The Top 379 Pentesting Open Source Projects

Awesome Open Source

Awesome Open Source

Combined Topics

Advertising 📦 10

Application Programming Interfaces 📦 124

Applications 📦 192

Artificial Intelligence 📦 78

Blockchain 📦 73

Build Tools 📦 113

Cloud Computing 📦 80

Code Quality 📦 28

Collaboration 📦 32

Command Line Interface 📦 49

Community 📦 83

Companies 📦 60

Compilers 📦 63

Computer Science 📦 80

Configuration Management 📦 42

Content Management 📦 175

Control Flow 📦 213

Data Formats 📦 78

Data Processing 📦 276

Data Storage 📦 135

Economics 📦 64

Frameworks 📦 215

Graphics 📦 110

Hardware 📦 152

Integrated Development Environments 📦 49

Learning Resources 📦 166

Libraries 📦 129

Lists Of Projects 📦 22

Machine Learning 📦 347

Mapping 📦 64

Marketing 📦 15

Mathematics 📦 55

Messaging 📦 98

Networking 📦 315

Operating Systems 📦 89

Operations 📦 121

Package Managers 📦 55

Programming Languages 📦 245

Runtime Environments 📦 100

Science 📦 42

Security 📦 396

Social Media 📦 27

Software Architecture 📦 72

Software Development 📦 72

Software Performance 📦 58

Software Quality 📦 133

Text Editors 📦 49

Text Processing 📦 136

User Interface 📦 330

User Interface Components 📦 514

Version Control 📦 30

Virtualization 📦 71

Web Browsers 📦 42

Web Servers 📦 26

Web User Interface 📦 210

The Top 379 Pentesting Open Source Projects

Categories > Security > Pentesting

Sqlmap ⭐ 20,278

Automatic SQL injection and database takeover tool

Pentesting Bible ⭐ 8,207

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

Social Analyzer ⭐ 7,862

API, CLI & Web App for analyzing & finding a person's profile across +800 social media \ websites (Detections are updated regularly)

Owasp Mstg ⭐ 7,470

The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security development, testing and reverse engineering.

Ciphey ⭐ 6,981

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

Dirsearch ⭐ 6,234

Web path scanner

Red Teaming Toolkit ⭐ 5,046

A collection of open source and commercial tools that aid in red team operations.

Thc Hydra ⭐ 5,006

Crackmapexec ⭐ 4,846

A swiss army knife for pentesting networks

Gobuster ⭐ 4,652

Directory/File, DNS and VHost busting tool written in Go

Fast web fuzzer written in Go

Juice Shop ⭐ 4,632

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Rustscan ⭐ 4,125

🤖 The Modern Port Scanner 🤖

Infosec_reference ⭐ 3,806

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Airgeddon ⭐ 3,424

This is a multi-use bash script for Linux systems to audit wireless networks.

Hetty ⭐ 3,380

Hetty is an HTTP toolkit for security research.

Fuzzdicts ⭐ 3,358

Web Pentesting Fuzz 字典,一个就够了。

Cheatsheet God ⭐ 3,249

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Whatweb ⭐ 3,129

Next generation web scanner

Faraday ⭐ 3,002

Collaborative Penetration Test and Vulnerability Management Platform

Xunfeng ⭐ 3,001

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

Lscript ⭐ 2,828

The LAZY script will make your life easier, and of course faster.

Mobileapp Pentest Cheatsheet ⭐ 2,790

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

Red Team Infrastructure Wiki ⭐ 2,790

Wiki to collect Red Team infrastructure hardening resources

Commix ⭐ 2,736

Automated All-in-One OS Command Injection Exploitation Tool.

Cameradar ⭐ 2,590

Cameradar hacks its way into RTSP videosurveillance cameras

Hacktricks ⭐ 2,556

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

Drozer ⭐ 2,552

The Leading Security Assessment Framework for Android.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Awesome Shodan Queries ⭐ 2,322

🔍 A collection of interesting, funny, and depressing search queries to plug into https://shodan.io/ 👩‍💻

Hack Tools ⭐ 2,315

The all-in-one Red Team extension for Web Pentester 🛠

Socialfish ⭐ 2,254

Educational Phishing Tool & Information Collector

Monitor linux processes without root permissions

Raccoon ⭐ 2,115

A high performance offensive security tool for reconnaissance and vulnerability scanning

Java Deserialization Cheat Sheet ⭐ 2,057

The cheat sheet about Java Deserialization vulnerabilities

Fuxploider ⭐ 1,803

File upload vulnerability scanner and exploitation tool.

Evil Winrm ⭐ 1,788

The ultimate WinRM shell for hacking/pentesting

Redteam Tactics And Techniques ⭐ 1,765

Red Teaming Tactics and Techniques

Active Directory Exploitation Cheat Sheet ⭐ 1,753

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Learn Web Hacking ⭐ 1,721

Study Notes For Web Hacking / Web安全学习笔记

Evilosx ⭐ 1,701

An evil RAT (Remote Administration Tool) for macOS / OS X.

Awesome Mobile Security ⭐ 1,687

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Archerysec ⭐ 1,683

Centralize Vulnerability Assessment and Management for DevSecOps Team

Cr3dov3r ⭐ 1,665

Know the dangers of credential reuse attacks.

