 1,116

The iOS Security Testing Framework

Redsnarf ⭐ 1,108

RedSnarf is a pen-testing / red-teaming tool for Windows environments

Pentest ⭐ 1,054

⛔️ offsec batteries included

Privesccheck ⭐ 1,024

Privilege Escalation Enumeration Script for Windows

Vulmap ⭐ 1,016

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

Keylogger ⭐ 993

A simple keylogger for Windows, Linux and Mac

Dirhunt ⭐ 975

Find web directories without bruteforce

Ksubdomain ⭐ 962

无状态子域名爆破工具

Burpsuite Collections ⭐ 940

有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file

P0wny Shell ⭐ 936

Single-file PHP shell

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

Babysploit ⭐ 882

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

Finalrecon ⭐ 877

The Last Web Recon Tool You'll Need

Scanless ⭐ 871

online port scan scraper

Kubernetes Goat ⭐ 853

Kubernetes Goat is "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.

Active Directory Exploitation Cheat Sheet ⭐ 851

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

V3n0m Scanner ⭐ 842

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Security ⭐ 834

Some of my security stuff and vulnerabilities. Nothing advanced. More to come.

Sessiongopher ⭐ 832

SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.

Hashtopolis ⭐ 831

A Hashcat wrapper for distributed hashcracking

Semi-automatic OSINT framework and package manager

Interactive Network Scanner

Sprayingtoolkit ⭐ 788

Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient

Privesc ⭐ 787

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

Awesome Oscp ⭐ 786

A curated list of awesome OSCP resources

Dumpsterfire ⭐ 772

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

Evillimiter ⭐ 754

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

Spoilerwall ⭐ 753

Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!

Breaking And Pwning Apps And Servers Aws Azure Training ⭐ 747

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

Gourdscanv2 ⭐ 737

被动式漏洞扫描系统

Exploitpack ⭐ 728

Exploit Pack -The next generation exploit framework

Diamorphine ⭐ 720

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Cansina ⭐ 708

Web Content Discovery Tool

Linuxprivchecker ⭐ 707

linuxprivchecker.py -- a Linux Privilege Escalation Check Script

Autordpwn ⭐ 687

The Shadow Attack Framework

1-100 of 358 projects

Advertising 📦 10

Application Programming Interfaces 📦 124

Applications 📦 192

Artificial Intelligence 📦 78

Blockchain 📦 73

Build Tools 📦 113

Cloud Computing 📦 80

Code Quality 📦 28

Collaboration 📦 32

Command Line Interface 📦 49

Community 📦 83

Companies 📦 60

Compilers 📦 63

Computer Science 📦 80

Configuration Management 📦 42

Content Management 📦 175

Control Flow 📦 213

Data Formats 📦 78

Data Processing 📦 276

Data Storage 📦 135

Economics 📦 64

Frameworks 📦 215

Graphics 📦 110

Hardware 📦 152

Integrated Development Environments 📦 49

Learning Resources 📦 166

Libraries 📦 129

Lists Of Projects 📦 22

Machine Learning 📦 347

Mapping 📦 64

Marketing 📦 15

Mathematics 📦 55

Messaging 📦 98

Networking 📦 315

Operating Systems 📦 89

Operations 📦 121

Package Managers 📦 55

Programming Languages 📦 245

Runtime Environments 📦 100

Science 📦 42

Security 📦 396

Social Media 📦 27

Software Architecture 📦 72

Software Development 📦 72

Software Performance 📦 58

Software Quality 📦 133

Text Editors 📦 49

Text Processing 📦 136

User Interface 📦 330

User Interface Components 📦 514

Version Control 📦 30

Virtualization 📦 71

Web Browsers 📦 42

Web Servers 📦 26

Web User Interface 📦 210