Poc T ⭐ 1,648

渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework

Defaultcreds Cheat Sheet ⭐ 1,644

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Linux Smart Enumeration ⭐ 1,601

Linux enumeration tool for pentesting and CTFs with verbosity levels

Ssrf Testing ⭐ 1,580

SSRF (Server Side Request Forgery) testing resources

Ruler ⭐ 1,574

A tool to abuse Exchange services

Mitmap ⭐ 1,492

📡 A python program to create a fake AP and sniff data.

Abusing Certificate Transparency logs for getting HTTPS websites subdomains.

Winpwn ⭐ 1,441

Automation for internal Windows Penetrationtest / AD-Security

Hackvault ⭐ 1,416

A container repository for my public web hacks!

Vulmap ⭐ 1,411

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

Reverse Shell ⭐ 1,323

Reverse Shell as a Service

Cloudfail ⭐ 1,310

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

Venom ⭐ 1,295

Venom - A Multi-hop Proxy for Penetration Testers

Gitjacker ⭐ 1,291

🔪 Leak git repositories from misconfigured websites

Kubernetes Goat ⭐ 1,277

Kubernetes Goat is "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.

Pentesting_toolkit ⭐ 1,268

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

Subjack ⭐ 1,253

Subdomain Takeover tool written in Go

Deathstar ⭐ 1,250

Uses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.

Mongoaudit ⭐ 1,202

🔥 A powerful MongoDB auditing and pentesting tool 🔥

Privesccheck ⭐ 1,187

Privilege Escalation Enumeration Script for Windows

Cloakify ⭐ 1,166

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Burpsuite Collections ⭐ 1,165

有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file

Needle ⭐ 1,134

The iOS Security Testing Framework

Redsnarf ⭐ 1,118

RedSnarf is a pen-testing / red-teaming tool for Windows environments

Pentest ⭐ 1,099

⛔️ offsec batteries included

Ksubdomain ⭐ 1,092

无状态子域名爆破工具

Keylogger ⭐ 1,077

A simple keylogger for Windows, Linux and Mac

Pwncat ⭐ 1,056

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

P0wny Shell ⭐ 1,023

Single-file PHP shell

Dirhunt ⭐ 1,021

Find web directories without bruteforce

Finalrecon ⭐ 990

The Last Web Recon Tool You'll Need

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Active Directory Exploitation Cheat Sheet ⭐ 945

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Awesome Oscp ⭐ 902

A curated list of awesome OSCP resources

Babysploit ⭐ 894

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

Semi-automatic OSINT framework and package manager

Scanless ⭐ 883

online port scan scraper

Sprayingtoolkit ⭐ 881

Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient

V3n0m Scanner ⭐ 876

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Hashtopolis - A Hashcat wrapper for distributed hashcracking

Sessiongopher ⭐ 855

SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.

Evillimiter ⭐ 841

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

Security ⭐ 840

Some of my security stuff and vulnerabilities. Nothing advanced. More to come.

Interactive Network Scanner

Breaking And Pwning Apps And Servers Aws Azure Training ⭐ 807

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

Holytips ⭐ 799

Tips and Tutorials on Bug Bounty Hunting and Web Application Security.

Privesc ⭐ 794

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

Dumpsterfire ⭐ 792

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Linuxprivchecker ⭐ 789

linuxprivchecker.py -- a Linux Privilege Escalation Check Script

Diamorphine ⭐ 782

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Learn365 ⭐ 760

This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.

Spoilerwall ⭐ 754

Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!

Gourdscanv2 ⭐ 750

被动式漏洞扫描系统

Lockdoor Framework ⭐ 742

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

1-100 of 379 projects

Advertising 📦 10

Application Programming Interfaces 📦 124

Applications 📦 192

Artificial Intelligence 📦 78

Blockchain 📦 73

Build Tools 📦 113

Cloud Computing 📦 80

Code Quality 📦 28

Collaboration 📦 32

Command Line Interface 📦 49

Community 📦 83

Companies 📦 60

Compilers 📦 63

Computer Science 📦 80

Configuration Management 📦 42

Content Management 📦 175

Control Flow 📦 213

Data Formats 📦 78

Data Processing 📦 276

Data Storage 📦 135

Economics 📦 64

Frameworks 📦 215

Graphics 📦 110

Hardware 📦 152

Integrated Development Environments 📦 49

Learning Resources 📦 166

Libraries 📦 129

Lists Of Projects 📦 22

Machine Learning 📦 347

Mapping 📦 64

Marketing 📦 15

Mathematics 📦 55

Messaging 📦 98

Networking 📦 315

Operating Systems 📦 89

Operations 📦 121

Package Managers 📦 55

Programming Languages 📦 245

Runtime Environments 📦 100

Science 📦 42

Security 📦 396

Social Media 📦 27

Software Architecture 📦 72

Software Development 📦 72

Software Performance 📦 58

Software Quality 📦 133

Text Editors 📦 49

Text Processing 📦 136

User Interface 📦 330

User Interface Components 📦 514

Version Control 📦 30

Virtualization 📦 71

Web Browsers 📦 42

Web Servers 📦 26

Web User Interface 📦 210